Refactor Vault backend integration tests

Set a full path for all keys because Vault >=1.0 no longer accepts
empties [[GH-19]](hashicorp/vault-plugin-secrets-kv#19)

integration/vault-approle/confdir/conf.d/basic.toml

@@ -0,0 +1,7 @@
+[template]
+mode = "0644"
+src = "basic.conf.tmpl"
+dest = "/tmp/confd-basic-test.conf"
+keys = [
+  "kv-v1/database",
+]

integration/vault-approle/confdir/conf.d/exists.toml

@@ -0,0 +1,7 @@
+[template]
+mode = "0644"
+src = "exists-test.conf.tmpl"
+dest = "/tmp/confd-exists-test.conf"
+keys = [
+  "kv-v1/exists",
+]

integration/vault-approle/confdir/conf.d/iteration.toml

@@ -0,0 +1,7 @@
+[template]
+mode = "0644"
+src = "iteration.conf.tmpl"
+dest = "/tmp/confd-iteration-test.conf"
+keys = [
+  "kv-v1/upstream",
+]

integration/vault-approle/confdir/conf.d/manykeys.toml

@@ -0,0 +1,7 @@
+[template]
+mode = "0644"
+src = "basic.conf.tmpl"
+dest = "/tmp/confd-manykeys-test.conf"
+keys = [
+  "kv-v1/database",
+]

integration/vault-approle/confdir/conf.d/nested.toml

@@ -0,0 +1,7 @@
+[template]
+mode = "0644"
+src = "nested.conf.tmpl"
+dest = "/tmp/confd-nested-test.conf"
+keys = [
+  "kv-v1/nested",
+]

integration/vault-approle/confdir/templates/basic.conf.tmpl

@@ -0,0 +1,6 @@
+hostname: {{ getenv "HOSTNAME" }}
+[database]
+host={{ getv "/kv-v1/database/host" }}
+password={{ getv "/kv-v1/database/password" }}
+port={{ getv "/kv-v1/database/port" }}
+username={{ getv "/kv-v1/database/username" }}

integration/vault-approle/confdir/templates/exists-test.conf.tmpl

@@ -0,0 +1,2 @@
+{{ if exists "/kv-v1/exists" }}value: {{ getv "/kv-v1/exists/key" }}{{ end }}
+{{- if exists "/kv-v1/doesnotexist" }}This line will not be printed value: {{ getv "/kv-v1/exists/key" }}{{ end }}

integration/vault-approle/confdir/templates/iteration.conf.tmpl

@@ -0,0 +1,16 @@
+upstream app {
+{{- range gets "/kv-v1/upstream/*" }}
+  server {{ .Value }};
+{{- end }}
+}
+
+server {
+    server_name  www.example.com;
+    location / {
+        proxy_pass        http://app;
+        proxy_redirect    off;
+        proxy_set_header  Host             $host;
+        proxy_set_header  X-Real-IP        $remote_addr;
+        proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
+   }
+}

integration/vault-approle/confdir/templates/nested.conf.tmpl

@@ -0,0 +1,18 @@
+upstream app {
+{{- range gets "/kv-v1/nested/*" }}
+  {{- range gets .Key }}
+    server {{ .Value }};
+  {{- end }}
+{{- end }}
+}
+
+server {
+    server_name  www.example.com;
+    location / {
+        proxy_pass        http://app;
+        proxy_redirect    off;
+        proxy_set_header  Host             $host;
+        proxy_set_header  X-Real-IP        $remote_addr;
+        proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
+   }
+}

integration/vault-path/test.sh → integration/vault-approle/test.sh

@@ -3,19 +3,13 @@
 export HOSTNAME="localhost"
 export ROOT_TOKEN="$(vault read -field id auth/token/lookup-self)"
 
-vault secrets enable -path database kv
-vault secrets enable -path key kv
-vault secrets enable -path upstream kv
-vault secrets enable -path nested kv
-
-vault write key value=foobar
-vault write database/host value=127.0.0.1
-vault write database/port value=3306
-vault write database/username value=confd
-vault write database/password value=p@sSw0rd
-vault write upstream app1=10.0.1.10:8080 app2=10.0.1.11:8080
-vault write nested/east/app1 value=10.0.1.10:8080
-vault write nested/west/app2 value=10.0.1.11:8080
+vault secrets enable -version 1 -path kv-v1 kv
+
+vault write kv-v1/exists key=foobar
+vault write kv-v1/database host=127.0.0.1 port=3306 username=confd password=p@sSw0rd
+vault write kv-v1/upstream app1=10.0.1.10:8080 app2=10.0.1.11:8080
+vault write kv-v1/nested/east app1=10.0.1.10:8080
+vault write kv-v1/nested/west app2=10.0.1.11:8080
 
 vault auth enable -path=test approle
 
@@ -32,7 +26,7 @@ export SECRET_ID=$(vault write -f -field=secret_id auth/test/role/my-role/secret
 
 # Run confd
 confd --onetime --log-level debug \
-      --confdir ./integration/confdir \
+      --confdir ./integration/vault-approle/confdir \
       --backend vault \
       --auth-type app-role \
       --role-id $ROLE_ID \

integration/vault-v1/confdir/conf.d/basic.toml

@@ -0,0 +1,7 @@
+[template]
+mode = "0644"
+src = "basic.conf.tmpl"
+dest = "/tmp/confd-basic-test.conf"
+keys = [
+  "kv-v1/database",
+]

integration/vault-v1/confdir/conf.d/exists.toml

@@ -0,0 +1,7 @@
+[template]
+mode = "0644"
+src = "exists-test.conf.tmpl"
+dest = "/tmp/confd-exists-test.conf"
+keys = [
+  "kv-v1/exists",
+]

integration/vault-v1/confdir/conf.d/iteration.toml

@@ -0,0 +1,7 @@
+[template]
+mode = "0644"
+src = "iteration.conf.tmpl"
+dest = "/tmp/confd-iteration-test.conf"
+keys = [
+  "kv-v1/upstream",
+]

integration/vault-v1/confdir/conf.d/manykeys.toml

@@ -0,0 +1,7 @@
+[template]
+mode = "0644"
+src = "basic.conf.tmpl"
+dest = "/tmp/confd-manykeys-test.conf"
+keys = [
+  "kv-v1/database",
+]

integration/vault-v1/confdir/conf.d/nested.toml

@@ -0,0 +1,7 @@
+[template]
+mode = "0644"
+src = "nested.conf.tmpl"
+dest = "/tmp/confd-nested-test.conf"
+keys = [
+  "kv-v1/nested",
+]

integration/vault-v1/confdir/templates/basic.conf.tmpl

@@ -0,0 +1,6 @@
+hostname: {{ getenv "HOSTNAME" }}
+[database]
+host={{ getv "/kv-v1/database/host" }}
+password={{ getv "/kv-v1/database/password" }}
+port={{ getv "/kv-v1/database/port" }}
+username={{ getv "/kv-v1/database/username" }}

integration/vault-v1/confdir/templates/exists-test.conf.tmpl

@@ -0,0 +1,2 @@
+{{ if exists "/kv-v1/exists" }}value: {{ getv "/kv-v1/exists/key" }}{{ end }}
+{{- if exists "/kv-v1/doesnotexist" }}This line will not be printed value: {{ getv "/kv-v1/exists/key" }}{{ end }}

integration/vault-v1/confdir/templates/iteration.conf.tmpl

@@ -0,0 +1,16 @@
+upstream app {
+{{- range gets "/kv-v1/upstream/*" }}
+  server {{ .Value }};
+{{- end }}
+}
+
+server {
+    server_name  www.example.com;
+    location / {
+        proxy_pass        http://app;
+        proxy_redirect    off;
+        proxy_set_header  Host             $host;
+        proxy_set_header  X-Real-IP        $remote_addr;
+        proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
+   }
+}

integration/vault-v1/confdir/templates/nested.conf.tmpl

@@ -0,0 +1,18 @@
+upstream app {
+{{- range gets "/kv-v1/nested/*" }}
+  {{- range gets .Key }}
+    server {{ .Value }};
+  {{- end }}
+{{- end }}
+}
+
+server {
+    server_name  www.example.com;
+    location / {
+        proxy_pass        http://app;
+        proxy_redirect    off;
+        proxy_set_header  Host             $host;
+        proxy_set_header  X-Real-IP        $remote_addr;
+        proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
+   }
+}

integration/vault-v1/test.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+export HOSTNAME="localhost"
+export ROOT_TOKEN="$(vault read -field id auth/token/lookup-self)"
+
+vault secrets enable -version 1 -path kv-v1 kv
+
+vault write kv-v1/exists key=foobar
+vault write kv-v1/database host=127.0.0.1 port=3306 username=confd password=p@sSw0rd
+vault write kv-v1/upstream app1=10.0.1.10:8080 app2=10.0.1.11:8080
+vault write kv-v1/nested/east app1=10.0.1.10:8080
+vault write kv-v1/nested/west app2=10.0.1.11:8080
+
+# Run confd
+confd --onetime --log-level debug \
+      --confdir ./integration/vault-v1/confdir \
+      --backend vault \
+      --auth-type token \
+      --auth-token $ROOT_TOKEN \
+      --node http://127.0.0.1:8200