(t *testing.T)
| 430 | } |
| 431 | |
| 432 | func TestVaultSource(t *testing.T) { |
| 433 | const ( |
| 434 | addr = "127.0.0.1:58421" |
| 435 | rootToken = "token" |
| 436 | certPath = "secret/fabio/cert" |
| 437 | ) |
| 438 | |
| 439 | // start a vault server |
| 440 | vault, client := vaultServer(t, addr, rootToken) |
| 441 | defer vault.Process.Kill() |
| 442 | |
| 443 | // create a cert and store it in vault |
| 444 | certPEM, keyPEM := makePEM("localhost", time.Minute) |
| 445 | data := map[string]any{"cert": string(certPEM), "key": string(keyPEM)} |
| 446 | |
| 447 | var nilSource *VaultSource // for calling helper methods |
| 448 | |
| 449 | mountPath, v2, err := nilSource.isKVv2(certPath, client) |
| 450 | if err != nil { |
| 451 | t.Fatal(err) |
| 452 | } |
| 453 | |
| 454 | p := certPath + "/localhost" |
| 455 | if v2 { |
| 456 | t.Log("Vault: KV backend: V2") |
| 457 | data = map[string]any{ |
| 458 | "data": data, |
| 459 | "options": map[string]any{}, |
| 460 | } |
| 461 | p = nilSource.addPrefixToVKVPath(p, mountPath, "data") |
| 462 | } else { |
| 463 | t.Log("Vault: KV backend: V1") |
| 464 | } |
| 465 | if _, err := client.Logical().Write(p, data); err != nil { |
| 466 | t.Fatalf("logical.Write failed: %s", err) |
| 467 | } |
| 468 | |
| 469 | pool := makeCertPool(certPEM) |
| 470 | timeout := 500 * time.Millisecond |
| 471 | for _, tt := range vaultTestCases { |
| 472 | t.Run(tt.desc, func(t *testing.T) { |
| 473 | src := &VaultSource{ |
| 474 | Client: &vaultClient{ |
| 475 | addr: "http://" + addr, |
| 476 | token: makeToken(t, client, tt.wrapTTL, tt.req), |
| 477 | }, |
| 478 | CertPath: certPath, |
| 479 | } |
| 480 | |
| 481 | // suppress the log warning about a non-renewable token |
| 482 | // since this is the expected behavior. |
| 483 | dropNotRenewableWarning = tt.dropWarn |
| 484 | testSource(t, src, pool, timeout) |
| 485 | dropNotRenewableWarning = false |
| 486 | }) |
| 487 | } |
| 488 | } |
| 489 |
nothing calls this directly
no test coverage detected