mirror of
https://github.com/opentofu/opentofu.git
synced 2025-01-23 23:22:57 -06:00
b2b5831205
To reduce the risk of secret exposure via Terraform state and log output, we default to creating a relatively-short-lived token (20 minutes) such that Vault can, where possible, automatically revoke any retrieved secrets shortly after Terraform has finished running. This has some implications for usage of this provider that will be spelled out in more detail in the docs that will be added in a later commit, but the most significant implication is that a plan created by "terraform plan" that includes secrets leased from Vault must be *applied* before the lease period expires to ensure that the issued secrets remain valid. No resources yet. They will follow in subsequent commits.
61 lines
1.8 KiB
Go
61 lines
1.8 KiB
Go
package vault
|
|
|
|
import (
|
|
"os"
|
|
"testing"
|
|
|
|
"github.com/hashicorp/terraform/helper/schema"
|
|
"github.com/hashicorp/terraform/terraform"
|
|
)
|
|
|
|
// How to run the acceptance tests for this provider:
|
|
//
|
|
// - Obtain an official Vault release from the Vault website at
|
|
// https://vaultproject.io/ and extract the "vault" binary
|
|
// somewhere.
|
|
//
|
|
// - Run the following to start the Vault server in development mode:
|
|
// vault server -dev
|
|
//
|
|
// - Take the "Root Token" value printed by Vault as the server started
|
|
// up and set it as the value of the VAULT_TOKEN environment variable
|
|
// in a new shell whose current working directory is the root of the
|
|
// Terraform repository.
|
|
//
|
|
// - As directed by the Vault server output, set the VAULT_ADDR environment
|
|
// variable. e.g.:
|
|
// export VAULT_ADDR='http://127.0.0.1:8200'
|
|
//
|
|
// - Run the Terraform acceptance tests as usual:
|
|
// make testacc TEST=./builtin/providers/vault
|
|
//
|
|
// The tests expect to be run in a fresh, empty Vault and thus do not attempt
|
|
// to randomize or otherwise make the generated resource paths unique on
|
|
// each run. In case of weird behavior, restart the Vault dev server to
|
|
// start over with a fresh Vault. (Remember to reset VAULT_TOKEN.)
|
|
|
|
func TestProvider(t *testing.T) {
|
|
if err := Provider().(*schema.Provider).InternalValidate(); err != nil {
|
|
t.Fatalf("err: %s", err)
|
|
}
|
|
}
|
|
|
|
var testProvider *schema.Provider
|
|
var testProviders map[string]terraform.ResourceProvider
|
|
|
|
func init() {
|
|
testProvider = Provider().(*schema.Provider)
|
|
testProviders = map[string]terraform.ResourceProvider{
|
|
"vault": testProvider,
|
|
}
|
|
}
|
|
|
|
func testAccPreCheck(t *testing.T) {
|
|
if v := os.Getenv("VAULT_ADDR"); v == "" {
|
|
t.Fatal("VAULT_ADDR must be set for acceptance tests")
|
|
}
|
|
if v := os.Getenv("VAULT_TOKEN"); v == "" {
|
|
t.Fatal("VAULT_TOKEN must be set for acceptance tests")
|
|
}
|
|
}
|