From 4f5415245a320b8ee868d369028e5f1b300155ed Mon Sep 17 00:00:00 2001 From: Akseli Lukkarila Date: Wed, 30 Oct 2024 13:20:49 +0200 Subject: [PATCH] change new vault to use `vault` command and update integration tests --- .github/workflows/integration.yml | 141 +++++++++++++++++------------- python-pyo3/pyproject.toml | 2 +- 2 files changed, 80 insertions(+), 63 deletions(-) diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 9a648c21..e18c8dae 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -100,15 +100,10 @@ jobs: run: python -m pip install . working-directory: python - - name: Install Python PyO3 vault - run: python -m pip install . - working-directory: python-pyo3 - - name: Add execute rights and run --version for all versions run: | chmod +x bin/go/vault bin/rust/vault nodejs/dist/cli/vault.js vault --version - pvault --version bin/go/vault --version bin/rust/vault --version nodejs/dist/cli/vault.js --version @@ -119,10 +114,6 @@ jobs: vault --help echo "------------------------------------------------------------------------------" - echo "============================ Python-pyo3 Vault CLI ===========================" - pvault --help - echo "------------------------------------------------------------------------------" - echo "================================= Go Vault CLI ===============================" bin/go/vault --help echo "------------------------------------------------------------------------------" @@ -137,9 +128,6 @@ jobs: - name: Store secret with Python run: vault -s 'secret-python' -v 'sha-${{github.sha}}' -w - - name: Store secret with Python-pyo3 - run: pvault store 'secret-python-pyo3' -v 'sha-${{github.sha}}' -w - - name: Store secret with Go run: bin/go/vault -s 'secret-go' -v 'sha-${{github.sha}}' -w @@ -152,21 +140,12 @@ jobs: - name: Validate storing worked Python run: diff <(vault -l secret-python) <(echo -n sha-${{github.sha}}) - - name: Validate storing worked Python-pyo3 - run: diff <(pvault lookup secret-python-pyo3) <(echo -n sha-${{github.sha}}) - - name: Validate Go and Rust secret equality with Python run: diff <(vault -l secret-go) <(vault -l secret-rust) - - name: Validate Go and Rust secret equality with Python-pyo3 - run: diff <(pvault lookup secret-go) <(pvault lookup secret-rust) - - name: Validate Python secret equality with Rust and Go run: diff <(bin/rust/vault -l secret-python) <(bin/go/vault -l secret-python) - - name: Validate Python-pyo3 secret equality with Rust and Go - run: diff <(bin/rust/vault -l secret-python-pyo3) <(bin/go/vault -l secret-python-pyo3) - - name: Validate Rust and Python secret equality with Go and Nodejs run: diff <(bin/go/vault -l secret-rust) <(nodejs/dist/cli/vault.js lookup secret-python) @@ -179,15 +158,9 @@ jobs: - name: Validate Rust and Go secret equality with Nodejs and Go run: diff <(bin/rust/vault -l secret-rust) <(nodejs/dist/cli/vault.js lookup secret-nodejs) - - name: Validate Python and Python-pyo3 secret equality with Nodejs - run: diff <(nodejs/dist/cli/vault.js lookup secret-python) <(bin/go/vault -l secret-python-pyo3) - - name: Delete secret with Python run: vault -d 'secret-python' - - name: Delete secret with Python-pyo3 - run: pvault delete 'secret-python-pyo3' - - name: Delete secret with Go run: bin/go/vault -d 'secret-go' @@ -200,19 +173,10 @@ jobs: - name: Verify that keys have been deleted using Rust run: | bin/rust/vault exists secret-python | grep -q "key 'secret-python' does not exist" - bin/rust/vault exists secret-python-pyo3 | grep -q "key 'secret-python-pyo3' does not exist" bin/rust/vault exists secret-go | grep -q "key 'secret-go' does not exist" bin/rust/vault exists secret-rust | grep -q "key 'secret-rust' does not exist" bin/rust/vault exists secret-nodejs | grep -q "key 'secret-nodejs' does not exist" - - name: Verify that keys have been deleted using Python-pyo3 - run: | - pvault exists secret-python | grep -q "key 'secret-python' does not exist" - pvault exists secret-python-pyo3 | grep -q "key 'secret-python-pyo3' does not exist" - pvault exists secret-go | grep -q "key 'secret-go' does not exist" - pvault exists secret-rust | grep -q "key 'secret-rust' does not exist" - pvault exists secret-nodejs | grep -q "key 'secret-nodejs' does not exist" - - name: Create dummy text file run: echo "Vault test ${{ github.sha }} ${{ github.ref_name }}" > test.txt @@ -237,27 +201,6 @@ jobs: - name: Verify that key has been deleted with Rust run: bin/rust/vault exists secret-${{github.sha}}.zip | grep -q "does not exist" - - name: Store zip file using Python-pyo3 - run: pvault store --file "secret-${{github.sha}}.zip" - - - name: Lookup the stored zip file and write to output - run: pvault lookup "secret-${{github.sha}}.zip" > output-python-pyo3.zip - - - name: Extract the retrieved zip file - run: unzip output-python-pyo3.zip -d extracted-python-pyo3 - - - name: Verify the extracted file content - run: diff extracted-python-pyo3/test.txt test.txt - - - name: Delete secret with Python-pyo3 - run: pvault delete "secret-${{github.sha}}.zip" - - - name: Verify that key has been deleted with Rust - run: bin/rust/vault exists secret-${{github.sha}}.zip | grep -q "does not exist" - - - name: Verify that key has been deleted with Python-pyo3 - run: pvault exists secret-${{github.sha}}.zip | grep -q "does not exist" - - name: Store zip file using Rust vault run: bin/rust/vault --store --file "secret-${{github.sha}}.zip" @@ -284,10 +227,84 @@ jobs: bin/rust/vault exists secret-rust | grep -q "key 'secret-rust' does not exist" bin/rust/vault exists secret-nodejs | grep -q "key 'secret-nodejs' does not exist" + - name: Install Python PyO3 vault + run: python -m pip install . + working-directory: python-pyo3 + + - name: Check version + run: vault --version + + - name: Check help output + run: | + echo "============================ Python-pyo3 Vault CLI ===========================" + vault --help + echo "------------------------------------------------------------------------------" + + echo "================================ Rust Vault CLI ==============================" + bin/rust/vault -h + echo "------------------------------------------------------------------------------" + + - name: Store secret with Python-pyo3 + run: vault -s 'secret-python-pyo3' -v 'sha-${{github.sha}}' -w + + - name: Validate storing worked Python-pyo3 + run: diff <(vault -l secret-python-pyo3) <(echo -n sha-${{github.sha}}) + + - name: Store secret with Go + run: bin/go/vault -s 'secret-go' -v 'sha-${{github.sha}}' -w + + - name: Store secret with Rust + run: bin/rust/vault -s 'secret-rust' -v 'sha-${{github.sha}}' -w + + - name: Store secret with Nodejs + run: nodejs/dist/cli/vault.js s 'secret-nodejs' 'sha-${{github.sha}}' -w + + - name: Validate Go and Rust secret equality with Python-pyo3 + run: diff <(vault -l secret-go) <(vault -l secret-rust) + + - name: Validate Python-pyo3 secret equality with Rust and Go + run: diff <(bin/rust/vault -l secret-python-pyo3) <(bin/go/vault -l secret-python-pyo3) + + - name: Validate Nodejs and Python-pyo3 secret equality with Nodejs + run: diff <(nodejs/dist/cli/vault.js l secret-nodejs) <(vault -l secret-python-pyo3) + + - name: Delete secret with Python-pyo3 + run: vault -d 'secret-python-pyo3' + + - name: Delete secret with Python-pyo3 + run: vault -d 'secret-python-rust' + + - name: Delete secret with Python-pyo3 + run: vault -d 'secret-python-go' + + - name: Delete secret with Python-pyo3 + run: vault -d 'secret-python-nodejs' + - name: Verify that keys have been deleted using Python-pyo3 run: | - pvault exists secret-python | grep -q "key 'secret-python' does not exist" - pvault exists secret-python-pyo3 | grep -q "key 'secret-python-pyo3' does not exist" - pvault exists secret-go | grep -q "key 'secret-go' does not exist" - pvault exists secret-rust | grep -q "key 'secret-rust' does not exist" - pvault exists secret-nodejs | grep -q "key 'secret-nodejs' does not exist" + vault exists secret-python | grep -q "key 'secret-python' does not exist" + vault exists secret-python-pyo3 | grep -q "key 'secret-python-pyo3' does not exist" + vault exists secret-go | grep -q "key 'secret-go' does not exist" + vault exists secret-rust | grep -q "key 'secret-rust' does not exist" + vault exists secret-nodejs | grep -q "key 'secret-nodejs' does not exist" + + - name: Store zip file using Python-pyo3 + run: vault store --file "secret-${{github.sha}}.zip" + + - name: Lookup the stored zip file and write to output + run: vault lookup "secret-${{github.sha}}.zip" > output-python-pyo3.zip + + - name: Extract the retrieved zip file + run: unzip output-python-pyo3.zip -d extracted-python-pyo3 + + - name: Verify the extracted file content + run: diff extracted-python-pyo3/test.txt test.txt + + - name: Delete secret with Python-pyo3 + run: vault delete "secret-${{github.sha}}.zip" + + - name: Verify that key has been deleted with Rust + run: bin/rust/vault exists secret-${{github.sha}}.zip | grep -q "does not exist" + + - name: Verify that key has been deleted with Python-pyo3 + run: vault exists secret-${{github.sha}}.zip | grep -q "does not exist" diff --git a/python-pyo3/pyproject.toml b/python-pyo3/pyproject.toml index dd85fd19..091cfded 100644 --- a/python-pyo3/pyproject.toml +++ b/python-pyo3/pyproject.toml @@ -37,7 +37,7 @@ dev = ["ruff"] Repository = "https://github.com/NitorCreations/vault" [project.scripts] -pvault = "p_vault.vault:main" +vault = "p_vault.vault:main" [build-system] requires = ["maturin>=1.7,<2.0"]