package tests import ( "context" "log" "os" "testing" "time" "github.com/hashicorp/vault-client-go" "github.com/hashicorp/vault-client-go/schema" ) var client *vault.Client var ctx context.Context // Apparently used as a default if mountpath is an empty string (client library) var mountpath = "/kv-v2" var mountpath2 = "/some" func TestMain(m *testing.M) { ctx = context.Background() var err error // prepare a client with the given base address client, err = vault.New( vault.WithAddress("http://localhost:8200"), vault.WithRequestTimeout(30*time.Second), ) if err != nil { log.Fatal(err) } log.Println("client prepared") // authenticate with a root token (insecure) if err := client.SetToken("my-token"); err != nil { log.Fatal(err) } exitCode := m.Run() // run all tests and get code os.Exit(exitCode) } // https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#create-update-secret // @Philip der Path steht in der KvV2Write Methode func TestWriteSecret(t *testing.T) { // Path foo _, err := client.Secrets.KvV2Write(ctx, "foo", schema.KvV2WriteRequest{ Data: map[string]any{ "password1": "123abc", "password2": "horse horse horse battery staple correct", }}, vault.WithMountPath(mountpath), ) if err != nil { log.Fatal("kv2: Failed to write secret:\n\t", err) } log.Println("kv2: Tried to write Secret at foo at mountpath: ", mountpath) // Path bar _, err = client.Secrets.KvV2Write(ctx, "bar", schema.KvV2WriteRequest{ Data: map[string]any{ "password1": "abc123", "password2": "correct horse battery staple", }}, vault.WithMountPath(mountpath), ) if err != nil { log.Fatal("kv2: Failed to write secret:\n\t", err) } log.Println("kv2: Tried to write Secret at bar at mountpath: ", mountpath) } func TestWriteSecret2(t *testing.T) { // Path foo _, err := client.Secrets.KvV2Write(ctx, "foo", schema.KvV2WriteRequest{ Data: map[string]any{ "password1": "123abc", "password2": "horse horse horse battery staple correct", }}, vault.WithMountPath(mountpath2), ) if err != nil { log.Fatal("kv2: Failed to write secret:\n\t", err) } log.Println("kv2: Tried to write Secret at foo at mountpath: ", mountpath2) // Path bar _, err = client.Secrets.KvV2Write(ctx, "bar", schema.KvV2WriteRequest{ Data: map[string]any{ "password1": "abc123", "password2": "correct horse battery staple", }}, vault.WithMountPath(mountpath2), ) if err != nil { log.Fatal("kv2: Failed to write secret:\n\t", err) } log.Println("kv2: Tried to write Secret at foo at mountpath: ", mountpath2) } // func TestDeleteSecret(t *testing.T) { // _, err := client.Secrets.KvV2Delete(ctx, "foo") // currently disregarding modifier options // if err != nil { // log.Fatal("kv2: Failed to delete secret:\n\t", err) // } // } func TestReadSecret(t *testing.T) { _, err := client.Secrets.KvV2Read(ctx, "bar") if err != nil { log.Fatal("kv2: Failed to read secret:\n\t", err) } } func TestReadMeta(t *testing.T) { _, err := client.Secrets.KvV2ReadMetadata(ctx, "bar") if err != nil { log.Fatal("kv2: Failed to read metadata:\n\t", err) } } func TestWriteAndReadMeta(t *testing.T) { meta := schema.KvV2WriteMetadataRequest{ MaxVersions: 5, CasRequired: false, DeleteVersionAfter: "3h25m19s", CustomMetadata: map[string]interface{}{ "foo": "abc", "bar": "123", "baz": "5c07d823-3810-48f6-a147-4c06b5219e84", }, } _, err := client.Secrets.KvV2WriteMetadata(ctx, "newMeta", meta) if err != nil { log.Fatal("kv2: Failed to write metadata:\n\t", err) } // read the metadata _, err2 := client.Secrets.KvV2ReadMetadata(ctx, "newMeta") if err2 != nil { log.Fatal("kv2: Failed to read metadata:\n\t", err) } } // does NOT revert destruction func TestDestroySecret(t *testing.T) { _, err := client.Secrets.KvV2DestroyVersions(ctx, "bar", schema.KvV2DestroyVersionsRequest{Versions: []int32{1}}) if err != nil { log.Fatal("kv2: Failed to destroy secret:\n\t", err) } } // does NOT revert destruction func TestDestroySecret2(t *testing.T) { _, err := client.Secrets.KvV2DestroyVersions(ctx, "bar", schema.KvV2DestroyVersionsRequest{Versions: []int32{1, 2}}) if err != nil { log.Fatal("kv2: Failed to destroy secret:\n\t", err) } }