Updated all dependencies 2014-01-19 (#194)

* Updated all dependencies 2014-01-19

* Updated all dependency

* Upgraded the packagest to the highest available version

* More on dependency resolution

* Try vault running via testcontainers (#197)

This replaces our previous Vault test implementation, which relied on
half a dozen or so Vault packages and instead uses the [testcontainers
Vault module](https://golang.testcontainers.org/modules/vault/). Now,
the only requirement is a container runtime.

---------

Co-authored-by: JD Harrington <[email protected]>

Makefile

@@ -6,3 +6,8 @@ release:
 
 dryrun:
 	goreleaser --snapshot --skip-publish --rm-dist
+
+test:
+	go mod download
+	go generate ./...
+	go test ./cmd/ ./truss/ -timeout 15000ms

README.md

@@ -193,6 +193,11 @@ cobra add my-new-command
 ```
 
 ### Testing
+
+Tests will spin up an instance of Vault via Docker using the [testcontainers
+Vault module](https://golang.testcontainers.org/modules/vault/). This requires
+Docker or another API-compatible container runtime on your machine.
+
 Add a `.envrc` file that looks like this:
 ```
 export TEST_S3_BUCKET=truss-kubeconfig-us-east-2

truss/testVault_test.go

@@ -1,61 +1,57 @@
 package truss
 
 import (
+	"context"
+	"log"
+	"os"
 	"testing"
-	"time"
-
-	kv "github.com/hashicorp/vault-plugin-secrets-kv"
-	"github.com/hashicorp/vault/api"
-	"github.com/hashicorp/vault/builtin/logical/transit"
-	vaulthttp "github.com/hashicorp/vault/http"
-	"github.com/hashicorp/vault/sdk/logical"
-	hashivault "github.com/hashicorp/vault/vault"
+
+	"github.com/testcontainers/testcontainers-go/modules/vault"
 )
 
-// creates test vault server
+var vaultAddr = ""
+var vaultToken = "this-is-the-root-token"
+
+// Initialize an authenticated VaultCmd
 func createTestVault(t *testing.T) *VaultCmd {
 	t.Helper()
 
-	coreConfig := &hashivault.CoreConfig{
-		LogicalBackends: map[string]logical.Factory{
-			"kv":      kv.Factory,
-			"transit": transit.Factory,
-		},
-	}
-	cluster := hashivault.NewTestCluster(t, coreConfig, &hashivault.TestClusterOptions{
-		HandlerFunc: vaulthttp.Handler,
-	})
-	cluster.Start()
-
-	// Create KV V2 mount
-	sys := cluster.Cores[0].Client.Sys()
-	if err := sys.Mount("kv", &api.MountInput{
-		Type: "kv",
-		Options: map[string]string{
-			"version": "2",
-		},
-	}); err != nil {
-		t.Fatal(err)
+	vault := VaultWithToken("", vaultToken)
+	vault.addr = vaultAddr
+
+	return vault
+}
+
+// This wraps our entire test run to:
+// 1. Start and configure Vault with required backends
+// 2. Execute tests
+// 3. Teardown Vault
+// 4. Exit with the exit value as determined by the tests
+func TestMain(m *testing.M) {
+	ctx := context.Background()
+
+	// Start Vault server with kv2 and transit backends enabled
+	vaultContainer, err := vault.RunContainer(ctx, vault.WithToken(vaultToken), vault.WithInitCommand(
+		"secrets enable -version=2 -path=kv kv",
+		"secrets enable -path=transit transit",
+	))
+
+	if err != nil {
+		log.Fatalf("failed to start container: %s", err)
 	}
-	// Create transit mount
-	if err := sys.Mount("transit", &api.MountInput{
-		Type: "transit",
-	}); err != nil {
-		t.Fatal(err)
+
+	vaultAddr, err = vaultContainer.HttpHostAddress(ctx)
+	if err != nil {
+		log.Fatalf("failed to get Vault address: %s", err)
 	}
 
-	vault := VaultWithToken("", cluster.Cores[0].Client.Token())
-	vault.addr = cluster.Cores[0].Client.Address()
-
-	timeout := 0
-	for timeout < 20 {
-		_, err := vault.ListPath("kv/metadata")
-		if err == nil {
-			return vault
-		}
-		time.Sleep(100 * time.Millisecond)
-		timeout++
+	// Run tests
+	exitVal := m.Run()
+
+	// Teardown Vault server
+	if err := vaultContainer.Terminate(ctx); err != nil {
+		log.Fatalf("failed to terminate container: %s", err)
 	}
-	t.Fatal("vault engine not started")
-	return nil
+
+	os.Exit(exitVal)
 }

truss/vault.go

@@ -43,9 +43,9 @@ func VaultWithToken(kubeconfig string, authToken string) *VaultCmd {
 }
 
 func newVaultClient(addr string) (*api.Client, error) {
-	config := api.Config{Address: addr}
+	config := &api.Config{Address: addr}
 	config.ConfigureTLS(&api.TLSConfig{Insecure: true})
-	return api.NewClient(&config)
+	return api.NewClient(config)
 }
 
 func (vault *VaultCmd) newVaultClientWithToken() (*api.Client, error) {

truss/vault_test.go

@@ -55,7 +55,7 @@ func TestVault(t *testing.T) {
 			Convey("returns keys as strings", func() {
 				list, err := vault.ListPath("kv/metadata")
 				So(err, ShouldBeNil)
-				So(list, ShouldResemble, []string{"foo"})
+				So(list, ShouldContain, "foo")
 			})
 		})
 	})