diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2b974510d..3de68e304 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -205,7 +205,14 @@ jobs: MYSQL_CONNECTION_PASSWORD: "mysql" MONGODB_URL: "mongodb://root:mongodb@mongo:27017/admin?ssl=false" MSSQL_URL: "sqlserver://sa:${{ secrets.MSSQL_SA_PASSWORD }}@mssql:1433" + # POSTGRES_URL is the standard root conn URL for Vault POSTGRES_URL: "postgres://postgres:secret@postgres:5432/database?sslmode=disable" + # POSTGRES_URL_TEST is used by the TFVP test to connect directly to + # the postgres container. Note: the host is "localhost" because the + # TFVP tests do not run in the same docker network. + POSTGRES_URL_TEST: "postgres://postgres:secret@localhost:5432/database?sslmode=disable" + # POSTGRES_URL_ROOTLESS is used by Vault to connect to the postgres container. + POSTGRES_URL_ROOTLESS: "postgres://{{username}}:{{password}}@postgres:5432/database?sslmode=disable" COUCHBASE_HOST: couchbase COUCHBASE_USERNAME: Administrator COUCHBASE_PASSWORD: password diff --git a/testutil/postgresqlhelper.go b/testutil/postgresqlhelper.go index 6a5312897..84f1a3ccc 100644 --- a/testutil/postgresqlhelper.go +++ b/testutil/postgresqlhelper.go @@ -6,42 +6,13 @@ package testutil import ( "context" "database/sql" - "fmt" - "github.com/hashicorp/vault/sdk/helper/dbtxn" - "github.com/hashicorp/vault/sdk/helper/docker" - "net/url" - "os" "testing" - _ "github.com/jackc/pgx/v4/stdlib" -) + "github.com/hashicorp/vault/sdk/helper/dbtxn" -const ( - defaultPGImage = "docker.mirror.hashicorp.services/postgres" - defaultPGVersion = "13.4-buster" - defaultPGPass = "secret" + _ "github.com/jackc/pgx/v4/stdlib" ) -func defaultRunOpts(t *testing.T) docker.RunOptions { - return docker.RunOptions{ - ContainerName: "postgres", - ImageRepo: defaultPGImage, - ImageTag: defaultPGVersion, - Env: []string{ - "POSTGRES_PASSWORD=" + defaultPGPass, - "POSTGRES_DB=database", - }, - Ports: []string{"5432/tcp"}, - DoNotAutoRemove: false, - OmitLogTimestamps: true, - LogConsumer: func(s string) { - if t.Failed() { - t.Logf("container logs: %s", s) - } - }, - } -} - func CreateTestPGUser(t *testing.T, connURL string, username, password, query string) { t.Helper() t.Logf("[TRACE] Creating test user") @@ -74,54 +45,3 @@ func CreateTestPGUser(t *testing.T, connURL string, username, password, query st t.Fatal(err) } } - -func PrepareTestContainerSelfManaged(t *testing.T) (func(), *url.URL) { - return prepareTestContainerSelfManaged(t, defaultRunOpts(t), defaultPGPass, true, false, false) -} - -func prepareTestContainerSelfManaged(t *testing.T, runOpts docker.RunOptions, password string, addSuffix, forceLocalAddr, useFallback bool, -) (func(), *url.URL) { - if os.Getenv("PG_URL") != "" { - return func() {}, nil - } - - runner, err := docker.NewServiceRunner(runOpts) - if err != nil { - t.Fatalf("Could not start docker Postgres: %s", err) - } - - svc, _, err := runner.StartNewService(context.Background(), addSuffix, forceLocalAddr, connectPostgres(password, runOpts.ImageRepo, useFallback)) - if err != nil { - t.Fatalf("Could not start docker Postgres: %s", err) - } - - return svc.Cleanup, svc.Config.URL() -} - -func connectPostgres(password, repo string, useFallback bool) docker.ServiceAdapter { - return func(ctx context.Context, host string, port int) (docker.ServiceConfig, error) { - hostAddr := fmt.Sprintf("%s:%d", host, port) - if useFallback { - // set the first host to a bad address so we can test the fallback logic - hostAddr = "localhost:55," + hostAddr - } - u := url.URL{ - Scheme: "postgres", - User: url.UserPassword("postgres", password), - Host: hostAddr, - Path: "postgres", - RawQuery: "sslmode=disable", - } - - db, err := sql.Open("pgx", u.String()) - if err != nil { - return nil, err - } - defer db.Close() - - if err = db.Ping(); err != nil { - return nil, err - } - return docker.NewServiceURL(u), nil - } -} diff --git a/vault/resource_database_secret_backend_static_role_test.go b/vault/resource_database_secret_backend_static_role_test.go index 1f23d835b..96df17f7b 100644 --- a/vault/resource_database_secret_backend_static_role_test.go +++ b/vault/resource_database_secret_backend_static_role_test.go @@ -7,10 +7,11 @@ import ( "context" "database/sql" "fmt" - "github.com/hashicorp/terraform-provider-vault/internal/consts" "os" "testing" + "github.com/hashicorp/terraform-provider-vault/internal/consts" + _ "github.com/go-sql-driver/mysql" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" @@ -152,13 +153,12 @@ func TestAccDatabaseSecretBackendStaticRole_rotationSchedule(t *testing.T) { // TestAccDatabaseSecretBackendStaticRole_Rootless tests the // Rootless Config and Rotation flow for Static Roles. -// This test sets up a PGX container and creates static users -// in the DB to test the workflow. -// Currently only runs locally; Vault CI is unable to talk -// to the PGX Docker container due to network issues. +// To run locally you will need to set the following env vars: +// - POSTGRES_URL_TEST +// - POSTGRES_URL_ROOTLESS func TestAccDatabaseSecretBackendStaticRole_Rootless(t *testing.T) { - // TODO enable test to run in CI - testutil.SkipTestEnvUnset(t, "PGX_ROOTLESS_ROTATION") + connURLTestRoot := testutil.SkipTestEnvUnset(t, "POSTGRES_URL_TEST")[0] + connURL := testutil.SkipTestEnvUnset(t, "POSTGRES_URL_ROOTLESS")[0] backend := acctest.RandomWithPrefix("tf-test-db") username := acctest.RandomWithPrefix("user") @@ -172,13 +172,8 @@ CREATE ROLE "{{name}}" WITH PASSWORD '{{password}}'; ` - cleanup, pgxURL := testutil.PrepareTestContainerSelfManaged(t) - defer cleanup() - - connURL := fmt.Sprintf("postgresql://{{username}}:{{password}}@%s/postgres?sslmode=disable", pgxURL.Host) - // create static database user - testutil.CreateTestPGUser(t, pgxURL.String(), username, "testpassword", testRoleStaticCreate) + testutil.CreateTestPGUser(t, connURLTestRoot, username, "testpassword", testRoleStaticCreate) resource.Test(t, resource.TestCase{ ProviderFactories: providerFactories,