test-vault-resolve-secrets.R
In vaultr: Vault Client for Secrets and Sensitive Data

test_that("vault secrets can be resolved", {
  srv <- test_vault_test_server()
  cl <- srv$client()
  cl$write("/secret/users/alice", list(password = "ALICE"))
  cl$write("/secret/users/bob", list(password = "BOB"))

  config <- list(path = tempfile(),
                 vault_server = srv$addr)

  x <- list(name = "alice",
            password = "VAULT:/secret/users/alice:password")
  withr::with_envvar(c(VAULTR_AUTH_METHOD = NA_character_), {
    expect_error(vault_resolve_secrets(x, addr = config$vault_server),
                 "Default login method not set in 'VAULTR_AUTH_METHOD'")
  })
  withr::with_envvar(c(VAULTR_AUTH_METHOD = "token", VAULT_TOKEN = NA), {
    expect_error(vault_resolve_secrets(x, addr = config$vault_server),
                 "Vault token was not found")
  })
  withr::with_envvar(c(VAULTR_AUTH_METHOD = "token", VAULT_TOKEN = "fake"), {
    expect_error(
      suppressMessages(vault_resolve_secrets(x, addr = config$vault_server)),
      "Token login failed with error")
  })

  withr::with_envvar(c(VAULTR_AUTH_METHOD = "token", VAULT_TOKEN = srv$token), {
    expect_equal(
      suppressMessages(vault_resolve_secrets(x, addr = config$vault_server)),
      list(name = "alice", password = "ALICE"))
    expect_equal(
      suppressMessages(
        vault_resolve_secrets(unlist(x), addr = config$vault_server)),
      list(name = "alice", password = "ALICE"))
  })

  withr::with_envvar(c(VAULTR_AUTH_METHOD = NA_character_), {
    args <- list(login = "token", token = srv$token,
                 addr = config$vault_server, quiet = TRUE)
    expect_equal(vault_resolve_secrets(x, vault_args = args),
                 list(name = "alice", password = "ALICE"))
    expect_error(
      vault_resolve_secrets(x, vault_args = args, addr = "somewhere"),
      "Do not provide both '...' and 'vault_args'", fixed = TRUE)
  })
})


test_that("Provide better error messages when failing to read", {
  srv <- test_vault_test_server()
  cl <- srv$client()
  cl$write("/secret/users/alice", list(password = "ALICE"))
  cl$write("/secret/users/bob", list(password = "BOB"))

  rules <- paste('path "secret/users/alice" {',
                 '  policy = "read"',
                 "}",
                 sep = "\n")
  cl$policy$write("read-secret-alice", rules)
  token <- cl$token$create(policies = "read-secret-alice")

  x <- list(alice = "VAULT:/secret/users/alice:password",
            bob = "VAULT:/secret/users/bob:password")

  args <- list(login = "token", token = token, addr = srv$addr, quiet = TRUE)
  expect_error(
    vault_resolve_secrets(x, vault_args = args),
    "While reading secret/users/bob:",
    class = "vault_forbidden")
})

Any scripts or data that you put into this service are public.

vaultr documentation built on Nov. 9, 2023, 5:07 p.m.

rdrr.io home R language documentation Run R code online

CRAN packages Bioconductor packages R-Forge packages GitHub packages

Note that we can't provide technical support on individual packages. You should contact the package authors for that.

vaultr
Vault Client for Secrets and Sensitive Data

tests/testthat/test-vault-resolve-secrets.R
In vaultr: Vault Client for Secrets and Sensitive Data

Try the vaultr package in your browser

R Package Documentation

Browse R Packages

We want your feedback!

vaultr Vault Client for Secrets and Sensitive Data

tests/testthat/test-vault-resolve-secrets.R In vaultr: Vault Client for Secrets and Sensitive Data

Try the vaultr package in your browser

R Package Documentation

Browse R Packages

We want your feedback!

vaultr
Vault Client for Secrets and Sensitive Data

tests/testthat/test-vault-resolve-secrets.R
In vaultr: Vault Client for Secrets and Sensitive Data