/* * Copyright (c) Microsoft Corporation. * Licensed under the MIT License. */ package io.dapr.it.secrets; import com.bettercloud.vault.Vault; import com.bettercloud.vault.VaultConfig; import io.dapr.client.DaprClient; import io.dapr.client.DaprClientBuilder; import io.dapr.client.DaprClientGrpc; import io.dapr.client.DaprClientHttp; import io.dapr.it.BaseIT; import io.dapr.it.DaprRun; import io.dapr.it.services.EmptyService; import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.Parameterized; import java.util.*; import static org.junit.Assert.*; /** * Test Secrets Store APIs using Harshicorp's vault. * * 1. Start harshicorp vault locally: * docker run --cap-add=IPC_LOCK -e 'VAULT_DEV_ROOT_TOKEN_ID=myroot' --name=dev-vault -p 8200:8200 -d vault * 2. Create token file (path defined in integration test's vault.yaml): * echo myroot > /tmp/.hashicorp_vault_token */ @RunWith(Parameterized.class) public class SecretsClientIT extends BaseIT { private static final String LOCAL_VAULT_ADDRESS = "http://127.0.0.1:8200"; private static final String LOCAL_VAULT_TOKEN = "myroot"; private static final String PREFIX = "dapr"; private static final String SECRETS_STORE_NAME = "vault"; private static DaprRun daprRun; private static Vault vault; /** * Parameters for this test. * Param #1: useGrpc. * @return Collection of parameter tuples. */ @Parameterized.Parameters public static Collection<Object[]> data() { return Arrays.asList(new Object[][] { { false }, { true } }); } @Parameterized.Parameter public boolean useGrpc; private DaprClient daprClient; @BeforeClass public static void init() throws Exception { daprRun = startDaprApp( SecretsClientIT.class.getSimpleName(), EmptyService.SUCCESS_MESSAGE, EmptyService.class, false, 5000 ); VaultConfig vaultConfig = new VaultConfig() .address(LOCAL_VAULT_ADDRESS) .token(LOCAL_VAULT_TOKEN) .prefixPath(PREFIX) .build(); vault = new Vault(vaultConfig); } @Before public void setup() throws Exception { if (this.useGrpc) { daprRun.switchToGRPC(); } else { daprRun.switchToHTTP(); } this.daprClient = new DaprClientBuilder().build(); if (this.useGrpc) { assertEquals(DaprClientGrpc.class, this.daprClient.getClass()); } else { assertEquals(DaprClientHttp.class, this.daprClient.getClass()); } } @Test public void getSecret() throws Exception { String key = UUID.randomUUID().toString(); String attributeKey = "title"; String attributeValue = "The Metrics IV"; writeSecret(key, attributeKey, attributeValue); Map<String, String> data = daprClient.getSecret(SECRETS_STORE_NAME, key).block(); assertEquals(1, data.size()); assertEquals("The Metrics IV", data.get("title")); } @Test(expected = RuntimeException.class) public void getSecretKeyNotFound() { daprClient.getSecret(SECRETS_STORE_NAME, "unknownKey").block(); } @Test(expected = RuntimeException.class) public void getSecretStoreNotFound() throws Exception { daprClient.getSecret("unknownStore", "unknownKey").block(); } private static void writeSecret(String secretName, String key, String value) throws Exception { Map<String, Object> secrets = Collections.singletonMap(key, value); vault.logical().write("secret/" + PREFIX + "/" + secretName, secrets); } }