feat: add vault preset #833
Conversation
zbindenren
force-pushed
the
vault
branch
2 times, most recently
from
6c25883
to
ca63b26
Compare
Codecov ReportPatch coverage:
📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more Additional details and impacted files@@ Coverage Diff @@
## master #833 +/- ##
==========================================
- Coverage 85.87% 78.58% -7.29%
==========================================
Files 50 52 +2
Lines 2350 2424 +74
==========================================
- Hits 2018 1905 -113
- Misses 173 374 +201
+ Partials 159 145 -14
... and 3 files with indirect coverage changes Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report in Codecov by Sentry. |
|
Hi @zbindenren and thank you for the contribution! There are a couple more steps that we would need to make in order to finalize this feature (see the contribution guide): preset registry, swagger docs, and most importantly - github actions and circleci jobs to make sure that vault preset is tested on every build (right now your tests are not executed automatically). Please let me know if you are available to move forward with the additional steps, or if you would like me to take over and add the missing pieces. Thank you! |
chore: add swagger chore: add vault to registry chore: update readme chore: update readme chore: add tests
|
Hi @orlangure I updated the MR. The swagger tests work too (at least on my laptop). I am not sure if it is good to create a file in {
"preset": {
"version": "latest",
"auth_token": "gnomock-vault-token",
"auth": [
{
"path": "k8s_cluster1",
"type": "kubernetes"
}
],
"policies": [
{
"name": "empty_policy",
"data": "{}"
}
],
"token_create": {
"policies": [
"default"
],
"file_path": "/tmp/token"
}
},
"options": {
}
} |
preset/vault/preset.go
Outdated
| } | ||
| } | ||
|
|
||
| if p.TokenCreate != nil { |
There was a problem hiding this comment.
I'm not sure this option fits here. Generally preset options modify the container, but this one actually makes changes to the client file system.
I do like the idea of helper functions though. There is Ingest function in Splunk preset for example. It does not modify the client, but it also doesn't belong in the options. What do you think about removing it as an option, but creating a helper function instead that can be called by clients (test code) whenever a new token needs to be configured?
There was a problem hiding this comment.
I agree with you. I removed the option and created two helper methods which can be handy in tests:
// Client creates a configured vault client for the provided container and token.
func Client(c *gnomock.Container, token string) (*api.Client, error) {
...
}and
// CreateToken creates an additional access token with the provided policies. Use the same password you provided
// with the WithAuthToken option.
func CreateToken(c *gnomock.Container, rootToken string, policies ...string) (string, error) {
...
}If all is ok, I can squash the commits and update the MR if you want.
Co-authored-by: Yury Fedorov <10244414+orlangure@users.noreply.github.com>
A preset for hashicorp vault.