From 2510e78833076cd35f1b500b9ebc1522c0a4b865 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Mon, 13 Jun 2022 15:17:50 +0300 Subject: [PATCH 01/44] setup integration tests --- .github/workflows/integration_tests.yml | 37 +++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 .github/workflows/integration_tests.yml diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml new file mode 100644 index 0000000..033381b --- /dev/null +++ b/.github/workflows/integration_tests.yml @@ -0,0 +1,37 @@ +on: + push: + branches: + - main + - integration_tests + pull_request: + +jobs: + test: + strategy: + matrix: + containers: [ 1.18.3-bullseye ] + runs-on: ubuntu-22.04 + container: golang:${{ matrix.containers }} + env: + VAULT_TOKEN: vaultpwd + VAULT_ADDR: http://vault:8200 + steps: + - name: Checkout code + uses: actions/checkout@v2 + - uses: actions/cache@v2 + with: + path: | + ~/.cache/go-build + /go/pkg/mod + key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ runner.os }}-go- + - name: Unit Tests + run: go test -v -race -timeout=60s ./... + - run: curl --version + services: + vault: + image: vault:1.10.3 + env: + SKIP_SETCAP: true + VAULT_DEV_ROOT_TOKEN_ID: vaultpwd From 0269322e5c12b7ae2e03f21780092f86f570bb37 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Mon, 13 Jun 2022 15:24:29 +0300 Subject: [PATCH 02/44] get vault health --- .github/workflows/integration_tests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 033381b..93c320c 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -14,7 +14,7 @@ jobs: container: golang:${{ matrix.containers }} env: VAULT_TOKEN: vaultpwd - VAULT_ADDR: http://vault:8200 + VAULT_ADDR: http://localhost:8200 steps: - name: Checkout code uses: actions/checkout@v2 @@ -28,7 +28,7 @@ jobs: ${{ runner.os }}-go- - name: Unit Tests run: go test -v -race -timeout=60s ./... - - run: curl --version + - run: 'curl --fail -H "X-Vault-Token: ${{VAULT_TOKEN}}" ${{VAULT_ADDR}}/v1/sys/health' services: vault: image: vault:1.10.3 From 9a10c33b0e708f9a74aae16639f285def013365c Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Mon, 13 Jun 2022 15:26:38 +0300 Subject: [PATCH 03/44] get vault health --- .github/workflows/integration_tests.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 93c320c..577f8d8 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -28,7 +28,9 @@ jobs: ${{ runner.os }}-go- - name: Unit Tests run: go test -v -race -timeout=60s ./... - - run: 'curl --fail -H "X-Vault-Token: ${{VAULT_TOKEN}}" ${{VAULT_ADDR}}/v1/sys/health' + - run: > + curl --fail -H "X-Vault-Token: vaultpwd" + http://localhost:8200/v1/sys/health services: vault: image: vault:1.10.3 From 7324c7776fcb306bc8e6b28d0c2eaaa0680bce67 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Mon, 13 Jun 2022 15:29:08 +0300 Subject: [PATCH 04/44] add port mapping for vault service --- .github/workflows/integration_tests.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 577f8d8..76d8a1f 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -17,8 +17,8 @@ jobs: VAULT_ADDR: http://localhost:8200 steps: - name: Checkout code - uses: actions/checkout@v2 - - uses: actions/cache@v2 + uses: actions/checkout@v3 + - uses: actions/cache@v3 with: path: | ~/.cache/go-build @@ -34,6 +34,8 @@ jobs: services: vault: image: vault:1.10.3 + ports: + - "8200:8200" env: SKIP_SETCAP: true VAULT_DEV_ROOT_TOKEN_ID: vaultpwd From 1acff1f950cbd47f51c6f0f7b8787ff9f9dc7312 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Mon, 13 Jun 2022 15:34:12 +0300 Subject: [PATCH 05/44] try another localhost --- .github/workflows/integration_tests.yml | 28 ++++++++++++------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 76d8a1f..beb59e4 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -16,26 +16,26 @@ jobs: VAULT_TOKEN: vaultpwd VAULT_ADDR: http://localhost:8200 steps: - - name: Checkout code - uses: actions/checkout@v3 - - uses: actions/cache@v3 - with: - path: | - ~/.cache/go-build - /go/pkg/mod - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go- - - name: Unit Tests - run: go test -v -race -timeout=60s ./... +# - name: Checkout code +# uses: actions/checkout@v3 +# - uses: actions/cache@v3 +# with: +# path: | +# ~/.cache/go-build +# /go/pkg/mod +# key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} +# restore-keys: | +# ${{ runner.os }}-go- +# - name: Unit Tests +# run: go test -v -race -timeout=60s ./... - run: > curl --fail -H "X-Vault-Token: vaultpwd" - http://localhost:8200/v1/sys/health + http://127.0.0.1:8200/v1/sys/health services: vault: image: vault:1.10.3 ports: - - "8200:8200" + - 8200:8200 env: SKIP_SETCAP: true VAULT_DEV_ROOT_TOKEN_ID: vaultpwd From 5e50f766b3037e720310252b9f32e13be5c6fe40 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Mon, 13 Jun 2022 15:36:50 +0300 Subject: [PATCH 06/44] wait till calling vault --- .github/workflows/integration_tests.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index beb59e4..c2b77eb 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -28,6 +28,7 @@ jobs: # ${{ runner.os }}-go- # - name: Unit Tests # run: go test -v -race -timeout=60s ./... + - run: sleep 10 - run: > curl --fail -H "X-Vault-Token: vaultpwd" http://127.0.0.1:8200/v1/sys/health From 36989d3618abda1bbd236460ebc18462f2d1ebdb Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Mon, 13 Jun 2022 15:56:47 +0300 Subject: [PATCH 07/44] fix vault address --- .github/workflows/integration_tests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index c2b77eb..f03573f 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -28,10 +28,10 @@ jobs: # ${{ runner.os }}-go- # - name: Unit Tests # run: go test -v -race -timeout=60s ./... - - run: sleep 10 +# - run: sleep 10 - run: > curl --fail -H "X-Vault-Token: vaultpwd" - http://127.0.0.1:8200/v1/sys/health + http://vault:8200/v1/sys/health services: vault: image: vault:1.10.3 From cd2c125193311c2cd0bf6c3304d0463af8716033 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Mon, 13 Jun 2022 15:58:28 +0300 Subject: [PATCH 08/44] replace hardcoded vault address with var --- .github/workflows/integration_tests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index f03573f..9526179 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -14,7 +14,7 @@ jobs: container: golang:${{ matrix.containers }} env: VAULT_TOKEN: vaultpwd - VAULT_ADDR: http://localhost:8200 + VAULT_ADDR: http://vault:8200 steps: # - name: Checkout code # uses: actions/checkout@v3 @@ -31,7 +31,7 @@ jobs: # - run: sleep 10 - run: > curl --fail -H "X-Vault-Token: vaultpwd" - http://vault:8200/v1/sys/health + ${{ VAULT_ADDR }}/v1/sys/health services: vault: image: vault:1.10.3 From 5b2fa20a5ae805b0dd52ae397544581dc2c0ea98 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Mon, 13 Jun 2022 15:59:31 +0300 Subject: [PATCH 09/44] replace hardcoded vault address with var --- .github/workflows/integration_tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 9526179..e2f6dee 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -31,7 +31,7 @@ jobs: # - run: sleep 10 - run: > curl --fail -H "X-Vault-Token: vaultpwd" - ${{ VAULT_ADDR }}/v1/sys/health + ${VAULT_ADDR}/v1/sys/health services: vault: image: vault:1.10.3 From dcc8c3528e16efac828562fbc017556d3a61c14b Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Mon, 13 Jun 2022 18:33:51 +0300 Subject: [PATCH 10/44] download plugin --- .github/workflows/integration_tests.yml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index e2f6dee..3fbe5ff 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -11,10 +11,14 @@ jobs: matrix: containers: [ 1.18.3-bullseye ] runs-on: ubuntu-22.04 - container: golang:${{ matrix.containers }} + container: + image: golang:${{ matrix.containers }} + volumes: + - vault_plugins:/vault/plugins env: VAULT_TOKEN: vaultpwd VAULT_ADDR: http://vault:8200 + PLUGIN_URL: https://github.com/iden3/vault-plugin-secrets-bjj/releases/download/v0.0.1/vault-plugin-secrets-bjj_0.0.1_linux_amd64.tar.gz steps: # - name: Checkout code # uses: actions/checkout@v3 @@ -30,13 +34,16 @@ jobs: # run: go test -v -race -timeout=60s ./... # - run: sleep 10 - run: > - curl --fail -H "X-Vault-Token: vaultpwd" + curl --fail -H "X-Vault-Token: ${VAULT_TOKEN}" ${VAULT_ADDR}/v1/sys/health + - run: curl -o - --fail -L ${PLUGIN_URL} | tar -C /vault/plugins -xzf - vault-plugin-secrets-bjj services: vault: image: vault:1.10.3 ports: - 8200:8200 + volumes: + - vault_plugins:/vault/plugins env: SKIP_SETCAP: true VAULT_DEV_ROOT_TOKEN_ID: vaultpwd From f8b2e86a659fbd75c1b0dbf220c623db68903e4c Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Mon, 13 Jun 2022 18:47:52 +0300 Subject: [PATCH 11/44] register plugin --- .github/workflows/integration_tests.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 3fbe5ff..2fba3e2 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -19,6 +19,7 @@ jobs: VAULT_TOKEN: vaultpwd VAULT_ADDR: http://vault:8200 PLUGIN_URL: https://github.com/iden3/vault-plugin-secrets-bjj/releases/download/v0.0.1/vault-plugin-secrets-bjj_0.0.1_linux_amd64.tar.gz + PLUGIN_SHA256: 01804fe88b00bae00664b5cbef99bfb5857e28cfc27af2f8d897f6daef7ce672 steps: # - name: Checkout code # uses: actions/checkout@v3 @@ -36,7 +37,12 @@ jobs: - run: > curl --fail -H "X-Vault-Token: ${VAULT_TOKEN}" ${VAULT_ADDR}/v1/sys/health - - run: curl -o - --fail -L ${PLUGIN_URL} | tar -C /vault/plugins -xzf - vault-plugin-secrets-bjj + - run: curl -s -o - --fail -L ${PLUGIN_URL} | tar -C /vault/plugins -xzf - vault-plugin-secrets-bjj + - run: > + curl -X PUT -s --fail -H "X-Vault-Token: $(VAULT_TOKEN)" + -d '{"type":0,"command":"vault-plugin-secrets-bjj","sha256":"${PLUGIN_SHA256}"}' + http://127.0.0.1:8200/v1/sys/plugins/catalog/vault-plugin-secrets-bjj + - run: uname -a services: vault: image: vault:1.10.3 From a023ccb52fa259f071699df417276fe0a22dcae0 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Mon, 13 Jun 2022 18:49:46 +0300 Subject: [PATCH 12/44] fix plugin registration command --- .github/workflows/integration_tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 2fba3e2..3fbdce2 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -39,7 +39,7 @@ jobs: ${VAULT_ADDR}/v1/sys/health - run: curl -s -o - --fail -L ${PLUGIN_URL} | tar -C /vault/plugins -xzf - vault-plugin-secrets-bjj - run: > - curl -X PUT -s --fail -H "X-Vault-Token: $(VAULT_TOKEN)" + curl -X PUT -s --fail -H "X-Vault-Token: ${VAULT_TOKEN}" -d '{"type":0,"command":"vault-plugin-secrets-bjj","sha256":"${PLUGIN_SHA256}"}' http://127.0.0.1:8200/v1/sys/plugins/catalog/vault-plugin-secrets-bjj - run: uname -a From bf9c6696d2a9a65ac5b6d4918ab7e5060cf66c72 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Mon, 13 Jun 2022 18:52:35 +0300 Subject: [PATCH 13/44] fix plugin registration command --- .github/workflows/integration_tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 3fbdce2..d0dfe2c 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -41,7 +41,7 @@ jobs: - run: > curl -X PUT -s --fail -H "X-Vault-Token: ${VAULT_TOKEN}" -d '{"type":0,"command":"vault-plugin-secrets-bjj","sha256":"${PLUGIN_SHA256}"}' - http://127.0.0.1:8200/v1/sys/plugins/catalog/vault-plugin-secrets-bjj + ${VAULT_ADDR}/v1/sys/plugins/catalog/vault-plugin-secrets-bjj - run: uname -a services: vault: From d2b01b9328a9bd5b39feefbcd89d52425e30d3f1 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Mon, 13 Jun 2022 19:00:32 +0300 Subject: [PATCH 14/44] fix plugin registration command --- .github/workflows/integration_tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index d0dfe2c..9727f84 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -39,7 +39,7 @@ jobs: ${VAULT_ADDR}/v1/sys/health - run: curl -s -o - --fail -L ${PLUGIN_URL} | tar -C /vault/plugins -xzf - vault-plugin-secrets-bjj - run: > - curl -X PUT -s --fail -H "X-Vault-Token: ${VAULT_TOKEN}" + curl -X PUT -H "X-Vault-Token: ${VAULT_TOKEN}" -d '{"type":0,"command":"vault-plugin-secrets-bjj","sha256":"${PLUGIN_SHA256}"}' ${VAULT_ADDR}/v1/sys/plugins/catalog/vault-plugin-secrets-bjj - run: uname -a From a1e4203537f37481aa58dea843e5b4791c308541 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Mon, 13 Jun 2022 19:03:42 +0300 Subject: [PATCH 15/44] fix plugin registration command --- .github/workflows/integration_tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 9727f84..feb66e3 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -40,7 +40,7 @@ jobs: - run: curl -s -o - --fail -L ${PLUGIN_URL} | tar -C /vault/plugins -xzf - vault-plugin-secrets-bjj - run: > curl -X PUT -H "X-Vault-Token: ${VAULT_TOKEN}" - -d '{"type":0,"command":"vault-plugin-secrets-bjj","sha256":"${PLUGIN_SHA256}"}' + -d "{\"type\":0,\"command\":\"vault-plugin-secrets-bjj\",\"sha256\":\"${PLUGIN_SHA256}\"}" ${VAULT_ADDR}/v1/sys/plugins/catalog/vault-plugin-secrets-bjj - run: uname -a services: From 2267b9a051577debb60739f82e1351e9449bba0f Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Mon, 13 Jun 2022 19:08:05 +0300 Subject: [PATCH 16/44] add plugin dir to vault config --- .github/workflows/integration_tests.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index feb66e3..a821d0e 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -39,7 +39,7 @@ jobs: ${VAULT_ADDR}/v1/sys/health - run: curl -s -o - --fail -L ${PLUGIN_URL} | tar -C /vault/plugins -xzf - vault-plugin-secrets-bjj - run: > - curl -X PUT -H "X-Vault-Token: ${VAULT_TOKEN}" + curl -X PUT --fail -H "X-Vault-Token: ${VAULT_TOKEN}" -d "{\"type\":0,\"command\":\"vault-plugin-secrets-bjj\",\"sha256\":\"${PLUGIN_SHA256}\"}" ${VAULT_ADDR}/v1/sys/plugins/catalog/vault-plugin-secrets-bjj - run: uname -a @@ -53,3 +53,4 @@ jobs: env: SKIP_SETCAP: true VAULT_DEV_ROOT_TOKEN_ID: vaultpwd + VAULT_LOCAL_CONFIG: '{"plugin_directory": "/vault/plugins"}' From ccb6bfe5c560c910cab5aeaa73217cf1ef7b1193 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Mon, 13 Jun 2022 19:14:55 +0300 Subject: [PATCH 17/44] add secrets mounting --- .github/workflows/integration_tests.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index a821d0e..5c6cd17 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -20,6 +20,7 @@ jobs: VAULT_ADDR: http://vault:8200 PLUGIN_URL: https://github.com/iden3/vault-plugin-secrets-bjj/releases/download/v0.0.1/vault-plugin-secrets-bjj_0.0.1_linux_amd64.tar.gz PLUGIN_SHA256: 01804fe88b00bae00664b5cbef99bfb5857e28cfc27af2f8d897f6daef7ce672 + PLUGIN_SECRETS_PATH: bjj steps: # - name: Checkout code # uses: actions/checkout@v3 @@ -39,9 +40,13 @@ jobs: ${VAULT_ADDR}/v1/sys/health - run: curl -s -o - --fail -L ${PLUGIN_URL} | tar -C /vault/plugins -xzf - vault-plugin-secrets-bjj - run: > - curl -X PUT --fail -H "X-Vault-Token: ${VAULT_TOKEN}" + curl -X PUT --fail -s -H "X-Vault-Token: ${VAULT_TOKEN}" -d "{\"type\":0,\"command\":\"vault-plugin-secrets-bjj\",\"sha256\":\"${PLUGIN_SHA256}\"}" ${VAULT_ADDR}/v1/sys/plugins/catalog/vault-plugin-secrets-bjj + - run: > + curl -X POST --fail -s -H "X-Vault-Token: ${VAULT_TOKEN}" + -d '{"type":"vault-plugin-secrets-bjj","description":"","config":{"options":null,"default_lease_ttl":"0s","max_lease_ttl":"0s","force_no_cache":false},"local":false,"seal_wrap":false,"external_entropy_access":false,"options":null}' + ${VAULT_ADDR}/v1/sys/mounts/${PLUGIN_SECRETS_PATH} - run: uname -a services: vault: From c0dd0a8fa2f93397f3f5575322d71672e5d235a9 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Tue, 14 Jun 2022 07:01:29 +0300 Subject: [PATCH 18/44] run integration tests --- .github/workflows/integration_tests.yml | 42 +++++++++++-------------- main_test.go | 7 +++++ 2 files changed, 25 insertions(+), 24 deletions(-) create mode 100644 main_test.go diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 5c6cd17..ace4f99 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -18,41 +18,35 @@ jobs: env: VAULT_TOKEN: vaultpwd VAULT_ADDR: http://vault:8200 - PLUGIN_URL: https://github.com/iden3/vault-plugin-secrets-bjj/releases/download/v0.0.1/vault-plugin-secrets-bjj_0.0.1_linux_amd64.tar.gz - PLUGIN_SHA256: 01804fe88b00bae00664b5cbef99bfb5857e28cfc27af2f8d897f6daef7ce672 - PLUGIN_SECRETS_PATH: bjj + VAULT_BJJ_PATH: bjj steps: -# - name: Checkout code -# uses: actions/checkout@v3 -# - uses: actions/cache@v3 -# with: -# path: | -# ~/.cache/go-build -# /go/pkg/mod -# key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} -# restore-keys: | -# ${{ runner.os }}-go- -# - name: Unit Tests -# run: go test -v -race -timeout=60s ./... -# - run: sleep 10 - - run: > - curl --fail -H "X-Vault-Token: ${VAULT_TOKEN}" - ${VAULT_ADDR}/v1/sys/health - - run: curl -s -o - --fail -L ${PLUGIN_URL} | tar -C /vault/plugins -xzf - vault-plugin-secrets-bjj + - uses: actions/checkout@v3 + - uses: actions/cache@v3 + with: + path: | + ~/.cache/go-build + /go/pkg/mod + ~/go/pkg/mod + key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ runner.os }}-go- + + - run: go build -o /vault/plugins/vault-plugin-secrets-bjj + - run: > + export PLUGIN_SHA256=`openssl dgst -r -sha256 /vault/plugins/vault-plugin-secrets-bjj | awk '{print $1}'` && curl -X PUT --fail -s -H "X-Vault-Token: ${VAULT_TOKEN}" -d "{\"type\":0,\"command\":\"vault-plugin-secrets-bjj\",\"sha256\":\"${PLUGIN_SHA256}\"}" ${VAULT_ADDR}/v1/sys/plugins/catalog/vault-plugin-secrets-bjj - run: > curl -X POST --fail -s -H "X-Vault-Token: ${VAULT_TOKEN}" -d '{"type":"vault-plugin-secrets-bjj","description":"","config":{"options":null,"default_lease_ttl":"0s","max_lease_ttl":"0s","force_no_cache":false},"local":false,"seal_wrap":false,"external_entropy_access":false,"options":null}' - ${VAULT_ADDR}/v1/sys/mounts/${PLUGIN_SECRETS_PATH} - - run: uname -a + ${VAULT_ADDR}/v1/sys/mounts/${VAULT_BJJ_PATH} + + - run: go test -v -race -timeout=60s ./... services: vault: image: vault:1.10.3 - ports: - - 8200:8200 volumes: - vault_plugins:/vault/plugins env: diff --git a/main_test.go b/main_test.go new file mode 100644 index 0000000..b9cea72 --- /dev/null +++ b/main_test.go @@ -0,0 +1,7 @@ +package vault_plugin_secrets_bjj + +import "testing" + +func TestOne(t *testing.T) { + t.Log("One") +} From 2dd81a46fd10fccbd45e80bcdf6190a7dd290fc6 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Tue, 14 Jun 2022 07:03:08 +0300 Subject: [PATCH 19/44] show working directory --- .github/workflows/integration_tests.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index ace4f99..46f98a9 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -31,6 +31,8 @@ jobs: restore-keys: | ${{ runner.os }}-go- + - run: pwd + - run: go build -o /vault/plugins/vault-plugin-secrets-bjj - run: > From 5d72132f51fcbe8231b0094b84c19f5cc342bf86 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Tue, 14 Jun 2022 07:05:49 +0300 Subject: [PATCH 20/44] change build working directory --- .github/workflows/integration_tests.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 46f98a9..8edd1f7 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -31,9 +31,8 @@ jobs: restore-keys: | ${{ runner.os }}-go- - - run: pwd - - run: go build -o /vault/plugins/vault-plugin-secrets-bjj + working-directory: ./cmd/vault-plugin-secrets-bjj - run: > export PLUGIN_SHA256=`openssl dgst -r -sha256 /vault/plugins/vault-plugin-secrets-bjj | awk '{print $1}'` && @@ -45,7 +44,7 @@ jobs: -d '{"type":"vault-plugin-secrets-bjj","description":"","config":{"options":null,"default_lease_ttl":"0s","max_lease_ttl":"0s","force_no_cache":false},"local":false,"seal_wrap":false,"external_entropy_access":false,"options":null}' ${VAULT_ADDR}/v1/sys/mounts/${VAULT_BJJ_PATH} - - run: go test -v -race -timeout=60s ./... + - run: pwd && go test -v -race -timeout=60s ./... services: vault: image: vault:1.10.3 From 103c81104e3c1aca233b9104b3f23d70a2560856 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Tue, 14 Jun 2022 07:08:09 +0300 Subject: [PATCH 21/44] show curl output --- .github/workflows/integration_tests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 8edd1f7..e6c9607 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -36,11 +36,11 @@ jobs: - run: > export PLUGIN_SHA256=`openssl dgst -r -sha256 /vault/plugins/vault-plugin-secrets-bjj | awk '{print $1}'` && - curl -X PUT --fail -s -H "X-Vault-Token: ${VAULT_TOKEN}" + curl -X PUT --fail -i -H "X-Vault-Token: ${VAULT_TOKEN}" -d "{\"type\":0,\"command\":\"vault-plugin-secrets-bjj\",\"sha256\":\"${PLUGIN_SHA256}\"}" ${VAULT_ADDR}/v1/sys/plugins/catalog/vault-plugin-secrets-bjj - run: > - curl -X POST --fail -s -H "X-Vault-Token: ${VAULT_TOKEN}" + curl -X POST --fail -i -H "X-Vault-Token: ${VAULT_TOKEN}" -d '{"type":"vault-plugin-secrets-bjj","description":"","config":{"options":null,"default_lease_ttl":"0s","max_lease_ttl":"0s","force_no_cache":false},"local":false,"seal_wrap":false,"external_entropy_access":false,"options":null}' ${VAULT_ADDR}/v1/sys/mounts/${VAULT_BJJ_PATH} From c6c3d70c1e8593ed572c337f2d44671150789564 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Tue, 14 Jun 2022 07:53:01 +0300 Subject: [PATCH 22/44] list plugins directory --- .github/workflows/integration_tests.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index e6c9607..1fa3dd5 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -34,6 +34,8 @@ jobs: - run: go build -o /vault/plugins/vault-plugin-secrets-bjj working-directory: ./cmd/vault-plugin-secrets-bjj + - run: ls -l /vault/plugins + - run: > export PLUGIN_SHA256=`openssl dgst -r -sha256 /vault/plugins/vault-plugin-secrets-bjj | awk '{print $1}'` && curl -X PUT --fail -i -H "X-Vault-Token: ${VAULT_TOKEN}" From 0121c440960ca20c7e0905681a8484d38d6f8524 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Tue, 14 Jun 2022 08:08:56 +0300 Subject: [PATCH 23/44] debug --- .github/workflows/integration_tests.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 1fa3dd5..5294e91 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -31,9 +31,11 @@ jobs: restore-keys: | ${{ runner.os }}-go- - - run: go build -o /vault/plugins/vault-plugin-secrets-bjj + - run: go build working-directory: ./cmd/vault-plugin-secrets-bjj + - run: cp vault-plugin-secrets-bjj /vault/plugins/vault-plugin-secrets-bjj + - run: ls -l /vault/plugins - run: > @@ -51,7 +53,7 @@ jobs: vault: image: vault:1.10.3 volumes: - - vault_plugins:/vault/plugins + - vault_plugins:/vault/plugins env: SKIP_SETCAP: true VAULT_DEV_ROOT_TOKEN_ID: vaultpwd From cb111e6498efb494fd80f177e5c696f03a00da3e Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Tue, 14 Jun 2022 08:10:52 +0300 Subject: [PATCH 24/44] debug --- .github/workflows/integration_tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 5294e91..0c1a9a8 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -34,7 +34,7 @@ jobs: - run: go build working-directory: ./cmd/vault-plugin-secrets-bjj - - run: cp vault-plugin-secrets-bjj /vault/plugins/vault-plugin-secrets-bjj + - run: cp cmd/vault-plugin-secrets-bjj/vault-plugin-secrets-bjj /vault/plugins/vault-plugin-secrets-bjj - run: ls -l /vault/plugins From daac579e49df057f4f875d64eb57a6f7260b1497 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Tue, 14 Jun 2022 08:13:57 +0300 Subject: [PATCH 25/44] debug --- .github/workflows/integration_tests.yml | 32 +++++++++++++------------ 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 0c1a9a8..05fb5de 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -34,21 +34,23 @@ jobs: - run: go build working-directory: ./cmd/vault-plugin-secrets-bjj - - run: cp cmd/vault-plugin-secrets-bjj/vault-plugin-secrets-bjj /vault/plugins/vault-plugin-secrets-bjj - - - run: ls -l /vault/plugins - - - run: > - export PLUGIN_SHA256=`openssl dgst -r -sha256 /vault/plugins/vault-plugin-secrets-bjj | awk '{print $1}'` && - curl -X PUT --fail -i -H "X-Vault-Token: ${VAULT_TOKEN}" - -d "{\"type\":0,\"command\":\"vault-plugin-secrets-bjj\",\"sha256\":\"${PLUGIN_SHA256}\"}" - ${VAULT_ADDR}/v1/sys/plugins/catalog/vault-plugin-secrets-bjj - - run: > - curl -X POST --fail -i -H "X-Vault-Token: ${VAULT_TOKEN}" - -d '{"type":"vault-plugin-secrets-bjj","description":"","config":{"options":null,"default_lease_ttl":"0s","max_lease_ttl":"0s","force_no_cache":false},"local":false,"seal_wrap":false,"external_entropy_access":false,"options":null}' - ${VAULT_ADDR}/v1/sys/mounts/${VAULT_BJJ_PATH} - - - run: pwd && go test -v -race -timeout=60s ./... +# - run: cp cmd/vault-plugin-secrets-bjj/vault-plugin-secrets-bjj /vault/plugins/vault-plugin-secrets-bjj +# +# - run: ls -l /vault/plugins +# +# - run: sleep 5 +# +# - run: > +# export PLUGIN_SHA256=`openssl dgst -r -sha256 /vault/plugins/vault-plugin-secrets-bjj | awk '{print $1}'` && +# curl -X PUT --fail -i -H "X-Vault-Token: ${VAULT_TOKEN}" +# -d "{\"type\":0,\"command\":\"vault-plugin-secrets-bjj\",\"sha256\":\"${PLUGIN_SHA256}\"}" +# ${VAULT_ADDR}/v1/sys/plugins/catalog/vault-plugin-secrets-bjj +# - run: > +# curl -X POST --fail -i -H "X-Vault-Token: ${VAULT_TOKEN}" +# -d '{"type":"vault-plugin-secrets-bjj","description":"","config":{"options":null,"default_lease_ttl":"0s","max_lease_ttl":"0s","force_no_cache":false},"local":false,"seal_wrap":false,"external_entropy_access":false,"options":null}' +# ${VAULT_ADDR}/v1/sys/mounts/${VAULT_BJJ_PATH} +# +# - run: pwd && go test -v -race -timeout=60s ./... services: vault: image: vault:1.10.3 From 6c64c427f82e5e6d9a0c0f8262d0843d967c3434 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Tue, 14 Jun 2022 08:14:18 +0300 Subject: [PATCH 26/44] debug --- .github/workflows/integration_tests.yml | 34 ++++++++++++------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 05fb5de..04e364e 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -34,23 +34,23 @@ jobs: - run: go build working-directory: ./cmd/vault-plugin-secrets-bjj -# - run: cp cmd/vault-plugin-secrets-bjj/vault-plugin-secrets-bjj /vault/plugins/vault-plugin-secrets-bjj -# -# - run: ls -l /vault/plugins -# -# - run: sleep 5 -# -# - run: > -# export PLUGIN_SHA256=`openssl dgst -r -sha256 /vault/plugins/vault-plugin-secrets-bjj | awk '{print $1}'` && -# curl -X PUT --fail -i -H "X-Vault-Token: ${VAULT_TOKEN}" -# -d "{\"type\":0,\"command\":\"vault-plugin-secrets-bjj\",\"sha256\":\"${PLUGIN_SHA256}\"}" -# ${VAULT_ADDR}/v1/sys/plugins/catalog/vault-plugin-secrets-bjj -# - run: > -# curl -X POST --fail -i -H "X-Vault-Token: ${VAULT_TOKEN}" -# -d '{"type":"vault-plugin-secrets-bjj","description":"","config":{"options":null,"default_lease_ttl":"0s","max_lease_ttl":"0s","force_no_cache":false},"local":false,"seal_wrap":false,"external_entropy_access":false,"options":null}' -# ${VAULT_ADDR}/v1/sys/mounts/${VAULT_BJJ_PATH} -# -# - run: pwd && go test -v -race -timeout=60s ./... + - run: cp cmd/vault-plugin-secrets-bjj/vault-plugin-secrets-bjj /vault/plugins/vault-plugin-secrets-bjj + + - run: ls -l /vault/plugins + + - run: sleep 5 + + - run: > + export PLUGIN_SHA256=`openssl dgst -r -sha256 /vault/plugins/vault-plugin-secrets-bjj | awk '{print $1}'` && + curl -X PUT --fail -i -H "X-Vault-Token: ${VAULT_TOKEN}" + -d "{\"type\":0,\"command\":\"vault-plugin-secrets-bjj\",\"sha256\":\"${PLUGIN_SHA256}\"}" + ${VAULT_ADDR}/v1/sys/plugins/catalog/vault-plugin-secrets-bjj + - run: > + curl -X POST --fail -i -H "X-Vault-Token: ${VAULT_TOKEN}" + -d '{"type":"vault-plugin-secrets-bjj","description":"","config":{"options":null,"default_lease_ttl":"0s","max_lease_ttl":"0s","force_no_cache":false},"local":false,"seal_wrap":false,"external_entropy_access":false,"options":null}' + ${VAULT_ADDR}/v1/sys/mounts/${VAULT_BJJ_PATH} + + - run: pwd && go test -v -race -timeout=60s ./... services: vault: image: vault:1.10.3 From af96b1bf951ec9e1de9b3b9a95a4b8440f9ac185 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Tue, 14 Jun 2022 08:19:46 +0300 Subject: [PATCH 27/44] revert changes to working state --- .github/workflows/integration_tests.yml | 55 ++++++++++++------------- 1 file changed, 27 insertions(+), 28 deletions(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 04e364e..5c6cd17 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -18,44 +18,43 @@ jobs: env: VAULT_TOKEN: vaultpwd VAULT_ADDR: http://vault:8200 - VAULT_BJJ_PATH: bjj + PLUGIN_URL: https://github.com/iden3/vault-plugin-secrets-bjj/releases/download/v0.0.1/vault-plugin-secrets-bjj_0.0.1_linux_amd64.tar.gz + PLUGIN_SHA256: 01804fe88b00bae00664b5cbef99bfb5857e28cfc27af2f8d897f6daef7ce672 + PLUGIN_SECRETS_PATH: bjj steps: - - uses: actions/checkout@v3 - - uses: actions/cache@v3 - with: - path: | - ~/.cache/go-build - /go/pkg/mod - ~/go/pkg/mod - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go- - - - run: go build - working-directory: ./cmd/vault-plugin-secrets-bjj - - - run: cp cmd/vault-plugin-secrets-bjj/vault-plugin-secrets-bjj /vault/plugins/vault-plugin-secrets-bjj - - - run: ls -l /vault/plugins - - - run: sleep 5 - +# - name: Checkout code +# uses: actions/checkout@v3 +# - uses: actions/cache@v3 +# with: +# path: | +# ~/.cache/go-build +# /go/pkg/mod +# key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} +# restore-keys: | +# ${{ runner.os }}-go- +# - name: Unit Tests +# run: go test -v -race -timeout=60s ./... +# - run: sleep 10 + - run: > + curl --fail -H "X-Vault-Token: ${VAULT_TOKEN}" + ${VAULT_ADDR}/v1/sys/health + - run: curl -s -o - --fail -L ${PLUGIN_URL} | tar -C /vault/plugins -xzf - vault-plugin-secrets-bjj - run: > - export PLUGIN_SHA256=`openssl dgst -r -sha256 /vault/plugins/vault-plugin-secrets-bjj | awk '{print $1}'` && - curl -X PUT --fail -i -H "X-Vault-Token: ${VAULT_TOKEN}" + curl -X PUT --fail -s -H "X-Vault-Token: ${VAULT_TOKEN}" -d "{\"type\":0,\"command\":\"vault-plugin-secrets-bjj\",\"sha256\":\"${PLUGIN_SHA256}\"}" ${VAULT_ADDR}/v1/sys/plugins/catalog/vault-plugin-secrets-bjj - run: > - curl -X POST --fail -i -H "X-Vault-Token: ${VAULT_TOKEN}" + curl -X POST --fail -s -H "X-Vault-Token: ${VAULT_TOKEN}" -d '{"type":"vault-plugin-secrets-bjj","description":"","config":{"options":null,"default_lease_ttl":"0s","max_lease_ttl":"0s","force_no_cache":false},"local":false,"seal_wrap":false,"external_entropy_access":false,"options":null}' - ${VAULT_ADDR}/v1/sys/mounts/${VAULT_BJJ_PATH} - - - run: pwd && go test -v -race -timeout=60s ./... + ${VAULT_ADDR}/v1/sys/mounts/${PLUGIN_SECRETS_PATH} + - run: uname -a services: vault: image: vault:1.10.3 + ports: + - 8200:8200 volumes: - - vault_plugins:/vault/plugins + - vault_plugins:/vault/plugins env: SKIP_SETCAP: true VAULT_DEV_ROOT_TOKEN_ID: vaultpwd From 12f286b32751e6c6f5e1171400155fab89ed3b01 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Tue, 14 Jun 2022 08:21:04 +0300 Subject: [PATCH 28/44] debug --- .github/workflows/integration_tests.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 5c6cd17..f61ef62 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -35,10 +35,8 @@ jobs: # - name: Unit Tests # run: go test -v -race -timeout=60s ./... # - run: sleep 10 - - run: > - curl --fail -H "X-Vault-Token: ${VAULT_TOKEN}" - ${VAULT_ADDR}/v1/sys/health - run: curl -s -o - --fail -L ${PLUGIN_URL} | tar -C /vault/plugins -xzf - vault-plugin-secrets-bjj + - run: ls -l /vault/plugins/ - run: > curl -X PUT --fail -s -H "X-Vault-Token: ${VAULT_TOKEN}" -d "{\"type\":0,\"command\":\"vault-plugin-secrets-bjj\",\"sha256\":\"${PLUGIN_SHA256}\"}" From d1454004698f7451f97402b8398149982729afca Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Tue, 14 Jun 2022 08:22:23 +0300 Subject: [PATCH 29/44] debug --- .github/workflows/integration_tests.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index f61ef62..5698490 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -22,8 +22,7 @@ jobs: PLUGIN_SHA256: 01804fe88b00bae00664b5cbef99bfb5857e28cfc27af2f8d897f6daef7ce672 PLUGIN_SECRETS_PATH: bjj steps: -# - name: Checkout code -# uses: actions/checkout@v3 + - uses: actions/checkout@v3 # - uses: actions/cache@v3 # with: # path: | From 9390373ed8eab53a54cb7064837c70ce42adf248 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Tue, 14 Jun 2022 08:25:39 +0300 Subject: [PATCH 30/44] debug --- .github/workflows/integration_tests.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 5698490..bfff839 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -23,6 +23,9 @@ jobs: PLUGIN_SECRETS_PATH: bjj steps: - uses: actions/checkout@v3 + - run: go build -o /vault/plugins/vault-plugin-secrets-bjj + working-directory: cmd/vault-plugin-secrets-bjj + - run: chown 1001:122 /vault/plugins/vault-plugin-secrets-bjj # - uses: actions/cache@v3 # with: # path: | @@ -34,7 +37,7 @@ jobs: # - name: Unit Tests # run: go test -v -race -timeout=60s ./... # - run: sleep 10 - - run: curl -s -o - --fail -L ${PLUGIN_URL} | tar -C /vault/plugins -xzf - vault-plugin-secrets-bjj +# - run: curl -s -o - --fail -L ${PLUGIN_URL} | tar -C /vault/plugins -xzf - vault-plugin-secrets-bjj - run: ls -l /vault/plugins/ - run: > curl -X PUT --fail -s -H "X-Vault-Token: ${VAULT_TOKEN}" From 5733f34ed40ddccd5bb61bea7432a58e2229f3d2 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Tue, 14 Jun 2022 08:28:02 +0300 Subject: [PATCH 31/44] debug --- .github/workflows/integration_tests.yml | 47 ++++++++++++------------- 1 file changed, 23 insertions(+), 24 deletions(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index bfff839..93c59c1 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -18,43 +18,42 @@ jobs: env: VAULT_TOKEN: vaultpwd VAULT_ADDR: http://vault:8200 - PLUGIN_URL: https://github.com/iden3/vault-plugin-secrets-bjj/releases/download/v0.0.1/vault-plugin-secrets-bjj_0.0.1_linux_amd64.tar.gz - PLUGIN_SHA256: 01804fe88b00bae00664b5cbef99bfb5857e28cfc27af2f8d897f6daef7ce672 - PLUGIN_SECRETS_PATH: bjj + VAULT_BJJ_PATH: bjj steps: - uses: actions/checkout@v3 + - uses: actions/cache@v3 + with: + path: | + ~/.cache/go-build + /go/pkg/mod + ~/go/pkg/mod + key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ runner.os }}-go- + - run: go build -o /vault/plugins/vault-plugin-secrets-bjj - working-directory: cmd/vault-plugin-secrets-bjj + working-directory: ./cmd/vault-plugin-secrets-bjj + - run: chown 1001:122 /vault/plugins/vault-plugin-secrets-bjj -# - uses: actions/cache@v3 -# with: -# path: | -# ~/.cache/go-build -# /go/pkg/mod -# key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} -# restore-keys: | -# ${{ runner.os }}-go- -# - name: Unit Tests -# run: go test -v -race -timeout=60s ./... -# - run: sleep 10 -# - run: curl -s -o - --fail -L ${PLUGIN_URL} | tar -C /vault/plugins -xzf - vault-plugin-secrets-bjj - - run: ls -l /vault/plugins/ + + - run: ls -l /vault/plugins + - run: > - curl -X PUT --fail -s -H "X-Vault-Token: ${VAULT_TOKEN}" + export PLUGIN_SHA256=`openssl dgst -r -sha256 /vault/plugins/vault-plugin-secrets-bjj | awk '{print $1}'` && + curl -X PUT --fail -i -H "X-Vault-Token: ${VAULT_TOKEN}" -d "{\"type\":0,\"command\":\"vault-plugin-secrets-bjj\",\"sha256\":\"${PLUGIN_SHA256}\"}" ${VAULT_ADDR}/v1/sys/plugins/catalog/vault-plugin-secrets-bjj - run: > - curl -X POST --fail -s -H "X-Vault-Token: ${VAULT_TOKEN}" + curl -X POST --fail -i -H "X-Vault-Token: ${VAULT_TOKEN}" -d '{"type":"vault-plugin-secrets-bjj","description":"","config":{"options":null,"default_lease_ttl":"0s","max_lease_ttl":"0s","force_no_cache":false},"local":false,"seal_wrap":false,"external_entropy_access":false,"options":null}' - ${VAULT_ADDR}/v1/sys/mounts/${PLUGIN_SECRETS_PATH} - - run: uname -a + ${VAULT_ADDR}/v1/sys/mounts/${VAULT_BJJ_PATH} + + - run: pwd && go test -v -race -timeout=60s ./... services: vault: image: vault:1.10.3 - ports: - - 8200:8200 volumes: - - vault_plugins:/vault/plugins + - vault_plugins:/vault/plugins env: SKIP_SETCAP: true VAULT_DEV_ROOT_TOKEN_ID: vaultpwd From 71f0b1973ac0157201e6e1ad4e59559cf6c8bbe2 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Tue, 14 Jun 2022 11:25:12 +0300 Subject: [PATCH 32/44] debug --- .github/workflows/integration_tests.yml | 47 +++++++++++++------------ 1 file changed, 24 insertions(+), 23 deletions(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 93c59c1..bfff839 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -18,42 +18,43 @@ jobs: env: VAULT_TOKEN: vaultpwd VAULT_ADDR: http://vault:8200 - VAULT_BJJ_PATH: bjj + PLUGIN_URL: https://github.com/iden3/vault-plugin-secrets-bjj/releases/download/v0.0.1/vault-plugin-secrets-bjj_0.0.1_linux_amd64.tar.gz + PLUGIN_SHA256: 01804fe88b00bae00664b5cbef99bfb5857e28cfc27af2f8d897f6daef7ce672 + PLUGIN_SECRETS_PATH: bjj steps: - uses: actions/checkout@v3 - - uses: actions/cache@v3 - with: - path: | - ~/.cache/go-build - /go/pkg/mod - ~/go/pkg/mod - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go- - - run: go build -o /vault/plugins/vault-plugin-secrets-bjj - working-directory: ./cmd/vault-plugin-secrets-bjj - + working-directory: cmd/vault-plugin-secrets-bjj - run: chown 1001:122 /vault/plugins/vault-plugin-secrets-bjj - - - run: ls -l /vault/plugins - +# - uses: actions/cache@v3 +# with: +# path: | +# ~/.cache/go-build +# /go/pkg/mod +# key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} +# restore-keys: | +# ${{ runner.os }}-go- +# - name: Unit Tests +# run: go test -v -race -timeout=60s ./... +# - run: sleep 10 +# - run: curl -s -o - --fail -L ${PLUGIN_URL} | tar -C /vault/plugins -xzf - vault-plugin-secrets-bjj + - run: ls -l /vault/plugins/ - run: > - export PLUGIN_SHA256=`openssl dgst -r -sha256 /vault/plugins/vault-plugin-secrets-bjj | awk '{print $1}'` && - curl -X PUT --fail -i -H "X-Vault-Token: ${VAULT_TOKEN}" + curl -X PUT --fail -s -H "X-Vault-Token: ${VAULT_TOKEN}" -d "{\"type\":0,\"command\":\"vault-plugin-secrets-bjj\",\"sha256\":\"${PLUGIN_SHA256}\"}" ${VAULT_ADDR}/v1/sys/plugins/catalog/vault-plugin-secrets-bjj - run: > - curl -X POST --fail -i -H "X-Vault-Token: ${VAULT_TOKEN}" + curl -X POST --fail -s -H "X-Vault-Token: ${VAULT_TOKEN}" -d '{"type":"vault-plugin-secrets-bjj","description":"","config":{"options":null,"default_lease_ttl":"0s","max_lease_ttl":"0s","force_no_cache":false},"local":false,"seal_wrap":false,"external_entropy_access":false,"options":null}' - ${VAULT_ADDR}/v1/sys/mounts/${VAULT_BJJ_PATH} - - - run: pwd && go test -v -race -timeout=60s ./... + ${VAULT_ADDR}/v1/sys/mounts/${PLUGIN_SECRETS_PATH} + - run: uname -a services: vault: image: vault:1.10.3 + ports: + - 8200:8200 volumes: - - vault_plugins:/vault/plugins + - vault_plugins:/vault/plugins env: SKIP_SETCAP: true VAULT_DEV_ROOT_TOKEN_ID: vaultpwd From 0f687df4b5b2c9bf65caeb63dc383b841d6e18d9 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Tue, 14 Jun 2022 11:28:45 +0300 Subject: [PATCH 33/44] debug --- .github/workflows/integration_tests.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index bfff839..989d46b 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -19,7 +19,7 @@ jobs: VAULT_TOKEN: vaultpwd VAULT_ADDR: http://vault:8200 PLUGIN_URL: https://github.com/iden3/vault-plugin-secrets-bjj/releases/download/v0.0.1/vault-plugin-secrets-bjj_0.0.1_linux_amd64.tar.gz - PLUGIN_SHA256: 01804fe88b00bae00664b5cbef99bfb5857e28cfc27af2f8d897f6daef7ce672 + # PLUGIN_SHA256: 01804fe88b00bae00664b5cbef99bfb5857e28cfc27af2f8d897f6daef7ce672 PLUGIN_SECRETS_PATH: bjj steps: - uses: actions/checkout@v3 @@ -40,6 +40,7 @@ jobs: # - run: curl -s -o - --fail -L ${PLUGIN_URL} | tar -C /vault/plugins -xzf - vault-plugin-secrets-bjj - run: ls -l /vault/plugins/ - run: > + export PLUGIN_SHA256=`openssl dgst -r -sha256 /vault/plugins/vault-plugin-secrets-bjj | awk '{print $1}'` && curl -X PUT --fail -s -H "X-Vault-Token: ${VAULT_TOKEN}" -d "{\"type\":0,\"command\":\"vault-plugin-secrets-bjj\",\"sha256\":\"${PLUGIN_SHA256}\"}" ${VAULT_ADDR}/v1/sys/plugins/catalog/vault-plugin-secrets-bjj From 0757c5ac3feb144313c3acdd1c8532f1151155aa Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Tue, 14 Jun 2022 11:37:23 +0300 Subject: [PATCH 34/44] debug --- .github/workflows/integration_tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 989d46b..f586ee1 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -41,7 +41,7 @@ jobs: - run: ls -l /vault/plugins/ - run: > export PLUGIN_SHA256=`openssl dgst -r -sha256 /vault/plugins/vault-plugin-secrets-bjj | awk '{print $1}'` && - curl -X PUT --fail -s -H "X-Vault-Token: ${VAULT_TOKEN}" + curl -X PUT --fail -i -H "X-Vault-Token: ${VAULT_TOKEN}" -d "{\"type\":0,\"command\":\"vault-plugin-secrets-bjj\",\"sha256\":\"${PLUGIN_SHA256}\"}" ${VAULT_ADDR}/v1/sys/plugins/catalog/vault-plugin-secrets-bjj - run: > From bd74b43785b8d881baef119d51a38d4eb7127ef9 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Tue, 14 Jun 2022 11:41:16 +0300 Subject: [PATCH 35/44] debug --- .github/workflows/integration_tests.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index f586ee1..a20b393 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -19,7 +19,7 @@ jobs: VAULT_TOKEN: vaultpwd VAULT_ADDR: http://vault:8200 PLUGIN_URL: https://github.com/iden3/vault-plugin-secrets-bjj/releases/download/v0.0.1/vault-plugin-secrets-bjj_0.0.1_linux_amd64.tar.gz - # PLUGIN_SHA256: 01804fe88b00bae00664b5cbef99bfb5857e28cfc27af2f8d897f6daef7ce672 + PLUGIN_SHA256: 01804fe88b00bae00664b5cbef99bfb5857e28cfc27af2f8d897f6daef7ce672 PLUGIN_SECRETS_PATH: bjj steps: - uses: actions/checkout@v3 @@ -37,10 +37,10 @@ jobs: # - name: Unit Tests # run: go test -v -race -timeout=60s ./... # - run: sleep 10 -# - run: curl -s -o - --fail -L ${PLUGIN_URL} | tar -C /vault/plugins -xzf - vault-plugin-secrets-bjj + - run: curl -s -o - --fail -L ${PLUGIN_URL} | tar -C /vault/plugins -xzf - vault-plugin-secrets-bjj - run: ls -l /vault/plugins/ +# export PLUGIN_SHA256=`openssl dgst -r -sha256 /vault/plugins/vault-plugin-secrets-bjj | awk '{print $1}'` && - run: > - export PLUGIN_SHA256=`openssl dgst -r -sha256 /vault/plugins/vault-plugin-secrets-bjj | awk '{print $1}'` && curl -X PUT --fail -i -H "X-Vault-Token: ${VAULT_TOKEN}" -d "{\"type\":0,\"command\":\"vault-plugin-secrets-bjj\",\"sha256\":\"${PLUGIN_SHA256}\"}" ${VAULT_ADDR}/v1/sys/plugins/catalog/vault-plugin-secrets-bjj @@ -48,7 +48,6 @@ jobs: curl -X POST --fail -s -H "X-Vault-Token: ${VAULT_TOKEN}" -d '{"type":"vault-plugin-secrets-bjj","description":"","config":{"options":null,"default_lease_ttl":"0s","max_lease_ttl":"0s","force_no_cache":false},"local":false,"seal_wrap":false,"external_entropy_access":false,"options":null}' ${VAULT_ADDR}/v1/sys/mounts/${PLUGIN_SECRETS_PATH} - - run: uname -a services: vault: image: vault:1.10.3 From 7cee773c08644f582f60fd39c914cedbd8242308 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Tue, 14 Jun 2022 11:50:06 +0300 Subject: [PATCH 36/44] debug --- .github/workflows/integration_tests.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index a20b393..8f1dea2 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -37,8 +37,11 @@ jobs: # - name: Unit Tests # run: go test -v -race -timeout=60s ./... # - run: sleep 10 + - run: ls -l /vault/plugins/ + - run: openssl dgst -sha256 /vault/plugins/* - run: curl -s -o - --fail -L ${PLUGIN_URL} | tar -C /vault/plugins -xzf - vault-plugin-secrets-bjj - run: ls -l /vault/plugins/ + - run: openssl dgst -sha256 /vault/plugins/* # export PLUGIN_SHA256=`openssl dgst -r -sha256 /vault/plugins/vault-plugin-secrets-bjj | awk '{print $1}'` && - run: > curl -X PUT --fail -i -H "X-Vault-Token: ${VAULT_TOKEN}" From 47f29579b6c3c34428d394099b8d9f9002a59e85 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Tue, 14 Jun 2022 11:52:21 +0300 Subject: [PATCH 37/44] debug --- .github/workflows/integration_tests.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 8f1dea2..5ee9b17 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -19,7 +19,7 @@ jobs: VAULT_TOKEN: vaultpwd VAULT_ADDR: http://vault:8200 PLUGIN_URL: https://github.com/iden3/vault-plugin-secrets-bjj/releases/download/v0.0.1/vault-plugin-secrets-bjj_0.0.1_linux_amd64.tar.gz - PLUGIN_SHA256: 01804fe88b00bae00664b5cbef99bfb5857e28cfc27af2f8d897f6daef7ce672 +# PLUGIN_SHA256: 01804fe88b00bae00664b5cbef99bfb5857e28cfc27af2f8d897f6daef7ce672 PLUGIN_SECRETS_PATH: bjj steps: - uses: actions/checkout@v3 @@ -42,11 +42,15 @@ jobs: - run: curl -s -o - --fail -L ${PLUGIN_URL} | tar -C /vault/plugins -xzf - vault-plugin-secrets-bjj - run: ls -l /vault/plugins/ - run: openssl dgst -sha256 /vault/plugins/* -# export PLUGIN_SHA256=`openssl dgst -r -sha256 /vault/plugins/vault-plugin-secrets-bjj | awk '{print $1}'` && - run: > + export PLUGIN_SHA256=`openssl dgst -r -sha256 /vault/plugins/vault-plugin-secrets-bjj | awk '{print $1}'` && curl -X PUT --fail -i -H "X-Vault-Token: ${VAULT_TOKEN}" -d "{\"type\":0,\"command\":\"vault-plugin-secrets-bjj\",\"sha256\":\"${PLUGIN_SHA256}\"}" ${VAULT_ADDR}/v1/sys/plugins/catalog/vault-plugin-secrets-bjj +# - run: > +# curl -X PUT --fail -i -H "X-Vault-Token: ${VAULT_TOKEN}" +# -d "{\"type\":0,\"command\":\"vault-plugin-secrets-bjj\",\"sha256\":\"${PLUGIN_SHA256}\"}" +# ${VAULT_ADDR}/v1/sys/plugins/catalog/vault-plugin-secrets-bjj - run: > curl -X POST --fail -s -H "X-Vault-Token: ${VAULT_TOKEN}" -d '{"type":"vault-plugin-secrets-bjj","description":"","config":{"options":null,"default_lease_ttl":"0s","max_lease_ttl":"0s","force_no_cache":false},"local":false,"seal_wrap":false,"external_entropy_access":false,"options":null}' From 1aacba8acd7e21c33c1c3c27587615b627074e1a Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Tue, 14 Jun 2022 11:56:52 +0300 Subject: [PATCH 38/44] debug --- .github/workflows/integration_tests.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 5ee9b17..0e5afa0 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -9,7 +9,7 @@ jobs: test: strategy: matrix: - containers: [ 1.18.3-bullseye ] + containers: [ 1.18.3-alpine3.16 ] runs-on: ubuntu-22.04 container: image: golang:${{ matrix.containers }} @@ -39,9 +39,9 @@ jobs: # - run: sleep 10 - run: ls -l /vault/plugins/ - run: openssl dgst -sha256 /vault/plugins/* - - run: curl -s -o - --fail -L ${PLUGIN_URL} | tar -C /vault/plugins -xzf - vault-plugin-secrets-bjj - - run: ls -l /vault/plugins/ - - run: openssl dgst -sha256 /vault/plugins/* +# - run: curl -s -o - --fail -L ${PLUGIN_URL} | tar -C /vault/plugins -xzf - vault-plugin-secrets-bjj +# - run: ls -l /vault/plugins/ +# - run: openssl dgst -sha256 /vault/plugins/* - run: > export PLUGIN_SHA256=`openssl dgst -r -sha256 /vault/plugins/vault-plugin-secrets-bjj | awk '{print $1}'` && curl -X PUT --fail -i -H "X-Vault-Token: ${VAULT_TOKEN}" From 44176062130506b56d2237fdc2a08b808d05d3f8 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Tue, 14 Jun 2022 11:59:39 +0300 Subject: [PATCH 39/44] debug --- .github/workflows/integration_tests.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 0e5afa0..dd4b763 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -38,6 +38,7 @@ jobs: # run: go test -v -race -timeout=60s ./... # - run: sleep 10 - run: ls -l /vault/plugins/ + - run: apk add --update-cache openssl - run: openssl dgst -sha256 /vault/plugins/* # - run: curl -s -o - --fail -L ${PLUGIN_URL} | tar -C /vault/plugins -xzf - vault-plugin-secrets-bjj # - run: ls -l /vault/plugins/ From e74fc1079b2c13689628f97a78d1ab6728e7a465 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Tue, 14 Jun 2022 12:01:57 +0300 Subject: [PATCH 40/44] debug --- .github/workflows/integration_tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index dd4b763..9e3885f 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -38,7 +38,7 @@ jobs: # run: go test -v -race -timeout=60s ./... # - run: sleep 10 - run: ls -l /vault/plugins/ - - run: apk add --update-cache openssl + - run: apk add --update-cache openssl curl - run: openssl dgst -sha256 /vault/plugins/* # - run: curl -s -o - --fail -L ${PLUGIN_URL} | tar -C /vault/plugins -xzf - vault-plugin-secrets-bjj # - run: ls -l /vault/plugins/ From 922d0b73c21da20af8d9e88ea3a7e24ed55ffa45 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Tue, 14 Jun 2022 15:10:26 +0300 Subject: [PATCH 41/44] debug --- .github/workflows/integration_tests.yml | 44 ++++++++++--------------- 1 file changed, 17 insertions(+), 27 deletions(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 9e3885f..5a53c2f 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -7,55 +7,45 @@ on: jobs: test: - strategy: - matrix: - containers: [ 1.18.3-alpine3.16 ] runs-on: ubuntu-22.04 container: - image: golang:${{ matrix.containers }} + image: golang:1.18.3-alpine3.16 volumes: - vault_plugins:/vault/plugins env: VAULT_TOKEN: vaultpwd VAULT_ADDR: http://vault:8200 - PLUGIN_URL: https://github.com/iden3/vault-plugin-secrets-bjj/releases/download/v0.0.1/vault-plugin-secrets-bjj_0.0.1_linux_amd64.tar.gz -# PLUGIN_SHA256: 01804fe88b00bae00664b5cbef99bfb5857e28cfc27af2f8d897f6daef7ce672 PLUGIN_SECRETS_PATH: bjj steps: - uses: actions/checkout@v3 + - run: go build -o /vault/plugins/vault-plugin-secrets-bjj working-directory: cmd/vault-plugin-secrets-bjj - - run: chown 1001:122 /vault/plugins/vault-plugin-secrets-bjj -# - uses: actions/cache@v3 -# with: -# path: | -# ~/.cache/go-build -# /go/pkg/mod -# key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} -# restore-keys: | -# ${{ runner.os }}-go- -# - name: Unit Tests -# run: go test -v -race -timeout=60s ./... -# - run: sleep 10 - - run: ls -l /vault/plugins/ + +# - run: chown 1001:122 /vault/plugins/vault-plugin-secrets-bjj + + - uses: actions/cache@v3 + with: + path: | + ~/.cache/go-build + /go/pkg/mod + ~/go/pkg/mod + key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ runner.os }}-go- + - run: apk add --update-cache openssl curl - - run: openssl dgst -sha256 /vault/plugins/* -# - run: curl -s -o - --fail -L ${PLUGIN_URL} | tar -C /vault/plugins -xzf - vault-plugin-secrets-bjj -# - run: ls -l /vault/plugins/ -# - run: openssl dgst -sha256 /vault/plugins/* - run: > export PLUGIN_SHA256=`openssl dgst -r -sha256 /vault/plugins/vault-plugin-secrets-bjj | awk '{print $1}'` && curl -X PUT --fail -i -H "X-Vault-Token: ${VAULT_TOKEN}" -d "{\"type\":0,\"command\":\"vault-plugin-secrets-bjj\",\"sha256\":\"${PLUGIN_SHA256}\"}" ${VAULT_ADDR}/v1/sys/plugins/catalog/vault-plugin-secrets-bjj -# - run: > -# curl -X PUT --fail -i -H "X-Vault-Token: ${VAULT_TOKEN}" -# -d "{\"type\":0,\"command\":\"vault-plugin-secrets-bjj\",\"sha256\":\"${PLUGIN_SHA256}\"}" -# ${VAULT_ADDR}/v1/sys/plugins/catalog/vault-plugin-secrets-bjj - run: > curl -X POST --fail -s -H "X-Vault-Token: ${VAULT_TOKEN}" -d '{"type":"vault-plugin-secrets-bjj","description":"","config":{"options":null,"default_lease_ttl":"0s","max_lease_ttl":"0s","force_no_cache":false},"local":false,"seal_wrap":false,"external_entropy_access":false,"options":null}' ${VAULT_ADDR}/v1/sys/mounts/${PLUGIN_SECRETS_PATH} + + - run: go test -v -race -timeout=60s ./... services: vault: image: vault:1.10.3 From dfacdac0cb7c0b9186e1ddafe77a282099771973 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Tue, 14 Jun 2022 15:14:30 +0300 Subject: [PATCH 42/44] debug --- .github/workflows/integration_tests.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 5a53c2f..39662b8 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -17,6 +17,8 @@ jobs: VAULT_ADDR: http://vault:8200 PLUGIN_SECRETS_PATH: bjj steps: + - run: apk add --update-cache openssl curl build-base + - uses: actions/checkout@v3 - run: go build -o /vault/plugins/vault-plugin-secrets-bjj @@ -34,7 +36,6 @@ jobs: restore-keys: | ${{ runner.os }}-go- - - run: apk add --update-cache openssl curl - run: > export PLUGIN_SHA256=`openssl dgst -r -sha256 /vault/plugins/vault-plugin-secrets-bjj | awk '{print $1}'` && curl -X PUT --fail -i -H "X-Vault-Token: ${VAULT_TOKEN}" From f65d658142c0f7e52eb07075093da52ce430b162 Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Tue, 14 Jun 2022 16:15:20 +0300 Subject: [PATCH 43/44] add tests --- .github/workflows/integration_tests.yml | 8 +- go.mod | 4 + go.sum | 1 + main_test.go | 193 +++++++++++++++++++++++- 4 files changed, 199 insertions(+), 7 deletions(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 39662b8..cf989be 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -15,7 +15,8 @@ jobs: env: VAULT_TOKEN: vaultpwd VAULT_ADDR: http://vault:8200 - PLUGIN_SECRETS_PATH: bjj + VAULT_BJJ_PATH: bjj + steps: - run: apk add --update-cache openssl curl build-base @@ -24,8 +25,6 @@ jobs: - run: go build -o /vault/plugins/vault-plugin-secrets-bjj working-directory: cmd/vault-plugin-secrets-bjj -# - run: chown 1001:122 /vault/plugins/vault-plugin-secrets-bjj - - uses: actions/cache@v3 with: path: | @@ -44,9 +43,10 @@ jobs: - run: > curl -X POST --fail -s -H "X-Vault-Token: ${VAULT_TOKEN}" -d '{"type":"vault-plugin-secrets-bjj","description":"","config":{"options":null,"default_lease_ttl":"0s","max_lease_ttl":"0s","force_no_cache":false},"local":false,"seal_wrap":false,"external_entropy_access":false,"options":null}' - ${VAULT_ADDR}/v1/sys/mounts/${PLUGIN_SECRETS_PATH} + ${VAULT_ADDR}/v1/sys/mounts/${VAULT_BJJ_PATH} - run: go test -v -race -timeout=60s ./... + services: vault: image: vault:1.10.3 diff --git a/go.mod b/go.mod index 1151cd2..5e1e29f 100644 --- a/go.mod +++ b/go.mod @@ -8,12 +8,14 @@ require ( github.com/hashicorp/vault/api v1.3.0 github.com/hashicorp/vault/sdk v0.3.1-0.20220112143259-b48602fdb885 github.com/iden3/go-iden3-crypto v0.0.13 + github.com/stretchr/testify v1.7.0 ) require ( github.com/armon/go-metrics v0.3.9 // indirect github.com/armon/go-radix v1.0.0 // indirect github.com/cenkalti/backoff/v3 v3.0.0 // indirect + github.com/davecgh/go-spew v1.1.1 // indirect github.com/dchest/blake512 v1.0.0 // indirect github.com/evanphx/json-patch/v5 v5.5.0 // indirect github.com/fatih/color v1.7.0 // indirect @@ -46,6 +48,7 @@ require ( github.com/oklog/run v1.0.0 // indirect github.com/pierrec/lz4 v2.5.2+incompatible // indirect github.com/pkg/errors v0.9.1 // indirect + github.com/pmezard/go-difflib v1.0.0 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect go.uber.org/atomic v1.9.0 // indirect golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871 // indirect @@ -57,4 +60,5 @@ require ( google.golang.org/grpc v1.41.0 // indirect google.golang.org/protobuf v1.27.1 // indirect gopkg.in/square/go-jose.v2 v2.5.1 // indirect + gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c // indirect ) diff --git a/go.sum b/go.sum index 64e0bbf..4ba59fc 100644 --- a/go.sum +++ b/go.sum @@ -339,6 +339,7 @@ google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+Rur google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w= gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= diff --git a/main_test.go b/main_test.go index b9cea72..0962fb7 100644 --- a/main_test.go +++ b/main_test.go @@ -1,7 +1,194 @@ package vault_plugin_secrets_bjj -import "testing" +import ( + "crypto/rand" + "encoding/hex" + "math/big" + "os" + "path" + "testing" -func TestOne(t *testing.T) { - t.Log("One") + "github.com/hashicorp/vault/api" + "github.com/iden3/go-iden3-crypto/babyjub" + "github.com/iden3/go-iden3-crypto/utils" + "github.com/stretchr/testify/require" +) + +const ( + keyDest = "dest" + keyPublicKey = "public_key" + keyData = "data" + keySignature = "signature" +) + +func newVaultClient(t testing.TB) (vaultCli *api.Client, mountPath string) { + vaultAddr := os.Getenv("VAULT_ADDR") + if vaultAddr == "" { + t.Skip("vault address is not configured") + } + vaultToken := os.Getenv("VAULT_TOKEN") + if vaultToken == "" { + t.Skip("vault token is not configured") + } + + mountPath = os.Getenv("VAULT_BJJ_PATH") + if mountPath == "" { + t.Skip("BJJ plugin mount path is not set") + } + + config := api.DefaultConfig() + config.Address = vaultAddr + + var err error + vaultCli, err = api.NewClient(config) + require.NoError(t, err) + + vaultCli.SetToken(vaultToken) + + return +} + +// create random key in vault and return path to it +func newRandomBJJKey(t testing.TB, vaultCli *api.Client, keyPath string, + extraData map[string]interface{}) { + + rndKeyPath := path.Join(keyPath, "random") + _, err := vaultCli.Logical().Write(rndKeyPath, extraData) + require.NoError(t, err) +} + +func getSecretData(secret *api.Secret) map[string]interface{} { + if secret == nil { + panic("secret is nil") + } + + if secret.Data == nil { + panic("secret data is nil") + } + + return secret.Data +} + +func getPublicKey(t testing.TB, vaultCli *api.Client, keyPath string) string { + requestPath := path.Join(keyPath, "public") + secret, err := vaultCli.Logical().Read(requestPath) + if err != nil { + panic(err) + } + + data := getSecretData(secret) + + pubKeyStr, ok := data[keyPublicKey].(string) + if !ok { + panic("unable to get public key from secret") + } + + return pubKeyStr +} + +func randomKeyPath(basePath string) string { + var rnd [16]byte + _, err := rand.Read(rnd[:]) + if err != nil { + panic(err) + } + + return path.Join(basePath, hex.EncodeToString(rnd[:])) +} + +// move bjj key under new path +func signBJJKey(vaultCli *api.Client, keyPath string, + dataToSign []byte) []byte { + + dataStr := hex.EncodeToString(dataToSign) + data := map[string][]string{keyData: {dataStr}} + requestPath := path.Join(keyPath, "sign") + secret, err := vaultCli.Logical().ReadWithData(requestPath, data) + if err != nil { + panic(err) + } + data2 := getSecretData(secret) + sigStr, ok := data2[keySignature].(string) + if !ok { + panic("unable to get signature from secret") + } + sig, err := hex.DecodeString(sigStr) + if err != nil { + panic(err) + } + return sig +} + +// move bjj key under new path +func moveBJJKey(vaultCli *api.Client, oldPath, newPath string) { + data := map[string]interface{}{keyDest: newPath} + requestPath := path.Join(oldPath, "move") + _, err := vaultCli.Logical().Write(requestPath, data) + if err != nil { + panic(err) + } +} + +func dataAtPath(t testing.TB, vaultCli *api.Client, + keyPath string) map[string]interface{} { + + secret, err := vaultCli.Logical().Read(keyPath) + require.NoError(t, err) + if secret == nil { + return nil + } + return getSecretData(secret) +} + +func TestBJJPlugin(t *testing.T) { + vaultCli, mountPath := newVaultClient(t) + + // register callback to delete key + rmKey := func(keyPath string) { + t.Cleanup(func() { + _, err := vaultCli.Logical().Delete(keyPath) + if err != nil { + t.Error(err) + } + }) + } + + keyPath := randomKeyPath(mountPath) + newRandomBJJKey(t, vaultCli, keyPath, + map[string]interface{}{"extra_key": "value"}) + rmKey(keyPath) + + secData := dataAtPath(t, vaultCli, keyPath) + require.Equal(t, "value", secData["extra_key"]) + + var privKey babyjub.PrivateKey + privKeyStr, err := hex.DecodeString(secData["key_data"].(string)) + require.NoError(t, err) + copy(privKey[:], privKeyStr) + pubKey1Comp := privKey.Public().Compress() + + pubKey2Str := getPublicKey(t, vaultCli, keyPath) + var pubKey2Comp babyjub.PublicKeyComp + pubKey2Bytes, err := hex.DecodeString(pubKey2Str) + require.NoError(t, err) + copy(pubKey2Comp[:], pubKey2Bytes) + + require.Equal(t, pubKey1Comp, pubKey2Comp) + + // Test sign + nonce := big.NewInt(100500) + nonceBytes := utils.SwapEndianness(nonce.Bytes()) + sig1 := privKey.SignPoseidon(nonce).Compress() + sig2Bytes := signBJJKey(vaultCli, keyPath, nonceBytes) + var sig2 babyjub.SignatureComp + copy(sig2[:], sig2Bytes) + require.Equal(t, sig1, sig2) + + // Test moving + newKeyPath := randomKeyPath(mountPath) + moveBJJKey(vaultCli, keyPath, newKeyPath) + newSecData := dataAtPath(t, vaultCli, newKeyPath) + require.Equal(t, secData, newSecData) + + require.Nil(t, dataAtPath(t, vaultCli, keyPath)) } From 9bbf451c1866e812f9446f31c91952b973a0698d Mon Sep 17 00:00:00 2001 From: Oleg Lomaka Date: Tue, 14 Jun 2022 16:20:21 +0300 Subject: [PATCH 44/44] remove testing on temporary branch --- .github/workflows/integration_tests.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index cf989be..7494300 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -2,7 +2,6 @@ on: push: branches: - main - - integration_tests pull_request: jobs: