2023-03-15 16:00:52 +00:00
|
|
|
# Copyright (c) HashiCorp, Inc.
|
|
|
|
|
# SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
|
2022-08-23 19:53:41 +00:00
|
|
|
scenario "smoke" {
|
|
|
|
|
matrix {
|
2022-10-17 23:47:37 +00:00
|
|
|
arch = ["amd64", "arm64"]
|
|
|
|
|
backend = ["consul", "raft"]
|
|
|
|
|
artifact_source = ["local", "crt", "artifactory"]
|
2022-11-16 19:23:58 +00:00
|
|
|
artifact_type = ["bundle", "package"]
|
2022-12-12 20:46:04 +00:00
|
|
|
consul_version = ["1.14.2", "1.13.4", "1.12.7"]
|
2022-10-17 23:47:37 +00:00
|
|
|
distro = ["ubuntu", "rhel"]
|
2022-12-12 20:46:04 +00:00
|
|
|
edition = ["oss", "ent", "ent.fips1402", "ent.hsm", "ent.hsm.fips1402"]
|
2022-10-17 23:47:37 +00:00
|
|
|
seal = ["awskms", "shamir"]
|
2022-11-16 19:23:58 +00:00
|
|
|
|
2023-01-13 16:43:26 +00:00
|
|
|
# Packages are not offered for the oss, ent.fips1402, and ent.hsm.fips1402 editions
|
2022-11-16 19:23:58 +00:00
|
|
|
exclude {
|
2023-01-13 16:43:26 +00:00
|
|
|
edition = ["oss", "ent.fips1402", "ent.hsm.fips1402"]
|
2022-11-16 19:23:58 +00:00
|
|
|
artifact_type = ["package"]
|
|
|
|
|
}
|
2022-08-23 19:53:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
terraform_cli = terraform_cli.default
|
|
|
|
|
terraform = terraform.default
|
|
|
|
|
providers = [
|
|
|
|
|
provider.aws.default,
|
|
|
|
|
provider.enos.ubuntu,
|
|
|
|
|
provider.enos.rhel
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
locals {
|
|
|
|
|
build_tags = {
|
2022-12-12 20:46:04 +00:00
|
|
|
"oss" = ["ui"]
|
|
|
|
|
"ent" = ["ui", "enterprise", "ent"]
|
|
|
|
|
"ent.fips1402" = ["ui", "enterprise", "cgo", "hsm", "fips", "fips_140_2", "ent.fips1402"]
|
|
|
|
|
"ent.hsm" = ["ui", "enterprise", "cgo", "hsm", "venthsm"]
|
|
|
|
|
"ent.hsm.fips1402" = ["ui", "enterprise", "cgo", "hsm", "fips", "fips_140_2", "ent.hsm.fips1402"]
|
2022-08-23 19:53:41 +00:00
|
|
|
}
|
2022-10-17 23:47:37 +00:00
|
|
|
bundle_path = matrix.artifact_source != "artifactory" ? abspath(var.vault_bundle_path) : null
|
2022-08-23 19:53:41 +00:00
|
|
|
dependencies_to_install = ["jq"]
|
|
|
|
|
enos_provider = {
|
|
|
|
|
rhel = provider.enos.rhel
|
|
|
|
|
ubuntu = provider.enos.ubuntu
|
|
|
|
|
}
|
|
|
|
|
tags = merge({
|
|
|
|
|
"Project Name" : var.project_name
|
|
|
|
|
"Project" : "Enos",
|
|
|
|
|
"Environment" : "ci"
|
|
|
|
|
}, var.tags)
|
|
|
|
|
vault_instance_types = {
|
|
|
|
|
amd64 = "t3a.small"
|
|
|
|
|
arm64 = "t4g.small"
|
|
|
|
|
}
|
|
|
|
|
vault_instance_type = coalesce(var.vault_instance_type, local.vault_instance_types[matrix.arch])
|
2022-11-11 20:14:43 +00:00
|
|
|
vault_license_path = abspath(var.vault_license_path != null ? var.vault_license_path : joinpath(path.root, "./support/vault.hclic"))
|
2022-11-16 19:23:58 +00:00
|
|
|
vault_install_dir_packages = {
|
|
|
|
|
rhel = "/bin"
|
|
|
|
|
ubuntu = "/usr/bin"
|
|
|
|
|
}
|
|
|
|
|
vault_install_dir = matrix.artifact_type == "bundle" ? var.vault_install_dir : local.vault_install_dir_packages[matrix.distro]
|
2022-08-23 19:53:41 +00:00
|
|
|
}
|
|
|
|
|
|
2022-10-17 23:47:37 +00:00
|
|
|
step "get_local_metadata" {
|
|
|
|
|
skip_step = matrix.artifact_source != "local"
|
|
|
|
|
module = module.get_local_metadata
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-23 19:53:41 +00:00
|
|
|
step "build_vault" {
|
2022-10-17 23:47:37 +00:00
|
|
|
module = "build_${matrix.artifact_source}"
|
2022-08-23 19:53:41 +00:00
|
|
|
|
|
|
|
|
variables {
|
2022-11-16 19:23:58 +00:00
|
|
|
build_tags = var.vault_local_build_tags != null ? var.vault_local_build_tags : local.build_tags[matrix.edition]
|
|
|
|
|
bundle_path = local.bundle_path
|
|
|
|
|
goarch = matrix.arch
|
|
|
|
|
goos = "linux"
|
|
|
|
|
artifactory_host = matrix.artifact_source == "artifactory" ? var.artifactory_host : null
|
|
|
|
|
artifactory_repo = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null
|
|
|
|
|
artifactory_username = matrix.artifact_source == "artifactory" ? var.artifactory_username : null
|
|
|
|
|
artifactory_token = matrix.artifact_source == "artifactory" ? var.artifactory_token : null
|
|
|
|
|
arch = matrix.artifact_source == "artifactory" ? matrix.arch : null
|
|
|
|
|
product_version = var.vault_product_version
|
|
|
|
|
artifact_type = matrix.artifact_type
|
|
|
|
|
distro = matrix.artifact_source == "artifactory" ? matrix.distro : null
|
|
|
|
|
edition = matrix.artifact_source == "artifactory" ? matrix.edition : null
|
|
|
|
|
instance_type = matrix.artifact_source == "artifactory" ? local.vault_instance_type : null
|
|
|
|
|
revision = var.vault_revision
|
2022-08-23 19:53:41 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
step "find_azs" {
|
|
|
|
|
module = module.az_finder
|
|
|
|
|
|
|
|
|
|
variables {
|
|
|
|
|
instance_type = [
|
|
|
|
|
var.backend_instance_type,
|
|
|
|
|
local.vault_instance_type
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
step "create_vpc" {
|
|
|
|
|
module = module.create_vpc
|
|
|
|
|
|
|
|
|
|
variables {
|
2022-11-15 18:44:05 +00:00
|
|
|
ami_architectures = distinct([matrix.arch, "amd64"])
|
2022-08-23 19:53:41 +00:00
|
|
|
availability_zones = step.find_azs.availability_zones
|
|
|
|
|
common_tags = local.tags
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
step "read_license" {
|
|
|
|
|
skip_step = matrix.edition == "oss"
|
|
|
|
|
module = module.read_license
|
|
|
|
|
|
|
|
|
|
variables {
|
2022-11-11 20:14:43 +00:00
|
|
|
file_name = local.vault_license_path
|
2022-08-23 19:53:41 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
step "create_backend_cluster" {
|
2022-10-17 23:47:37 +00:00
|
|
|
module = "backend_${matrix.backend}"
|
|
|
|
|
depends_on = [step.create_vpc]
|
2022-08-23 19:53:41 +00:00
|
|
|
|
|
|
|
|
providers = {
|
2022-12-12 20:46:04 +00:00
|
|
|
enos = provider.enos.ubuntu
|
2022-08-23 19:53:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
variables {
|
2022-12-12 20:46:04 +00:00
|
|
|
ami_id = step.create_vpc.ami_ids["ubuntu"]["amd64"]
|
2022-08-23 19:53:41 +00:00
|
|
|
common_tags = local.tags
|
|
|
|
|
consul_release = {
|
|
|
|
|
edition = var.backend_edition
|
|
|
|
|
version = matrix.consul_version
|
|
|
|
|
}
|
|
|
|
|
instance_type = var.backend_instance_type
|
|
|
|
|
kms_key_arn = step.create_vpc.kms_key_arn
|
|
|
|
|
vpc_id = step.create_vpc.vpc_id
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
step "create_vault_cluster" {
|
|
|
|
|
module = module.vault_cluster
|
|
|
|
|
depends_on = [
|
|
|
|
|
step.create_backend_cluster,
|
2022-10-17 23:47:37 +00:00
|
|
|
step.build_vault,
|
2022-08-23 19:53:41 +00:00
|
|
|
]
|
|
|
|
|
|
|
|
|
|
providers = {
|
|
|
|
|
enos = local.enos_provider[matrix.distro]
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
variables {
|
2023-01-13 16:43:26 +00:00
|
|
|
ami_id = step.create_vpc.ami_ids[matrix.distro][matrix.arch]
|
|
|
|
|
common_tags = local.tags
|
|
|
|
|
consul_cluster_tag = step.create_backend_cluster.consul_cluster_tag
|
|
|
|
|
consul_release = matrix.backend == "consul" ? {
|
|
|
|
|
edition = var.backend_edition
|
|
|
|
|
version = matrix.consul_version
|
|
|
|
|
} : null
|
2022-08-23 19:53:41 +00:00
|
|
|
dependencies_to_install = local.dependencies_to_install
|
|
|
|
|
instance_type = local.vault_instance_type
|
|
|
|
|
kms_key_arn = step.create_vpc.kms_key_arn
|
|
|
|
|
storage_backend = matrix.backend
|
|
|
|
|
unseal_method = matrix.seal
|
|
|
|
|
vault_local_artifact_path = local.bundle_path
|
2022-11-16 19:23:58 +00:00
|
|
|
vault_install_dir = local.vault_install_dir
|
|
|
|
|
vault_artifactory_release = matrix.artifact_source == "artifactory" ? step.build_vault.vault_artifactory_release : null
|
2022-08-23 19:53:41 +00:00
|
|
|
vault_license = matrix.edition != "oss" ? step.read_license.license : null
|
|
|
|
|
vpc_id = step.create_vpc.vpc_id
|
2023-02-08 22:41:16 +00:00
|
|
|
vault_environment = {
|
|
|
|
|
VAULT_LOG_LEVEL = var.vault_log_level
|
|
|
|
|
}
|
2022-08-23 19:53:41 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-01-13 16:43:26 +00:00
|
|
|
step "get_vault_cluster_ips" {
|
|
|
|
|
module = module.vault_get_cluster_ips
|
|
|
|
|
depends_on = [step.create_vault_cluster]
|
|
|
|
|
|
|
|
|
|
providers = {
|
|
|
|
|
enos = local.enos_provider[matrix.distro]
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
variables {
|
|
|
|
|
vault_instances = step.create_vault_cluster.vault_instances
|
|
|
|
|
vault_install_dir = local.vault_install_dir
|
|
|
|
|
vault_root_token = step.create_vault_cluster.vault_root_token
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-10-04 20:08:26 +00:00
|
|
|
step "verify_vault_version" {
|
2022-11-16 19:23:58 +00:00
|
|
|
module = module.vault_verify_version
|
|
|
|
|
depends_on = [step.create_vault_cluster]
|
2022-10-04 20:08:26 +00:00
|
|
|
|
|
|
|
|
providers = {
|
|
|
|
|
enos = local.enos_provider[matrix.distro]
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
variables {
|
|
|
|
|
vault_instances = step.create_vault_cluster.vault_instances
|
|
|
|
|
vault_edition = matrix.edition
|
2022-11-16 19:23:58 +00:00
|
|
|
vault_install_dir = local.vault_install_dir
|
2022-10-17 23:47:37 +00:00
|
|
|
vault_product_version = matrix.artifact_source == "local" ? step.get_local_metadata.version : var.vault_product_version
|
|
|
|
|
vault_revision = matrix.artifact_source == "local" ? step.get_local_metadata.revision : var.vault_revision
|
|
|
|
|
vault_build_date = matrix.artifact_source == "local" ? step.get_local_metadata.build_date : var.vault_build_date
|
2022-10-04 20:08:26 +00:00
|
|
|
vault_root_token = step.create_vault_cluster.vault_root_token
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-23 19:53:41 +00:00
|
|
|
step "verify_vault_unsealed" {
|
2022-11-16 19:23:58 +00:00
|
|
|
module = module.vault_verify_unsealed
|
|
|
|
|
depends_on = [step.create_vault_cluster]
|
2022-08-23 19:53:41 +00:00
|
|
|
|
|
|
|
|
providers = {
|
|
|
|
|
enos = local.enos_provider[matrix.distro]
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
variables {
|
2022-11-16 19:23:58 +00:00
|
|
|
vault_install_dir = local.vault_install_dir
|
|
|
|
|
vault_instances = step.create_vault_cluster.vault_instances
|
2023-01-13 16:43:26 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
step "verify_write_test_data" {
|
|
|
|
|
module = module.vault_verify_write_data
|
|
|
|
|
depends_on = [
|
|
|
|
|
step.create_vault_cluster,
|
|
|
|
|
step.get_vault_cluster_ips
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
providers = {
|
|
|
|
|
enos = local.enos_provider[matrix.distro]
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
variables {
|
|
|
|
|
leader_public_ip = step.get_vault_cluster_ips.leader_public_ip
|
|
|
|
|
leader_private_ip = step.get_vault_cluster_ips.leader_private_ip
|
|
|
|
|
vault_instances = step.create_vault_cluster.vault_instances
|
|
|
|
|
vault_install_dir = local.vault_install_dir
|
2022-11-16 19:23:58 +00:00
|
|
|
vault_root_token = step.create_vault_cluster.vault_root_token
|
2022-08-23 19:53:41 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
step "verify_raft_auto_join_voter" {
|
2022-11-16 19:23:58 +00:00
|
|
|
skip_step = matrix.backend != "raft"
|
|
|
|
|
module = module.vault_verify_raft_auto_join_voter
|
|
|
|
|
depends_on = [step.create_vault_cluster]
|
|
|
|
|
|
|
|
|
|
providers = {
|
|
|
|
|
enos = local.enos_provider[matrix.distro]
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
variables {
|
|
|
|
|
vault_install_dir = local.vault_install_dir
|
|
|
|
|
vault_instances = step.create_vault_cluster.vault_instances
|
|
|
|
|
vault_root_token = step.create_vault_cluster.vault_root_token
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
step "verify_replication" {
|
|
|
|
|
module = module.vault_verify_replication
|
|
|
|
|
depends_on = [step.create_vault_cluster]
|
|
|
|
|
|
|
|
|
|
providers = {
|
|
|
|
|
enos = local.enos_provider[matrix.distro]
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
variables {
|
|
|
|
|
vault_edition = matrix.edition
|
|
|
|
|
vault_install_dir = local.vault_install_dir
|
|
|
|
|
vault_instances = step.create_vault_cluster.vault_instances
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-01-13 16:43:26 +00:00
|
|
|
step "verify_read_test_data" {
|
|
|
|
|
module = module.vault_verify_read_data
|
|
|
|
|
depends_on = [
|
|
|
|
|
step.verify_write_test_data,
|
|
|
|
|
step.verify_replication
|
|
|
|
|
]
|
2022-11-16 19:23:58 +00:00
|
|
|
|
|
|
|
|
providers = {
|
|
|
|
|
enos = local.enos_provider[matrix.distro]
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
variables {
|
2023-01-13 16:43:26 +00:00
|
|
|
node_public_ips = step.get_vault_cluster_ips.follower_public_ips
|
2022-11-16 19:23:58 +00:00
|
|
|
vault_install_dir = local.vault_install_dir
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-01-13 16:43:26 +00:00
|
|
|
step "verify_ui" {
|
|
|
|
|
module = module.vault_verify_ui
|
2022-11-16 19:23:58 +00:00
|
|
|
depends_on = [step.create_vault_cluster]
|
2022-08-23 19:53:41 +00:00
|
|
|
|
|
|
|
|
providers = {
|
|
|
|
|
enos = local.enos_provider[matrix.distro]
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
variables {
|
2022-11-16 19:23:58 +00:00
|
|
|
vault_instances = step.create_vault_cluster.vault_instances
|
|
|
|
|
vault_install_dir = local.vault_install_dir
|
2022-08-23 19:53:41 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
output "vault_cluster_instance_ids" {
|
|
|
|
|
description = "The Vault cluster instance IDs"
|
|
|
|
|
value = step.create_vault_cluster.instance_ids
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
output "vault_cluster_pub_ips" {
|
|
|
|
|
description = "The Vault cluster public IPs"
|
|
|
|
|
value = step.create_vault_cluster.instance_public_ips
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
output "vault_cluster_priv_ips" {
|
|
|
|
|
description = "The Vault cluster private IPs"
|
|
|
|
|
value = step.create_vault_cluster.instance_private_ips
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
output "vault_cluster_key_id" {
|
|
|
|
|
description = "The Vault cluster Key ID"
|
|
|
|
|
value = step.create_vault_cluster.key_id
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
output "vault_cluster_root_token" {
|
|
|
|
|
description = "The Vault cluster root token"
|
|
|
|
|
value = step.create_vault_cluster.vault_root_token
|
|
|
|
|
}
|
|
|
|
|
|
2023-01-13 16:43:26 +00:00
|
|
|
output "vault_cluster_recovery_key_shares" {
|
|
|
|
|
description = "The Vault cluster recovery key shares"
|
|
|
|
|
value = step.create_vault_cluster.vault_recovery_key_shares
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
output "vault_cluster_recovery_keys_b64" {
|
|
|
|
|
description = "The Vault cluster recovery keys b64"
|
|
|
|
|
value = step.create_vault_cluster.vault_recovery_keys_b64
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
output "vault_cluster_recovery_keys_hex" {
|
|
|
|
|
description = "The Vault cluster recovery keys hex"
|
|
|
|
|
value = step.create_vault_cluster.vault_recovery_keys_hex
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-23 19:53:41 +00:00
|
|
|
output "vault_cluster_unseal_keys_b64" {
|
|
|
|
|
description = "The Vault cluster unseal keys"
|
|
|
|
|
value = step.create_vault_cluster.vault_unseal_keys_b64
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
output "vault_cluster_unseal_keys_hex" {
|
|
|
|
|
description = "The Vault cluster unseal keys hex"
|
|
|
|
|
value = step.create_vault_cluster.vault_unseal_keys_hex
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
output "vault_cluster_tag" {
|
|
|
|
|
description = "The Vault cluster tag"
|
|
|
|
|
value = step.create_vault_cluster.vault_cluster_tag
|
|
|
|
|
}
|
|
|
|
|
}
|
