diff --git a/integration/vault-approle/confdir/conf.d/basic.toml b/integration/vault-approle/confdir/conf.d/basic.toml new file mode 100644 index 000000000..87bda5012 --- /dev/null +++ b/integration/vault-approle/confdir/conf.d/basic.toml @@ -0,0 +1,7 @@ +[template] +mode = "0644" +src = "basic.conf.tmpl" +dest = "/tmp/confd-basic-test.conf" +keys = [ + "kv-v1/database", +] diff --git a/integration/vault-approle/confdir/conf.d/exists.toml b/integration/vault-approle/confdir/conf.d/exists.toml new file mode 100644 index 000000000..43487c56d --- /dev/null +++ b/integration/vault-approle/confdir/conf.d/exists.toml @@ -0,0 +1,7 @@ +[template] +mode = "0644" +src = "exists-test.conf.tmpl" +dest = "/tmp/confd-exists-test.conf" +keys = [ + "kv-v1/exists", +] diff --git a/integration/vault-approle/confdir/conf.d/iteration.toml b/integration/vault-approle/confdir/conf.d/iteration.toml new file mode 100644 index 000000000..bcf4b1d1c --- /dev/null +++ b/integration/vault-approle/confdir/conf.d/iteration.toml @@ -0,0 +1,7 @@ +[template] +mode = "0644" +src = "iteration.conf.tmpl" +dest = "/tmp/confd-iteration-test.conf" +keys = [ + "kv-v1/upstream", +] diff --git a/integration/vault-approle/confdir/conf.d/manykeys.toml b/integration/vault-approle/confdir/conf.d/manykeys.toml new file mode 100644 index 000000000..b078ef8e4 --- /dev/null +++ b/integration/vault-approle/confdir/conf.d/manykeys.toml @@ -0,0 +1,7 @@ +[template] +mode = "0644" +src = "basic.conf.tmpl" +dest = "/tmp/confd-manykeys-test.conf" +keys = [ + "kv-v1/database", +] diff --git a/integration/vault-approle/confdir/conf.d/nested.toml b/integration/vault-approle/confdir/conf.d/nested.toml new file mode 100644 index 000000000..627a83abc --- /dev/null +++ b/integration/vault-approle/confdir/conf.d/nested.toml @@ -0,0 +1,7 @@ +[template] +mode = "0644" +src = "nested.conf.tmpl" +dest = "/tmp/confd-nested-test.conf" +keys = [ + "kv-v1/nested", +] diff --git a/integration/vault-approle/confdir/templates/basic.conf.tmpl b/integration/vault-approle/confdir/templates/basic.conf.tmpl new file mode 100644 index 000000000..188b6fe16 --- /dev/null +++ b/integration/vault-approle/confdir/templates/basic.conf.tmpl @@ -0,0 +1,6 @@ +hostname: {{ getenv "HOSTNAME" }} +[database] +host={{ getv "/kv-v1/database/host" }} +password={{ getv "/kv-v1/database/password" }} +port={{ getv "/kv-v1/database/port" }} +username={{ getv "/kv-v1/database/username" }} diff --git a/integration/vault-approle/confdir/templates/exists-test.conf.tmpl b/integration/vault-approle/confdir/templates/exists-test.conf.tmpl new file mode 100644 index 000000000..ab110f0da --- /dev/null +++ b/integration/vault-approle/confdir/templates/exists-test.conf.tmpl @@ -0,0 +1,2 @@ +{{ if exists "/kv-v1/exists" }}value: {{ getv "/kv-v1/exists/key" }}{{ end }} +{{- if exists "/kv-v1/doesnotexist" }}This line will not be printed value: {{ getv "/kv-v1/exists/key" }}{{ end }} diff --git a/integration/vault-approle/confdir/templates/iteration.conf.tmpl b/integration/vault-approle/confdir/templates/iteration.conf.tmpl new file mode 100644 index 000000000..f15b8b35c --- /dev/null +++ b/integration/vault-approle/confdir/templates/iteration.conf.tmpl @@ -0,0 +1,16 @@ +upstream app { +{{- range gets "/kv-v1/upstream/*" }} + server {{ .Value }}; +{{- end }} +} + +server { + server_name www.example.com; + location / { + proxy_pass http://app; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} diff --git a/integration/vault-approle/confdir/templates/nested.conf.tmpl b/integration/vault-approle/confdir/templates/nested.conf.tmpl new file mode 100644 index 000000000..36e67a967 --- /dev/null +++ b/integration/vault-approle/confdir/templates/nested.conf.tmpl @@ -0,0 +1,18 @@ +upstream app { +{{- range gets "/kv-v1/nested/*" }} + {{- range gets .Key }} + server {{ .Value }}; + {{- end }} +{{- end }} +} + +server { + server_name www.example.com; + location / { + proxy_pass http://app; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} diff --git a/integration/vault-path/test.sh b/integration/vault-approle/test.sh similarity index 59% rename from integration/vault-path/test.sh rename to integration/vault-approle/test.sh index 700bc0745..c14bc0fe8 100755 --- a/integration/vault-path/test.sh +++ b/integration/vault-approle/test.sh @@ -3,19 +3,13 @@ export HOSTNAME="localhost" export ROOT_TOKEN="$(vault read -field id auth/token/lookup-self)" -vault secrets enable -path database kv -vault secrets enable -path key kv -vault secrets enable -path upstream kv -vault secrets enable -path nested kv - -vault write key value=foobar -vault write database/host value=127.0.0.1 -vault write database/port value=3306 -vault write database/username value=confd -vault write database/password value=p@sSw0rd -vault write upstream app1=10.0.1.10:8080 app2=10.0.1.11:8080 -vault write nested/east/app1 value=10.0.1.10:8080 -vault write nested/west/app2 value=10.0.1.11:8080 +vault secrets enable -version 1 -path kv-v1 kv + +vault write kv-v1/exists key=foobar +vault write kv-v1/database host=127.0.0.1 port=3306 username=confd password=p@sSw0rd +vault write kv-v1/upstream app1=10.0.1.10:8080 app2=10.0.1.11:8080 +vault write kv-v1/nested/east app1=10.0.1.10:8080 +vault write kv-v1/nested/west app2=10.0.1.11:8080 vault auth enable -path=test approle @@ -32,7 +26,7 @@ export SECRET_ID=$(vault write -f -field=secret_id auth/test/role/my-role/secret # Run confd confd --onetime --log-level debug \ - --confdir ./integration/confdir \ + --confdir ./integration/vault-approle/confdir \ --backend vault \ --auth-type app-role \ --role-id $ROLE_ID \ diff --git a/integration/vault-v1/confdir/conf.d/basic.toml b/integration/vault-v1/confdir/conf.d/basic.toml new file mode 100644 index 000000000..87bda5012 --- /dev/null +++ b/integration/vault-v1/confdir/conf.d/basic.toml @@ -0,0 +1,7 @@ +[template] +mode = "0644" +src = "basic.conf.tmpl" +dest = "/tmp/confd-basic-test.conf" +keys = [ + "kv-v1/database", +] diff --git a/integration/vault-v1/confdir/conf.d/exists.toml b/integration/vault-v1/confdir/conf.d/exists.toml new file mode 100644 index 000000000..43487c56d --- /dev/null +++ b/integration/vault-v1/confdir/conf.d/exists.toml @@ -0,0 +1,7 @@ +[template] +mode = "0644" +src = "exists-test.conf.tmpl" +dest = "/tmp/confd-exists-test.conf" +keys = [ + "kv-v1/exists", +] diff --git a/integration/vault-v1/confdir/conf.d/iteration.toml b/integration/vault-v1/confdir/conf.d/iteration.toml new file mode 100644 index 000000000..bcf4b1d1c --- /dev/null +++ b/integration/vault-v1/confdir/conf.d/iteration.toml @@ -0,0 +1,7 @@ +[template] +mode = "0644" +src = "iteration.conf.tmpl" +dest = "/tmp/confd-iteration-test.conf" +keys = [ + "kv-v1/upstream", +] diff --git a/integration/vault-v1/confdir/conf.d/manykeys.toml b/integration/vault-v1/confdir/conf.d/manykeys.toml new file mode 100644 index 000000000..b078ef8e4 --- /dev/null +++ b/integration/vault-v1/confdir/conf.d/manykeys.toml @@ -0,0 +1,7 @@ +[template] +mode = "0644" +src = "basic.conf.tmpl" +dest = "/tmp/confd-manykeys-test.conf" +keys = [ + "kv-v1/database", +] diff --git a/integration/vault-v1/confdir/conf.d/nested.toml b/integration/vault-v1/confdir/conf.d/nested.toml new file mode 100644 index 000000000..627a83abc --- /dev/null +++ b/integration/vault-v1/confdir/conf.d/nested.toml @@ -0,0 +1,7 @@ +[template] +mode = "0644" +src = "nested.conf.tmpl" +dest = "/tmp/confd-nested-test.conf" +keys = [ + "kv-v1/nested", +] diff --git a/integration/vault-v1/confdir/templates/basic.conf.tmpl b/integration/vault-v1/confdir/templates/basic.conf.tmpl new file mode 100644 index 000000000..188b6fe16 --- /dev/null +++ b/integration/vault-v1/confdir/templates/basic.conf.tmpl @@ -0,0 +1,6 @@ +hostname: {{ getenv "HOSTNAME" }} +[database] +host={{ getv "/kv-v1/database/host" }} +password={{ getv "/kv-v1/database/password" }} +port={{ getv "/kv-v1/database/port" }} +username={{ getv "/kv-v1/database/username" }} diff --git a/integration/vault-v1/confdir/templates/exists-test.conf.tmpl b/integration/vault-v1/confdir/templates/exists-test.conf.tmpl new file mode 100644 index 000000000..ab110f0da --- /dev/null +++ b/integration/vault-v1/confdir/templates/exists-test.conf.tmpl @@ -0,0 +1,2 @@ +{{ if exists "/kv-v1/exists" }}value: {{ getv "/kv-v1/exists/key" }}{{ end }} +{{- if exists "/kv-v1/doesnotexist" }}This line will not be printed value: {{ getv "/kv-v1/exists/key" }}{{ end }} diff --git a/integration/vault-v1/confdir/templates/iteration.conf.tmpl b/integration/vault-v1/confdir/templates/iteration.conf.tmpl new file mode 100644 index 000000000..f15b8b35c --- /dev/null +++ b/integration/vault-v1/confdir/templates/iteration.conf.tmpl @@ -0,0 +1,16 @@ +upstream app { +{{- range gets "/kv-v1/upstream/*" }} + server {{ .Value }}; +{{- end }} +} + +server { + server_name www.example.com; + location / { + proxy_pass http://app; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} diff --git a/integration/vault-v1/confdir/templates/nested.conf.tmpl b/integration/vault-v1/confdir/templates/nested.conf.tmpl new file mode 100644 index 000000000..36e67a967 --- /dev/null +++ b/integration/vault-v1/confdir/templates/nested.conf.tmpl @@ -0,0 +1,18 @@ +upstream app { +{{- range gets "/kv-v1/nested/*" }} + {{- range gets .Key }} + server {{ .Value }}; + {{- end }} +{{- end }} +} + +server { + server_name www.example.com; + location / { + proxy_pass http://app; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} diff --git a/integration/vault-v1/test.sh b/integration/vault-v1/test.sh new file mode 100755 index 000000000..435e80b3d --- /dev/null +++ b/integration/vault-v1/test.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +export HOSTNAME="localhost" +export ROOT_TOKEN="$(vault read -field id auth/token/lookup-self)" + +vault secrets enable -version 1 -path kv-v1 kv + +vault write kv-v1/exists key=foobar +vault write kv-v1/database host=127.0.0.1 port=3306 username=confd password=p@sSw0rd +vault write kv-v1/upstream app1=10.0.1.10:8080 app2=10.0.1.11:8080 +vault write kv-v1/nested/east app1=10.0.1.10:8080 +vault write kv-v1/nested/west app2=10.0.1.11:8080 + +# Run confd +confd --onetime --log-level debug \ + --confdir ./integration/vault-v1/confdir \ + --backend vault \ + --auth-type token \ + --auth-token $ROOT_TOKEN \ + --node http://127.0.0.1:8200 diff --git a/integration/vault/test.sh b/integration/vault/test.sh deleted file mode 100755 index 913440d0c..000000000 --- a/integration/vault/test.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash - -export HOSTNAME="localhost" -export ROOT_TOKEN="$(vault read -field id auth/token/lookup-self)" - -vault secrets enable -path database kv -vault secrets enable -path key kv -vault secrets enable -path upstream kv -vault secrets enable -path nested kv - -vault write key value=foobar -vault write database/host value=127.0.0.1 -vault write database/port value=3306 -vault write database/username value=confd -vault write database/password value=p@sSw0rd -vault write upstream app1=10.0.1.10:8080 app2=10.0.1.11:8080 -vault write nested/east/app1 value=10.0.1.10:8080 -vault write nested/west/app2 value=10.0.1.11:8080 - -# Run confd -confd --onetime --log-level debug \ - --confdir ./integration/confdir \ - --backend vault \ - --auth-type token \ - --auth-token $ROOT_TOKEN \ - --node http://127.0.0.1:8200