diff --git a/config/nomad_test.go b/config/nomad_test.go index cc3f4578c..8fc9cda62 100644 --- a/config/nomad_test.go +++ b/config/nomad_test.go @@ -228,13 +228,14 @@ func TestNomadConfig_Finalize(t *testing.T) { Enabled: Bool(false), Namespace: String(""), SSL: &SSLConfig{ - CaCert: String(""), - CaPath: String(""), - Cert: String(""), - Enabled: Bool(false), - Key: String(""), - ServerName: String(""), - Verify: Bool(true), + CaCert: String(""), + CaCertBytes: String(""), + CaPath: String(""), + Cert: String(""), + Enabled: Bool(false), + Key: String(""), + ServerName: String(""), + Verify: Bool(true), }, Token: String(""), AuthUsername: String(""), diff --git a/config/ssl_test.go b/config/ssl_test.go index d436b047d..ed0135e3f 100644 --- a/config/ssl_test.go +++ b/config/ssl_test.go @@ -25,13 +25,14 @@ func TestSSLConfig_Copy(t *testing.T) { { "same_enabled", &SSLConfig{ - Enabled: Bool(true), - Verify: Bool(true), - CaCert: String("ca_cert"), - CaPath: String("ca_path"), - Cert: String("cert"), - Key: String("key"), - ServerName: String("server_name"), + Enabled: Bool(true), + Verify: Bool(true), + CaCert: String("ca_cert"), + CaCertBytes: String("ca_cert_bytes"), + CaPath: String("ca_path"), + Cert: String("cert"), + Key: String("key"), + ServerName: String("server_name"), }, }, } @@ -197,6 +198,30 @@ func TestSSLConfig_Merge(t *testing.T) { &SSLConfig{CaCert: String("ca_cert")}, &SSLConfig{CaCert: String("ca_cert")}, }, + { + "ca_cert_bytes_overrides", + &SSLConfig{CaCertBytes: String("ca_cert_bytes")}, + &SSLConfig{CaCertBytes: String("")}, + &SSLConfig{CaCertBytes: String("")}, + }, + { + "ca_cert_bytes_empty_one", + &SSLConfig{CaCertBytes: String("ca_cert_bytes")}, + &SSLConfig{}, + &SSLConfig{CaCertBytes: String("ca_cert_bytes")}, + }, + { + "ca_cert_bytes_empty_two", + &SSLConfig{}, + &SSLConfig{CaCertBytes: String("ca_cert_bytes")}, + &SSLConfig{CaCertBytes: String("ca_cert_bytes")}, + }, + { + "ca_cert_bytes_same", + &SSLConfig{CaCertBytes: String("ca_cert_bytes")}, + &SSLConfig{CaCertBytes: String("ca_cert_bytes")}, + &SSLConfig{CaCertBytes: String("ca_cert_bytes")}, + }, { "ca_path_overrides", &SSLConfig{CaPath: String("ca_path")}, @@ -267,13 +292,14 @@ func TestSSLConfig_Finalize(t *testing.T) { "empty", &SSLConfig{}, &SSLConfig{ - Enabled: Bool(false), - Cert: String(""), - CaCert: String(""), - CaPath: String(""), - Key: String(""), - ServerName: String(""), - Verify: Bool(true), + Enabled: Bool(false), + Cert: String(""), + CaCert: String(""), + CaCertBytes: String(""), + CaPath: String(""), + Key: String(""), + ServerName: String(""), + Verify: Bool(true), }, }, { @@ -282,13 +308,14 @@ func TestSSLConfig_Finalize(t *testing.T) { Cert: String("cert"), }, &SSLConfig{ - Enabled: Bool(true), - Cert: String("cert"), - CaCert: String(""), - CaPath: String(""), - Key: String(""), - ServerName: String(""), - Verify: Bool(true), + Enabled: Bool(true), + Cert: String("cert"), + CaCert: String(""), + CaCertBytes: String(""), + CaPath: String(""), + Key: String(""), + ServerName: String(""), + Verify: Bool(true), }, }, { @@ -297,13 +324,30 @@ func TestSSLConfig_Finalize(t *testing.T) { CaCert: String("ca_cert"), }, &SSLConfig{ - Enabled: Bool(true), - Cert: String(""), - CaCert: String("ca_cert"), - CaPath: String(""), - Key: String(""), - ServerName: String(""), - Verify: Bool(true), + Enabled: Bool(true), + Cert: String(""), + CaCert: String("ca_cert"), + CaCertBytes: String(""), + CaPath: String(""), + Key: String(""), + ServerName: String(""), + Verify: Bool(true), + }, + }, + { + "with_ca_cert_bytes", + &SSLConfig{ + CaCertBytes: String("ca_cert_bytes"), + }, + &SSLConfig{ + Enabled: Bool(true), + Cert: String(""), + CaCert: String(""), + CaCertBytes: String("ca_cert_bytes"), + CaPath: String(""), + Key: String(""), + ServerName: String(""), + Verify: Bool(true), }, }, { diff --git a/config/vault_test.go b/config/vault_test.go index a2b7cff18..bdc2830ce 100644 --- a/config/vault_test.go +++ b/config/vault_test.go @@ -8,6 +8,8 @@ import ( "reflect" "testing" "time" + + "github.com/hashicorp/vault/api" ) func TestVaultConfig_Copy(t *testing.T) { @@ -471,11 +473,13 @@ func TestVaultConfig_Merge(t *testing.T) { func TestVaultConfig_Finalize(t *testing.T) { cases := []struct { name string + env map[string]string i *VaultConfig r *VaultConfig }{ { "empty", + nil, &VaultConfig{}, &VaultConfig{ Address: String(""), @@ -489,13 +493,14 @@ func TestVaultConfig_Finalize(t *testing.T) { Attempts: Int(DefaultRetryAttempts), }, SSL: &SSLConfig{ - CaCert: String(""), - CaPath: String(""), - Cert: String(""), - Enabled: Bool(true), - Key: String(""), - ServerName: String(""), - Verify: Bool(true), + CaCert: String(""), + CaCertBytes: String(""), + CaPath: String(""), + Cert: String(""), + Enabled: Bool(true), + Key: String(""), + ServerName: String(""), + Verify: Bool(true), }, Token: String(""), Transport: &TransportConfig{ @@ -518,6 +523,7 @@ func TestVaultConfig_Finalize(t *testing.T) { }, { "with_address", + nil, &VaultConfig{ Address: String("address"), }, @@ -533,13 +539,14 @@ func TestVaultConfig_Finalize(t *testing.T) { Attempts: Int(DefaultRetryAttempts), }, SSL: &SSLConfig{ - CaCert: String(""), - CaPath: String(""), - Cert: String(""), - Enabled: Bool(true), - Key: String(""), - ServerName: String(""), - Verify: Bool(true), + CaCert: String(""), + CaCertBytes: String(""), + CaPath: String(""), + Cert: String(""), + Enabled: Bool(true), + Key: String(""), + ServerName: String(""), + Verify: Bool(true), }, Token: String(""), Transport: &TransportConfig{ @@ -562,8 +569,19 @@ func TestVaultConfig_Finalize(t *testing.T) { }, { "with_ssl_config", + nil, &VaultConfig{ Address: String("address"), + SSL: &SSLConfig{ + CaCert: String("ca_cert"), + CaCertBytes: String("ca_cert_bytes"), + CaPath: String("ca_path"), + Cert: String("cert"), + Enabled: Bool(false), + Key: String("key"), + ServerName: String("server_name"), + Verify: Bool(false), + }, }, &VaultConfig{ Address: String("address"), @@ -577,13 +595,68 @@ func TestVaultConfig_Finalize(t *testing.T) { Attempts: Int(DefaultRetryAttempts), }, SSL: &SSLConfig{ - CaCert: String(""), - CaPath: String(""), - Cert: String(""), + CaCert: String("ca_cert"), + CaCertBytes: String("ca_cert_bytes"), + CaPath: String("ca_path"), + Cert: String("cert"), + Enabled: Bool(false), + Key: String("key"), + ServerName: String("server_name"), + Verify: Bool(false), + }, + Token: String(""), + Transport: &TransportConfig{ + DialKeepAlive: TimeDuration(DefaultDialKeepAlive), + DialTimeout: TimeDuration(DefaultDialTimeout), + DisableKeepAlives: Bool(false), + IdleConnTimeout: TimeDuration(DefaultIdleConnTimeout), + MaxIdleConns: Int(DefaultMaxIdleConns), + MaxIdleConnsPerHost: Int(DefaultMaxIdleConnsPerHost), + TLSHandshakeTimeout: TimeDuration(DefaultTLSHandshakeTimeout), + }, + UnwrapToken: Bool(DefaultVaultUnwrapToken), + DefaultLeaseDuration: TimeDuration(DefaultVaultLeaseDuration), + LeaseRenewalThreshold: Float64(DefaultLeaseRenewalThreshold), + K8SAuthRoleName: String(""), + K8SServiceAccountTokenPath: String(DefaultK8SServiceAccountTokenPath), + K8SServiceAccountToken: String(""), + K8SServiceMountPath: String(DefaultK8SServiceMountPath), + }, + }, + { + "with_ssl_config_env", + map[string]string{ + api.EnvVaultCACert: "ca_cert", + api.EnvVaultCACertBytes: "ca_cert_bytes", + api.EnvVaultCAPath: "ca_path", + api.EnvVaultClientCert: "cert", + api.EnvVaultClientKey: "key", + api.EnvVaultTLSServerName: "server_name", + api.EnvVaultSkipVerify: "true", + }, + &VaultConfig{ + Address: String("address"), + }, + &VaultConfig{ + Address: String("address"), + Enabled: Bool(true), + Namespace: String(""), + RenewToken: Bool(false), + Retry: &RetryConfig{ + Backoff: TimeDuration(DefaultRetryBackoff), + MaxBackoff: TimeDuration(DefaultRetryMaxBackoff), Enabled: Bool(true), - Key: String(""), - ServerName: String(""), - Verify: Bool(true), + Attempts: Int(DefaultRetryAttempts), + }, + SSL: &SSLConfig{ + CaCert: String("ca_cert"), + CaCertBytes: String("ca_cert_bytes"), + CaPath: String("ca_path"), + Cert: String("cert"), + Enabled: Bool(true), + Key: String("key"), + ServerName: String("server_name"), + Verify: Bool(false), }, Token: String(""), Transport: &TransportConfig{ @@ -606,6 +679,7 @@ func TestVaultConfig_Finalize(t *testing.T) { }, { "with_default_lease_duration", + nil, &VaultConfig{ Address: String("address"), DefaultLeaseDuration: TimeDuration(1 * time.Minute), @@ -622,13 +696,14 @@ func TestVaultConfig_Finalize(t *testing.T) { Attempts: Int(DefaultRetryAttempts), }, SSL: &SSLConfig{ - CaCert: String(""), - CaPath: String(""), - Cert: String(""), - Enabled: Bool(true), - Key: String(""), - ServerName: String(""), - Verify: Bool(true), + CaCert: String(""), + CaCertBytes: String(""), + CaPath: String(""), + Cert: String(""), + Enabled: Bool(true), + Key: String(""), + ServerName: String(""), + Verify: Bool(true), }, Token: String(""), Transport: &TransportConfig{ @@ -651,6 +726,7 @@ func TestVaultConfig_Finalize(t *testing.T) { }, { "with_lease_renewal_threshold", + nil, &VaultConfig{ Address: String("address"), LeaseRenewalThreshold: Float64(0.70), @@ -667,13 +743,14 @@ func TestVaultConfig_Finalize(t *testing.T) { Attempts: Int(DefaultRetryAttempts), }, SSL: &SSLConfig{ - CaCert: String(""), - CaPath: String(""), - Cert: String(""), - Enabled: Bool(true), - Key: String(""), - ServerName: String(""), - Verify: Bool(true), + CaCert: String(""), + CaCertBytes: String(""), + CaPath: String(""), + Cert: String(""), + Enabled: Bool(true), + Key: String(""), + ServerName: String(""), + Verify: Bool(true), }, Token: String(""), Transport: &TransportConfig{ @@ -696,6 +773,7 @@ func TestVaultConfig_Finalize(t *testing.T) { }, { "with_k8s_settings", + nil, &VaultConfig{ K8SAuthRoleName: String("K8SAuthRoleName"), K8SServiceAccountTokenPath: String("K8SServiceAccountTokenPath"), @@ -714,13 +792,14 @@ func TestVaultConfig_Finalize(t *testing.T) { Attempts: Int(DefaultRetryAttempts), }, SSL: &SSLConfig{ - CaCert: String(""), - CaPath: String(""), - Cert: String(""), - Enabled: Bool(true), - Key: String(""), - ServerName: String(""), - Verify: Bool(true), + CaCert: String(""), + CaCertBytes: String(""), + CaPath: String(""), + Cert: String(""), + Enabled: Bool(true), + Key: String(""), + ServerName: String(""), + Verify: Bool(true), }, Token: String(""), Transport: &TransportConfig{ @@ -745,6 +824,11 @@ func TestVaultConfig_Finalize(t *testing.T) { for i, tc := range cases { t.Run(fmt.Sprintf("%d_%s", i, tc.name), func(t *testing.T) { + if tc.env != nil { + for k, v := range tc.env { + t.Setenv(k, v) + } + } tc.i.Finalize() if !reflect.DeepEqual(tc.r, tc.i) { t.Errorf("\nexp: %#v\nact: %#v", tc.r, tc.i)