Initialize Open Source Project tencentcloud-vault

Author: firingLi

LICENSE

@@ -1,43 +1,39 @@
-TOOL?=vault-tencentcloud-secrets-plugin
-TEST?=$$(go list ./... | grep -v /vendor/)
+TOOL?=vault-plugin-secrets-tencentcloud
+TEST?=$$(go list ./... | grep -v /vendor/ | grep -v teamcity)
 VETARGS?=-asmdecl -atomic -bool -buildtags -copylocks -methods -nilfunc -printf -rangeloops -shift -structtags -unsafeptr
 EXTERNAL_TOOLS=\
 	github.com/mitchellh/gox \
-	github.com/kardianos/govendor
+	github.com/golang/dep/cmd/dep
 BUILD_TAGS?=${TOOL}
 GOFMT_FILES?=$$(find . -name '*.go' | grep -v vendor)
-TEST_ARGS?=./...
 
-# bin generates the releasable binaries for this plugin
+# bin generates the releaseable binaries for this plugin
 bin: fmtcheck generate
 	@CGO_ENABLED=0 BUILD_TAGS='$(BUILD_TAGS)' sh -c "'$(CURDIR)/scripts/build.sh'"
 
 default: dev
 
 # dev creates binaries for testing Vault locally. These are put
-# into ./bin/ as well as $GOPATH/bin, except for quickdev which
-# is only put into /bin/
-quickdev: generate
-	@CGO_ENABLED=0 go build -i -tags='$(BUILD_TAGS)' -o bin/vault-tencentcloud-auth-plugin
+# into ./bin/ as well as $GOPATH/bin.
 dev: fmtcheck generate
 	@CGO_ENABLED=0 BUILD_TAGS='$(BUILD_TAGS)' VAULT_DEV_BUILD=1 sh -c "'$(CURDIR)/scripts/build.sh'"
-dev-dynamic: generate
-	@CGO_ENABLED=1 BUILD_TAGS='$(BUILD_TAGS)' VAULT_DEV_BUILD=1 sh -c "'$(CURDIR)/scripts/build.sh'"
+
+# test runs the unit tests and vets the code
+test: fmtcheck generate
+	CGO_ENABLED=0 VAULT_TOKEN= VAULT_ACC= go test -v -tags='$(BUILD_TAGS)' $(TEST) $(TESTARGS) -count=1 -timeout=20m -parallel=4
+
+test-acc:
+	@VAULT_ACC=1 go test -parallel=40 ./... $(TESTARGS)
 
 testcompile: fmtcheck generate
 	@for pkg in $(TEST) ; do \
 		go test -v -c -tags='$(BUILD_TAGS)' $$pkg -parallel=4 ; \
 	done
 
-test:
-	@go test -short -parallel=40 ./... $(TESTARGS)
-
-test-acc:
-	@VAULT_ACC=1 go test -parallel=40 ./... $(TESTARGS)
 # generate runs `go generate` to build the dynamically generated
 # source files.
 generate:
-	@go generate $(go list ./... | grep -v /vendor/)
+	go generate $(go list ./... | grep -v /vendor/)
 
 # bootstrap the build by downloading additional tools
 bootstrap:
@@ -52,12 +48,7 @@ fmtcheck:
 fmt:
 	gofmt -w $(GOFMT_FILES)
 
-update-resources:
-	pushd $(CURDIR)/plugin/iamutil && \
-	go build -o generate ./internal && \
-	./generate && \
-	rm generate && \
-	popd
-
+proto:
+	protoc *.proto --go_out=plugins=grpc:.
 
-.PHONY: bin default generate test vet bootstrap fmt fmtcheck update-resources
+.PHONY: bin default generate test vet bootstrap fmt fmtcheck

Makefile

@@ -14,7 +14,7 @@ Please note: We take Vault's security and our users' trust very seriously. If yo
 
 This is a [Vault plugin](https://www.vaultproject.io/docs/internals/plugins.html)
 and is meant to work with Vault. This guide assumes you have already installed Vault
-and have a basic understanding of how Vault works. Otherwise, first read this guide on 
+and have a basic understanding of how Vault works. Otherwise, first read this guide on
 how to [get started with Vault](https://www.vaultproject.io/intro/getting-started/install.html).
 
 If you are using Vault 11.0.1 or above, this plugin is packaged with Vault
@@ -26,19 +26,19 @@ $ vault secrets enable tencentcloud
 Success! Enabled the tencentcloud secrets engine at: tencentcloud/
 
 ```
- 
-If you are testing this plugin in an earlier version of Vault or 
+
+If you are testing this plugin in an earlier version of Vault or
 want to develop, see the next section.
- 
+
 ## Developing
- 
-If you wish to work on this plugin, you'll first need [Go](https://www.golang.org) 
+
+If you wish to work on this plugin, you'll first need [Go](https://www.golang.org)
 installed on your machine (whichever version is required by Vault).
- 
+
 Make sure Go is properly installed, including setting up a [GOPATH](https://golang.org/doc/code.html#GOPATH).
- 
-### Get Plugin 
-Clone this repository: 
+
+### Get Plugin
+Clone this repository:
 
 ```sh
 
@@ -115,12 +115,12 @@ $ make test
 #### Run the acceptance tests:
 
 - provide your credentials via `TENCENTCLOUD_SECRET_ID` and `TENCENTCLOUD_SECRET_KEY` environment variables
-and set your CAM role arn via `TENCENTCLOUD_ARN` environment variables
+  and set your CAM role arn via `TENCENTCLOUD_ARN` environment variables
 
 ```sh
 export TENCENTCLOUD_SECRET_ID=AKID12l4j5ljqatgaljgalg
 export TENCENTCLOUD_SECRET_KEY=alkfj23lkraljq5lj532lr32l4
-export TENCENTCLOUD_ARN=qcs::cam::uin/12345678:roleName/test
+export TENCENTCLOUD_ROLE_ARN=qcs::cam::uin/12345678:roleName/test
 ```
 
 - Run acceptance tests
@@ -132,4 +132,4 @@ make test-acc
 ## Other Docs
 
 See up-to-date [docs](https://www.vaultproject.io/docs/secrets/tencentcloud/index.html)
-and general [API docs](https://www.vaultproject.io/api/secret/tencentcloud/index.html).
+and general [API docs](https://www.vaultproject.io/api/secret/tencentcloud/index.html).

README.md

@@ -1,152 +1,75 @@
-package vault_plugin_secrets_tencentcloud
+package tencentcloud
 
 import (
 	"context"
 	"os"
-	"strings"
 	"testing"
 	"time"
 
-	"github.com/hashicorp/vault-plugin-secrets-tencentcloud/sdk"
 	"github.com/hashicorp/vault/sdk/logical"
 )
 
-func newAcceptanceTestEnv(t *testing.T) (*testEnv, error) {
-	id := os.Getenv("TENCENTCLOUD_SECRET_ID")
-	if id == "" {
-		t.Fatal("miss TENCENTCLOUD_SECRET_ID")
-	}
-
-	key := os.Getenv("TENCENTCLOUD_SECRET_KEY")
-	if key == "" {
-		t.Fatal("miss TENCENTCLOUD_SECRET_KEY")
-	}
-
-	arn := os.Getenv("TENCENTCLOUD_ARN")
-	if arn == "" {
-		t.Fatal("miss TENCENTCLOUD_ARN")
-	}
-
-	b := newBackend(&sdk.LogRoundTripper{Debug: true})
-	conf := &logical.BackendConfig{
-		System: &logical.StaticSystemView{
-			DefaultLeaseTTLVal: 7200 * time.Second,
-			MaxLeaseTTLVal:     7200 * time.Second,
-		},
-	}
-	if err := b.Setup(context.Background(), conf); err != nil {
-		return nil, err
-	}
-
-	return &testEnv{
-		AccessKey: id,
-		SecretKey: key,
-		RoleARN:   arn,
-		Backend:   b,
-		Context:   context.Background(),
-		Storage:   &logical.InmemStorage{},
-	}, nil
-}
-
-func runAcceptanceTest() bool {
-	env := strings.ToLower(os.Getenv("VAULT_ACC"))
-
-	return env == "1" || env == "true"
-}
-
-func TestAcceptanceConfig(t *testing.T) {
-	if !runAcceptanceTest() {
-		t.SkipNow()
-	}
-
-	t.Parallel()
-
-	acceptanceTestEnv, err := newAcceptanceTestEnv(t)
-	if err != nil {
-		t.Fatal(err)
-	}
+const (
+	envVarRunAccTests = "VAULT_ACC"
+	envVarSecretId    = "TENCENTCLOUD_SECRET_ID"
+	envVarSecretKey   = "TENCENTCLOUD_SECRET_KEY"
+	envVarRoleARN     = "TENCENTCLOUD_ROLE_ARN"
+)
 
-	t.Run("add config", acceptanceTestEnv.AddConfig)
-	t.Run("read config", acceptanceTestEnv.ReadConfig)
-	t.Run("update config", acceptanceTestEnv.UpdateConfig)
-	t.Run("read updated config", acceptanceTestEnv.ReadUpdatedConfig)
-	t.Run("delete config", acceptanceTestEnv.DeleteConfig)
-	t.Run("read empty config", acceptanceTestEnv.ReadEmptyConfig)
-}
+var runAcceptanceTests = os.Getenv(envVarRunAccTests) == "1"
 
-func TestAcceptanceCamUserCreds(t *testing.T) {
-	if !runAcceptanceTest() {
+func TestAcceptanceDynamicPolicyBasedCreds(t *testing.T) {
+	if !runAcceptanceTests {
 		t.SkipNow()
 	}
 
-	t.Parallel()
-
-	acceptanceTestEnv, err := newAcceptanceTestEnv(t)
+	acceptanceTestEnv, err := newAcceptanceTestEnv()
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	t.Run("add config", acceptanceTestEnv.AddConfig)
-
-	t.Run("add policy-based role", acceptanceTestEnv.AddPolicyBasedRole)
-	t.Run("read policy-based role", acceptanceTestEnv.ReadPolicyBasedRole)
-	t.Run("update policy-based role", acceptanceTestEnv.UpdatePolicyBasedRole)
-	t.Run("read updated policy-based role", acceptanceTestEnv.ReadUpdatedPolicyBasedRole)
-	t.Run("delete policy-based role", acceptanceTestEnv.DeletePolicyBasedRole)
-
 	t.Run("add policy-based role", acceptanceTestEnv.AddPolicyBasedRole)
 	t.Run("read policy-based creds", acceptanceTestEnv.ReadPolicyBasedCreds)
 	t.Run("renew policy-based creds", acceptanceTestEnv.RenewPolicyBasedCreds)
 	t.Run("revoke policy-based creds", acceptanceTestEnv.RevokePolicyBasedCreds)
 }
 
-func TestAcceptanceAssumedRoleBasedCreds(t *testing.T) {
-	if !runAcceptanceTest() {
+func TestAcceptanceDynamicRoleBasedCreds(t *testing.T) {
+	if !runAcceptanceTests {
 		t.SkipNow()
 	}
 
-	t.Parallel()
-
-	acceptanceTestEnv, err := newAcceptanceTestEnv(t)
+	acceptanceTestEnv, err := newAcceptanceTestEnv()
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	t.Run("add config", acceptanceTestEnv.AddConfig)
-
-	t.Run("add arn-based role", acceptanceTestEnv.AddARNBasedRole)
-	t.Run("read arn-based role", acceptanceTestEnv.ReadARNBasedRole)
-	t.Run("update arn-based role", acceptanceTestEnv.UpdateARNBasedRole)
-	t.Run("read updated arn-based role", acceptanceTestEnv.ReadUpdatedARNBasedRole)
-	t.Run("delete arn-based role", acceptanceTestEnv.DeleteARNBasedRole)
-
 	t.Run("add arn-based role", acceptanceTestEnv.AddARNBasedRole)
 	t.Run("read arn-based creds", acceptanceTestEnv.ReadARNBasedCreds)
 	t.Run("renew arn-based creds", acceptanceTestEnv.RenewARNBasedCreds)
 	t.Run("revoke arn-based creds", acceptanceTestEnv.RevokeARNBasedCreds)
 }
 
-func TestAcceptanceMultiRoles(t *testing.T) {
-	if !runAcceptanceTest() {
-		t.SkipNow()
+func newAcceptanceTestEnv() (*testEnv, error) {
+	ctx := context.Background()
+	conf := &logical.BackendConfig{
+		System: &logical.StaticSystemView{
+			DefaultLeaseTTLVal: time.Hour,
+			MaxLeaseTTLVal:     time.Hour,
+		},
 	}
-
-	t.Parallel()
-
-	acceptanceTestEnv, err := newAcceptanceTestEnv(t)
+	b, err := Factory(ctx, conf)
 	if err != nil {
-		t.Fatal(err)
+		return nil, err
 	}
-
-	t.Run("add config", acceptanceTestEnv.AddConfig)
-
-	t.Run("add policy-based role", acceptanceTestEnv.AddPolicyBasedRole)
-	t.Run("read policy-based role", acceptanceTestEnv.ReadPolicyBasedRole)
-
-	t.Run("add arn-based role", acceptanceTestEnv.AddARNBasedRole)
-	t.Run("read arn-based creds", acceptanceTestEnv.ReadARNBasedCreds)
-
-	t.Run("list two roles", acceptanceTestEnv.ListTwoRoles)
-	t.Run("delete arn-based role", acceptanceTestEnv.DeleteARNBasedRole)
-	t.Run("list one role", acceptanceTestEnv.ListOneRole)
+	return &testEnv{
+		SecretId:  os.Getenv(envVarSecretId),
+		SecretKey: os.Getenv(envVarSecretKey),
+		RoleARN:   os.Getenv(envVarRoleARN),
+		Backend:   b,
+		Context:   ctx,
+		Storage:   &logical.InmemStorage{},
+	}, nil
 }