Skip to content

Latest commit

 

History

History
61 lines (46 loc) · 2.4 KB

README.md

File metadata and controls

61 lines (46 loc) · 2.4 KB
Raw

Secret Retrieval Testing

An independent test framework to verify input and output for 0001_retrieve-secrets.sh.

Running tests

To start the tests for this suite, run:

./start

or

./tests/retrieve-secrets/start

depending on your current working directory.

This will initiate the process of running start, followed by test, and finally stop.

Architecture

mock-conjur-env

main.go is compiled by the mock-conjur-env-builder in docker-compose.yml to make a mock-conjur-env binary. This binary is placed in tmp/vendor.

mock-conjur-env generates a set number of keys and values with random contents, but meets requirements for a shell environment variable. This program then prints the variables in "export" format, identical to the production version of conjur-env.

This is useful for when needing to test 0001_retrieve-secrets.sh without spinning up a conjur environment.

start

The start script handles building the environment and kicking off the test script. It builts the mock-conjur-env binary and places it in tmp/vendor.

start also downloads additional testing libraries (bats-assert and bats-support) used by BATS core.

test

The test script is meant to generate input for and validate the output of 0001_retrieve-secrets.sh using the Bash Automated Testing System (BATS).

Tests follow the pattern of generating key value pairs in the expected format, identical to those generated by conjur-env, and generating an executable shell script that will echo these values. This allows the secrets-retrieval script to attempt to export them to the environment, as it would in production.

Finally, we source the secret-retrieval script and run env from within the test environment, then assert upon the output. BATS offers the $output variable, which contains the output from the previous command executed using the run prefix.

stop

Removes existing Docker Compose environment

Configuration

  1. CONJUR_ENV_DIR - This references the location of the binary the secrets-retrieval script will execute for retrieval, before exporting the results to the local environment. This value is set automatically during each phase of the test script.

    Default - The path for the conjur-env binary generated by the supply script and stored in a directory built at runtime.