From 354d49e4ebc37dfdbddbd75dbf7427fc3a4a4c66 Mon Sep 17 00:00:00 2001 From: hc-github-team-secure-vault-core <82990506+hc-github-team-secure-vault-core@users.noreply.github.com> Date: Fri, 9 Jun 2023 15:40:59 -0400 Subject: [PATCH] backport of commit b0aa808baaf13ca85061bcd20165559c6e8e4553 (#21114) Co-authored-by: Ryan Cragun --- .gitignore | 1 + enos/enos-modules.hcl | 7 +++---- enos/enos-terraform.hcl | 3 ++- enos/k8s/enos-modules-k8s.hcl | 2 +- enos/k8s/enos-scenario-k8s.hcl | 6 +++--- enos/k8s/enos-terraform-k8s.hcl | 6 ++++-- enos/modules/vault_cluster/main.tf | 1 + enos/modules/vault_cluster/variables.tf | 18 ++++++++++++++++++ 8 files changed, 33 insertions(+), 11 deletions(-) diff --git a/.gitignore b/.gitignore index 6138dcc5d..f81de12cf 100644 --- a/.gitignore +++ b/.gitignore @@ -61,6 +61,7 @@ Vagrantfile # Enos enos/.enos +enos/enos-local.vars.hcl enos/support # Enos local Terraform files enos/.terraform/* diff --git a/enos/enos-modules.hcl b/enos/enos-modules.hcl index 465acaf27..4f2aba8ce 100644 --- a/enos/enos-modules.hcl +++ b/enos/enos-modules.hcl @@ -16,9 +16,7 @@ module "backend_consul" { environment = "ci" common_tags = var.tags ssh_aws_keypair = var.aws_ssh_keypair_name - - # Set this to a real license vault if using an Enterprise edition of Consul - consul_license = var.backend_license_path == null ? "none" : file(abspath(var.backend_license_path)) + consul_license = var.backend_license_path == null ? null : file(abspath(var.backend_license_path)) } module "backend_raft" { @@ -105,7 +103,8 @@ module "vault_verify_agent_output" { module "vault_cluster" { source = "./modules/vault_cluster" - install_dir = var.vault_install_dir + install_dir = var.vault_install_dir + consul_license = var.backend_license_path == null ? null : file(abspath(var.backend_license_path)) } module "vault_get_cluster_ips" { diff --git a/enos/enos-terraform.hcl b/enos/enos-terraform.hcl index b03b4b480..cf99dd2d1 100644 --- a/enos/enos-terraform.hcl +++ b/enos/enos-terraform.hcl @@ -27,7 +27,8 @@ terraform "default" { } enos = { - source = "app.terraform.io/hashicorp-qti/enos" + source = "app.terraform.io/hashicorp-qti/enos" + version = "< 0.4.0" } } } diff --git a/enos/k8s/enos-modules-k8s.hcl b/enos/k8s/enos-modules-k8s.hcl index 17f565a74..76518403b 100644 --- a/enos/k8s/enos-modules-k8s.hcl +++ b/enos/k8s/enos-modules-k8s.hcl @@ -44,7 +44,7 @@ module "k8s_verify_version" { module "k8s_verify_write_data" { source = "../modules/k8s_vault_verify_write_data" - vault_instance_count = var.vault_instance_count + vault_instance_count = var.vault_instance_count } module "read_license" { diff --git a/enos/k8s/enos-scenario-k8s.hcl b/enos/k8s/enos-scenario-k8s.hcl index a3c254fcc..8953d5c37 100644 --- a/enos/k8s/enos-scenario-k8s.hcl +++ b/enos/k8s/enos-scenario-k8s.hcl @@ -18,7 +18,7 @@ scenario "k8s" { image_path = abspath(var.vault_docker_image_archive) image_repo = var.vault_image_repository != null ? var.vault_image_repository : matrix.edition == "oss" ? "hashicorp/vault" : "hashicorp/vault-enterprise" - image_tag = replace(var.vault_product_version, "+ent", "-ent") + image_tag = replace(var.vault_product_version, "+ent", "-ent") // The additional '-0' is required in the constraint since without it, the semver function will // only compare the non-pre-release parts (Major.Minor.Patch) of the version and the constraint, @@ -74,7 +74,7 @@ scenario "k8s" { step "verify_build_date" { skip_step = !local.version_includes_build_date - module = module.k8s_verify_build_date + module = module.k8s_verify_build_date variables { vault_pods = step.deploy_vault.vault_pods @@ -100,7 +100,7 @@ scenario "k8s" { } step "verify_ui" { - module = module.k8s_verify_ui + module = module.k8s_verify_ui skip_step = matrix.edition == "oss" variables { diff --git a/enos/k8s/enos-terraform-k8s.hcl b/enos/k8s/enos-terraform-k8s.hcl index ad9215e33..5b68bcada 100644 --- a/enos/k8s/enos-terraform-k8s.hcl +++ b/enos/k8s/enos-terraform-k8s.hcl @@ -3,13 +3,15 @@ terraform "k8s" { required_version = ">= 1.2.0" + required_providers { enos = { - source = "app.terraform.io/hashicorp-qti/enos" + source = "app.terraform.io/hashicorp-qti/enos" + version = "< 0.4.0" } helm = { - source = "hashicorp/helm" + source = "hashicorp/helm" } } } diff --git a/enos/modules/vault_cluster/main.tf b/enos/modules/vault_cluster/main.tf index 695d5f358..2c38ee66e 100644 --- a/enos/modules/vault_cluster/main.tf +++ b/enos/modules/vault_cluster/main.tf @@ -125,6 +125,7 @@ resource "enos_consul_start" "consul" { retry_join = ["provider=aws tag_key=Type tag_value=${var.consul_cluster_tag}"] server = false bootstrap_expect = 0 + license = var.consul_license log_level = "INFO" log_file = var.consul_log_file } diff --git a/enos/modules/vault_cluster/variables.tf b/enos/modules/vault_cluster/variables.tf index 5976ff361..92ac0a078 100644 --- a/enos/modules/vault_cluster/variables.tf +++ b/enos/modules/vault_cluster/variables.tf @@ -51,12 +51,30 @@ variable "consul_install_dir" { default = "/opt/consul/bin" } +variable "consul_license" { + type = string + sensitive = true + description = "The consul enterprise license" + default = null +} + variable "consul_log_file" { type = string description = "The file where the consul will write log output" default = "/var/log/consul.log" } +variable "consul_log_level" { + type = string + description = "The consul service log level" + default = "info" + + validation { + condition = contains(["trace", "debug", "info", "warn", "error"], var.consul_log_level) + error_message = "The vault_log_level must be one of 'trace', 'debug', 'info', 'warn', or 'error'." + } +} + variable "consul_release" { type = object({ version = string