add test for jwt auth backend #2118
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| push: | |
| paths-ignore: | |
| - 'website/**' | |
| - 'CHANGELOG.md' | |
| workflow_dispatch: | |
| permissions: | |
| # Permission for checking out code | |
| contents: read | |
| jobs: | |
| go-version: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| version: ${{ steps.go-version.outputs.version }} | |
| steps: | |
| - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
| - id: go-version | |
| run: echo "version=$(cat .go-version)" >> "$GITHUB_OUTPUT" | |
| build: | |
| needs: [go-version] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
| - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 | |
| with: | |
| go-version-file: '.go-version' | |
| cache: false | |
| # setup-terraform is used to install the Terraform CLI. If we don't do | |
| # this then the terraform-plugin-sdk will attempt to download it for each test! | |
| - uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: '1.7.*' | |
| terraform_wrapper: false | |
| - name: Cache go build | |
| uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| ~/Library/Caches/go-build | |
| key: ${{ runner.os }}-golang-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-golang- | |
| - name: Build | |
| run: | | |
| make build | |
| - name: Run unit tests | |
| # here to short-circuit the acceptance tests, in the case of a failure. | |
| env: | |
| GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | |
| run: | | |
| make test | |
| acceptance: | |
| needs: [go-version, build] | |
| runs-on: custom-linux-large | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| image: | |
| - "vault-enterprise:1.13.13-ent" | |
| - "vault-enterprise:1.14.13-ent" | |
| - "vault-enterprise:1.15.12-ent" | |
| - "vault-enterprise:1.16.6-ent" | |
| - "vault-enterprise:1.17.2-ent" | |
| - "vault:latest" | |
| services: | |
| vault: | |
| image: hashicorp/${{ matrix.image }} | |
| env: | |
| VAULT_DEV_ROOT_TOKEN_ID: root | |
| VAULT_LICENSE: ${{ secrets.VAULT_LICENSE }} | |
| VAULT_AUTH_CONFIG_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| VAULT_LOCAL_CONFIG: | | |
| {"plugin_directory": "/vault/plugins"} | |
| options: >- | |
| --health-cmd "VAULT_ADDR=http://127.0.0.1:8200 vault status" | |
| --health-interval 1s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| ports: | |
| - 8200:8200 | |
| volumes: | |
| - ${{ github.workspace }}:/vault/plugins | |
| mysql: | |
| image: docker.mirror.hashicorp.services/mysql:latest | |
| env: | |
| MYSQL_ROOT_PASSWORD: mysql | |
| ports: | |
| - 3306:3306 | |
| mssql: | |
| image: mcr.microsoft.com/mssql/server:2017-latest-ubuntu | |
| env: | |
| ACCEPT_EULA: Y | |
| SA_PASSWORD: ${{ secrets.MSSQL_SA_PASSWORD }} | |
| ports: | |
| - 1433:1433 | |
| mongo: | |
| image: docker.mirror.hashicorp.services/mongo:latest | |
| env: | |
| MONGO_INITDB_ROOT_USERNAME: root | |
| MONGO_INITDB_ROOT_PASSWORD: mongodb | |
| MONGO_INITDB_DATABASE: admin | |
| ports: | |
| - 27017:27017 | |
| postgres: | |
| image: docker.mirror.hashicorp.services/postgres:latest | |
| env: | |
| POSTGRES_PASSWORD: secret | |
| POSTGRES_DB: database | |
| ports: | |
| - 5432:5432 | |
| couchbase: | |
| image: docker.io/couchbase/server-sandbox:7.1.1 | |
| ports: | |
| - 8091:8091 | |
| - 8092:8092 | |
| - 8093:8093 | |
| - 8094:8094 | |
| - 11207:11207 | |
| - 11210:11210 | |
| - 18091:18091 | |
| - 18092:18092 | |
| - 18093:18093 | |
| - 18094:18094 | |
| options: >- | |
| --health-cmd "curl -f http://Administrator:password@127.0.0.1:8091/sampleBuckets" | |
| --health-interval 1s | |
| --health-timeout 5s | |
| --health-retries 60 | |
| consul: | |
| image: docker.mirror.hashicorp.services/hashicorp/consul:latest | |
| env: | |
| CONSUL_LOCAL_CONFIG: "{\"acl\":{\"enabled\":true}}" | |
| ports: | |
| - 8500:8500 | |
| - 8600:8600 | |
| options: >- | |
| --health-cmd "curl -f 'http://127.0.0.1:8500/v1/health/node/server-1'" | |
| --health-interval 1s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| openldap: | |
| image: docker.io/bitnami/openldap:2.6 | |
| ports: | |
| - 1389:1389 | |
| - 1636:1636 | |
| env: | |
| LDAP_ADMIN_USERNAME: "admin" | |
| LDAP_ADMIN_PASSWORD: "adminpassword" | |
| LDAP_USERS: "alice,bob,foo" | |
| LDAP_PASSWORDS: "password1,password2,password3" | |
| steps: | |
| - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
| - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 | |
| with: | |
| go-version-file: '.go-version' | |
| cache: false | |
| # setup-terraform is used to install the Terraform CLI. If we don't do | |
| # this then the terraform-plugin-sdk will attempt to download it for each test! | |
| - uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: '1.7.*' | |
| terraform_wrapper: false | |
| - name: Check Terraform CLI version | |
| run: terraform --version | |
| - name: Download external plugin | |
| id: plugin | |
| env: | |
| PLUGIN: "vault-plugin-auth-jwt" | |
| VERSION: "0.17.0" | |
| run: | | |
| ZIP="${PLUGIN}_${VERSION}_linux_amd64.zip" | |
| SHA256SUMS="${PLUGIN}_${VERSION}_SHA256SUMS" | |
| curl -sO "https://releases.hashicorp.com/${PLUGIN}/${VERSION}/{${ZIP},${SHA256SUMS}}" | |
| shasum -a 256 -c "${PLUGIN}_${VERSION}_SHA256SUMS" --ignore-missing | |
| unzip "${ZIP}"; rm "${ZIP}" "${SHA256SUMS}" | |
| echo "command=${PLUGIN}" >> "${GITHUB_OUTPUT}" | |
| - name: Cache go build | |
| uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| ~/Library/Caches/go-build | |
| key: ${{ runner.os }}-golang-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-golang- | |
| - name: Acceptance Tests | |
| env: | |
| VAULT_TOKEN: "root" | |
| VAULT_ADDR: "http://localhost:8200" | |
| # RUNS_IN_CONTAINER is false if not using jobs.<job_id>.container | |
| RUNS_IN_CONTAINER: "false" | |
| MYSQL_URL: "root:mysql@tcp(mysql:3306)/" | |
| MYSQL_CONNECTION_URL: "{{username}}:{{password}}@tcp(mysql:3306)/" | |
| MYSQL_CONNECTION_USERNAME: "root" | |
| MYSQL_CONNECTION_PASSWORD: "mysql" | |
| MONGODB_URL: "mongodb://root:mongodb@mongo:27017/admin?ssl=false" | |
| MSSQL_URL: "sqlserver://sa:${{ secrets.MSSQL_SA_PASSWORD }}@mssql:1433" | |
| POSTGRES_URL: "postgres://postgres:secret@postgres:5432/database?sslmode=disable" | |
| COUCHBASE_HOST: couchbase | |
| COUCHBASE_USERNAME: Administrator | |
| COUCHBASE_PASSWORD: password | |
| CONSUL_HTTP_ADDR: "consul:8500" | |
| GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | |
| LDAP_BINDDN: "cn=admin,dc=example,dc=org" | |
| LDAP_BINDPASS: "adminpassword" | |
| LDAP_URL: "ldap://openldap:1389" | |
| VAULT_PLUGIN_COMMAND: ${{ steps.plugin.outputs.command }} | |
| run: | | |
| if [[ ${{ matrix.image }} =~ "-ent" ]]; then | |
| target="testacc-ent" | |
| else | |
| target="testacc" | |
| fi | |
| make $target TESTARGS='-test.v' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true SKIP_VAULT_NEXT_TESTS=true TF_ACC_K8S_SKIP_IN_CLUSTER=true | |
| - name: "Generate Vault API Path Coverage Report" | |
| run: | | |
| go run cmd/coverage/main.go -openapi-doc=./testdata/openapi.json |