Using Vault's Bundled Testing Helpers
174 views
Skip to first unread message
Matt Surabian
Mar 11, 2019, 11:23:17 PM3/11/19
to Vault
I'm working on writing some integration level tests for a project of mine that makes calls to Vault and was hoping to take advantage of the built in TestServer implementation provided by Vault.
I tried using what seemed to be the standard pattern (despite having to modify it slightly for ginkgo/gomeage world by using globals):
```
package store_test
import (
"github.com/hashicorp/vault/http"
"github.com/hashicorp/vault/vault"
"testing"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
)
var VaultAddr string
var VaultToken string
func TestStore(t *testing.T) {
RegisterFailHandler(Fail)
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := http.TestServer(t, core)
defer ln.Close()
http.TestServerAuth(t, addr, token)
VaultAddr = addr
VaultToken = token
RunSpecs(t, "Store Suite")
}
```
But when running tests I continuously get this error:
```
Failed to compile store: # github.com/hashicorp/vault/audit ../go/pkg/mod/github.com/hashicorp/va...@v1.0.2/audit/format.go:485:26: wt.Claims().JWTID undefined (type jwt.Claims has no field or method JWTID) ```
I've poked around a little without much progress and was wondering if anyone else had run into this and how they went about configuring the in memory test vault to prevent it. I don't mind using exec to spin up a "real" dev Vault for these tests but thought the in memory approach would be nice if I could get it working.
I worry I'm kinda down the rabbit hole here but hoping someone might know the way out.
mic...@hashicorp.com
Mar 12, 2019, 4:13:59 AM3/12/19
to Vault
Hi Matt,
this works for me without any problems: https://gist.github.com/michelvocks/bdd81ddeba50743d496d5d89253eafca
I see in your path that you use go modules which is currently not supported with Vault (but is planned).
I think it will work without go modules.
Cheers,
Michel
Matt Surabian
Mar 12, 2019, 10:19:48 AM3/12/19
to Vault
Thanks Michel,
I didn't think last night to even check if Vault was using modules yet. Knowing there was nothing explicitly wrong with what I was doing
gave me the clarity I needed this morning to solve this issue by adding a replace my go.mod file:
replace github.com/SermoDigital/jose => github.com/SermoDigital/jose v0.9.2-0.20180104203859-803625baeddc
This ensures the same version that is specified in your vendor file is the version in the local module cache, solving the missing method error!
Everything always makes a little more sense with some guidance and a decent nights sleep I guess. Thanks again for pointing me in the right direction!
Cheers,
Matt
Jeff Mitchell
Mar 12, 2019, 10:26:58 AM3/12/19
to Vault
Hi Matt,
If you're doing tests at the API level a much better option is
NewTestCluster. This gives you a real three-node HA setup with TLS and
preconfigured clients, as well as access to a number of internal
things. It behaves much more like a "real" Vault.
Best,
Jeff
> --
> This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/0acfce90-50c7-48d7-88cb-b691c25fda2e%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
If you're doing tests at the API level a much better option is
NewTestCluster. This gives you a real three-node HA setup with TLS and
preconfigured clients, as well as access to a number of internal
things. It behaves much more like a "real" Vault.
Best,
Jeff
> This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/0acfce90-50c7-48d7-88cb-b691c25fda2e%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Matt Surabian
Mar 12, 2019, 4:22:52 PM3/12/19
to Vault
Thanks Jeff,
I've gone back and forth on whether to use the clustered one or not. Mostly my project (https://github.com/Zipcar/bosh-vault) is meant to be deployed as a sidecar to Vault and it's generally making calls using the built in Client.Logical methods, which is why I landed on using the non-clustered one.
Though maybe running some of the tests against a cluster would be better... nice to have the options! Thanks for such great software.
Matt
Jeff Mitchell
Mar 13, 2019, 9:57:47 AM3/13/19
to Vault
Hi Matt,
The main reason you'd want to use NewTestCluster is that it most closely mimics operation as started by a 'vault server' command. Note that you can control both which storage is used and how many nodes there are, so you can use a single node if you want. There are a wealth of other options and useful things returned in the cluster struct as well.
Either way works though!
Best,
Jeff
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/0e25a6e3-225d-4c3a-afd7-4f057cd1a14f%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages