MQE-1647: read vault token from local file system

- allow secret base path configurable

Author: jilu1

etc/config/.env.example

@@ -30,8 +30,9 @@ BROWSER=chrome
 #MAGENTO_RESTAPI_SERVER_PORT=8080
 #MAGENTO_RESTAPI_SERVER_PROTOCOL=https
 
-#*** Uncomment and set vault base url and access token if you want to use vault to manage _CREDS secrets ***#
-#CREDENTIAL_VAULT_BASE_URL=
+#*** Uncomment and set vault address and secret base path if you want to use vault to manage _CREDS secrets ***#
+#CREDENTIAL_VAULT_ADDRESS=http://127.0.0.1:8200
+#CREDENTIAL_VAULT_SECRET_BASE_PATH=secret
 
 #*** Uncomment these properties to set up a dev environment with symlinked projects ***#
 #TESTS_BP=

src/Magento/FunctionalTestingFramework/DataGenerator/Handlers/CredentialStore.php

@@ -58,10 +58,14 @@ private function __construct()
         }
 
         // Initialize vault storage
-        $csBaseUrl = getenv('CREDENTIAL_VAULT_BASE_URL');
-        if ($csBaseUrl !== false) {
+        $cvAddress = getenv('CREDENTIAL_VAULT_ADDRESS');
+        $cvSecretPath = getenv('CREDENTIAL_VAULT_SECRET_BASE_PATH');
+        if ($cvAddress !== false && $cvSecretPath !== false) {
             try {
-                $this->credStorage[self::ARRAY_KEY_FOR_VAULT] = new VaultStorage(rtrim($csBaseUrl, '/'));
+                $this->credStorage[self::ARRAY_KEY_FOR_VAULT] = new VaultStorage(
+                    rtrim($cvAddress, '/'),
+                    '/' . trim($cvSecretPath, '/')
+                );
             } catch (TestFrameworkException $e) {
             }
         }

src/Magento/FunctionalTestingFramework/DataGenerator/Handlers/SecretStorage/VaultStorage.php

@@ -14,12 +14,14 @@
 
 class VaultStorage extends BaseStorage
 {
+    /**
+     * Mftf project path
+     */
     const MFTF_PATH = '/mftf';
     /**
-     * Adobe Vault
+     * Vault kv version 2 data
      */
-    const BASE_PATH = '/dx_magento_qe';
-    const KV_DATA = 'data';
+    const KV2_DATA = 'data';
 
     /**
      * Default vault token file
@@ -54,18 +56,27 @@ class VaultStorage extends BaseStorage
      */
     private $token = null;
 
+    /**
+     * Vault secret base path
+     *
+     * @var string
+     */
+    private $secretBasePath;
+
     /**
      * CredentialVault constructor
      *
      * @param string $baseUrl
+     * @param string $secretBasePath
      * @throws TestFrameworkException
      */
-    public function __construct($baseUrl)
+    public function __construct($baseUrl, $secretBasePath)
     {
         parent::__construct();
         if (null === $this->client) {
             // Creating the client using Guzzle6 Transport and passing a custom url
             $this->client = new Client(new Guzzle6Transport(['base_uri' => $baseUrl]));
+            $this->secretBasePath = $secretBasePath;
         }
         $this->readVaultTokenFromFileSystem();
         if (!$this->authenticated()) {
@@ -96,15 +107,15 @@ public function getEncryptedValue($key)
         try {
             // Split vendor/key to construct secret path
             list($vendor, $key) = explode('/', trim($key, '/'), 2);
-            $url = self::BASE_PATH
-                . (empty(self::KV_DATA) ? '' : '/' . self::KV_DATA)
+            $url = $this->secretBasePath
+                . (empty(self::KV2_DATA) ? '' : '/' . self::KV2_DATA)
                 . self::MFTF_PATH
                 . '/'
                 . $vendor
                 . '/'
                 . $key;
             // Read value by key from vault
-            $value = $this->client->read($url)->getData()[self::KV_DATA][$key];
+            $value = $this->client->read($url)->getData()[self::KV2_DATA][$key];
             // Encrypt value for return
             $reValue = openssl_encrypt($value, parent::ENCRYPTION_ALGO, parent::$encodedKey, 0, parent::$iv);
             parent::$cachedSecretData[$key] = $reValue;