Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for UNIX Socket in VAULT_ADDR and test cases #320

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Add support for UNIX Socket in VAULT_ADDR and test cases #320

wants to merge 7 commits into from

Conversation

alexander-bauer
Copy link

This pull request seeks to resolve #319 , which raises that HVAC does not directly support UNIX sockets, but has a clean workaround, by using requests_unixsocket to open a Session on the socket ahead of constructing the HVAC Client. This pull request implements that change in fcac9cc.

All other commits are in support of the testing environment (to which I had to add Vault Agent, in order to support the test case) and the test case itself.

Please note, the new test requires requests_unixsocket to be available on the execution host, but that import is not made unless a VAULT_ADDR with unix in the scheme is supplied.

@alexander-bauer
Raise the testing Vault start duration
3fbf1cf
@alexander-bauer
Change test Vault to use temp directory
3a99949
@alexander-bauer
Change test Vault to use host networking
6f12ab5
@alexander-bauer
Add Vault Agent to the testing environment
62892d9
@alexander-bauer
Include site packages for python-selinux in test
18faabf 
This could cause issues in the testing chain -- it seems necessary on
CentOS 7, but it's not obvious that it would be without issues on
existing installations. (Adding `selinux` in the `test-requirements.txt`
was not sufficient to suppress the "missing `python-libselinux`
bindings" error I encountered.)
@alexander-bauer
Write test for Vault Agent socket support
c83c305 
This tests for TerryHowe#319.
@alexander-bauer
Add workaround for Vault Agent UNIX Sockets
fcac9cc 
Vault Agent gives us the capability to listen on a UNIX socket for
connections. This is super handy for environments relying on UNIX
permissions for application access, whereas a TCP listener on localhost
doesn't give us the same kind of control. Support for this isn't baked
directly into HVAC, but there is a mechanism for clients to pass in a
requests-compatible interface. In lieu of direct support in HVAC, this
commit implements a special construction in this collection for handling
the UNIX Socket case. (Basically, if 'unix://' in vault_addr, then
handle the "special case" until HVAC adds direct support.)
@alexander-bauer
Copy link
Author

The tests are now failing in the CI environment, not too surprisingly, because requests_unixsocket is missing. I'm hesitant to add it to the main requirements, seeing as it's an optional dependency. Can anyone advise as to the correct remediation?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support for UNIX Sockets
1 participant
@alexander-bauer