Transit Secret benchmark fail to run with the example configuration provided

Question

Transit Secret benchmark fail to run with the example configuration provided

Closed this issue a year ago · 1 comments

On https://github.com/hashicorp/vault-benchmark/blob/main/docs/tests/secret-transit.md#example-configuration there is this Example Configuration:

test "transit_sign" "transit_sign_test_1" {
    weight = 25
}

test "transit_verify" "transit_verify_test_1" {
    weight = 25
    config {
        verify_config {
            signature_algorithm = "pkcs1v15"
        }
    }
}

test "transit_encrypt" "transit_encrypt_test_1" {
    weight = 25
}

test "transit_decrypt" "transit_decrypt_test_1" {
    weight = 25
    config {
        payload_len = 64
    }
}

Running this with the vault-benchmark v0.2.0 binary results in this error message:

[ERROR] vault-benchmark: error loading config: error="failed to parse config: error decoding to struct: benchmark_config.hcl:18,9-22: Unsupported block type; Blocks of type "verify_config" are not expected here.

Removing the config block from the transit_verify test definition results in a running config:

test "transit_sign" "transit_sign_test_1" {
    weight = 25
}

test "transit_verify" "transit_verify_test_1" {
    weight = 25
}

test "transit_encrypt" "transit_encrypt_test_1" {
    weight = 25
}

test "transit_decrypt" "transit_decrypt_test_1" {
    weight = 25
    config {
        payload_len = 64
    }
}

But I don't know if that config part is necessary for the test to run as intended.

Can you please also check?

Thanks.

Answer 1 · 2023-09-07T19:50:20.000Z

@umutkacar thank you for find this! I've submitted a PR (#164) to improve the docs around this. To answer your questions directly: 1) the verify_config should actually be verify and 2) no the config part in this case isn't required, the benchmark tests will use defaults defined in the tests instead. If you wanted to override those defaults, however, you would need to include that parameter.