Closed shtripat closed 2 months ago
PTAL at the CI failure
go: downloading github.com/go-logr/stdr v1.2.2
=== RUN TestVaultCI
vault_ci_test.go:21: kesconf: invalid vault keystore: invalid approle config: no approle ID specified
--- FAIL: TestVaultCI (0.00s)
FAIL
FAIL github.com/minio/kes/kesconf 0.014s
FAIL
Error: Process completed with exit code 1.
Looks like KV List permissions are missing @shtripat
Looks like KV List permissions are missing @shtripat
Somehow locally inside a ubuntu VM with below kes-policy.hcl the tests run fine
path "transit/encrypt/my-key" {
capabilities = [ "update" ]
}
path "transit/decrypt/my-key" {
capabilities = [ "update" ]
}
path "kv/*" {
capabilities = [ "create", "read", "delete", "list" ]
}
root@vm-01:~/kes# go test ./kesconf -v -vault-ci.config=/root/kes/kesconf/testdata/vault/kes-config-vault.yml -run="TestVaultCI"
=== RUN TestVaultCI
=== RUN TestVaultCI/Create
=== RUN TestVaultCI/Get
=== RUN TestVaultCI/Status
--- PASS: TestVaultCI (0.05s)
--- PASS: TestVaultCI/Create (0.01s)
--- PASS: TestVaultCI/Get (0.03s)
--- PASS: TestVaultCI/Status (0.00s)
PASS
ok github.com/minio/kes/kesconf 0.064s
do you mean to change policy as below?
path "transit/encrypt/my-key" {
capabilities = [ "update", "list" ]
}
path "transit/decrypt/my-key" {
capabilities = [ "update", "list" ]
}
path "kv/*" {
capabilities = [ "create", "read", "delete", "list" ]
}
@harshavardhana @aead can one of you PTAL?
This is close to a year old, looks like this may never get merged. Closing.
Feel free to send when its ready.
This PR introduces a github workflow to deploy HashiCorp Vault with Transit enabled and execute tests.