setups vault integration to test bedel

ncode · Dec 2, 2023 · 737f3be · 737f3be
1 parent cdfacc4
commit 737f3be
Show file tree

Hide file tree

Showing 8 changed files with 84 additions and 20 deletions.
diff --git a/configs/docker/docker-compose.yaml b/configs/docker/docker-compose.yaml
@@ -1,37 +1,51 @@
 version: '3.7'
 
 services:
-  redis-master:
+  redis0001:
     image: redis:latest
-    container_name: redis-master
+    container_name: redis0001
     ports:
       - "6379:6379"
     volumes:
-      - ./master:/usr/local/etc/redis:rw
+      - ./redis0001:/usr/local/etc/redis:rw
     command: redis-server /usr/local/etc/redis/redis.conf
 
-  redis-slave1:
+  redis0002:
     image: redis:latest
-    container_name: redis-slave1
+    container_name: redis0002
     volumes:
-      - ./slave01:/usr/local/etc/redis:rw
+      - ./redis0002:/usr/local/etc/redis:rw
     command: 
       - "redis-server"
       - "/usr/local/etc/redis/redis.conf"
       - "--slaveof"
-      - "redis-master"
+      - "redis0001"
       - "6379"
-
 
-  redis-slave2:
+  redis0003:
     image: redis:latest
     container_name: redis-slave2
     volumes:
-      - ./slave02:/usr/local/etc/redis:rw
+      - ./redis0003:/usr/local/etc/redis:rw
     command:
       - "redis-server"
       - "/usr/local/etc/redis/redis.conf"
       - "--slaveof"
-      - "redis-master"
+      - "redis0001"
       - "6379"
 
+  vault:
+    image: hashicorp/vault:latest
+    container_name: vault
+    ports:
+      - "8200:8200"
+    volumes:
+      - ./vault:/scripts:ro
+    environment:
+      VAULT_DEV_ROOT_TOKEN_ID: root
+      VAULT_DEV_LISTEN_ADDRESS: 0.0.0.0:8200
+      VAULT_ADDR: http://0.0.0.0:8200
+    cap_add:
+      - IPC_LOCK
+    entrypoint: "/scripts/setup.sh"
+
diff --git a/configs/docker/master/redis.conf → configs/docker/redis0001/redis.conf b/configs/docker/master/redis.conf → configs/docker/redis0001/redis.conf
@@ -531,15 +531,15 @@ dir ./
 # starting the replication synchronization process, otherwise the master will
 # refuse the replica request.
 #
-# masterauth <master-password>
+masterauth bedel-integration-test
 #
 # However this is not enough if you are using Redis ACLs (for Redis version
 # 6 or greater), and the default user is not capable of running the PSYNC
 # command and/or other commands needed for replication. In this case it's
 # better to configure a special user to use with replication, and specify the
 # masteruser configuration as such:
 #
-# masteruser <username>
+masteruser default
 #
 # When masteruser is specified, the replica will authenticate against its
 # master using the new AUTH form: AUTH <username> <password>.
@@ -1033,7 +1033,7 @@ aclfile /usr/local/etc/redis/users.acl
 # The requirepass is not compatible with aclfile option and the ACL LOAD
 # command, these will cause requirepass to be ignored.
 #
-# requirepass foobared
+requirepass bedel-integration-test
 
 # New users are initialized with restrictive permissions by default, via the
 # equivalent of this ACL rule 'off resetkeys -@all'. Starting with Redis 6.2, it

diff --git a/configs/docker/master/users.acl → configs/docker/redis0001/users.acl b/configs/docker/master/users.acl → configs/docker/redis0001/users.acl
diff --git a/configs/docker/slave01/redis.conf → configs/docker/redis0002/redis.conf b/configs/docker/slave01/redis.conf → configs/docker/redis0002/redis.conf
@@ -531,15 +531,15 @@ dir ./
 # starting the replication synchronization process, otherwise the master will
 # refuse the replica request.
 #
-# masterauth <master-password>
+masterauth bedel-integration-test
 #
 # However this is not enough if you are using Redis ACLs (for Redis version
 # 6 or greater), and the default user is not capable of running the PSYNC
 # command and/or other commands needed for replication. In this case it's
 # better to configure a special user to use with replication, and specify the
 # masteruser configuration as such:
 #
-# masteruser <username>
+masteruser default
 #
 # When masteruser is specified, the replica will authenticate against its
 # master using the new AUTH form: AUTH <username> <password>.
@@ -1033,7 +1033,7 @@ aclfile /usr/local/etc/redis/users.acl
 # The requirepass is not compatible with aclfile option and the ACL LOAD
 # command, these will cause requirepass to be ignored.
 #
-# requirepass foobared
+requirepass bedel-integration-test
 
 # New users are initialized with restrictive permissions by default, via the
 # equivalent of this ACL rule 'off resetkeys -@all'. Starting with Redis 6.2, it

diff --git a/configs/docker/slave01/users.acl → configs/docker/redis0002/users.acl b/configs/docker/slave01/users.acl → configs/docker/redis0002/users.acl
diff --git a/configs/docker/slave02/redis.conf → configs/docker/redis0003/redis.conf b/configs/docker/slave02/redis.conf → configs/docker/redis0003/redis.conf
@@ -531,15 +531,15 @@ dir ./
 # starting the replication synchronization process, otherwise the master will
 # refuse the replica request.
 #
-# masterauth <master-password>
+masterauth bedel-integration-test
 #
 # However this is not enough if you are using Redis ACLs (for Redis version
 # 6 or greater), and the default user is not capable of running the PSYNC
 # command and/or other commands needed for replication. In this case it's
 # better to configure a special user to use with replication, and specify the
 # masteruser configuration as such:
 #
-# masteruser <username>
+masteruser default
 #
 # When masteruser is specified, the replica will authenticate against its
 # master using the new AUTH form: AUTH <username> <password>.
@@ -1033,7 +1033,7 @@ aclfile /usr/local/etc/redis/users.acl
 # The requirepass is not compatible with aclfile option and the ACL LOAD
 # command, these will cause requirepass to be ignored.
 #
-# requirepass foobared
+requirepass bedel-integration-test
 
 # New users are initialized with restrictive permissions by default, via the
 # equivalent of this ACL rule 'off resetkeys -@all'. Starting with Redis 6.2, it

diff --git a/configs/docker/slave02/users.acl → configs/docker/redis0003/users.acl b/configs/docker/slave02/users.acl → configs/docker/redis0003/users.acl
diff --git a/configs/docker/vault/setup.sh b/configs/docker/vault/setup.sh
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+set -x
+set -m
+
+# start dev vault
+vault server -dev -dev-root-token-id=$VAULT_DEV_ROOT_TOKEN_ID &
+
+# Wait for Vault server to be up
+echo "Waiting for Vault to start..."
+while ! nc -z localhost 8200; do   
+  sleep 1
+done
+
+echo "Vault started"
+
+vault login $VAULT_DEV_ROOT_TOKEN_ID
+
+# Enable database secret engine
+vault secrets enable database
+
+sleep 1
+
+instances="redis0001 redis0002 redis0003"
+for instance in $instances ; do
+    vault write "database/config/${instance}" \
+        plugin_name="redis-database-plugin" \
+        host=$instance \
+        port=6379 \
+        tls=false \
+        username="default" \
+        password="bedel-integration-test" \
+        allowed_roles="*-${instance}"
+
+	vault write "database/roles/admin-${instance}" \
+    	db_name=$instance \
+    	creation_statements='["+@admin"]' \
+    	default_ttl="30m" \
+    	max_ttl="1h" 
+done
+
+#for i in {1..30} ; do
+#	vault read database/creds/admin-master
+#	vault read database/creds/admin-slave01
+#    vault read database/creds/admin-slave02
+#done
+
+echo "Vault configuration complete"
+
+fg