feat: create the vault infrastructure for integration tests (#1432)

alvarocabanas · web-flow · commit 7b2fb7d65c54 · 2025-07-11T12:32:35.000+02:00
diff --git a/agent-control/tests/k8s/Tiltfile b/agent-control/tests/k8s/Tiltfile
@@ -5,6 +5,7 @@ update_settings ( k8s_upsert_timeout_secs = 150)
 load('ext://helm_resource', 'helm_repo','helm_resource')
 load('ext://git_resource', 'git_checkout')
 load('ext://deployment', 'job_create')
+load('ext://helm_remote', 'helm_remote')
 
 #### Install Flux needed for some integration tests
 helm_repo(
@@ -146,3 +147,37 @@ local_resource(
     """,
     resource_deps=['package-and-upload-local-image-chart'],
 )
+
+enable_vault = os.getenv('ENABLE_VAULT', 'false').lower() == 'true'
+
+if enable_vault:
+    ### We create a vault instance reachable at http://127.0.0.1:8200 with a kv1 engine secret with the values from
+    ### data/vault_kv1_secrets.json and a kv2 engine secret with the values from vault_kv2_secrets.json, dev token is root
+    helm_remote(
+      'vault',
+      repo_name='hashicorp',
+      repo_url='https://helm.releases.hashicorp.com',
+      set=['server.dev.enabled=true','server.serviceAccount.create=true']
+    )
+
+    # expose the service on localhost:8200
+    k8s_resource(
+      workload='vault',
+      port_forwards=8200
+    )
+
+    local_resource(
+        'enable_kv1',
+        cmd="""curl --header "X-Vault-Token: root" --request POST --data '{"type":"kv","options":{"version":1}}' http://127.0.0.1:8200/v1/sys/mounts/kv-v1
+        """,
+        resource_deps=['vault'],
+    )
+
+    # kv2 is enabled by default
+    local_resource(
+        'populate_vault_v1_v2_secrets',
+        cmd="""curl --header "X-Vault-Token: root" --request POST --data @data/vault_kv1_secrets.json http://127.0.0.1:8200/v1/kv-v1/my-secret &&
+         curl --header "X-Vault-Token: root" --request POST --data @data/vault_kv2_secrets.json http://127.0.0.1:8200/v1/secret/data/my-secret
+       """,
+        resource_deps=['enable_kv1'],
+    )
diff --git a/agent-control/tests/k8s/data/vault_kv1_secrets.json b/agent-control/tests/k8s/data/vault_kv1_secrets.json
@@ -0,0 +1,4 @@
+{
+  "foo1": "bar1",
+  "zip1": "zap1"
+}
diff --git a/agent-control/tests/k8s/data/vault_kv2_secrets.json b/agent-control/tests/k8s/data/vault_kv2_secrets.json
@@ -0,0 +1,9 @@
+{
+  "options": {
+    "cas": 0
+  },
+  "data": {
+    "foo2": "bar2",
+    "zip2": "zap2"
+  }
+}

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +{
 +  "foo1": "bar1",
 +  "zip1": "zap1"
 +}