Would like to test against resources other than KV v2 secrets such as Vault Policies, Auth Methods, Namespaces, and other /sys/ API endpoints.
Detailed Description
There are a number of API endpoints provided in the Vault /sys/ API that would be helpful to run InSpec tests against. Though it is helpful to use input to test against KV v2 secrets, it does not allow for testing of the underlying Vault setup included in the /sys endpoints.
Context
Testing the /sys endpoints provides a more complete compliance test of the Vault service setup.
Possible Implementation
Expand out the current profiles to include /sys API endpoint checks. There are a number of them documented in the Vault API.
Would like to test against resources other than KV v2 secrets such as Vault Policies, Auth Methods, Namespaces, and other
/sys/API endpoints.Detailed Description
There are a number of API endpoints provided in the Vault
/sys/API that would be helpful to run InSpec tests against. Though it is helpful to useinputto test against KV v2 secrets, it does not allow for testing of the underlying Vault setup included in the/sysendpoints.Context
Testing the
/sysendpoints provides a more complete compliance test of the Vault service setup.Possible Implementation
Expand out the current profiles to include
/sysAPI endpoint checks. There are a number of them documented in the Vault API.