From 0f39031ddcf7c9253c8d576dac22d9f86d0b8eed Mon Sep 17 00:00:00 2001 From: Chris Hoffman <99742+chrishoffman@users.noreply.github.com> Date: Thu, 7 Mar 2019 14:23:30 -0500 Subject: [PATCH] Fixing transit seal tests (#6342) * fixing dockertest to run on travis * try a repo local directory * precreate the directory * strip extraneous comment * check directory was created * try to print container logs * try writing out client logs * one last try * Attempt to fix test * convert to insecure tls * strip test-temp --- vault/seal/transit/transit_acc_test.go | 56 ++++++-------------------- 1 file changed, 12 insertions(+), 44 deletions(-) diff --git a/vault/seal/transit/transit_acc_test.go b/vault/seal/transit/transit_acc_test.go index 633f0aa3d6..58f86adcf2 100644 --- a/vault/seal/transit/transit_acc_test.go +++ b/vault/seal/transit/transit_acc_test.go @@ -3,11 +3,8 @@ package transit import ( "context" "fmt" - "io/ioutil" - "os" "path" "reflect" - "runtime" "testing" "time" @@ -19,17 +16,14 @@ import ( ) func TestTransitSeal_Lifecycle(t *testing.T) { - cleanup, retAddress, token, mountPath, keyName, tlsConfig := prepareTestContainer(t) + cleanup, retAddress, token, mountPath, keyName, _ := prepareTestContainer(t) defer cleanup() sealConfig := map[string]string{ - "address": retAddress, - "token": token, - "mount_path": mountPath, - "key_name": keyName, - "tls_ca_cert": tlsConfig.CACert, - "tls_client_cert": tlsConfig.ClientCert, - "tls_client_key": tlsConfig.ClientKey, + "address": retAddress, + "token": token, + "mount_path": mountPath, + "key_name": keyName, } s := NewSeal(logging.NewVaultLogger(log.Trace)) _, err := s.SetConfig(sealConfig) @@ -80,13 +74,10 @@ func TestTransitSeal_TokenRenewal(t *testing.T) { } sealConfig := map[string]string{ - "address": retAddress, - "token": rsp.Auth.ClientToken, - "mount_path": mountPath, - "key_name": keyName, - "tls_ca_cert": tlsConfig.CACert, - "tls_client_cert": tlsConfig.ClientCert, - "tls_client_key": tlsConfig.ClientKey, + "address": retAddress, + "token": rsp.Auth.ClientToken, + "mount_path": mountPath, + "key_name": keyName, } s := NewSeal(logging.NewVaultLogger(log.Trace)) _, err = s.SetConfig(sealConfig) @@ -127,21 +118,6 @@ func prepareTestContainer(t *testing.T) (cleanup func(), retAddress, token, moun t.Fatalf("err: %s", err) } - var tempDir string - // Docker for Mac does not play nice with TempDir - if runtime.GOOS == "darwin" { - uniqueTempDir, err := uuid.GenerateUUID() - if err != nil { - t.Fatalf("err: %s", err) - } - tempDir = path.Join("/tmp", uniqueTempDir) - } else { - tempDir, err = ioutil.TempDir("", "transit-autoseal-test") - if err != nil { - t.Fatal(err) - } - } - pool, err := dockertest.NewPool("") if err != nil { t.Fatalf("Failed to connect to docker: %s", err) @@ -150,10 +126,8 @@ func prepareTestContainer(t *testing.T) (cleanup func(), retAddress, token, moun dockerOptions := &dockertest.RunOptions{ Repository: "vault", Tag: "latest", - Cmd: []string{"server", "-log-level=trace", "-dev", "-dev-three-node", fmt.Sprintf("-dev-root-token-id=%s", testToken), + Cmd: []string{"server", "-log-level=trace", "-dev", fmt.Sprintf("-dev-root-token-id=%s", testToken), "-dev-listen-address=0.0.0.0:8200"}, - Env: []string{"VAULT_DEV_TEMP_DIR=/tmp"}, - Mounts: []string{fmt.Sprintf("%s:/tmp", tempDir)}, } resource, err := pool.RunWithOptions(dockerOptions) if err != nil { @@ -161,20 +135,14 @@ func prepareTestContainer(t *testing.T) (cleanup func(), retAddress, token, moun } cleanup = func() { - if err := os.RemoveAll(tempDir); err != nil { - t.Fatalf("error removing temp directory: %s", err) - } - if err := pool.Purge(resource); err != nil { t.Fatalf("Failed to cleanup local container: %s", err) } } - retAddress = fmt.Sprintf("https://127.0.0.1:%s", resource.GetPort("8200/tcp")) + retAddress = fmt.Sprintf("http://127.0.0.1:%s", resource.GetPort("8200/tcp")) tlsConfig = &api.TLSConfig{ - CACert: path.Join(tempDir, "ca_cert.pem"), - ClientCert: path.Join(tempDir, "node1_port_8200_cert.pem"), - ClientKey: path.Join(tempDir, "node1_port_8200_key.pem"), + Insecure: true, } // exponential backoff-retry