{"id":21847537,"url":"https://github.com/scribd/vaulttest","last_synced_at":"2025-07-20T20:31:05.812Z","repository":{"id":66239627,"uuid":"216088450","full_name":"scribd/vaulttest","owner":"scribd","description":"Integration test Vault code locally!","archived":false,"fork":false,"pushed_at":"2019-11-04T21:48:49.000Z","size":29,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":7,"default_branch":"master","last_synced_at":"2024-06-21T20:08:40.874Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/scribd.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-10-18T18:52:55.000Z","updated_at":"2023-04-14T13:28:50.000Z","dependencies_parsed_at":"2023-03-27T15:33:22.773Z","dependency_job_id":null,"html_url":"https://github.com/scribd/vaulttest","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scribd%2Fvaulttest","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scribd%2Fvaulttest/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scribd%2Fvaulttest/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scribd%2Fvaulttest/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/scribd","download_url":"https://codeload.github.com/scribd/vaulttest/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":226832345,"owners_count":17689141,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-27T23:18:29.407Z","updated_at":"2024-11-27T23:18:29.914Z","avatar_url":"https://github.com/scribd.png","language":"Go","readme":"# vaulttest\n\n[![Circle CI](https://circleci.com/gh/scribd/vaulttest.svg?style=shield)](https://circleci.com/gh/scribd/vaulttest)\n\nLibrary for spinning up test instances of Hashicorp Vault for use in integration tests locally and in CI systems.\n\nHashicorp Vault is an awesome tool, but if your job is  *managing* it, you need more than pointing and clicking in a UI, or running vault commands against the server.\n\nA much better way is to write some code that instruments your Vault in a predictable manner, but how does one *test* said code?  \n\nWhat's really needed is a test Vault or better yet a fleet of them to test changes in parallel.\n\nUnfortunately Hashicorp Vault's source code is not organized/ exported in a way to make it's internal api easily adapted to a fully code defined, in memory Vault dev server.\n\nWhat we can do, however, is have this package spin one up- provided the `vault` binary is on the system somewhere.\n\nThe `vaulttest` package will find a free port, spin up vault in dev mode on that port, allow you to do your tests against it, and shut it down politely once you're done.\n\n# Prerequisites\n\n* Hashicorp Vault, installed on your system somewhere in the PATH.  https://www.vaultproject.io/downloads.html\n\n* This library: `go get github.com/scribd/vaulttest`\n\n# Usage\n\nInclude the following in your test code:\n\n    var testServer *vaulttest.VaultDevServer\n    var testClient *api.Client\n\n    func TestMain(m *testing.M) {\n        setUp()\n\n        code := m.Run()\n\n        tearDown()\n\n        os.Exit(code)\n    }\n\n    func setUp() {\n        port, err := freeport.GetFreePort()\n        if err != nil {\n            log.Fatalf(\"Failed to get a free port on which to run the test vault server: %s\", err)\n        }\n\n        testAddress := fmt.Sprintf(\"127.0.0.1:%d\", port)\n\n        testServer = vaulttest.NewVaultDevServer(testAddress)\n\n        if !testServer.Running {\n            testServer.ServerStart()\n            client := testServer.VaultTestClient()\n\n            // set up some secret engines\n            for _, endpoint := range []string{\n                \"prod\",\n                \"stage\",\n                \"dev\",\n            } {\n                data := map[string]interface{}{\n                    \"type\":        \"kv-v2\",\n                    \"description\": \"Production Secrets\",\n                }\n                _, err := client.Logical().Write(fmt.Sprintf(\"sys/mounts/%s\", endpoint), data)\n                if err != nil {\n                    log.Fatalf(\"Unable to create secret engine %q: %s\", endpoint, err)\n                }\n            }\n\n            // setup a PKI backend\n            data := map[string]interface{}{\n                \"type\":        \"pki\",\n                \"description\": \"PKI backend\",\n            }\n            \n            _, err := client.Logical().Write(\"sys/mounts/pki\", data)\n            if err != nil {\n                log.Fatalf(\"Failed to create pki secrets engine: %s\", err)\n            }\n\n            data = map[string]interface{}{\n                \"common_name\": \"test-ca\",\n                \"ttl\":         \"43800h\",\n            }\n            \n            _, err = client.Logical().Write(\"pki/root/generate/internal\", data)\n            if err != nil {\n                log.Fatalf(\"Failed to create root cert: %s\", err)\n            }\n\n            data = map[string]interface{}{\n                \"max_ttl\":         \"24h\",\n                \"ttl\":             \"24h\",\n                \"allow_ip_sans\":   true,\n                \"allow_localhost\": true,\n                \"allow_any_name\":  true,\n            }\n            \n            _, err = client.Logical().Write(\"pki/roles/foo\", data)\n            if err != nil {\n                log.Fatalf(\"Failed to create cert issuing role: %s\", err)\n            }\n\n            data = map[string]interface{}{\n                \"type\":        \"cert\",\n                \"description\": \"TLS Cert Auth endpoint\",\n            }\n\n            _, err = client.Logical().Write(\"sys/auth/cert\", data)\n            if err != nil {\n                log.Fatalf(\"Failed to enable TLS cert auth: %s\", err)\n            }\n            \n            ... Do other setup stuff ...\n            \n            testClient = client\n        }\n    }\n\n    func tearDown() {\n        if _, err := os.Stat(tmpDir); !os.IsNotExist(err) {\n            os.Remove(tmpDir)\n        }\n\n        testServer.ServerShutDown()\n    }\n    \n    func TestNewNamespace(t *testing.T) {\n        path := \"dev/foo/bar\"\n        secret, err := testClient.Logical().Read(path)\n        if err != nil {\n            log.Printf(\"Unable to read %q: %s\\n\", path, err)\n            t.Fail()\n        }\n        \n        if secret == nil {\n            log.Print(\"Nil Secret\")\n            t.fail() \n        }\n        \n        assert.True(t, secret.Data[\"foo\"].(string) == \"bar\", \"Successfully returned secret\")\n    }\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fscribd%2Fvaulttest","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fscribd%2Fvaulttest","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fscribd%2Fvaulttest/lists"}