-
Notifications
You must be signed in to change notification settings - Fork 2
/
Makefile
116 lines (90 loc) · 4.02 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
MAIN_VERSION:=$(shell git describe --always || echo "1.0")
VERSION:=${MAIN_VERSION}\#$(shell git log -n 1 --pretty=format:"%h")
PACKAGES:=$(shell go list ./... | sed -n '1!p' | grep -v -e /vendor/)
LDFLAGS:=-ldflags "-X github.com/ch-robinson/vault-elastic-plugin/main.Version=${VERSION}"
ifeq ($(OS),Windows_NT)
DETECTED_OS := Windows
EXECUTABLE_EXT := .exe
else
DETECTED_OS := $(shell sh -c 'uname -s 2>/dev/null || echo not')
EXECUTABLE_EXT :=
endif
LOCAL_VAULT_ROOT_TOKEN := sampleroottoken
PLUGIN_DIRECTORY := $(dir $(abspath $(lastword $(MAKEFILE_LIST))))bin/$(shell echo $(DETECTED_OS) | tr A-Z a-z)
default: test
make build
test:
@echo "mode: count" > coverage-all.out
@$(foreach pkg,$(PACKAGES), \
go test -p=1 -cover -covermode=count -coverprofile=coverage.out ${pkg} || exit 1; \
tail -n +2 coverage.out >> coverage-all.out;)
@COVERAGE=$$(go tool cover -func=coverage-all.out | tail -1 | tr -d '[:space:]' | tr -d '()' | tr -d '%' | tr -d ':' | sed -e 's/total//g' | sed -e 's/statements//g'); \
echo "Total Coverage: $${COVERAGE}";
.PHONY: test
cover: test
@go tool cover -html=coverage-all.out
.PHONY: cover
depends:
glide up
.PHONY: depends
run:
go run main.go
.PHONY: run
build:
GOOS=linux GOARCH=amd64 go build -a -o bin/linux/vault-elastic-plugin-x86-64 main.go
GOOS=windows GOARCH=amd64 go build -a -o bin/windows/vault-elastic-plugin-x86-64.exe main.go
GOOS=darwin GOARCH=amd64 go build -a -o bin/darwin/vault-elastic-plugin-x86-64 main.go
.PHONY: build
clean:
rm -rf vendor bin coverage.out coverage-all.out
.PHONY: clean
run-vault:
@echo "setting up Vault config.hcl ..."
ifeq ($(DETECTED_OS),Windows)
@echo 'plugin_directory = "$(subst /,\\\\,$(PLUGIN_DIRECTORY))"' > ${PLUGIN_DIRECTORY}/config.hcl
else
@echo 'plugin_directory = "$(PLUGIN_DIRECTORY)"' > ${PLUGIN_DIRECTORY}/config.hcl
endif
vault${EXECUTABLE_EXT} server -dev -dev-root-token-id="${LOCAL_VAULT_ROOT_TOKEN}" -config ${PLUGIN_DIRECTORY}/config.hcl
.PHONY: run-vault
test-plugin:
ifeq ($(INCLUDE_BUILD),true)
make -s build
endif
ifeq ($(ENABLE_VAULT_DB), true)
@echo "Enabling Vault database"
@VAULT_ADDR=http://127.0.0.1:8200 VAULT_TOKEN=${LOCAL_VAULT_ROOT_TOKEN} vault${EXECUTABLE_EXT} secrets enable database
endif
@echo "Removing previous plugin"
@curl --header "X-VAULT-TOKEN:${LOCAL_VAULT_ROOT_TOKEN}" --request DELETE http://127.0.0.1:8200/v1/sys/plugins/catalog/vault-elastic-plugin
@echo "Registering plugin with Vault"
@VAULT_ADDR=http://127.0.0.1:8200 VAULT_TOKEN=${LOCAL_VAULT_ROOT_TOKEN} vault${EXECUTABLE_EXT} write sys/plugins/catalog/vault-elastic-plugin \
sha_256=$(shell openssl sha256 $(PLUGIN_DIRECTORY)/vault-elastic-plugin-x86-64$(EXECUTABLE_EXT) | sed 's,SHA256($(PLUGIN_DIRECTORY)/vault-elastic-plugin-x86-64$(EXECUTABLE_EXT))=,,g' | sed -e 's/^[[:space:]]*//') \
command="vault-elastic-plugin-x86-64${EXECUTABLE_EXT}"
@echo "Configuring Elastic connection and plugin"
@VAULT_ADDR=http://127.0.0.1:8200 VAULT_TOKEN=${LOCAL_VAULT_ROOT_TOKEN} vault${EXECUTABLE_EXT} write database/config/elastic_test \
connection_url=${ELASTIC_BASE_URI} \
username=${ELASTIC_USERNAME} \
password=${ELASTIC_PASSWORD} \
plugin_name=vault-elastic-plugin \
allowed_roles="*"
@echo "Creating 'my-role'"
@VAULT_ADDR=http://127.0.0.1:8200 VAULT_TOKEN=${LOCAL_VAULT_ROOT_TOKEN} vault${EXECUTABLE_EXT} write database/roles/my-role \
db_name=elastic_test \
creation_statements=kibanauser \
default_ttl=5
@echo "Running plugin..."
@# Example success:
@# {
@# "request_id": "ee9ba65f-465f-a187-0c05-83afe0de1008",
@# "lease_id": "database/creds/my-role/b01dd000-ad88-d617-0480-b9fd7494914e",
@# "lease_duration": 2764800,
@# "renewable": true,
@# "data": {
@# "password": "A1a-7uxq992801vr2wv3",
@# "username": "v-root-my-role-7yxuu1x67wu91q2"
@# },
@# "warnings": null
@# }
@VAULT_ADDR=http://127.0.0.1:8200 VAULT_TOKEN=${LOCAL_VAULT_ROOT_TOKEN} vault read -format=json database/creds/my-role
.PHONY: test-plugin