acceptance

package
v5.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 13, 2023 License: MIT Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source
const (
	AuthBackendMountPath = "kubernetes"
	AuthBackendRole      = "default"
	// use "=" characters in the secret to test the string splitting code in
	// theatre-secrets is correct
	SentinelSecretValue          = "eats=the=world"
	SentinelSecretFileValue      = "value\x00with\x00nulls"
	SentinelSecretValueNonASCII  = "valueΣwithλnonσASCIIμ"
	SentinelSecretValueShellword = "echo $(env)"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Runner

type Runner struct{}

func (*Runner) Name

func (r *Runner) Name() string

func (*Runner) Prepare

func (r *Runner) Prepare(logger kitlog.Logger, config *rest.Config) error

Prepare is used for configuring a Vault server in our acceptance tests to provide Kubernetes authentication via service account.

It does several things:

  • Mounts a kv2 secrets engine at secret/

  • Creates a Kubernetes auth backend mounted at auth/kubernetes

  • Configures the Kubernetes backend to authenticate against the currently detected Kubernetes API server (the current cluster, if run from within)

  • For all successful Kubernetes logins, the user is assigned a token that maps to a cluster-reader policy, which permits reading of secrets from:

    secret/data/kubernetes/{namespace}/{service-account-name}/*

func (*Runner) Run

func (r *Runner) Run(logger kitlog.Logger, config *rest.Config)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL