postfinance · Jul 12, 2024
diff --git a/‎.github/workflows/build.yml
-16 b/‎.github/workflows/build.yml
-16
diff --git a/‎Cargo.toml
+4-2 b/‎Cargo.toml
+4-2
diff --git a/‎DEVELOPMENT.md
+8-2 b/‎DEVELOPMENT.md
+8-2
diff --git a/‎dev/podman.sh
100755100644 b/‎dev/podman.sh
100755100644
diff --git a/‎src/config.rs
+1 b/‎src/config.rs
+1
diff --git a/‎src/vault.rs
+1 b/‎src/vault.rs
+1
diff --git a/‎src/workflow.rs
+1-4 b/‎src/workflow.rs
+1-4
diff --git a/‎tests/common/mod.rs
+44 b/‎tests/common/mod.rs
+44
diff --git a/‎tests/init_vault.rs
+26-3 b/‎tests/init_vault.rs
+26-3
diff --git a/‎tests/resources/init_vault/new_path.yml
-7 b/‎tests/resources/init_vault/new_path.yml
-7
diff --git a/‎tests/resources/rotate/invalid_initialized_secret.yml
-7 b/‎tests/resources/rotate/invalid_initialized_secret.yml
-7
diff --git a/‎tests/resources/rotate/non_existing_secret.yml
-7 b/‎tests/resources/rotate/non_existing_secret.yml
-7
diff --git a/‎tests/resources/rotate/secrets.yml
-7 b/‎tests/resources/rotate/secrets.yml
-7
@@ -18,22 +18,6 @@ jobs:
   build:
     name: 'Rust Build'
     runs-on: ubuntu-latest
-    services:
-      postgres:
-        image: postgres:12.19-alpine3.20
-        ports:
-          - 5432:5432
-        env:
-          POSTGRES_DB: demo
-          POSTGRES_USER: demo
-          POSTGRES_PASSWORD: demo_password
-      vault:
-        image: hashicorp/vault:1.17.1
-        ports:
-          - 8200:8200
-        options: --cap-add=IPC_LOCK
-        env:
-          VAULT_DEV_ROOT_TOKEN_ID: 'root-token'
     steps:
       - name: Check out code
         uses: actions/checkout@v4
 
@@ -8,15 +8,17 @@ clap = { version = "4.5.8", features = ["derive"] }
 env_logger = "0.11.3"
 lazy_static = "1.5.0"
 log = "0.4.22"
+postgres = "0.19.7"
+rand = "0.9.0-alpha.1"
 serde = { version = "1.0.203", features = ["derive"] }
 serde_yaml = "0.9.34+deprecated"
 tokio = { version = "1.38.0", features = ["macros", "rt"] }
 vaultrs = "0.7.2"
-rand = "0.9.0-alpha.1"
-postgres = "0.19.7"
 
 [dev-dependencies]
 assert_cmd = "2.0.14"
 predicates = "3.1.0"
 reqwest = { version = "0.12.5", features = ["json"] }
 serde_json = "1.0.120"
+testcontainers = { version = "0.20.0", features = ["blocking"] }
+testcontainers-modules = { version = "0.8.0", features = ["blocking", "postgres"] }
@@ -111,9 +111,15 @@ Cargo makes it easy to run the project's unit and integration tests:
 cargo tests
 ```
 
-**Note that the integration tests need active Vault and PostgreSQL connections, as described [here](#environment-setup).**
+**Note that the integration tests make use of [testcontainers](https://testcontainers.com) in order to spin up ArgoCD, Vault and PostgreSQL.**
 
-Cargo will automatically discover and execute the tests defined within the project.
+#### A Note for Windows Users
+
+If testcontainers fail to connect to your Docker socket on Windows, add the below environment variable to the test command:
+
+```shell
+DOCKER_HOST=tcp://localhost:2375 cargo test
+```
 
 ### Running the CLI
 
 
@@ -35,6 +35,7 @@ pub(crate) fn read_config(config_path: PathBuf) -> Config {
     serde_yaml::from_str(&config_data).expect("Failed to parse configuration")
 }
 
+#[cfg(test)]
 mod tests {
     use super::*;
 
 
@@ -99,6 +99,7 @@ fn get_vault_client(config: &Config) -> VaultClient {
     vault_client
 }
 
+#[cfg(test)]
 mod tests {
     use super::*;
     use crate::config::PostgresConfig;
 
@@ -1,7 +1,4 @@
-use std::fmt::format;
-
 use log::{debug, trace};
-use vaultrs::auth::userpass::user::update_password;
 
 use crate::cli::RotateArgs;
 use crate::config::Config;
@@ -90,9 +87,9 @@ fn update_passive_user_postgres_password(
     debug!("Successfully rotated PostgreSQL password of passive user");
 }
 
+#[cfg(test)]
 mod tests {
     use super::*;
-    use postgres::Client;
 
     #[test]
     fn switch_active_user_user1_active() {
 
@@ -0,0 +1,44 @@
+use std::env::temp_dir;
+use std::fs::File;
+use std::io::Write;
+
+use testcontainers::{
+    core::{IntoContainerPort, WaitFor},
+    Container, GenericImage, ImageExt,
+};
+use testcontainers_modules::postgres::Postgres;
+use testcontainers_modules::testcontainers::runners::SyncRunner;
+
+pub(crate) fn postgres_container() -> Container<Postgres> {
+    Postgres::default()
+        .with_env_var("POSTGRES_DB", "demo")
+        .with_env_var("POSTGRES_USER", "demo")
+        .with_env_var("POSTGRES_PASSWORD", "demo_password")
+        .start()
+        .expect("PostgreSQL database started")
+}
+
+pub(crate) fn vault_container() -> Container<GenericImage> {
+    GenericImage::new("hashicorp/vault", "1.17.1")
+        .with_exposed_port(8200.tcp())
+        .with_wait_for(WaitFor::message_on_stdout(
+            "==> Vault server started! Log data will stream in below",
+        ))
+        .with_env_var("VAULT_DEV_ROOT_TOKEN_ID", "root-token")
+        .start()
+        .expect("Vault started")
+}
+
+pub(crate) fn write_string_to_tempfile(content: &str) -> String {
+    let mut dir = temp_dir();
+    let filename = format!("temp_file_{}", rand::random::<u64>());
+
+    dir.push(filename);
+
+    let mut file = File::create(dir.clone()).expect("Failed to create tmp file");
+
+    file.write_all(content.as_bytes())
+        .expect("Failed to write into tmp file");
+
+    dir.to_string_lossy().to_string()
+}
@@ -9,16 +9,37 @@ use reqwest::{Client, Response};
 use serde_json::Value;
 use tokio::runtime::{Builder, Runtime};
 
+mod common;
+
 lazy_static! {
     static ref BIN_PATH: PathBuf = cargo_bin(env!("CARGO_PKG_NAME"));
 }
 
 #[test]
 fn init_vault_new_path() {
+    let vault_container = common::vault_container();
+
+    let vault_host = vault_container.get_host().unwrap();
+    let vault_port = vault_container.get_host_port_ipv4(8200).unwrap();
+
     Command::new(&*BIN_PATH)
         .arg("init-vault")
         .arg("-c")
-        .arg("tests/resources/init_vault/new_path.yml")
+        .arg(common::write_string_to_tempfile(
+            format!(
+                // language=yaml
+                "
+postgres:
+  host: 'localhost'
+  port: 5432
+  database: 'demo'
+vault:
+  address: 'http://{vault_host}:{vault_port}'
+  path: 'init/vault/new/path'
+"
+            )
+            .as_str(),
+        ))
         .env("VAULT_TOKEN", "root-token")
         .assert()
         .success()
@@ -27,10 +48,10 @@ fn init_vault_new_path() {
         ));
 
     let client = Client::new();
-    let url = "http://localhost:8200/v1/secret/data/init/vault/new/path";
+    let url = format!("http://{vault_host}:{vault_port}/v1/secret/data/init/vault/new/path");
 
     let rt: Runtime = create_tokio_runtime();
-    let json = read_secret_as_json(client, url, rt);
+    let json = read_secret_as_json(client, url.as_str(), rt);
 
     assert_json_value_equals(&json, "postgresql_active_user", "TBD");
     assert_json_value_equals(&json, "postgresql_active_user_password", "TBD");
@@ -42,6 +63,8 @@ fn init_vault_new_path() {
 
 #[test]
 fn init_vault_invalid_url() {
+    common::vault_container();
+
     Command::new(&*BIN_PATH)
         .arg("init-vault")
         .arg("-c")
Original file line number	Diff line number	Diff line change
`@@ -35,6 +35,7 @@ pub(crate) fn read_config(config_path: PathBuf) -> Config {`
`35`	`35`	`serde_yaml::from_str(&config_data).expect("Failed to parse configuration")`
`36`	`36`	`}`
`37`	`37`
	`38`	`+#[cfg(test)]`
`38`	`39`	`mod tests {`
`39`	`40`	`use super::*;`
`40`	`41`
Original file line number	Diff line number	Diff line change
`@@ -99,6 +99,7 @@ fn get_vault_client(config: &Config) -> VaultClient {`
`99`	`99`	`vault_client`
`100`	`100`	`}`
`101`	`101`
	`102`	`+#[cfg(test)]`
`102`	`103`	`mod tests {`
`103`	`104`	`use super::*;`
`104`	`105`	`use crate::config::PostgresConfig;`