Skip to content

Commit e2440af

Browse files
davepgreenedavepgreene
committed
Better docker internal ip detection
1 parent 25fdd0b commit e2440af

File tree

1 file changed

+32
-13
lines changed

1 file changed

+32
-13
lines changed

store/vault/auth/kubernetes_test.go

Lines changed: 32 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ import (
1111
"net/http/httptest"
1212
"net/url"
1313
"os"
14+
"runtime"
1415
"strings"
1516
"testing"
1617

@@ -41,19 +42,29 @@ qevae2NSZJ5r8Fo5Ch3sI63c6GCoUaMM5Ho7mHUM32BeGxy99Z3G6364akR3I819
4142
qQYZl8EZf4Jznaes/XFP0Yb+IhGXBoR9Ib+I
4243
-----END CERTIFICATE-----`
4344

44-
jwtData = `eyJhbGciOiJSUzI1NiIsImtpZCI6IlpJOEY4RHVoMktrY0JxTjhGSGxyMEhER2l2OEtFR2xFSnlITUZRc1UwZ28ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6InZhdWx0LWF1dGgtdG9rZW4tdmQ0bjQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoidmF1bHQtYXV0aCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjlhZjM3NjRlLWZmZDMtNDJiZC1hZjVkLTE2MzUwZTM0NjkyYyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OnZhdWx0LWF1dGgifQ.ZfkKFqeAIaNXmk-i7LwrXXoOIjv4WlQ1gHFOXHpSo0Wdq16KKu1VOnCkzUh9bIApL5pIXZu4-eYwP2SwokRafXBY_5znqvXoI3F1fxmw25jBT9ZeyDEKZOxyO7mtHnh7LZQ_pBUPPflClhAwacbBrTjnIpHoiWq-Z1_BeuenlRdBYQYjdXEOPK-W1bFbCqx4hq_x91v-JMAcJqQUf0ZSY3jU-vcAOmFfv_0S4K2_syUyfkYVPr_pX-0wOvwkv0nDhV-fhqux51onQyYDd_gejvjGvviDJcbXxT4sIYgbS8IKtRwI3lAhpQQyuaQbVI6DKASs9z-jvvg0VO7T2FMFIw`
45-
jwtUID = "9af3764e-ffd3-42bd-af5d-16350e34692c"
46-
jwtUsername = "system:serviceaccount:default:vault-auth"
47-
dockerHostIP = "host.docker.internal"
45+
jwtData = `eyJhbGciOiJSUzI1NiIsImtpZCI6IlpJOEY4RHVoMktrY0JxTjhGSGxyMEhER2l2OEtFR2xFSnlITUZRc1UwZ28ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6InZhdWx0LWF1dGgtdG9rZW4tdmQ0bjQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoidmF1bHQtYXV0aCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjlhZjM3NjRlLWZmZDMtNDJiZC1hZjVkLTE2MzUwZTM0NjkyYyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OnZhdWx0LWF1dGgifQ.ZfkKFqeAIaNXmk-i7LwrXXoOIjv4WlQ1gHFOXHpSo0Wdq16KKu1VOnCkzUh9bIApL5pIXZu4-eYwP2SwokRafXBY_5znqvXoI3F1fxmw25jBT9ZeyDEKZOxyO7mtHnh7LZQ_pBUPPflClhAwacbBrTjnIpHoiWq-Z1_BeuenlRdBYQYjdXEOPK-W1bFbCqx4hq_x91v-JMAcJqQUf0ZSY3jU-vcAOmFfv_0S4K2_syUyfkYVPr_pX-0wOvwkv0nDhV-fhqux51onQyYDd_gejvjGvviDJcbXxT4sIYgbS8IKtRwI3lAhpQQyuaQbVI6DKASs9z-jvvg0VO7T2FMFIw`
46+
jwtUID = "9af3764e-ffd3-42bd-af5d-16350e34692c"
47+
jwtUsername = "system:serviceaccount:default:vault-auth"
4848
)
4949

50-
var (
51-
jwtGroups = []string{
52-
"system:serviceaccounts",
53-
"system:serviceaccounts:default",
54-
"system:authenticated",
50+
var jwtGroups = []string{
51+
"system:serviceaccounts",
52+
"system:serviceaccounts:default",
53+
"system:authenticated",
54+
}
55+
56+
func getDockerHostIP() string {
57+
switch runtime.GOOS {
58+
case "darwin":
59+
return "host.docker.internal"
60+
case "windows":
61+
return "host.docker.internal"
62+
case "linux":
63+
return "172.17.0.1"
64+
default:
65+
return ""
5566
}
56-
)
67+
}
5768

5869
func runningInGithubActions() bool {
5970
return os.Getenv("GITHUB_ACTIONS") == "true"
@@ -139,7 +150,7 @@ func TestKubernetesAuth(t *testing.T) {
139150
client := tokenAndClient.Client
140151

141152
if _, err := client.Auth.KubernetesConfigureAuth(ctx, schema.KubernetesConfigureAuthRequest{
142-
KubernetesHost: fmt.Sprintf("http://%s:%s", dockerHostIP, serverUrl.Port()),
153+
KubernetesHost: fmt.Sprintf("http://%s:%s", getDockerHostIP(), serverUrl.Port()),
143154
KubernetesCaCert: testCACert,
144155
}); err != nil {
145156
t.Fatal(err)
@@ -261,7 +272,11 @@ func TestKubernetesAuthVaultError(t *testing.T) {
261272
var respErr *vault.ResponseError
262273
if errors.As(err, &respErr) {
263274
if respErr.StatusCode != http.StatusNotFound {
264-
t.Fatalf("expected to get a %d but got a %d instead", http.StatusNotFound, respErr.StatusCode)
275+
t.Fatalf(
276+
"expected to get a %d but got a %d instead",
277+
http.StatusNotFound,
278+
respErr.StatusCode,
279+
)
265280
}
266281

267282
loginURL := fmt.Sprintf("%s/v1/auth/kubernetes/login", srv.URL)
@@ -270,7 +285,11 @@ func TestKubernetesAuthVaultError(t *testing.T) {
270285
t.Fatalf("expected URL to be %s but got %s instead", loginURL, responseErrorURL)
271286
}
272287
if respErr.OriginalRequest.Method != http.MethodPost {
273-
t.Fatalf("expected method %s but got %s instead", http.MethodPut, respErr.OriginalRequest.Method)
288+
t.Fatalf(
289+
"expected method %s but got %s instead",
290+
http.MethodPut,
291+
respErr.OriginalRequest.Method,
292+
)
274293
}
275294
}
276295
}

0 commit comments

Comments
 (0)