test: add bindle keyring & secret keys

Signed-off-by: Frank Yang <[email protected]>

Author: FrankYang0529

.github/workflows/build.yml

@@ -25,7 +25,7 @@ jobs:
               extension: "",
               # We have this enabled for releases, so we should test it.
               extraArgs: "--features openssl/vendored",
-              bindleUrl: "https://bindle.blob.core.windows.net/releases/bindle-v0.8.0-linux-amd64.tar.gz",
+              bindleUrl: "https://bindle.blob.core.windows.net/releases/bindle-v0.9.0-rc.1-linux-amd64.tar.gz",
               bindleBinary: "bindle-server",
               pathInBindleArchive: "bindle-server",
               nomadUrl: "https://releases.hashicorp.com/nomad/1.3.1/nomad_1.3.1_linux_amd64.zip",
@@ -41,7 +41,7 @@ jobs:
               os: "macos-latest",
               extension: "",
               extraArgs: "",
-              bindleUrl: "https://bindle.blob.core.windows.net/releases/bindle-v0.8.0-macos-amd64.tar.gz",
+              bindleUrl: "https://bindle.blob.core.windows.net/releases/bindle-v0.9.0-rc.1-macos-amd64.tar.gz",
               bindleBinary: "bindle-server",
               pathInBindleArchive: "bindle-server",
               nomadUrl: "https://releases.hashicorp.com/nomad/1.3.1/nomad_1.3.1_darwin_amd64.zip",
@@ -53,7 +53,7 @@ jobs:
               os: "windows-latest",
               extension: ".exe",
               extraArgs: "",
-              bindleUrl: "https://bindle.blob.core.windows.net/releases/bindle-v0.8.0-windows-amd64.tar.gz",
+              bindleUrl: "https://bindle.blob.core.windows.net/releases/bindle-v0.9.0-rc.1-windows-amd64.tar.gz",
               bindleBinary: "bindle-server.exe",
               pathInBindleArchive: "bindle-server.exe",
               nomadUrl: "https://releases.hashicorp.com/nomad/1.3.1/nomad_1.3.1_windows_amd64.zip",

Makefile

@@ -30,8 +30,8 @@ test-integration:
 
 .PHONY: test-e2e
 test-e2e:
-	RUST_LOG=$(LOG_LEVEL) cargo test --test integration --features e2e-tests --no-fail-fast  -- integration_tests::test_dependencies --nocapture
-	RUST_LOG=$(LOG_LEVEL) cargo test --test integration --features e2e-tests --no-fail-fast -- --skip integration_tests::test_dependencies --nocapture
+	RUST_LOG=$(LOG_LEVEL) cargo test --test integration --features e2e-tests --no-fail-fast -- integration_tests::e2e_tests::test_dependencies --nocapture 
+	RUST_LOG=$(LOG_LEVEL) cargo test --test integration --features e2e-tests --no-fail-fast -- --skip integration_tests::e2e_tests::test_dependencies --nocapture
 
 .PHONY: test-outbound-redis
 test-outbound-redis:

crates/publish/src/expander.rs

@@ -494,7 +494,9 @@ async fn get_bindle_first_matching_key(
     role: &SignatureRole,
     label_match: Option<&LabelMatch>,
 ) -> Result<SecretKeyEntry> {
-    let keys = SecretKeyFile::load_file(&fpath).await?;
+    let keys = SecretKeyFile::load_file(&fpath)
+        .await
+        .with_context(|| format!("can't read file {:?}", &fpath))?;
 
     keys.key
         .iter()

src/commands/deploy.rs

@@ -48,32 +48,6 @@ pub struct DeployCommand {
     )]
     pub app: PathBuf,
 
-    /// URL of bindle server
-    #[clap(
-        name = BINDLE_SERVER_URL_OPT,
-        long = "bindle-server",
-        env = BINDLE_URL_ENV,
-    )]
-    pub bindle_server_url: String,
-
-    /// Basic http auth username for the bindle server
-    #[clap(
-        name = BINDLE_USERNAME,
-        long = "bindle-username",
-        env = BINDLE_USERNAME,
-        requires = BINDLE_PASSWORD
-    )]
-    pub bindle_username: Option<String>,
-
-    /// Basic http auth password for the bindle server
-    #[clap(
-        name = BINDLE_PASSWORD,
-        long = "bindle-password",
-        env = BINDLE_PASSWORD,
-        requires = BINDLE_USERNAME
-    )]
-    pub bindle_password: Option<String>,
-
     /// Bindle secret file path to load key
     #[clap(
         name = BINDLE_SECRET_FILE,
@@ -123,14 +97,6 @@ pub struct DeployCommand {
     )]
     pub insecure: bool,
 
-    /// URL of hippo server
-    #[clap(
-        name = HIPPO_SERVER_URL_OPT,
-        long = "hippo-server",
-        env = HIPPO_URL_ENV,
-    )]
-    pub hippo_server_url: String,
-
     /// Path to assemble the bindle before pushing (defaults to
     /// a temporary directory)
     #[clap(

tests/http/client_keyring.toml

@@ -0,0 +1,7 @@
+version = "1.0"
+
+[[key]]
+label = "Test<[email protected]>"
+roles = ["creator"]
+key = "HfXxdRvgUWEE0f36EIa8+njPJVoMvmF6/gO/T19aV90="
+labelSignature = "En2GtxiLbzAIoFu2zQ5HWXwck5lONq/ALYGt8RQYUDNpStk23JcaN/Gx9zh9oEJGnVeDwHLNj9/Cql6j23O1Cw=="

tests/http/client_secret_keys.toml

@@ -0,0 +1,6 @@
+version = "1.0"
+
+[[key]]
+label = "Test<[email protected]>"
+keypair = "O6QdMC7mvxepvqDIXtj9b66ooMf4Mlz4Mmz65Em2Q8Ed9fF1G+BRYQTR/foQhrz6eM8lWgy+YXr+A79PX1pX3Q=="
+roles = ["creator"]

tests/http/server_keyring.toml

@@ -0,0 +1,7 @@
+version = "1.0"
+
+[[key]]
+label = "Test<[email protected]>"
+roles = ["creator"]
+key = "HfXxdRvgUWEE0f36EIa8+njPJVoMvmF6/gO/T19aV90="
+labelSignature = "En2GtxiLbzAIoFu2zQ5HWXwck5lONq/ALYGt8RQYUDNpStk23JcaN/Gx9zh9oEJGnVeDwHLNj9/Cql6j23O1Cw=="

tests/integration.rs

@@ -49,6 +49,10 @@ mod integration_tests {
         const BINDLE_SERVER_BASIC_AUTH_HTPASSWD_FILE: &str = "tests/http/htpasswd";
         const BINDLE_SERVER_BASIC_AUTH_USER: &str = "bindle-user";
         const BINDLE_SERVER_BASIC_AUTH_PASSWORD: &str = "topsecret";
+        const BINDLE_CLIENT_SECRET_FILE: &str = "tests/http/client_secret_keys.toml";
+        pub const BINDLE_CLIENT_KEYRING_FILE: &str = "tests/http/server_keyring.toml";
+        const BINDLE_SERVER_KEYRING_FILE: &str = "tests/http/client_keyring.toml";
+        const BINDLE_LABEL: &str = "\"Test<[email protected]>\"";
 
         const HIPPO_BASIC_AUTH_USER: &str = "hippo-user";
         const HIPPO_BASIC_AUTH_PASSWORD: &str = "topsecret";
@@ -88,6 +92,12 @@ mod integration_tests {
                     ),
                     "--bindle-server",
                     &b.url,
+                    "--bindle-secret-file",
+                    BINDLE_CLIENT_SECRET_FILE,
+                    "--bindle-keyring-file",
+                    BINDLE_CLIENT_KEYRING_FILE,
+                    "--bindle-label",
+                    BINDLE_LABEL,
                 ],
                 None,
                 None,
@@ -129,6 +139,12 @@ mod integration_tests {
                     BINDLE_SERVER_BASIC_AUTH_USER,
                     "--bindle-password",
                     BINDLE_SERVER_BASIC_AUTH_PASSWORD,
+                    "--bindle-secret-file",
+                    BINDLE_CLIENT_SECRET_FILE,
+                    "--bindle-keyring-file",
+                    BINDLE_CLIENT_KEYRING_FILE,
+                    "--bindle-label",
+                    BINDLE_LABEL,
                 ],
                 None,
                 None,
@@ -166,6 +182,12 @@ mod integration_tests {
                     ),
                     "--bindle-server",
                     &b.url,
+                    "--bindle-secret-file",
+                    BINDLE_CLIENT_SECRET_FILE,
+                    "--bindle-keyring-file",
+                    BINDLE_CLIENT_KEYRING_FILE,
+                    "--bindle-label",
+                    BINDLE_LABEL,
                 ],
                 None,
                 None,
@@ -211,6 +233,12 @@ mod integration_tests {
                     ),
                     "--bindle-server",
                     &b.url,
+                    "--bindle-secret-file",
+                    BINDLE_CLIENT_SECRET_FILE,
+                    "--bindle-keyring-file",
+                    BINDLE_CLIENT_KEYRING_FILE,
+                    "--bindle-label",
+                    BINDLE_LABEL,
                 ],
                 None,
                 None,
@@ -266,6 +294,12 @@ mod integration_tests {
                     ),
                     "--bindle-server",
                     &b.url,
+                    "--bindle-secret-file",
+                    BINDLE_CLIENT_SECRET_FILE,
+                    "--bindle-keyring-file",
+                    BINDLE_CLIENT_KEYRING_FILE,
+                    "--bindle-label",
+                    BINDLE_LABEL,
                 ],
                 None,
                 None,
@@ -327,6 +361,12 @@ mod integration_tests {
                         "{}/{}",
                         RUST_HTTP_HEADERS_ENV_ROUTES_TEST, DEFAULT_MANIFEST_LOCATION
                     ),
+                    "--bindle-secret-file",
+                    BINDLE_CLIENT_SECRET_FILE,
+                    "--bindle-keyring-file",
+                    BINDLE_CLIENT_KEYRING_FILE,
+                    "--bindle-label",
+                    BINDLE_LABEL,
                 ],
                 None,
                 None,
@@ -406,6 +446,8 @@ mod integration_tests {
                                 server_cache.path().to_string_lossy().to_string().as_str(),
                                 "-i",
                                 address.as_str(),
+                                "--keyring",
+                                BINDLE_SERVER_KEYRING_FILE,
                             ],
                             auth_args.as_slice(),
                         ]
@@ -871,6 +913,8 @@ mod integration_tests {
                 bindle_url,
                 "--listen",
                 &url,
+                "--bindle-keyring-file",
+                e2e_tests::BINDLE_CLIENT_KEYRING_FILE,
             ];
             for v in env {
                 args.push("--env");