Skip to content

Commit 47d2388

Browse files
kofoworolabuger
kofoworola
and
buger
authored
[TT-16249]: Add vault to tyk-pro for integration tests (#78)
* Add Vault and upstream auth server for E2E tests * Update tyk.conf to hardcode external_services.oauth.mtls to Vault * added fixes * fixed task implementation --------- Co-authored-by: Leonid Bugaev <leonsbox@gmail.com>
1 parent 7bec18d commit 47d2388

12 files changed

Lines changed: 1363 additions & 1202 deletions

Taskfile.yml

Lines changed: 23 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ tasks:
2121
DB: '{{ or .DB "mongo44" }}'
2222
CACHE: '{{ or .CACHE "redis6" }}'
2323
VARIATION: '{{or .VARIATION "murmur64" }}'
24-
confs_dir: './{{ .FLAVOUR }}'
24+
confs_dir: "./{{ .FLAVOUR }}"
2525
env_file: local-{{.DB}}.env
2626
cmds:
2727
- |
@@ -41,7 +41,7 @@ tasks:
4141
DB: '{{ or .DB "mongo7" }}'
4242
CACHE: '{{ or .CACHE "redis6" }}'
4343
VARIATION: '{{or .VARIATION "murmur64" }}'
44-
confs_dir: './{{ .FLAVOUR }}'
44+
confs_dir: "./{{ .FLAVOUR }}"
4545
env_file: upgrade.env
4646
cmds:
4747
- |
@@ -53,15 +53,14 @@ tasks:
5353
docker compose -p auto -f pro-ha.yml -f deps_pro-ha.yml -f ${DB}.yml -f ${CACHE}.yml --env-file master.env --profile slave-datacenter up --quiet-pull -d --build
5454
fi
5555
56-
5756
clean:
5857
desc: Tears down all local infrastructure including networking
5958
env:
6059
FLAVOUR: '{{ or .FLAVOUR "pro" }}'
6160
DB: '{{ or .DB "mongo44" }}'
6261
CACHE: '{{ or .CACHE "redis6" }}'
6362
VARIATION: '{{or .VARIATION "murmur64" }}'
64-
confs_dir: './{{ .FLAVOUR }}'
63+
confs_dir: "./{{ .FLAVOUR }}"
6564
env_file: local-{{.DB}}.env
6665
cmds:
6766
- docker compose -p auto -f ${FLAVOUR}.yml -f deps_${FLAVOUR}.yml -f ${DB}.yml -f ${CACHE}.yml --env-file master.env --env-file master.env --profile all down --remove-orphans
@@ -72,12 +71,31 @@ tasks:
7271
Deploys pytest container that runs against local infrastructure using docker compose manifest
7372
- For mdcb you may want to use the ARGS "--ci -m "mdcb""
7473
- For non mdcb deployments something like "-m "not local and not mdcb""
75-
cmds:
74+
cmds:
7675
- |
7776
docker run --rm --network auto_default --env-file ./pytest.env \
7877
754489498669.dkr.ecr.eu-central-1.amazonaws.com/tyk-automated-tests:master \
7978
pytest -c pytest_ci.ini {{.CLI_ARGS}}
8079
80+
seed-vault:
81+
desc: Seeds Vault with placeholder OAuth mTLS secrets required for local gateway startup
82+
cmds:
83+
- |
84+
echo "Waiting for Vault to be ready..."
85+
until curl -s http://localhost:8200/v1/sys/health | grep -q '"initialized":true'; do
86+
sleep 2
87+
done
88+
echo "Seeding Vault with placeholder OAuth mTLS secrets..."
89+
curl -s -X POST http://localhost:8200/v1/secret/data/oauth/cert_file \
90+
-H "X-Vault-Token: root" \
91+
-H "Content-Type: application/json" \
92+
-d '{"data": {"cert_file": "placeholder", "value": "placeholder"}}'
93+
curl -s -X POST http://localhost:8200/v1/secret/data/oauth/key_file \
94+
-H "X-Vault-Token: root" \
95+
-H "Content-Type: application/json" \
96+
-d '{"data": {"key_file": "placeholder", "value": "placeholder"}}'
97+
echo "Vault seeded successfully. You can now start your local gateway."
98+
8199
healthcheck:
82100
desc: Usefull healthchecks to ensure services are up and running
83101
cmds:

deps_pro-ha.yml

Lines changed: 34 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -102,7 +102,7 @@ services:
102102
container_name: rabbitmq
103103
image: rabbitmq:4.1.0-management-alpine
104104
ports:
105-
- "5672:5672" # AMQP protocol
105+
- "5672:5672" # AMQP protocol
106106
- "15672:15672" # Management UI
107107
- "1883:1883"
108108
environment:
@@ -135,7 +135,11 @@ services:
135135
volumes:
136136
- ./keycloak/mcp-test-realm.json:/opt/keycloak/data/import/mcp-test-realm.json:ro
137137
healthcheck:
138-
test: ["CMD-SHELL", "exec 3<>/dev/tcp/localhost/8080 && echo -e 'GET /health/ready HTTP/1.1\\r\\nHost: localhost\\r\\n\\r\\n' >&3 && cat <&3 | grep -q UP"]
138+
test:
139+
[
140+
"CMD-SHELL",
141+
"exec 3<>/dev/tcp/localhost/8080 && echo -e 'GET /health/ready HTTP/1.1\\r\\nHost: localhost\\r\\n\\r\\n' >&3 && cat <&3 | grep -q UP",
142+
]
139143
interval: 10s
140144
timeout: 10s
141145
retries: 15
@@ -153,8 +157,35 @@ services:
153157
- PORT=7878
154158
- DEBUG=false
155159
healthcheck:
156-
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:7878/health"]
160+
test:
161+
[
162+
"CMD",
163+
"wget",
164+
"--no-verbose",
165+
"--tries=1",
166+
"--spider",
167+
"http://localhost:7878/health",
168+
]
157169
interval: 10s
158170
timeout: 3s
159171
retries: 3
160172
start_period: 5s
173+
174+
vault:
175+
profiles: ["all", "master-datacenter"]
176+
container_name: vault
177+
image: hashicorp/vault:latest
178+
ports:
179+
- "8200:8200"
180+
environment:
181+
- VAULT_DEV_ROOT_TOKEN_ID=root
182+
- VAULT_DEV_LISTEN_ADDRESS=0.0.0.0:8200
183+
cap_add:
184+
- IPC_LOCK
185+
186+
upstream-auth-server:
187+
profiles: ["all", "master-datacenter"]
188+
container_name: upstream-auth-server
189+
image: kennethreitz/httpbin
190+
ports:
191+
- "8090:80"

deps_pro.yml

Lines changed: 52 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -97,8 +97,59 @@ services:
9797
- PORT=7878
9898
- DEBUG=false
9999
healthcheck:
100-
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:7878/health"]
100+
test:
101+
[
102+
"CMD",
103+
"wget",
104+
"--no-verbose",
105+
"--tries=1",
106+
"--spider",
107+
"http://localhost:7878/health",
108+
]
101109
interval: 10s
102110
timeout: 3s
103111
retries: 3
104112
start_period: 5s
113+
114+
vault:
115+
profiles: ["all", "master-datacenter"]
116+
container_name: vault
117+
image: hashicorp/vault:latest
118+
ports:
119+
- "8200:8200"
120+
environment:
121+
- VAULT_DEV_ROOT_TOKEN_ID=root
122+
- VAULT_DEV_LISTEN_ADDRESS=0.0.0.0:8200
123+
cap_add:
124+
- IPC_LOCK
125+
healthcheck:
126+
test: ["CMD", "vault", "status", "-address=http://127.0.0.1:8200"]
127+
interval: 5s
128+
retries: 10
129+
start_period: 3s
130+
timeout: 5s
131+
132+
vault-seed:
133+
profiles: ["all", "master-datacenter"]
134+
container_name: vault-seed
135+
image: hashicorp/vault:latest
136+
environment:
137+
- VAULT_ADDR=http://vault:8200
138+
- VAULT_TOKEN=root
139+
depends_on:
140+
vault:
141+
condition: service_healthy
142+
entrypoint: ["/bin/sh", "-c"]
143+
command:
144+
- |
145+
vault kv put secret/oauth/cert_file cert_file="placeholder" value="placeholder"
146+
vault kv put secret/oauth/key_file key_file="placeholder" value="placeholder"
147+
echo "Vault seeded with placeholder OAuth mTLS cert_file and key_file secrets"
148+
restart: "no"
149+
150+
upstream-auth-server:
151+
profiles: ["all", "master-datacenter"]
152+
container_name: upstream-auth-server
153+
image: kennethreitz/httpbin
154+
ports:
155+
- "8090:80"

local-mongo44.env

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,6 @@
11
TYK_DB_MONGOURL=mongodb://mongo:27017/tyk_analytics
2+
TYK_GW_HASHKEYFUNCTION=sha256
3+
TYK_GW_HASHKEYS=true
24
TYK_GW_SLAVEOPTIONS_APIKEY=<PLACEHOLDER>
35
TYK_GW_SLAVEOPTIONS_RPCKEY=<PLACEHOLDER>
46
TYK_LOGLEVEL=debug
@@ -28,4 +30,4 @@ TYK_PMP_PUMPS_MONGO_META_MONGOURL=mongodb://mongo:27017/tyk_analytics
2830
TYK_PMP_PUMPS_MONGO_TYPE=mongo
2931
TYK_PMP_UPTIMEPUMPCONFIG_COLLECTIONNAME=tyk_analytics
3032
TYK_PMP_UPTIMEPUMPCONFIG_MONGOURL=mongodb://mongo:27017/tyk_analytics
31-
TYK_PMP_UPTIMEPUMPCONFIG_UPTIMETYPE=mongo
33+
TYK_PMP_UPTIMEPUMPCONFIG_UPTIMETYPE=mongo

0 commit comments

Comments
 (0)