Skip to content

Commit

Permalink
add test for pki/cert configuration
Browse files Browse the repository at this point in the history
  • Loading branch information
@suprjinx
suprjinx committed Sep 23, 2024
1 parent b6900cf commit 38049bd
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 5 deletions.
4 changes: 2 additions & 2 deletions app/lib/clients/vault/certificate.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,14 @@ module Clients
class Vault
class << self
def issue_cert(cert_issue_request)
configure_ca
configure_pki
opts = cert_issue_request.attributes
# Generate the TLS certificate using the intermediate CA
tls_cert = client.logical.write(cert_path, opts)
OpenStruct.new tls_cert.data
end

def configure_ca
def configure_pki
enable_ca
end

Expand Down
36 changes: 33 additions & 3 deletions test/lib/clients/vault_test.rb
View file
Original file line number Diff line number Diff line change
@@ -1,25 +1,55 @@
require "test_helper"

class VaultTest < ActiveSupport::TestCase
attr_reader :random_mount

setup do
@client = Clients::Vault
@random_mount = SecureRandom.hex(4)
end

teardown do
vault_client.sys.unmount(random_mount)
end

test "#configure_kv" do
random_mount = SecureRandom.hex(4)
@client.stub :kv_mount, random_mount do
assert_not_nil @client.configure_kv
assert @client.configure_kv
engines = vault_client.sys.mounts
assert_equal "kv", engines[random_mount.to_sym].type
end
end

test "#configure_pki" do
@client.stub :intermediate_ca_mount, random_mount do
assert @client.configure_pki
engines = vault_client.sys.mounts
assert_equal "pki", engines[random_mount.to_sym].type

read_cert = vault_client.logical.read("#{random_mount}/cert/ca").data[:certificate]
assert_match "BEGIN CERTIFICATE", read_cert

cluster_config = vault_client.logical.read("#{random_mount}/config/cluster").data
assert_equal "#{vault_addr}/v1/#{random_mount}", cluster_config[:path]
assert_equal "#{vault_addr}/v1/#{random_mount}", cluster_config[:aia_path]

role_config = vault_client.logical.read("#{random_mount}/roles/astral").data
assert_not_nil role_config[:issuer_ref]
assert_equal 720.hours, role_config[:max_ttl]
assert_equal true, role_config[:allow_any_name]
end
end

private

def vault_client
::Vault::Client.new(
address: Rails.configuration.astral[:vault_addr],
address: vault_addr,
token: Rails.configuration.astral[:vault_token]
)
end

def vault_addr
Rails.configuration.astral[:vault_addr]
end
end

0 comments on commit 38049bd

Please sign in to comment.