Negentropy
Multi tenant enterprise grade IAM implementation based on a geo-distributed layered Vault installation. Currently under active development of initial version.
Build components for e2e tests
needs:
- linux or macos system (only intel processors, for apple silicone using needs some changes in scripts)
- docker
./build.sh
possible options for build:
./build.sh plugins # build separate plugins
./build.sh authd # builds authd component
./build.sh cli # builds cli utility
./build.sh server-accessd # builds server-accessd component
./build.sh nss # builds nss component
./build.sh oidc-mock # builds oidc-mock for e2e tests purposes only
./build.sh vault # builds complete vault with plugins onboard
./build.sh vault --force # builds complete vault with plugins onboard (use after first build)
Run environment for e2e tests
There are three possible modes of test and stage environment:
- One vault in dev mode, negentropy plugins are aside (SINGLE mode)
- Vaults with negentropy plugins onbоard (E2E mode, for E2E Tests in CI)
- Vaults with negentropy plugins onbоard, run under delve debugger (DEBUG mode)
SINGLE mode:
./start.sh single
runs one vault at docker container, uses separate plugin binaries, placed at vault-plugins/build
E2E mode:
./start.sh e2e
runs several vaults at docker-containers, uses complete vault binary with negentropy plugins onboard, placed at infra/common/vault/vault/bin
DEBUG mode
./start.sh debug
runs several vaults at docker-containers, each docker run under delve debugger server uses complete vault binary with negentropy plugins onboard, placed at infra/common/vault/vault/bin, need connection delve-client debuggers to localhost: 2345 and localhost:2346 (see docker/docker-compose.debug.yml)
General components in other docker containers
- Zookepper, Kafka used to save data and communicate plugins.
- Kafdrop used to study Kafka
- test-server used as a sample of server under negentropy access control
- test-client used as a sample of user PC, accessing servers under negentropy access control
- oidc-mock provide mock of oidc-provider for tests
start.sh matter
- run all components containers
- configure negentropy plugins
- export data for running tests and unsealing vaults
E2E tests:
./run-e2e-tests.sh
Review checklist
- No panic which can run at vault-plugins except:
- panic run (or not) depends on code compositions only
- panic run (or not) in tests runs
- panic at flant-gitops plugin
Check there is no panic with comment '// nolint:check_panic' at others places