/* * Copyright 2016-2020 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.springframework.cloud.vault.config.databases; import java.net.InetSocketAddress; import java.util.Collections; import java.util.Map; import org.junit.Before; import org.junit.Test; import org.springframework.cloud.vault.config.VaultConfigOperations; import org.springframework.cloud.vault.config.VaultConfigTemplate; import org.springframework.cloud.vault.config.VaultProperties; import org.springframework.cloud.vault.util.CanConnect; import org.springframework.cloud.vault.util.IntegrationTestSupport; import org.springframework.cloud.vault.util.Settings; import org.springframework.vault.core.VaultOperations; import static org.assertj.core.api.Assertions.assertThat; import static org.junit.Assume.assumeTrue; import static org.springframework.cloud.vault.config.databases.VaultConfigDatabaseBootstrapConfiguration.DatabaseSecretBackendMetadataFactory.forDatabase; /** * Integration tests for {@link VaultConfigTemplate} using the mysql secret backend. This * test requires a running MySQL instance, see {@link #ROOT_CREDENTIALS}. * * @author Mark Paluch */ public class MySqlSecretIntegrationTests extends IntegrationTestSupport { private static final int MYSQL_PORT = 3306; private static final String MYSQL_HOST = "localhost"; private static final String ROOT_CREDENTIALS = String .format("springvault:springvault@tcp(%s:%d)/", MYSQL_HOST, MYSQL_PORT); private static final String CREATE_USER_AND_GRANT_SQL = "CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}';" + "GRANT SELECT ON *.* TO '{{name}}'@'%';"; private VaultProperties vaultProperties = Settings.createVaultProperties(); private VaultConfigOperations configOperations; @SuppressWarnings("deprecation") private VaultMySqlProperties mySql = new VaultMySqlProperties(); /** * Initialize the mysql secret backend. */ @Before public void setUp() { assumeTrue(CanConnect.to(new InetSocketAddress(MYSQL_HOST, MYSQL_PORT))); this.mySql.setEnabled(true); this.mySql.setRole("readonly"); if (!prepare().hasSecretBackend(this.mySql.getBackend())) { prepare().mountSecret(this.mySql.getBackend()); } VaultOperations vaultOperations = this.vaultRule.prepare().getVaultOperations(); vaultOperations.write( String.format("%s/config/connection", this.mySql.getBackend()), Collections.singletonMap("connection_url", ROOT_CREDENTIALS)); vaultOperations.write( String.format("%s/roles/%s", this.mySql.getBackend(), this.mySql.getRole()), Collections.singletonMap("sql", CREATE_USER_AND_GRANT_SQL)); this.configOperations = new VaultConfigTemplate(vaultOperations, this.vaultProperties); } @Test public void shouldCreateCredentialsCorrectly() { Map<String, Object> secretProperties = this.configOperations .read(forDatabase(this.mySql)).getData(); assertThat(secretProperties).containsKeys("spring.datasource.username", "spring.datasource.password"); } }