fix: token test #41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - dev | |
| - feature/* | |
| pull_request: | |
| branches: | |
| - dev | |
| jobs: | |
| pester_test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out repository code | |
| uses: actions/checkout@v3 | |
| - name: Install vault | |
| run: | | |
| wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg | |
| echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list | |
| sudo apt update && sudo apt install vault | |
| - name: Certificate setup for vault | |
| run: | | |
| openssl genpkey -algorithm RSA -out ca-private-key.pem | |
| openssl req -new -x509 -key ca-private-key.pem -out ca-certificate.pem -days 1 -subj /CN=vault-ca | |
| for i in server client; do | |
| openssl genpkey -algorithm RSA -out $i-key.pem | |
| openssl req -new -key $i-key.pem -out $i-csr.pem -subj /CN=127.0.0.1 | |
| openssl x509 -req -in $i-csr.pem -CA ca-certificate.pem -CAkey ca-private-key.pem -CAcreateserial -out $i-cert.pem \ | |
| -days 1 -extfile tests/ca.cfg -extensions ${i}_cert | |
| cat ca-certificate.pem $i-cert.pem >$i-chain.pem | |
| openssl pkcs12 -export -in $i-chain.pem -inkey $i-key.pem -CAfile ca-certificate.pem -out $i.pfx -nodes -passout pass: | |
| done | |
| - name: Start vault dev server | |
| shell: bash | |
| run: | | |
| nohup vault server -dev -dev-listen-address="127.0.0.1:8200" -config=tests/vault-dev-tls-config.hcl -dev-root-token-id root & | |
| for attempt in {1..10}; do sleep 1; if curl http://127.0.0.1:8200/; then echo ready; break; fi; echo waiting...; done | |
| for attempt in {1..10}; do sleep 1; if curl --key client-key.pem --cert client-cert.pem --cacert ca-certificate.pem https://127.0.0.1:9200/; then echo tls ready; break; fi; echo waiting...; done | |
| - name: Run tests | |
| shell: pwsh | |
| run: | | |
| Import-Module ./PSHCVault -Verbose -Force | |
| Invoke-Pester -Passthru -Show All |