Skip to content

Commit

Permalink
Fixed integration tests
Browse files Browse the repository at this point in the history
  • Loading branch information
yuriytkach committed Jun 29, 2023
1 parent 459e22d commit c008df4
Show file tree
Hide file tree
Showing 9 changed files with 180 additions and 36 deletions.
2 changes: 1 addition & 1 deletion docs/modules/ROOT/pages/includes/attributes.adoc
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
:quarkus-version: 3.0.3.Final
:quarkus-version: 3.1.3.Final
:quarkus-vault-version: 3.0.0
:maven-version: 3.8.1+

Expand Down
150 changes: 132 additions & 18 deletions docs/modules/ROOT/pages/includes/quarkus-vault.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,8 @@ a|icon:lock[title=Fixed at build time] [[quarkus-vault_quarkus.vault.devservices

[.description]
--
If DevServices has been explicitly enabled or disabled. DevServices is generally enabled by default, unless there is an existing configuration present.
If DevServices has been explicitly enabled or disabled. DevServices is generally enabled by default, unless there is an existing configuration present.

When DevServices is enabled Quarkus will attempt to automatically configure and start a vault instance when running in Dev or Test mode and when Docker is running.

ifdef::add-copy-button-to-env-var[]
Expand Down Expand Up @@ -47,8 +48,10 @@ a|icon:lock[title=Fixed at build time] [[quarkus-vault_quarkus.vault.devservices

[.description]
--
Indicates if the Vault instance managed by Quarkus Dev Services is shared. When shared, Quarkus looks for running containers using label-based service discovery. If a matching container is found, it is used, and so a second one is not started. Otherwise, Dev Services for Vault starts a new container.
The discovery uses the `quarkus-dev-service-vault` label. The value is configured using the `service-name` property.
Indicates if the Vault instance managed by Quarkus Dev Services is shared. When shared, Quarkus looks for running containers using label-based service discovery. If a matching container is found, it is used, and so a second one is not started. Otherwise, Dev Services for Vault starts a new container.

The discovery uses the `quarkus-dev-service-vault` label. The value is configured using the `service-name` property.

Container sharing is only used in dev mode.

ifdef::add-copy-button-to-env-var[]
Expand All @@ -65,7 +68,8 @@ a|icon:lock[title=Fixed at build time] [[quarkus-vault_quarkus.vault.devservices

[.description]
--
The value of the `quarkus-dev-service-vault` label attached to the started container. This property is used when `shared` is set to `true`. In this case, before starting a container, Dev Services for Vault looks for a container with the `quarkus-dev-service-vault` label set to the configured value. If found, it will use this container instead of starting a new one. Otherwise it starts a new container with the `quarkus-dev-service-vault` label set to the specified value.
The value of the `quarkus-dev-service-vault` label attached to the started container. This property is used when `shared` is set to `true`. In this case, before starting a container, Dev Services for Vault looks for a container with the `quarkus-dev-service-vault` label set to the configured value. If found, it will use this container instead of starting a new one. Otherwise it starts a new container with the `quarkus-dev-service-vault` label set to the specified value.

This property is used when you need multiple shared Vault instances.

ifdef::add-copy-button-to-env-var[]
Expand All @@ -82,7 +86,8 @@ a|icon:lock[title=Fixed at build time] [[quarkus-vault_quarkus.vault.devservices

[.description]
--
Optional fixed port the dev service will listen to.
Optional fixed port the dev service will listen to.

If not defined, the port will be chosen randomly.

ifdef::add-copy-button-to-env-var[]
Expand Down Expand Up @@ -147,8 +152,10 @@ a| [[quarkus-vault_quarkus.vault.config-ordinal]]`link:#quarkus-vault_quarkus.va

[.description]
--
Microprofile Config ordinal.
This is provided as an alternative to the `config_ordinal` property defined by the specification, to make it easier and more natural for applications to override the default ordinal.
Microprofile Config ordinal.

This is provided as an alternative to the `config_ordinal` property defined by the specification, to make it easier and more natural for applications to override the default ordinal.

The default value is higher than the file system or jar ordinals, but lower than env vars.

ifdef::add-copy-button-to-env-var[]
Expand Down Expand Up @@ -395,7 +402,8 @@ a| [[quarkus-vault_quarkus.vault.non-proxy-hosts]]`link:#quarkus-vault_quarkus.v

[.description]
--
List of remote hosts that are not proxied when the client is configured to use a proxy. This list serves the same purpose as the JVM `nonProxyHosts` configuration.
List of remote hosts that are not proxied when the client is configured to use a proxy. This list serves the same purpose as the JVM `nonProxyHosts` configuration.

Entries can use the _++*++_ wildcard character for pattern matching, e.g _++*++.example.com_ matches _www.example.com_.

ifdef::add-copy-button-to-env-var[]
Expand Down Expand Up @@ -671,8 +679,10 @@ a| [[quarkus-vault_quarkus.vault.authentication.client-token-wrapping-token]]`li

[.description]
--
Client token wrapped in a wrapping token, such as what is returned by:
vault token create -wrap-ttl=60s -policy=myapp
Client token wrapped in a wrapping token, such as what is returned by:

vault token create -wrap-ttl=60s -policy=myapp

client-token and client-token-wrapping-token are exclusive. Lease renewal does not apply.

ifdef::add-copy-button-to-env-var[]
Expand Down Expand Up @@ -721,8 +731,10 @@ a| [[quarkus-vault_quarkus.vault.authentication.app-role.secret-id-wrapping-toke

[.description]
--
Wrapping token containing a Secret Id, obtained from:
vault write -wrap-ttl=60s -f auth/approle/role/myapp/secret-id
Wrapping token containing a Secret Id, obtained from:

vault write -wrap-ttl=60s -f auth/approle/role/myapp/secret-id

secret-id and secret-id-wrapping-token are exclusive

ifdef::add-copy-button-to-env-var[]
Expand Down Expand Up @@ -787,10 +799,14 @@ a| [[quarkus-vault_quarkus.vault.authentication.userpass.password-wrapping-token

[.description]
--
Wrapping token containing a Password, obtained from:
vault kv get -wrap-ttl=60s secret/
The key has to be 'password', meaning the password has initially been provisioned with:
vault kv put secret/ password=
Wrapping token containing a Password, obtained from:

vault kv get -wrap-ttl=60s secret/

The key has to be 'password', meaning the password has initially been provisioned with:

vault kv put secret/ password=

password and password-wrapping-token are exclusive

ifdef::add-copy-button-to-env-var[]
Expand Down Expand Up @@ -851,6 +867,102 @@ endif::add-copy-button-to-env-var[]
|`auth/kubernetes`


a| [[quarkus-vault_quarkus.vault.authentication.aws-iam.role]]`link:#quarkus-vault_quarkus.vault.authentication.aws-iam.role[quarkus.vault.authentication.aws-iam.role]`

[.description]
--
AWS IAM authentication role that has been created in Vault to associate Vault policies, with ARN. This property is required when selecting the AWS IAM authentication type.

ifdef::add-copy-button-to-env-var[]
Environment variable: env_var_with_copy_button:+++QUARKUS_VAULT_AUTHENTICATION_AWS_IAM_ROLE+++[]
endif::add-copy-button-to-env-var[]
ifndef::add-copy-button-to-env-var[]
Environment variable: `+++QUARKUS_VAULT_AUTHENTICATION_AWS_IAM_ROLE+++`
endif::add-copy-button-to-env-var[]
--|string
|


a| [[quarkus-vault_quarkus.vault.authentication.aws-iam.region]]`link:#quarkus-vault_quarkus.vault.authentication.aws-iam.region[quarkus.vault.authentication.aws-iam.region]`

[.description]
--
The AWS region to use for AWS IAM authentication.

ifdef::add-copy-button-to-env-var[]
Environment variable: env_var_with_copy_button:+++QUARKUS_VAULT_AUTHENTICATION_AWS_IAM_REGION+++[]
endif::add-copy-button-to-env-var[]
ifndef::add-copy-button-to-env-var[]
Environment variable: `+++QUARKUS_VAULT_AUTHENTICATION_AWS_IAM_REGION+++`
endif::add-copy-button-to-env-var[]
--|string
|


a| [[quarkus-vault_quarkus.vault.authentication.aws-iam.sts-url]]`link:#quarkus-vault_quarkus.vault.authentication.aws-iam.sts-url[quarkus.vault.authentication.aws-iam.sts-url]`

[.description]
--
The URL of the AWS STS endpoint to use for AWS IAM authentication.

ifdef::add-copy-button-to-env-var[]
Environment variable: env_var_with_copy_button:+++QUARKUS_VAULT_AUTHENTICATION_AWS_IAM_STS_URL+++[]
endif::add-copy-button-to-env-var[]
ifndef::add-copy-button-to-env-var[]
Environment variable: `+++QUARKUS_VAULT_AUTHENTICATION_AWS_IAM_STS_URL+++`
endif::add-copy-button-to-env-var[]
--|string
|`https://sts.amazonaws.com`


a| [[quarkus-vault_quarkus.vault.authentication.aws-iam.vault-server-id]]`link:#quarkus-vault_quarkus.vault.authentication.aws-iam.vault-server-id[quarkus.vault.authentication.aws-iam.vault-server-id]`

[.description]
--
The Vault server ID to use for AWS IAM authentication.

ifdef::add-copy-button-to-env-var[]
Environment variable: env_var_with_copy_button:+++QUARKUS_VAULT_AUTHENTICATION_AWS_IAM_VAULT_SERVER_ID+++[]
endif::add-copy-button-to-env-var[]
ifndef::add-copy-button-to-env-var[]
Environment variable: `+++QUARKUS_VAULT_AUTHENTICATION_AWS_IAM_VAULT_SERVER_ID+++`
endif::add-copy-button-to-env-var[]
--|string
|


a| [[quarkus-vault_quarkus.vault.authentication.aws-iam.aws-access-key]]`link:#quarkus-vault_quarkus.vault.authentication.aws-iam.aws-access-key[quarkus.vault.authentication.aws-iam.aws-access-key]`

[.description]
--
The AWS access key ID to use for AWS IAM authentication.

ifdef::add-copy-button-to-env-var[]
Environment variable: env_var_with_copy_button:+++QUARKUS_VAULT_AUTHENTICATION_AWS_IAM_AWS_ACCESS_KEY+++[]
endif::add-copy-button-to-env-var[]
ifndef::add-copy-button-to-env-var[]
Environment variable: `+++QUARKUS_VAULT_AUTHENTICATION_AWS_IAM_AWS_ACCESS_KEY+++`
endif::add-copy-button-to-env-var[]
--|string
|


a| [[quarkus-vault_quarkus.vault.authentication.aws-iam.aws-secret-key]]`link:#quarkus-vault_quarkus.vault.authentication.aws-iam.aws-secret-key[quarkus.vault.authentication.aws-iam.aws-secret-key]`

[.description]
--
The AWS secret access key to use for AWS IAM authentication.

ifdef::add-copy-button-to-env-var[]
Environment variable: env_var_with_copy_button:+++QUARKUS_VAULT_AUTHENTICATION_AWS_IAM_AWS_SECRET_KEY+++[]
endif::add-copy-button-to-env-var[]
ifndef::add-copy-button-to-env-var[]
Environment variable: `+++QUARKUS_VAULT_AUTHENTICATION_AWS_IAM_AWS_SECRET_KEY+++`
endif::add-copy-button-to-env-var[]
--|string
|


h|[[quarkus-vault_quarkus.vault.tls-tls]]link:#quarkus-vault_quarkus.vault.tls-tls[TLS]

h|Type
Expand All @@ -860,7 +972,8 @@ a| [[quarkus-vault_quarkus.vault.tls.skip-verify]]`link:#quarkus-vault_quarkus.v

[.description]
--
Allows to bypass certificate validation on TLS communications.
Allows to bypass certificate validation on TLS communications.

If true this will allow TLS communications with Vault, without checking the validity of the certificate presented by Vault. This is discouraged in production because it allows man in the middle type of attacks.

ifdef::add-copy-button-to-env-var[]
Expand All @@ -877,7 +990,8 @@ a| [[quarkus-vault_quarkus.vault.tls.ca-cert]]`link:#quarkus-vault_quarkus.vault

[.description]
--
Certificate bundle used to validate TLS communications with Vault.
Certificate bundle used to validate TLS communications with Vault.

The path to a pem bundle file, if TLS is required, and trusted certificates are not set through javax.net.ssl.trustStore system property.

ifdef::add-copy-button-to-env-var[]
Expand Down
5 changes: 5 additions & 0 deletions integration-tests/vault-agroal/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,11 @@
<artifactId>quarkus-jdbc-postgresql</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>sts</artifactId>
<scope>test</scope>
</dependency>
</dependencies>

<build>
Expand Down
1 change: 1 addition & 0 deletions integration-tests/vault-app/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>sts</artifactId>
<scope>test</scope>
</dependency>

<!-- test dependencies -->
Expand Down
1 change: 1 addition & 0 deletions integration-tests/vault/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>sts</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>io.quarkiverse.vault</groupId>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,20 @@
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;

import jakarta.inject.Inject;

import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.jboss.logging.Logger;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.condition.DisabledOnOs;
import org.junit.jupiter.api.condition.OS;
import org.junit.jupiter.api.extension.RegisterExtension;

import io.quarkus.test.QuarkusUnitTest;
import io.quarkus.test.common.QuarkusTestResource;
import io.quarkus.vault.runtime.client.VaultClient;
import io.quarkus.vault.runtime.client.authmethod.VaultInternalAwsIamAuthMethod;
import io.quarkus.vault.runtime.client.dto.auth.VaultAwsIamAuth;
import io.quarkus.vault.test.VaultTestLifecycleManager;

@DisabledOnOs(OS.WINDOWS) // https://github.com/quarkusio/quarkus/issues/3796
Expand All @@ -22,20 +28,37 @@ public class VaultAwsIamITCase {
.withApplicationRoot((jar) -> jar
.addAsResource("application-vault-aws-iam.properties", "application.properties"));

private static final Logger log = Logger.getLogger(VaultAwsIamITCase.class);

@ConfigProperty(name = "quarkus.vault.authentication.aws-iam.role")
String role;

@ConfigProperty(name = "quarkus.vault.authentication.aws-iam.aws-access-key")
String key;

@Inject
VaultClient vaultClient;

@Inject
VaultInternalAwsIamAuthMethod vaultInternalAwsIamAuthMethod;

@Test
public void testRole() {
public void testRoleConfig() {
assertEquals("myawsiamrole", role);
}

@Test
public void testAwsAccessKey() {
public void testAwsAccessKeyConfig() {
assertNotNull(key);
}

@Test
public void testSuccessAuth() {
final VaultAwsIamAuth auth = vaultInternalAwsIamAuthMethod.login(vaultClient).await().indefinitely();

String awsIamClientToken = auth.auth.clientToken;
log.info("awsIamClientToken = " + awsIamClientToken);
assertNotNull(awsIamClientToken);
}

}
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
package io.quarkus.vault;

import static com.github.tomakehurst.wiremock.client.WireMock.aResponse;
import static com.github.tomakehurst.wiremock.client.WireMock.get;
import static com.github.tomakehurst.wiremock.client.WireMock.urlEqualTo;

import java.util.Collections;
import java.util.Map;

Expand All @@ -8,10 +12,6 @@

import io.quarkus.test.common.QuarkusTestResourceLifecycleManager;

import static com.github.tomakehurst.wiremock.client.WireMock.aResponse;
import static com.github.tomakehurst.wiremock.client.WireMock.get;
import static com.github.tomakehurst.wiremock.client.WireMock.urlEqualTo;

public class WiremockProxy implements QuarkusTestResourceLifecycleManager {

public static final String PROXY_HOST = "localhost";
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,9 @@ quarkus.vault.authentication.aws-iam.vault-server-id=vault.example.com
quarkus.vault.authentication.aws-iam.aws-access-key=${vault-test.aws-user.access-key}
quarkus.vault.authentication.aws-iam.aws-secret-key=${vault-test.aws-user.secret-key}

#quarkus.vault.tls.skip-verify=true
quarkus.vault.tls.ca-cert=src/test/resources/vault-tls.crt

#quarkus.vault.log-confidentiality-level=low
#quarkus.vault.renew-grace-period=10
quarkus.vault.log-confidentiality-level=low
quarkus.vault.renew-grace-period=10

quarkus.log.category."io.quarkus.vault".level=DEBUG

#quarkus.log.level=DEBUG
#quarkus.log.console.level=DEBUG
Loading

0 comments on commit c008df4

Please sign in to comment.