mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-23 23:51:08 +02:00
392412829b
* [VAULT-30189] enos: verify identity and OIDC tokens Expand our baseline API and data verification by including the identity and identity OIDC tokens secrets engines. We now create a test entity, entity-alias, identity group, various policies, and associate them with the entity. For the OIDC side, we now configure the OIDC issuer, create and rotate named keys, create and associate roles with the named key, and issue and introspect tokens. During a second phase we also verify that the those some entities, groups, keys, roles, config, etc all exist with the expected values. This is useful to test durability after upgrades, migrations, etc. This change also includes new updates our prior `auth/userpass` and `kv` verification. We had two modules that were loosely coupled and interdependent. This restructures those both into a singular module with child modules and fixes the assumed values by requiring the read module to verify against the created state. Going forward we can continue to extend this secrets engine verification module with additional create and read checks for new secrets engines. Signed-off-by: Ryan Cragun <me@ryan.ec>