Control a test vault server
Source:R/server_manager.R
, R/vault_server_instance.R
vault_test_server.Rd
Control a server for use with testing. This is designed to be
used only by other packages that wish to run tests against a vault
server. You will need to set VAULTR_TEST_SERVER_BIN_PATH
to
point at the directory containing the vault binary, to the binary
itself, or to the value auto
to try and find it on your PATH
.
Usage
vault_test_server(
https = FALSE,
init = TRUE,
if_disabled = testthat::skip,
quiet = FALSE
)
Arguments
- https
Logical scalar, indicating if a https-using server should be created, rather than the default vault dev-mode server. This is still entirely insecure, and uses self signed certificates that are bundled with the package.
- init
Logical scalar, indicating if the https-using server should be initialised.
- if_disabled
Callback function to run if the vault server is not enabled. The default, designed to be used within tests, is
testthat::skip
. Alternatively, inspect the$enabled
property of the returned object.- quiet
Logical, indicating if startup should be quiet and not print messages
Details
Once created with vault_test_server
, a server will stay
alive for as long as the R process is alive or until the
vault_server_instance
object goes out of scope and is
garbage collected. Calling $kill()
will explicitly stop
the server, but this is not strictly needed. See below for
methods to control the server instance.
Warning
Starting a server in test mode must not be used for production
under any circumstances. As the name suggests,
vault_test_server
is a server suitable for tests only and
lacks any of the features required to make vault secure. For
more information, please see the the official Vault
documentation on development servers:
https://developer.hashicorp.com/vault/docs/concepts/dev-server
Super class
vaultr::vault_client_object
-> vault_server_instance
Public fields
port
The vault port (read-only).
addr
The vault address; this is suitable for using with vault_client (read-only).
token
The vault root token, from when the testing vault server was created. If the vault is rekeyed this will no longer be accurate (read-only).
keys
Key shares from when the vault was initialised (read-only).
cacert
Path to the https certificate, if running in https mode (read-only).
Methods
Inherited methods
Method new()
Create a vault_server_instance
object. Not typically
called by users.
Usage
vault_server_instance$new(bin, port, https, init, quiet = FALSE)
Method version()
Return the server version, as a numeric_version object.
Method client()
Create a new client that can use this server. The client will be a vault_client object.
Method env()
Return a named character vector of environment
variables that can be used to communicate with this vault
server (VAULT_ADDR
, VAULT_TOKEN
, etc).
Method export()
Export the variables returned by the $env()
method to the environment. This makes them available to
child processes.
Method clear_cached_token()
Clear any session-cached token for this server. This is intended for testing new authentication backends.
Examples
# Try and start a server; if one is not enabled (see details
# above) then this will return NULL
server <- vault_test_server(if_disabled = message)
#> ...waiting for Vault to start
#> ...waiting for Vault to start
if (!is.null(server)) {
# We now have a server running on an arbitrary high port - note
# that we are running over http and in dev mode: this is not at
# all suitable for production use, just for tests
server$addr
# Create clients using the client method - by default these are
# automatically authenticated against the server
client <- server$client()
client$write("/secret/password", list(value = "s3cret!"))
client$read("/secret/password")
# The server stops automatically when the server object is
# garbage collected, or it can be turned off with the
# 'kill' method:
server$kill()
tryCatch(client$status(), error = function(e) message(e$message))
}
#> Failed to connect to 127.0.0.1 port 18218 after 0 ms: Connection refused