void canReadVaultSecretsWithTokenAndTheyCacheCorrectly()

in plugins/vault/src/integrationTest/java/co/elastic/gradle/vault/VaultPluginIT.java [63:130]

• 64 lines of code
• 1 McCabe index (conditional complexity)

    void canReadVaultSecretsWithTokenAndTheyCacheCorrectly() {
        final var host = vaultContainer.getHost();
        final var firstMappedPort = vaultContainer.getFirstMappedPort();
        helper.settings(String.format("""
                   import %s
                   rootProject.name = "integration-test"
                   plugins {
                       id("co.elastic.vault")
                   }
                   configure<VaultExtension> {
                      engineVersion.set(2)
                      retries.set(2)
                      retryDelayMillis.set(1000)
                      address.set("http://%s:%s/")
                      auth {
                        tokenFile(file("no/such/token"))
                        roleAndSecretEnv("JUST_A", "LIE")
                        roleAndSecretEnv()
                        ghTokenEnv("SOME_GH_TOKEN")
                        ghTokenEnv()
                        ghTokenFile(file("theres/no/such/file"))
                        tokenEnv("MY_ENV_TOKEN")
                      }
                   }
                   val vault = the<VaultExtension>()
                   logger.lifecycle("top_secret is {}", vault.readSecret("secret/testing").get()["top_secret"])
                   logger.lifecycle("db_password is {}", vault.readAndCacheSecret("secret/testing2").get()["db_password"])
                """, VaultExtension.class.getName(), host, firstMappedPort));

        final BuildResult result = gradleRunner
                .withEnvironment(Collections.singletonMap("MY_ENV_TOKEN", "my-root-token"))
                .withArguments("--warning-mode", "fail", "-s", "help")
                .build();
        assertContains(result.getOutput(), "top_secret is password1");
        assertContains(result.getOutput(), "db_password is dbpassword1");
        assertCacheLocationExists(".gradle/secrets/secret/testing2");
        assertCacheLocationExists(".gradle/secrets/secret/testing2/leaseExpiration");
        assertCacheLocationExists(".gradle/secrets/secret/testing2/data");
        assertCacheLocationExists(".gradle/secrets/secret/testing2/data/db_password");
        assertCacheLocationDoesNotExists(".gradle/secrets/secret/testing/data/top_secret");
        assertCacheLocationDoesNotExists(".gradle/secrets/secret/testing2/data/top_secret");

        vaultContainer.stop();

        helper.settings(String.format("""
                   import %s
                   rootProject.name = "integration-test"
                   plugins {
                       id("co.elastic.vault")
                   }
                   configure<VaultExtension> {
                      engineVersion.set(2)
                      address.set("http://%s:%s/")
                      auth {
                        tokenEnv("MY_ENV_TOKEN")
                      }
                   }
                   val vault = the<VaultExtension>()
                   logger.lifecycle("db_password is {}", vault.readAndCacheSecret("secret/testing2").get()["db_password"])
                """, VaultExtension.class.getName(), host, firstMappedPort));

        final BuildResult result2 = gradleRunner
                .withEnvironment(Collections.singletonMap("MY_ENV_TOKEN", "my-root-token"))
                .withArguments("--warning-mode", "fail", "-s", "help")
                .build();
        // This should still work with vault stopped because it was cached
        assertContains(result2.getOutput(), "db_password is dbpassword1");
    }