Relocate Vault module into main testcontainers-java repository

Author: rnorth

.github/CODEOWNERS

@@ -11,3 +11,4 @@
 # Contributed modules can have different reviewers
 
 modules/mssqlserver/    @StefanHufschmidt @rnorth @bsideup @kiview
+modules/vault/          @mikeoswald @rnorth @bsideup @kiview

modules/vault/AUTHORS

@@ -0,0 +1 @@
+Michael Oswald <michael.oswald@capitalone.com>

modules/vault/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 Capital One Services, LLC and other authors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

modules/vault/README.md

@@ -0,0 +1,66 @@
+# TestContainers Vault Module
+
+Testcontainers module for [Vault](https://github.com/hashicorp/vault). Vault is a tool for managing secrets. More information on Vault [here](https://www.vaultproject.io/).
+
+## Usage example
+
+Running Vault in your Junit tests is easily done with an @Rule or @ClassRule such as the following:
+
+```java
+public class SomeTest {
+
+    @ClassRule
+    public static VaultContainer vaultContainer = new VaultContainer<>()
+            .withVaultToken("my-root-token")
+            .withVaultPort(8200)
+            .withSecretInVault("secret/testing", "top_secret=password1","db_password=dbpassword1");
+    
+    @Test
+    public void someTestMethod() {
+       //interact with Vault via the container's host, port and Vault token. 
+       
+       //There are many integration clients for Vault so let's just define a general one here:
+       VaultClient client = new VaultClient(
+               vaultContainer.getContainerIpAddress(),
+               vaultContainer.getMappedPort(8200),
+               "my-root-token");
+       
+       List<String> secrets = client.readSecret("secret/testing");
+       
+    }
+```
+
+## Why Vault in Junit tests?
+
+With the increasing popularity of Vault and secret management, applications are now needing to source secrets from Vault.
+This can prove challenging in the development phase without a running Vault instance readily on hand. This library 
+aims to solve your apps integration testing with Vault. You can also use it to
+test how your application behaves with Vault by writing different test scenarios in Junit.
+
+## Dependency information
+
+### Maven
+
+```
+<dependency>
+    <groupId>org.testcontainers</groupId>
+    <artifactId>vault</artifactId>
+    <version>1.4.3</version>
+</dependency>
+```
+
+### Gradle
+
+```
+compile group: 'org.testcontainers', name: 'vault', version: '1.4.3'
+```
+
+## License
+
+See [LICENSE](LICENSE).
+
+## Copyright
+
+Copyright (c) 2017 Capital One Services, LLC and other authors.
+
+See [AUTHORS](AUTHORS) for contributors.

modules/vault/build.gradle

@@ -0,0 +1,7 @@
+description = "Testcontainers :: Vault"
+
+dependencies {
+    compile project(':testcontainers')
+
+    testCompile 'io.rest-assured:rest-assured:3.0.0'
+}

modules/vault/src/main/java/org/testcontainers/vault/VaultContainer.java

@@ -0,0 +1,133 @@
+package org.testcontainers.vault;
+
+import com.github.dockerjava.api.command.InspectContainerResponse;
+import org.testcontainers.containers.GenericContainer;
+import org.testcontainers.containers.traits.LinkableContainer;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import static com.github.dockerjava.api.model.Capability.IPC_LOCK;
+
+
+/**
+ * GenericContainer subclass for Vault specific configuration and features. The main feature is the
+ * withSecretInVault method, where users can specify which secrets to be pre-loaded into Vault for
+ * their specific test scenario.
+ *
+ * Other helpful features include the withVaultPort, and withVaultToken methods for convenience.
+ */
+public class VaultContainer<SELF extends VaultContainer<SELF>> extends GenericContainer<SELF>
+        implements LinkableContainer {
+
+    private static final String VAULT_PORT = "8200";
+
+    private boolean vaultPortRequested = false;
+
+    private Map<String, List<String>> secretsMap = new HashMap<>();
+
+    public VaultContainer() {
+        this("vault:0.7.0");
+    }
+
+    public VaultContainer(String dockerImageName) {
+        super(dockerImageName);
+    }
+
+    @Override
+    protected void configure() {
+        setStartupAttempts(3);
+        withCreateContainerCmdModifier(cmd -> cmd.withCapAdd(IPC_LOCK));
+        if(!isVaultPortRequested()){
+            withEnv("VAULT_ADDR", "http://0.0.0.0:" + VAULT_PORT);
+        }
+    }
+
+    @Override
+    protected void containerIsStarted(InspectContainerResponse containerInfo) {
+        addSecrets();
+    }
+
+    private void addSecrets() {
+        if(!secretsMap.isEmpty()){
+            try {
+                this.execInContainer(buildExecCommand(secretsMap)).getStdout().contains("Success");
+            }
+            catch (IOException | InterruptedException e) {
+                logger().error("Failed to add these secrets {} into Vault via exec command. Exception message: {}", secretsMap, e.getMessage());
+            }
+        }
+    }
+
+    private String[] buildExecCommand(Map<String, List<String>> map) {
+        StringBuilder stringBuilder = new StringBuilder();
+        map.forEach((path, secrets) -> {
+            stringBuilder.append(" && vault write " + path);
+            secrets.forEach(item -> stringBuilder.append(" " + item));
+        });
+        return new String[] { "/bin/sh", "-c", stringBuilder.toString().substring(4)};
+    }
+
+    /**
+     * Sets the Vault root token for the container so application tests can source secrets using the token
+     *
+     * @param token the root token value to set for Vault.
+     * @return this
+     */
+    public SELF withVaultToken(String token) {
+        withEnv("VAULT_DEV_ROOT_TOKEN_ID", token);
+        withEnv("VAULT_TOKEN", token);
+        return self();
+    }
+
+    /**
+     * Sets the Vault port in the container as well as the port bindings for the host to reach the container over HTTP.
+     *
+     * @param port the port number you want to have the Vault container listen on for tests.
+     * @return this
+     */
+    public SELF withVaultPort(int port){
+        setVaultPortRequested(true);
+        String vaultPort = String.valueOf(port);
+        withEnv("VAULT_ADDR", "http://0.0.0.0:" + VAULT_PORT);
+        setPortBindings(Arrays.asList(vaultPort + ":" + VAULT_PORT));
+        return self();
+    }
+
+    /**
+     * Pre-loads secrets into Vault container. User may specify one or more secrets and all will be added to each path
+     * that is specified. Thus this can be called more than once for multiple paths to be added to Vault.
+     *
+     * The secrets are added to vault directly after the container is up via the
+     * {@link #addSecrets() addSecrets}, called from {@link #containerIsStarted(InspectContainerResponse) containerIsStarted}
+     *
+     * @param path specific Vault path to store specified secrets
+     * @param firstSecret first secret to add to specifed path
+     * @param remainingSecrets var args list of secrets to add to specified path
+     * @return this
+     */
+    public SELF withSecretInVault(String path, String firstSecret, String... remainingSecrets) {
+        List<String> list = new ArrayList<>();
+        list.add(firstSecret);
+        for(String secret : remainingSecrets) {
+            list.add(secret);
+        }
+        if (secretsMap.containsKey(path)) {
+            list.addAll(list);
+        }
+        secretsMap.putIfAbsent(path,list);
+        return self();
+    }
+
+    private void setVaultPortRequested(boolean vaultPortRequested) {
+        this.vaultPortRequested = vaultPortRequested;
+    }
+
+    private boolean isVaultPortRequested() {
+        return vaultPortRequested;
+    }
+}

modules/vault/src/test/java/org/testcontainers/vault/VaultContainerTest.java

@@ -0,0 +1,79 @@
+package org.testcontainers.vault;
+
+import org.junit.ClassRule;
+import org.junit.Test;
+import org.testcontainers.containers.GenericContainer;
+import org.testcontainers.containers.wait.Wait;
+
+import java.io.IOException;
+
+import static io.restassured.RestAssured.given;
+import static org.hamcrest.CoreMatchers.containsString;
+import static org.hamcrest.CoreMatchers.equalTo;
+import static org.junit.Assert.assertThat;
+
+/**
+ * This test shows the pattern to use the VaultContainer @ClassRule for a junit test. It also has tests that ensure
+ * the secrets were added correctly by reading from Vault with the CLI and over HTTP.
+ */
+public class VaultContainerTest {
+
+    private static final int VAULT_PORT = 8201; //using non-default port to show other ports can be passed besides 8200
+
+    private static final String VAULT_TOKEN = "my-root-token";
+
+    @ClassRule
+    public static VaultContainer vaultContainer = new VaultContainer<>()
+            .withVaultToken(VAULT_TOKEN)
+            .withVaultPort(VAULT_PORT)
+            .withSecretInVault("secret/testing1", "top_secret=password123")
+            .withSecretInVault("secret/testing2", "secret_one=password1",
+                    "secret_two=password2", "secret_three=password3", "secret_three=password3",
+                    "secret_four=password4")
+            .waitingFor(Wait.forHttp("/v1/secret/testing1").forStatusCode(400));
+
+    @Test
+    public void readFirstSecretPathWithCli() throws IOException, InterruptedException {
+        GenericContainer.ExecResult result = vaultContainer.execInContainer("vault",
+                "read", "-field=top_secret", "secret/testing1");
+        assertThat(result.getStdout(), containsString("password123"));
+    }
+
+    @Test
+    public void readSecondSecretPathWithCli() throws IOException, InterruptedException {
+        GenericContainer.ExecResult result = vaultContainer.execInContainer("vault",
+                "read", "secret/testing2");
+        String output = result.getStdout();
+        assertThat(output, containsString("password1"));
+        assertThat(output, containsString("password2"));
+        assertThat(output, containsString("password3"));
+        assertThat(output, containsString("password4"));
+    }
+
+    @Test
+    public void readFirstSecretPathOverHttpApi() throws InterruptedException {
+        given().
+            header("X-Vault-Token", VAULT_TOKEN).
+        when().
+            get("http://"+getHostAndPort()+"/v1/secret/testing1").
+        then().
+            assertThat().body("data.top_secret", equalTo("password123"));
+    }
+
+    @Test
+    public void readSecondecretPathOverHttpApi() throws InterruptedException {
+        given().
+            header("X-Vault-Token", VAULT_TOKEN).
+        when().
+            get("http://"+getHostAndPort()+"/v1/secret/testing2").
+        then().
+            assertThat().body("data.secret_one", containsString("password1")).
+            assertThat().body("data.secret_two", containsString("password2")).
+            assertThat().body("data.secret_three", containsString("password3")).
+            assertThat().body("data.secret_four", containsString("password4"));
+    }
+
+    private String getHostAndPort(){
+        return vaultContainer.getContainerIpAddress()+":"+vaultContainer.getMappedPort(8200);
+    }
+}

modules/vault/src/test/resources/logback-test.xml

@@ -0,0 +1,24 @@
+<configuration>
+
+    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+        <!-- encoders are assigned the type
+             ch.qos.logback.classic.encoder.PatternLayoutEncoder by default -->
+        <encoder>
+            <pattern>%d{HH:mm:ss.SSS} %-5level %logger - %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <root level="debug">
+        <appender-ref ref="STDOUT"/>
+    </root>
+
+    <logger name="org.apache.http" level="WARN"/>
+    <logger name="com.github.dockerjava" level="WARN"/>
+    <logger name="org.zeroturnaround.exec" level="WARN"/>
+    <logger name="com.zaxxer.hikari" level="INFO"/>
+    <logger name="org.rnorth.tcpunixsocketproxy" level="INFO" />
+    <logger name="io.netty" level="WARN" />
+    <logger name="org.mongodb" level="INFO" />
+    <logger name="org.testcontainers.shaded" level="WARN"/>
+    <logger name="com.zaxxer.hikari" level="INFO"/>
+</configuration>