Skip to content

Commit

Permalink
Upgrade to latest vault API & SDK versions (#7)
Browse files Browse the repository at this point in the history 
* Upgrade vault/api and vault/sdk dependencies to work with latest Vault version v1.18.0
* Change container from alpine to debian. actions/cache seams incompatible with alpine's /bin/tar.
* disable CGO for plugin for tests
* fix tests when there are no keys left in vault on tests finish
  • Loading branch information
@olomix
olomix authored Oct 17, 2024
1 parent f1e0e1d commit 3063fad
Show file tree
Hide file tree
Showing 5 changed files with 386 additions and 130 deletions.
10 changes: 5 additions & 5 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,17 +12,17 @@ jobs:
build:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-go@v4
- uses: actions/setup-go@v5
with:
go-version: "1.20.4"
go-version: "1.23.2"
- run: go test -v -race ./...
- uses: goreleaser/goreleaser-action@v4
- uses: goreleaser/goreleaser-action@v6
if: success() && startsWith(github.ref, 'refs/tags/')
with:
version: "v1.18.2"
version: "v2.3.2"
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
24 changes: 13 additions & 11 deletions .github/workflows/integration_tests.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ jobs:
test:
runs-on: ubuntu-22.04
container:
image: golang:1.20.4-alpine3.17
image: golang:1.23.2
volumes:
- vault_plugins:/vault/plugins
env:
Expand All @@ -17,14 +17,11 @@ jobs:
VAULT_IDEN3_PATH: iden3

steps:
- run: apk add --update-cache openssl curl build-base
- uses: actions/checkout@v4

- uses: actions/checkout@v3
- run: git config --global --add safe.directory $GITHUB_WORKSPACE

- run: go build -o /vault/plugins/vault-plugin-secrets-iden3
working-directory: cmd/vault-plugin-secrets-iden3

- uses: actions/cache@v3
- uses: actions/cache@v4
with:
path: |
~/.cache/go-build
Expand All @@ -34,21 +31,26 @@ jobs:
restore-keys: |
${{ runner.os }}-go-
- run: go build -o /vault/plugins/vault-plugin-secrets-iden3
working-directory: cmd/vault-plugin-secrets-iden3
env:
CGO_ENABLED: 0

- run: >
export PLUGIN_SHA256=`openssl dgst -r -sha256 /vault/plugins/vault-plugin-secrets-iden3 | awk '{print $1}'` &&
curl -X PUT --fail -i -H "X-Vault-Token: ${VAULT_TOKEN}"
curl -X PUT --fail -s -i -H "X-Vault-Token: ${VAULT_TOKEN}"
-d "{\"type\":0,\"command\":\"vault-plugin-secrets-iden3\",\"sha256\":\"${PLUGIN_SHA256}\"}"
${VAULT_ADDR}/v1/sys/plugins/catalog/vault-plugin-secrets-iden3
- run: >
curl -X POST --fail -s -H "X-Vault-Token: ${VAULT_TOKEN}"
curl -X POST --fail -s -i -H "X-Vault-Token: ${VAULT_TOKEN}"
-d '{"type":"vault-plugin-secrets-iden3","description":"","config":{"options":null,"default_lease_ttl":"0s","max_lease_ttl":"0s","force_no_cache":false},"local":false,"seal_wrap":false,"external_entropy_access":false,"options":null}'
${VAULT_ADDR}/v1/sys/mounts/${VAULT_IDEN3_PATH}
- run: go test -v -race -timeout=60s ./...
- run: go test -v -race -timeout=60s ./cmd/vault-plugin-secrets-iden3/ -args -vault

services:
vault:
image: vault:1.13.2
image: hashicorp/vault:1.18.0
ports:
- 8200:8200
volumes:
Expand Down
146 changes: 146 additions & 0 deletions cmd/vault-plugin-secrets-iden3/main_test.go
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,54 @@
package main

import (
"crypto/rand"
"encoding/hex"
"flag"
"os"
"path"
"strings"
"testing"

vault "github.com/hashicorp/vault/api"
"github.com/iden3/go-iden3-crypto/babyjub"
"github.com/stretchr/testify/require"
)

var runVaultAPI *bool

func init() {
runVaultAPI = flag.Bool("vault", false, "Run series of tests against Vault API")
}

func rndKeyName(t testing.TB) string {
ln := 10
n := make([]byte, ln)
l, err := rand.Read(n)
require.NoError(t, err)
require.Equal(t, ln, l)
return hex.EncodeToString(n)
}

func env(t testing.TB, envName string) string {
val, ok := os.LookupEnv(envName)
if !ok || val == "" {
t.Fatalf("%s is not set", envName)
}
return val
}

func vaultCli(t testing.TB) *vault.Client {
vaultAddr := env(t, "VAULT_ADDR")
vaultToken := env(t, "VAULT_TOKEN")

cfg := vault.DefaultConfig()
cfg.Address = vaultAddr
client, err := vault.NewClient(cfg)
require.NoError(t, err)
client.SetToken(vaultToken)
return client
}

func TestRnd(t *testing.T) {
t.Skip("generate random key for testing")
key := babyjub.NewRandPrivKey()
Expand All @@ -15,3 +57,107 @@ func TestRnd(t *testing.T) {
pubComp := pub.Compress()
t.Logf("public: %s", hex.EncodeToString(pubComp[:]))
}

func TestVaultPlugin(t *testing.T) {
if !*runVaultAPI {
t.Skip("set -vault flag to run this test")
}

vaultIden3 := env(t, "VAULT_IDEN3_PATH")
vaultIden3 = strings.TrimSuffix(vaultIden3, "/")

client := vaultCli(t)
l := client.Logical()

t.Run("check mount exists", func(t *testing.T) {
sys := client.Sys()
mounts, err := sys.ListMounts()
require.NoError(t, err)
var iden3Found bool
for k, v := range mounts {
if strings.TrimSuffix(k, "/") == vaultIden3 {
require.Equal(t, "vault-plugin-secrets-iden3", v.Type)
iden3Found = true
break
}
}
require.True(t, iden3Found, "Iden3 plugin mount is not found")
})

require.False(t, t.Failed(), "mount check failed, no point to continue")

keyName := rndKeyName(t)

t.Run("create new key", func(t *testing.T) {
p := path.Join(vaultIden3, "new", keyName)
s, err := l.Write(p, map[string]interface{}{"key_type": "babyjubjub"})
require.NoError(t, err)
require.Nil(t, s)
})

require.False(t, t.Failed(), "create new key failed, no point to continue")

t.Run("list keys", func(t *testing.T) {
p := path.Join(vaultIden3, "keys")
s, err := l.List(p)
require.NoError(t, err)
require.NotNil(t, s)
require.NotNil(t, s.Data)
keys, ok := s.Data["keys"].([]any)
require.Truef(t, ok, "keys is not a list: %T", s.Data["keys"])
var found bool
for _, k := range keys {
k2, ok := k.(string)
if !ok {
continue
}
if k2 == keyName {
found = true
break
}
}
require.Truef(t, found, "key not found in the list: %v", keyName)
})

t.Run("read key data", func(t *testing.T) {
p := path.Join(vaultIden3, "keys", keyName)
s, err := l.Read(p)
require.NoError(t, err)
require.NotNil(t, s)
require.NotNil(t, s.Data)
require.Equal(t, "babyjubjub", s.Data["key_type"])
require.NotEmpty(t, s.Data["public_key"])
})

t.Run("delete key", func(t *testing.T) {
p := path.Join(vaultIden3, "keys", keyName)
_, err := l.Delete(p)
require.NoError(t, err)
})

t.Run("list keys after delete", func(t *testing.T) {
p := path.Join(vaultIden3, "keys")
s, err := l.List(p)
require.NoError(t, err)
if s == nil {
return
}
if s.Data == nil {
return
}
keys, ok := s.Data["keys"].([]any)
require.Truef(t, ok, "keys is not a list: %T", s.Data["keys"])
var found bool
for _, k := range keys {
k2, ok := k.(string)
if !ok {
continue
}
if k2 == keyName {
found = true
break
}
}
require.Falsef(t, found, "key exists after delete: %v", keyName)
})
}
85 changes: 55 additions & 30 deletions go.mod
View file
Original file line number Diff line number Diff line change
@@ -1,70 +1,95 @@
module github.com/iden3/vault-plugin-secrets-iden3

go 1.20
go 1.23

toolchain go1.23.2

require (
github.com/ethereum/go-ethereum v1.11.6
github.com/hashicorp/go-hclog v1.5.0
github.com/hashicorp/vault/api v1.9.1
github.com/hashicorp/vault/sdk v0.9.0
github.com/iden3/go-iden3-crypto v0.0.15
github.com/stretchr/testify v1.8.2
github.com/ethereum/go-ethereum v1.14.11
github.com/hashicorp/go-hclog v1.6.3
github.com/hashicorp/vault/api v1.15.0
github.com/hashicorp/vault/sdk v0.14.0
github.com/iden3/go-iden3-crypto v0.0.17
github.com/stretchr/testify v1.9.0
)

require (
github.com/Microsoft/go-winio v0.6.2 // indirect
github.com/armon/go-metrics v0.4.1 // indirect
github.com/armon/go-radix v1.0.0 // indirect
github.com/btcsuite/btcd/btcec/v2 v2.3.2 // indirect
github.com/cenkalti/backoff/v3 v3.2.2 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/btcsuite/btcd/btcec/v2 v2.3.4 // indirect
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/dchest/blake512 v1.0.0 // indirect
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.1.0 // indirect
github.com/distribution/reference v0.6.0 // indirect
github.com/docker/docker v26.1.5+incompatible // indirect
github.com/docker/go-connections v0.4.0 // indirect
github.com/docker/go-units v0.5.0 // indirect
github.com/evanphx/json-patch/v5 v5.6.0 // indirect
github.com/fatih/color v1.15.0 // indirect
github.com/frankban/quicktest v1.13.0 // indirect
github.com/go-test/deep v1.0.7 // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/fatih/color v1.16.0 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/go-jose/go-jose/v4 v4.0.1 // indirect
github.com/go-logr/logr v1.4.2 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/protobuf v1.5.4 // indirect
github.com/golang/snappy v0.0.5-0.20220116011046-fa5810519dcb // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
github.com/hashicorp/go-kms-wrapping/entropy/v2 v2.0.0 // indirect
github.com/hashicorp/go-kms-wrapping/v2 v2.0.8 // indirect
github.com/hashicorp/go-multierror v1.1.1 // indirect
github.com/hashicorp/go-plugin v1.4.9 // indirect
github.com/hashicorp/go-retryablehttp v0.7.2 // indirect
github.com/hashicorp/go-plugin v1.6.1 // indirect
github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
github.com/hashicorp/go-rootcerts v1.0.2 // indirect
github.com/hashicorp/go-secure-stdlib/mlock v0.1.2 // indirect
github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 // indirect
github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 // indirect
github.com/hashicorp/go-secure-stdlib/plugincontainer v0.4.0 // indirect
github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
github.com/hashicorp/go-sockaddr v1.0.2 // indirect
github.com/hashicorp/go-sockaddr v1.0.6 // indirect
github.com/hashicorp/go-uuid v1.0.3 // indirect
github.com/hashicorp/go-version v1.6.0 // indirect
github.com/hashicorp/golang-lru v0.5.5-0.20210104140557-80c98217689d // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
github.com/hashicorp/yamux v0.1.1 // indirect
github.com/holiman/uint256 v1.2.2-0.20230321075855-87b91420868c // indirect
github.com/holiman/uint256 v1.3.1 // indirect
github.com/joshlf/go-acl v0.0.0-20200411065538-eae00ae38531 // indirect
github.com/mattn/go-colorable v0.1.13 // indirect
github.com/mattn/go-isatty v0.0.17 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/mitchellh/copystructure v1.2.0 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
github.com/mitchellh/go-testing-interface v1.14.1 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/mitchellh/reflectwalk v1.0.2 // indirect
github.com/moby/docker-image-spec v1.3.1 // indirect
github.com/oklog/run v1.1.0 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b // indirect
github.com/petermattis/goid v0.0.0-20180202154549-b0b1615b78e5 // indirect
github.com/pierrec/lz4 v2.6.1+incompatible // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/rogpeppe/go-internal v1.13.1 // indirect
github.com/ryanuber/go-glob v1.0.0 // indirect
github.com/sasha-s/go-deadlock v0.2.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0 // indirect
go.opentelemetry.io/otel v1.31.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.31.0 // indirect
go.opentelemetry.io/otel/metric v1.31.0 // indirect
go.opentelemetry.io/otel/sdk v1.31.0 // indirect
go.opentelemetry.io/otel/trace v1.31.0 // indirect
go.opentelemetry.io/proto/otlp v1.3.1 // indirect
go.uber.org/atomic v1.10.0 // indirect
golang.org/x/crypto v0.7.0 // indirect
golang.org/x/net v0.8.0 // indirect
golang.org/x/sys v0.6.0 // indirect
golang.org/x/text v0.8.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/crypto v0.26.0 // indirect
golang.org/x/net v0.28.0 // indirect
golang.org/x/sys v0.26.0 // indirect
golang.org/x/text v0.17.0 // indirect
golang.org/x/time v0.5.0 // indirect
google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 // indirect
google.golang.org/grpc v1.53.0 // indirect
google.golang.org/protobuf v1.29.0 // indirect
gopkg.in/square/go-jose.v2 v2.6.0 // indirect
google.golang.org/grpc v1.65.0 // indirect
google.golang.org/protobuf v1.35.1 // indirect
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)
Loading

0 comments on commit 3063fad

Please sign in to comment.