Fixing transit seal tests (#6342)

* fixing dockertest to run on travis

* try a repo local directory

* precreate the directory

* strip extraneous comment

* check directory was created

* try to print container logs

* try writing out client logs

* one last try

* Attempt to fix test

* convert to insecure tls

* strip test-temp

vault/seal/transit/transit_acc_test.go

@@ -3,11 +3,8 @@ package transit
 import (
 	"context"
 	"fmt"
-	"io/ioutil"
-	"os"
 	"path"
 	"reflect"
-	"runtime"
 	"testing"
 	"time"
 
@@ -19,17 +16,14 @@ import (
 )
 
 func TestTransitSeal_Lifecycle(t *testing.T) {
-	cleanup, retAddress, token, mountPath, keyName, tlsConfig := prepareTestContainer(t)
+	cleanup, retAddress, token, mountPath, keyName, _ := prepareTestContainer(t)
 	defer cleanup()
 
 	sealConfig := map[string]string{
-		"address":         retAddress,
-		"token":           token,
-		"mount_path":      mountPath,
-		"key_name":        keyName,
-		"tls_ca_cert":     tlsConfig.CACert,
-		"tls_client_cert": tlsConfig.ClientCert,
-		"tls_client_key":  tlsConfig.ClientKey,
+		"address":    retAddress,
+		"token":      token,
+		"mount_path": mountPath,
+		"key_name":   keyName,
 	}
 	s := NewSeal(logging.NewVaultLogger(log.Trace))
 	_, err := s.SetConfig(sealConfig)
@@ -80,13 +74,10 @@ func TestTransitSeal_TokenRenewal(t *testing.T) {
 	}
 
 	sealConfig := map[string]string{
-		"address":         retAddress,
-		"token":           rsp.Auth.ClientToken,
-		"mount_path":      mountPath,
-		"key_name":        keyName,
-		"tls_ca_cert":     tlsConfig.CACert,
-		"tls_client_cert": tlsConfig.ClientCert,
-		"tls_client_key":  tlsConfig.ClientKey,
+		"address":    retAddress,
+		"token":      rsp.Auth.ClientToken,
+		"mount_path": mountPath,
+		"key_name":   keyName,
 	}
 	s := NewSeal(logging.NewVaultLogger(log.Trace))
 	_, err = s.SetConfig(sealConfig)
@@ -127,21 +118,6 @@ func prepareTestContainer(t *testing.T) (cleanup func(), retAddress, token, moun
 		t.Fatalf("err: %s", err)
 	}
 
-	var tempDir string
-	// Docker for Mac does not play nice with TempDir
-	if runtime.GOOS == "darwin" {
-		uniqueTempDir, err := uuid.GenerateUUID()
-		if err != nil {
-			t.Fatalf("err: %s", err)
-		}
-		tempDir = path.Join("/tmp", uniqueTempDir)
-	} else {
-		tempDir, err = ioutil.TempDir("", "transit-autoseal-test")
-		if err != nil {
-			t.Fatal(err)
-		}
-	}
-
 	pool, err := dockertest.NewPool("")
 	if err != nil {
 		t.Fatalf("Failed to connect to docker: %s", err)
@@ -150,10 +126,8 @@ func prepareTestContainer(t *testing.T) (cleanup func(), retAddress, token, moun
 	dockerOptions := &dockertest.RunOptions{
 		Repository: "vault",
 		Tag:        "latest",
-		Cmd: []string{"server", "-log-level=trace", "-dev", "-dev-three-node", fmt.Sprintf("-dev-root-token-id=%s", testToken),
+		Cmd: []string{"server", "-log-level=trace", "-dev", fmt.Sprintf("-dev-root-token-id=%s", testToken),
 			"-dev-listen-address=0.0.0.0:8200"},
-		Env:    []string{"VAULT_DEV_TEMP_DIR=/tmp"},
-		Mounts: []string{fmt.Sprintf("%s:/tmp", tempDir)},
 	}
 	resource, err := pool.RunWithOptions(dockerOptions)
 	if err != nil {
@@ -161,20 +135,14 @@ func prepareTestContainer(t *testing.T) (cleanup func(), retAddress, token, moun
 	}
 
 	cleanup = func() {
-		if err := os.RemoveAll(tempDir); err != nil {
-			t.Fatalf("error removing temp directory: %s", err)
-		}
-
 		if err := pool.Purge(resource); err != nil {
 			t.Fatalf("Failed to cleanup local container: %s", err)
 		}
 	}
 
-	retAddress = fmt.Sprintf("https://127.0.0.1:%s", resource.GetPort("8200/tcp"))
+	retAddress = fmt.Sprintf("http://127.0.0.1:%s", resource.GetPort("8200/tcp"))
 	tlsConfig = &api.TLSConfig{
-		CACert:     path.Join(tempDir, "ca_cert.pem"),
-		ClientCert: path.Join(tempDir, "node1_port_8200_cert.pem"),
-		ClientKey:  path.Join(tempDir, "node1_port_8200_key.pem"),
+		Insecure: true,
 	}
 
 	// exponential backoff-retry