diff --git a/Cargo.lock b/Cargo.lock index 23b3f562..69c37e85 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -672,6 +672,16 @@ version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" +[[package]] +name = "form_urlencoded" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5fc25a87fa4fd2094bffb06925852034d90a17f0d1e05197d4956d3555752191" +dependencies = [ + "matches", + "percent-encoding 2.1.0", +] + [[package]] name = "fuchsia-cprng" version = "0.1.1" @@ -893,7 +903,7 @@ dependencies = [ "log", "openssl-probe", "openssl-sys", - "url 2.1.1", + "url 2.2.1", ] [[package]] @@ -964,6 +974,23 @@ version = "0.9.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d7afe4a420e3fe79967a00898cc1f4db7c8a49a9333a29f8a4bd76a253d5cd04" +[[package]] +name = "hashicorp_vault" +version = "2.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "be1f396a370640749cd445ea9657afdb90a10e820b9c57e6d886d290386f9bff" +dependencies = [ + "base64 0.12.3", + "chrono", + "log", + "quick-error", + "reqwest 0.10.8", + "serde", + "serde_derive", + "serde_json", + "url 2.2.1", +] + [[package]] name = "heck" version = "0.3.1" @@ -1851,7 +1878,7 @@ dependencies = [ "idna 0.2.0", "lazy_static", "regex", - "url 2.1.1", + "url 2.2.1", ] [[package]] @@ -2238,7 +2265,7 @@ dependencies = [ "serde_urlencoded 0.6.1", "tokio 0.2.22", "tokio-tls", - "url 2.1.1", + "url 2.2.1", "wasm-bindgen", "wasm-bindgen-futures", "web-sys", @@ -2596,7 +2623,7 @@ dependencies = [ "dtoa", "itoa", "serde", - "url 2.1.1", + "url 2.2.1", ] [[package]] @@ -2877,6 +2904,7 @@ dependencies = [ "curl", "digitalocean", "dirs 3.0.1", + "hashicorp_vault", "qovery-engine", "rand 0.7.3", "reqwest 0.10.8", @@ -3274,7 +3302,7 @@ dependencies = [ "smallvec 1.5.0", "thiserror", "tokio 0.2.22", - "url 2.1.1", + "url 2.2.1", ] [[package]] @@ -3432,10 +3460,11 @@ dependencies = [ [[package]] name = "url" -version = "2.1.1" +version = "2.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "829d4a8476c35c9bf0bbce5a3b23f4106f79728039b726d292bb93bc106787cb" +checksum = "9ccd964113622c8e9322cfac19eb1004a07e636c545f325da085d5cdde6f1f8b" dependencies = [ + "form_urlencoded", "idna 0.2.0", "matches", "percent-encoding 2.1.0", diff --git a/test_utilities/Cargo.toml b/test_utilities/Cargo.toml index 67e1a9f7..a9da54ae 100644 --- a/test_utilities/Cargo.toml +++ b/test_utilities/Cargo.toml @@ -20,6 +20,7 @@ tracing = "0.1" tracing-subscriber = "0.2" retry = "1.0.0" time = "0.2.23" +hashicorp_vault = "2.0.1" # Digital Ocean Deps digitalocean = "0.1.1" diff --git a/test_utilities/src/utilities.rs b/test_utilities/src/utilities.rs index fd7b65c0..e2576ea1 100644 --- a/test_utilities/src/utilities.rs +++ b/test_utilities/src/utilities.rs @@ -3,7 +3,7 @@ use curl::easy::Easy; use dirs::home_dir; use std::fs::read_to_string; use std::fs::File; -use std::io::Write; +use std::io::{Error, ErrorKind, Write}; use std::path::Path; use rand::distributions::Alphanumeric; @@ -16,14 +16,145 @@ use tracing::info; use tracing_subscriber; use crate::aws::{aws_access_key_id, aws_secret_key, KUBE_CLUSTER_ID}; +use hashicorp_vault; use qovery_engine::build_platform::local_docker::LocalDocker; use qovery_engine::cmd; use qovery_engine::constants::{AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY}; use qovery_engine::error::{SimpleError, SimpleErrorKind}; use qovery_engine::models::{Context, Environment, Metadata}; +use serde::{Deserialize, Serialize}; extern crate time; use time::Instant; +#[derive(Debug, Deserialize, Serialize)] +#[allow(non_snake_case)] +pub struct VaultFuncTestsSecrets { + pub AWS_ACCESS_KEY_ID: String, + AWS_DEFAULT_REGION: String, + AWS_SECRET_ACCESS_KEY: String, + BIN_VERSION_FILE: String, + CLOUDFLARE_DOMAIN: String, + CLOUDFLARE_ID: String, + CLOUDFLARE_TOKEN: String, + CUSTOM_TEST_DOMAIN: String, + DEFAULT_TEST_DOMAIN: String, + DIGITAL_OCEAN_SPACES_ACCESS_ID: String, + DIGITAL_OCEAN_SPACES_SECRET_ID: String, + DIGITAL_OCEAN_TOKEN: String, + DISCORD_API_URL: String, + EKS_ACCESS_CIDR_BLOCKS: String, + GITHUB_ACCESS_TOKEN: String, + HTTP_LISTEN_ON: String, + LETS_ENCRYPT_EMAIL_REPORT: String, + LIB_ROOT_DIR: String, + QOVERY_AGENT_CONTROLLER_TOKEN: String, + QOVERY_API_URL: String, + QOVERY_ENGINE_CONTROLLER_TOKEN: String, + QOVERY_NATS_URL: String, + QOVERY_SSH_USER: String, + RUST_LOG: String, + TERRAFORM_AWS_ACCESS_KEY_ID: String, + TERRAFORM_AWS_SECRET_ACCESS_KEY: String, +} + +struct VaultConfig { + address: String, + token: String, +} + +impl VaultFuncTestsSecrets { + pub fn new() -> Self { + match Self::check_requirements() { + Ok(vault_config) => Self::get_secrets_from_vault(vault_config), + Err(e) => { + println!("{}", e); + Self::get_screts_from_env_var() + } + } + } + + fn get_secret(&self) { + self.AWS_ACCESS_KEY_ID + } + + fn check_requirements() -> Result { + let vault_addr = match env::var_os("VAULT_ADDR") { + Some(x) => x.into_string().unwrap(), + None => { + return Err(Error::new( + ErrorKind::NotFound, + format!("VAULT_ADDR environment variable is missing"), + )) + } + }; + + let vault_token = match env::var_os("VAULT_TOKEN") { + Some(x) => x.into_string().unwrap(), + None => { + return Err(Error::new( + ErrorKind::NotFound, + format!("VAULT_TOKEN environment variable is missing"), + )) + } + }; + + Ok(VaultConfig { + address: vault_addr, + token: vault_token, + }) + } + + fn check_env_var_exists(name: &str) -> String { + match env::var_os(&name) { + Some(x) => x.into_string().unwrap(), + None => "".to_string(), + } + } + + fn get_secrets_from_vault(vault_config: VaultConfig) -> VaultFuncTestsSecrets { + let client = hashicorp_vault::Client::new(vault_config.address, vault_config.token).unwrap(); + let res: Result = client.get_custom_secret("functional-tests"); + match res { + Ok(r) => r, + Err(_) => { + println!("can't contact Vault, fallback on environment variables"); + Self::get_screts_from_env_var() + } + } + } + + fn get_screts_from_env_var() -> VaultFuncTestsSecrets { + VaultFuncTestsSecrets { + AWS_ACCESS_KEY_ID: Self::check_env_var_exists("AWS_ACCESS_KEY_ID"), + AWS_DEFAULT_REGION: Self::check_env_var_exists("AWS_DEFAULT_REGION"), + AWS_SECRET_ACCESS_KEY: Self::check_env_var_exists("AWS_SECRET_ACCESS_KEY"), + BIN_VERSION_FILE: Self::check_env_var_exists("BIN_VERSION_FILE"), + CLOUDFLARE_DOMAIN: Self::check_env_var_exists("CLOUDFLARE_DOMAIN"), + CLOUDFLARE_ID: Self::check_env_var_exists("CLOUDFLARE_ID"), + CLOUDFLARE_TOKEN: Self::check_env_var_exists("CLOUDFLARE_TOKEN"), + CUSTOM_TEST_DOMAIN: Self::check_env_var_exists("CUSTOM_TEST_DOMAIN"), + DEFAULT_TEST_DOMAIN: Self::check_env_var_exists("DEFAULT_TEST_DOMAIN"), + DIGITAL_OCEAN_SPACES_ACCESS_ID: Self::check_env_var_exists("DIGITAL_OCEAN_SPACES_ACCESS_ID"), + DIGITAL_OCEAN_SPACES_SECRET_ID: Self::check_env_var_exists("DIGITAL_OCEAN_SPACES_SECRET_ID"), + DIGITAL_OCEAN_TOKEN: Self::check_env_var_exists("DIGITAL_OCEAN_TOKEN"), + DISCORD_API_URL: Self::check_env_var_exists("DISCORD_API_URL"), + EKS_ACCESS_CIDR_BLOCKS: Self::check_env_var_exists("EKS_ACCESS_CIDR_BLOCKS"), + GITHUB_ACCESS_TOKEN: Self::check_env_var_exists("GITHUB_ACCESS_TOKEN"), + HTTP_LISTEN_ON: Self::check_env_var_exists("HTTP_LISTEN_ON"), + LETS_ENCRYPT_EMAIL_REPORT: Self::check_env_var_exists("LETS_ENCRYPT_EMAIL_REPORT"), + LIB_ROOT_DIR: Self::check_env_var_exists("LIB_ROOT_DIR"), + QOVERY_AGENT_CONTROLLER_TOKEN: Self::check_env_var_exists("QOVERY_AGENT_CONTROLLER_TOKEN"), + QOVERY_API_URL: Self::check_env_var_exists("QOVERY_API_URL"), + QOVERY_ENGINE_CONTROLLER_TOKEN: Self::check_env_var_exists("QOVERY_ENGINE_CONTROLLER_TOKEN"), + QOVERY_NATS_URL: Self::check_env_var_exists("QOVERY_NATS_URL"), + QOVERY_SSH_USER: Self::check_env_var_exists("QOVERY_SSH_USER"), + RUST_LOG: Self::check_env_var_exists("RUST_LOG"), + TERRAFORM_AWS_ACCESS_KEY_ID: Self::check_env_var_exists("TERRAFORM_AWS_ACCESS_KEY_ID"), + TERRAFORM_AWS_SECRET_ACCESS_KEY: Self::check_env_var_exists("TERRAFORM_AWS_SECRET_ACCESS_KEY"), + } + } +} + pub fn build_platform_local_docker(context: &Context) -> LocalDocker { LocalDocker::new(context.clone(), "oxqlm3r99vwcmvuj", "qovery-local-docker") } diff --git a/tests/aws/aws_databases.rs b/tests/aws/aws_databases.rs index c8eb1857..165a2c1c 100644 --- a/tests/aws/aws_databases.rs +++ b/tests/aws/aws_databases.rs @@ -1,6 +1,6 @@ extern crate test_utilities; -use test_utilities::utilities::init; +use test_utilities::utilities::{init, VaultFuncTestsSecrets}; use tracing::{span, Level}; use qovery_engine::models::{ @@ -475,6 +475,7 @@ fn test_mongodb_configuration(context: Context, mut environment: Environment, ve let span = span!(Level::INFO, "test", name = test_name); let _enter = span.enter(); + let secrets = VaultFuncTestsSecrets::new(); let context_for_delete = context.clone_not_same_execution_id(); let app_name = format!("mongodb-app-{}", generate_id());