luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Migrate package_manager smoke test to Enos scenario (#17653) 

Integrate package testing to Enos scenarios as a matrix variant instead of a standalone scenario
This commit is contained in:
Rebecca Willett 2022-11-16 14:23:58 -05:00 committed by GitHub
parent 13de7e9844
commit 46c0c6b1bb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
24 changed files with 537 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
.github/enos-run-matrices/artifactory-ent.json vendored
View File

@ -1,43 +1,43 @@
{
"include": [
{
"scenario": "smoke arch:amd64 artifact_source:artifactory backend:consul consul_version:1.13.2 distro:rhel edition:ent seal:awskms",
"scenario": "smoke arch:amd64 artifact_source:artifactory backend:consul consul_version:1.13.2 distro:rhel edition:ent seal:awskms artifact_type:bundle",
"aws_region": "us-east-1"
},
{
"scenario": "smoke arch:amd64 artifact_source:artifactory backend:consul consul_version:1.13.2 distro:ubuntu edition:ent seal:shamir",
"scenario": "smoke arch:amd64 artifact_source:artifactory backend:consul consul_version:1.13.2 distro:ubuntu edition:ent seal:shamir artifact_type:bundle",
"aws_region": "us-east-2"
},
{
"scenario": "smoke arch:arm64 artifact_source:artifactory backend:raft consul_version:1.11.10 distro:ubuntu edition:ent seal:awskms",
"scenario": "smoke arch:arm64 artifact_source:artifactory backend:raft consul_version:1.11.10 distro:ubuntu edition:ent seal:awskms artifact_type:bundle",
"aws_region": "us-west-1"
},
{
"scenario": "smoke arch:arm64 artifact_source:artifactory backend:raft consul_version:1.11.10 distro:rhel edition:ent seal:shamir",
"scenario": "smoke arch:arm64 artifact_source:artifactory backend:raft consul_version:1.11.10 distro:rhel edition:ent seal:shamir artifact_type:bundle",
"aws_region": "us-west-2"
},
{
"scenario": "upgrade arch:arm64 artifact_source:artifactory backend:consul consul_version:1.12.5 distro:ubuntu edition:ent seal:shamir",
"scenario": "upgrade arch:arm64 artifact_source:artifactory backend:consul consul_version:1.12.5 distro:ubuntu edition:ent seal:shamir artifact_type:bundle",
"aws_region": "us-west-1"
},
{
"scenario": "upgrade arch:amd64 artifact_source:artifactory backend:consul consul_version:1.13.2 distro:rhel edition:ent seal:awskms",
"scenario": "upgrade arch:amd64 artifact_source:artifactory backend:consul consul_version:1.13.2 distro:rhel edition:ent seal:awskms artifact_type:bundle",
"aws_region": "us-west-2"
},
{
"scenario": "upgrade arch:arm64 artifact_source:artifactory backend:raft consul_version:1.12.5 distro:rhel edition:ent seal:shamir",
"scenario": "upgrade arch:arm64 artifact_source:artifactory backend:raft consul_version:1.12.5 distro:rhel edition:ent seal:shamir artifact_type:bundle",
"aws_region": "us-east-1"
},
{
"scenario": "upgrade arch:amd64 artifact_source:artifactory backend:raft consul_version:1.13.2 distro:ubuntu edition:ent seal:awskms",
"scenario": "upgrade arch:amd64 artifact_source:artifactory backend:raft consul_version:1.13.2 distro:ubuntu edition:ent seal:awskms artifact_type:bundle",
"aws_region": "us-east-2"
},
{
"scenario": "autopilot arch:amd64 artifact_source:artifactory distro:ubuntu edition:ent seal:awskms",
"scenario": "autopilot arch:amd64 artifact_source:artifactory distro:ubuntu edition:ent seal:awskms artifact_type:bundle",
"aws_region": "us-west-1"
},
{
"scenario": "autopilot arch:arm64 artifact_source:artifactory distro:rhel edition:ent seal:shamir",
"scenario": "autopilot arch:arm64 artifact_source:artifactory distro:rhel edition:ent seal:shamir artifact_type:bundle",
"aws_region": "us-west-2"
}
]

16
.github/enos-run-matrices/artifactory-oss.json vendored
View File

@ -1,35 +1,35 @@
{
"include": [
{
"scenario": "smoke arch:amd64 artifact_source:artifactory backend:consul consul_version:1.13.2 distro:rhel edition:oss seal:awskms",
"scenario": "smoke arch:amd64 artifact_source:artifactory backend:consul consul_version:1.13.2 distro:rhel edition:oss seal:awskms artifact_type:bundle",
"aws_region": "us-east-1"
},
{
"scenario": "smoke arch:amd64 artifact_source:artifactory backend:consul consul_version:1.12.5 distro:ubuntu edition:oss seal:shamir",
"scenario": "smoke arch:amd64 artifact_source:artifactory backend:consul consul_version:1.12.5 distro:ubuntu edition:oss seal:shamir artifact_type:bundle",
"aws_region": "us-east-2"
},
{
"scenario": "smoke arch:arm64 artifact_source:artifactory backend:raft consul_version:1.11.10 distro:ubuntu edition:oss seal:awskms",
"scenario": "smoke arch:arm64 artifact_source:artifactory backend:raft consul_version:1.11.10 distro:ubuntu edition:oss seal:awskms artifact_type:bundle",
"aws_region": "us-west-1"
},
{
"scenario": "smoke arch:arm64 artifact_source:artifactory backend:raft consul_version:1.11.10 distro:rhel edition:oss seal:shamir",
"scenario": "smoke arch:arm64 artifact_source:artifactory backend:raft consul_version:1.11.10 distro:rhel edition:oss seal:shamir artifact_type:bundle",
"aws_region": "us-west-2"
},
{
"scenario": "upgrade arch:arm64 artifact_source:artifactory backend:consul consul_version:1.11.10 distro:ubuntu edition:oss seal:shamir",
"scenario": "upgrade arch:arm64 artifact_source:artifactory backend:consul consul_version:1.11.10 distro:ubuntu edition:oss seal:shamir artifact_type:bundle",
"aws_region": "us-west-1"
},
{
"scenario": "upgrade arch:amd64 artifact_source:artifactory backend:consul consul_version:1.13.2 distro:rhel edition:oss seal:awskms",
"scenario": "upgrade arch:amd64 artifact_source:artifactory backend:consul consul_version:1.13.2 distro:rhel edition:oss seal:awskms artifact_type:bundle",
"aws_region": "us-west-2"
},
{
"scenario": "upgrade arch:arm64 artifact_source:artifactory backend:raft consul_version:1.12.5 distro:rhel edition:oss seal:shamir",
"scenario": "upgrade arch:arm64 artifact_source:artifactory backend:raft consul_version:1.12.5 distro:rhel edition:oss seal:shamir artifact_type:bundle",
"aws_region": "us-east-1"
},
{
"scenario": "upgrade arch:amd64 artifact_source:artifactory backend:raft consul_version:1.13.2 distro:ubuntu edition:oss seal:awskms",
"scenario": "upgrade arch:amd64 artifact_source:artifactory backend:raft consul_version:1.13.2 distro:ubuntu edition:oss seal:awskms artifact_type:bundle",
"aws_region": "us-east-2"
}
]

10
.github/enos-run-matrices/crt-ent.json vendored
View File

@ -1,23 +1,23 @@
{
"include": [
{
"scenario": "smoke backend:consul consul_version:1.13.2 distro:ubuntu seal:awskms arch:amd64 artifact_source:crt edition:ent",
"scenario": "smoke backend:consul consul_version:1.13.2 distro:ubuntu seal:awskms arch:amd64 artifact_source:crt edition:ent artifact_type:bundle",
"aws_region": "us-west-1"
},
{
"scenario": "smoke backend:raft consul_version:1.13.2 distro:ubuntu seal:shamir arch:amd64 artifact_source:crt edition:ent",
"scenario": "smoke backend:raft consul_version:1.13.2 distro:ubuntu seal:shamir arch:amd64 artifact_source:crt edition:ent artifact_type:bundle",
"aws_region": "us-west-2"
},
{
"scenario": "upgrade backend:raft consul_version:1.12.5 distro:rhel seal:shamir arch:amd64 artifact_source:crt edition:ent",
"scenario": "upgrade backend:raft consul_version:1.12.5 distro:rhel seal:shamir arch:amd64 artifact_source:crt edition:ent artifact_type:bundle",
"aws_region": "us-west-1"
},
{
"scenario": "upgrade backend:consul consul_version:1.12.5 distro:rhel seal:awskms arch:amd64 artifact_source:crt edition:ent",
"scenario": "upgrade backend:consul consul_version:1.12.5 distro:rhel seal:awskms arch:amd64 artifact_source:crt edition:ent artifact_type:bundle",
"aws_region": "us-west-2"
},
{
"scenario": "autopilot distro:ubuntu seal:shamir arch:amd64 artifact_source:crt edition:ent",
"scenario": "autopilot distro:ubuntu seal:shamir arch:amd64 artifact_source:crt edition:ent artifact_type:bundle",
"aws_region": "us-west-1"
}
]

8
.github/enos-run-matrices/crt-oss.json vendored
View File

@ -1,19 +1,19 @@
{
"include": [
{
"scenario": "smoke backend:consul consul_version:1.13.2 distro:ubuntu seal:awskms arch:amd64 artifact_source:crt edition:oss",
"scenario": "smoke backend:consul consul_version:1.13.2 distro:ubuntu seal:awskms arch:amd64 artifact_source:crt edition:oss artifact_type:bundle",
"aws_region": "us-west-1"
},
{
"scenario": "smoke backend:raft consul_version:1.13.2 distro:ubuntu seal:shamir arch:amd64 artifact_source:crt edition:oss",
"scenario": "smoke backend:raft consul_version:1.13.2 distro:ubuntu seal:shamir arch:amd64 artifact_source:crt edition:oss artifact_type:bundle",
"aws_region": "us-west-2"
},
{
"scenario": "upgrade backend:raft consul_version:1.12.5 distro:rhel seal:shamir arch:amd64 artifact_source:crt edition:oss",
"scenario": "upgrade backend:raft consul_version:1.12.5 distro:rhel seal:shamir arch:amd64 artifact_source:crt edition:oss artifact_type:bundle",
"aws_region": "us-west-1"
},
{
"scenario": "upgrade backend:consul consul_version:1.12.5 distro:rhel seal:awskms arch:amd64 artifact_source:crt edition:oss",
"scenario": "upgrade backend:consul consul_version:1.12.5 distro:rhel seal:awskms arch:amd64 artifact_source:crt edition:oss artifact_type:bundle",
"aws_region": "us-west-2"
}
]

21
enos/enos-modules.hcl
View File

@ -99,6 +99,20 @@ module "vault_verify_raft_auto_join_voter" {
vault_instance_count = var.vault_instance_count
}
module "vault_verify_replication" {
source = "./modules/vault-verify-replication"
vault_install_dir = var.vault_install_dir
vault_instance_count = var.vault_instance_count
}
module "vault_verify_ui" {
source = "./modules/vault-verify-ui"
vault_install_dir = var.vault_install_dir
vault_instance_count = var.vault_instance_count
}
module "vault_verify_unsealed" {
source = "./modules/vault_verify_unsealed"
@ -112,3 +126,10 @@ module "vault_verify_version" {
vault_install_dir = var.vault_install_dir
vault_instance_count = var.vault_instance_count
}
module "vault_verify_write_test_data" {
source = "./modules/vault-verify-write-data"
vault_install_dir = var.vault_install_dir
vault_instance_count = var.vault_instance_count
}

64
enos/enos-scenario-autopilot.hcl
View File

@ -2,6 +2,7 @@ scenario "autopilot" {
matrix {
arch = ["amd64", "arm64"]
artifact_source = ["local", "crt", "artifactory"]
artifact_type = ["bundle", "package"]
distro = ["ubuntu", "rhel"]
edition = ["ent"]
seal = ["awskms", "shamir"]
@ -25,7 +26,6 @@ scenario "autopilot" {
rhel = provider.enos.rhel
ubuntu = provider.enos.ubuntu
}
install_artifactory_artifact = local.bundle_path == null
tags = merge({
"Project Name" : var.project_name
"Project" : "Enos",
@ -37,27 +37,32 @@ scenario "autopilot" {
}
vault_instance_type = coalesce(var.vault_instance_type, local.vault_instance_types[matrix.arch])
vault_license_path = abspath(var.vault_license_path != null ? var.vault_license_path : joinpath(path.root, "./support/vault.hclic"))
vault_install_dir_packages = {
rhel = "/bin"
ubuntu = "/usr/bin"
}
vault_install_dir = matrix.artifact_type == "bundle" ? var.vault_install_dir : local.vault_install_dir_packages[matrix.distro]
}
step "build_vault" {
module = "build_${matrix.artifact_source}"
variables {
build_tags = var.vault_local_build_tags != null ? var.vault_local_build_tags : local.build_tags[matrix.edition]
bundle_path = local.bundle_path
goarch = matrix.arch
goos = "linux"
artifactory_host = matrix.artifact_source == "artifactory" ? var.artifactory_host : null
artifactory_repo = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null
artifactory_username = matrix.artifact_source == "artifactory" ? var.artifactory_username : null
artifactory_token = matrix.artifact_source == "artifactory" ? var.artifactory_token : null
arch = matrix.artifact_source == "artifactory" ? matrix.arch : null
vault_product_version = var.vault_product_version
artifact_type = matrix.artifact_source == "artifactory" ? var.vault_artifact_type : null
distro = matrix.artifact_source == "artifactory" ? matrix.distro : null
edition = matrix.artifact_source == "artifactory" ? matrix.edition : null
instance_type = matrix.artifact_source == "artifactory" ? local.vault_instance_type : null
revision = var.vault_revision
build_tags = var.vault_local_build_tags != null ? var.vault_local_build_tags : local.build_tags[matrix.edition]
bundle_path = local.bundle_path
goarch = matrix.arch
goos = "linux"
artifactory_host = matrix.artifact_source == "artifactory" ? var.artifactory_host : null
artifactory_repo = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null
artifactory_username = matrix.artifact_source == "artifactory" ? var.artifactory_username : null
artifactory_token = matrix.artifact_source == "artifactory" ? var.artifactory_token : null
arch = matrix.artifact_source == "artifactory" ? matrix.arch : null
product_version = var.vault_product_version
artifact_type = matrix.artifact_type
distro = matrix.artifact_source == "artifactory" ? matrix.distro : null
edition = matrix.artifact_source == "artifactory" ? matrix.edition : null
instance_type = matrix.artifact_source == "artifactory" ? local.vault_instance_type : null
revision = var.vault_revision
}
}
@ -90,6 +95,8 @@ scenario "autopilot" {
}
}
# This step creates a Vault cluster using a bundle downloaded from
# releases.hashicorp.com, with the version specified in var.vault_autopilot_initial_release
step "create_vault_cluster" {
module = module.vault_cluster
depends_on = [
@ -110,10 +117,11 @@ scenario "autopilot" {
storage_backend_addl_config = {
autopilot_upgrade_version = var.vault_autopilot_initial_release.version
}
unseal_method = matrix.seal
vault_release = var.vault_autopilot_initial_release
vault_license = step.read_license.license
vpc_id = step.create_vpc.vpc_id
unseal_method = matrix.seal
vault_install_dir = local.vault_install_dir
vault_release = var.vault_autopilot_initial_release
vault_license = step.read_license.license
vpc_id = step.create_vpc.vpc_id
}
}
@ -130,6 +138,8 @@ scenario "autopilot" {
}
}
# This step creates a new Vault cluster using a bundle or package
# from the matrix.artifact_source, with the var.vault_product_version
step "upgrade_vault_cluster_with_autopilot" {
module = module.vault_cluster
depends_on = [
@ -153,9 +163,10 @@ scenario "autopilot" {
unseal_method = matrix.seal
vault_cluster_tag = step.create_vault_cluster.vault_cluster_tag
vault_init = false
vault_install_dir = local.vault_install_dir
vault_license = step.read_license.license
vault_local_artifact_path = local.bundle_path
vault_artifactory_release = local.install_artifactory_artifact ? step.build_vault.vault_artifactory_release : null
vault_artifactory_release = matrix.artifact_source == "artifactory" ? step.build_vault.vault_artifactory_release : null
vault_node_prefix = "upgrade_node"
vault_root_token = step.create_vault_cluster.vault_root_token
vault_unseal_when_no_init = matrix.seal == "shamir"
@ -174,6 +185,7 @@ scenario "autopilot" {
variables {
vault_autopilot_upgrade_version = matrix.artifact_source == "local" ? step.get_local_metadata.version : var.vault_product_version
vault_install_dir = local.vault_install_dir
vault_instances = step.create_vault_cluster.vault_instances
vault_root_token = step.create_vault_cluster.vault_root_token
}
@ -191,8 +203,9 @@ scenario "autopilot" {
}
variables {
vault_instances = step.create_vault_cluster.vault_instances
vault_root_token = step.create_vault_cluster.vault_root_token
vault_install_dir = local.vault_install_dir
vault_instances = step.create_vault_cluster.vault_instances
vault_root_token = step.create_vault_cluster.vault_root_token
}
}
@ -208,8 +221,9 @@ scenario "autopilot" {
}
variables {
vault_instances = step.create_vault_cluster.vault_instances
vault_root_token = step.create_vault_cluster.vault_root_token
vault_install_dir = local.vault_install_dir
vault_instances = step.create_vault_cluster.vault_instances
vault_root_token = step.create_vault_cluster.vault_root_token
}
}

125
enos/enos-scenario-smoke.hcl
View File

@ -3,10 +3,17 @@ scenario "smoke" {
arch = ["amd64", "arm64"]
backend = ["consul", "raft"]
artifact_source = ["local", "crt", "artifactory"]
artifact_type = ["bundle", "package"]
consul_version = ["1.13.2", "1.12.5", "1.11.10"]
distro = ["ubuntu", "rhel"]
edition = ["oss", "ent"]
seal = ["awskms", "shamir"]
# Packages are not offered for the oss edition
exclude {
edition = ["oss"]
artifact_type = ["package"]
}
}
terraform_cli = terraform_cli.default
@ -28,7 +35,6 @@ scenario "smoke" {
rhel = provider.enos.rhel
ubuntu = provider.enos.ubuntu
}
install_artifactory_artifact = local.bundle_path == null
tags = merge({
"Project Name" : var.project_name
"Project" : "Enos",
@ -40,6 +46,11 @@ scenario "smoke" {
}
vault_instance_type = coalesce(var.vault_instance_type, local.vault_instance_types[matrix.arch])
vault_license_path = abspath(var.vault_license_path != null ? var.vault_license_path : joinpath(path.root, "./support/vault.hclic"))
vault_install_dir_packages = {
rhel = "/bin"
ubuntu = "/usr/bin"
}
vault_install_dir = matrix.artifact_type == "bundle" ? var.vault_install_dir : local.vault_install_dir_packages[matrix.distro]
}
step "get_local_metadata" {
@ -51,21 +62,21 @@ scenario "smoke" {
module = "build_${matrix.artifact_source}"
variables {
build_tags = var.vault_local_build_tags != null ? var.vault_local_build_tags : local.build_tags[matrix.edition]
bundle_path = local.bundle_path
goarch = matrix.arch
goos = "linux"
artifactory_host = matrix.artifact_source == "artifactory" ? var.artifactory_host : null
artifactory_repo = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null
artifactory_username = matrix.artifact_source == "artifactory" ? var.artifactory_username : null
artifactory_token = matrix.artifact_source == "artifactory" ? var.artifactory_token : null
arch = matrix.artifact_source == "artifactory" ? matrix.arch : null
vault_product_version = var.vault_product_version
artifact_type = matrix.artifact_source == "artifactory" ? var.vault_artifact_type : null
distro = matrix.artifact_source == "artifactory" ? matrix.distro : null
edition = matrix.artifact_source == "artifactory" ? matrix.edition : null
instance_type = matrix.artifact_source == "artifactory" ? local.vault_instance_type : null
revision = var.vault_revision
build_tags = var.vault_local_build_tags != null ? var.vault_local_build_tags : local.build_tags[matrix.edition]
bundle_path = local.bundle_path
goarch = matrix.arch
goos = "linux"
artifactory_host = matrix.artifact_source == "artifactory" ? var.artifactory_host : null
artifactory_repo = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null
artifactory_username = matrix.artifact_source == "artifactory" ? var.artifactory_username : null
artifactory_token = matrix.artifact_source == "artifactory" ? var.artifactory_token : null
arch = matrix.artifact_source == "artifactory" ? matrix.arch : null
product_version = var.vault_product_version
artifact_type = matrix.artifact_type
distro = matrix.artifact_source == "artifactory" ? matrix.distro : null
edition = matrix.artifact_source == "artifactory" ? matrix.edition : null
instance_type = matrix.artifact_source == "artifactory" ? local.vault_instance_type : null
revision = var.vault_revision
}
}
@ -104,11 +115,11 @@ scenario "smoke" {
depends_on = [step.create_vpc]
providers = {
enos = provider.enos.ubuntu
enos = local.enos_provider[matrix.distro]
}
variables {
ami_id = step.create_vpc.ami_ids["ubuntu"]["amd64"]
ami_id = step.create_vpc.ami_ids[matrix.distro][matrix.arch]
common_tags = local.tags
consul_release = {
edition = var.backend_edition
@ -141,17 +152,16 @@ scenario "smoke" {
storage_backend = matrix.backend
unseal_method = matrix.seal
vault_local_artifact_path = local.bundle_path
vault_artifactory_release = local.install_artifactory_artifact ? step.build_vault.vault_artifactory_release : null
vault_install_dir = local.vault_install_dir
vault_artifactory_release = matrix.artifact_source == "artifactory" ? step.build_vault.vault_artifactory_release : null
vault_license = matrix.edition != "oss" ? step.read_license.license : null
vpc_id = step.create_vpc.vpc_id
}
}
step "verify_vault_version" {
module = module.vault_verify_version
depends_on = [
step.create_vault_cluster,
]
module = module.vault_verify_version
depends_on = [step.create_vault_cluster]
providers = {
enos = local.enos_provider[matrix.distro]
@ -160,6 +170,7 @@ scenario "smoke" {
variables {
vault_instances = step.create_vault_cluster.vault_instances
vault_edition = matrix.edition
vault_install_dir = local.vault_install_dir
vault_product_version = matrix.artifact_source == "local" ? step.get_local_metadata.version : var.vault_product_version
vault_revision = matrix.artifact_source == "local" ? step.get_local_metadata.revision : var.vault_revision
vault_build_date = matrix.artifact_source == "local" ? step.get_local_metadata.build_date : var.vault_build_date
@ -168,35 +179,77 @@ scenario "smoke" {
}
step "verify_vault_unsealed" {
module = module.vault_verify_unsealed
depends_on = [
step.create_vault_cluster,
]
module = module.vault_verify_unsealed
depends_on = [step.create_vault_cluster]
providers = {
enos = local.enos_provider[matrix.distro]
}
variables {
vault_instances = step.create_vault_cluster.vault_instances
vault_root_token = step.create_vault_cluster.vault_root_token
vault_install_dir = local.vault_install_dir
vault_instances = step.create_vault_cluster.vault_instances
vault_root_token = step.create_vault_cluster.vault_root_token
}
}
step "verify_raft_auto_join_voter" {
skip_step = matrix.backend != "raft"
module = module.vault_verify_raft_auto_join_voter
depends_on = [
step.create_vault_cluster,
]
skip_step = matrix.backend != "raft"
module = module.vault_verify_raft_auto_join_voter
depends_on = [step.create_vault_cluster]
providers = {
enos = local.enos_provider[matrix.distro]
}
variables {
vault_instances = step.create_vault_cluster.vault_instances
vault_root_token = step.create_vault_cluster.vault_root_token
vault_install_dir = local.vault_install_dir
vault_instances = step.create_vault_cluster.vault_instances
vault_root_token = step.create_vault_cluster.vault_root_token
}
}
step "verify_replication" {
module = module.vault_verify_replication
depends_on = [step.create_vault_cluster]
providers = {
enos = local.enos_provider[matrix.distro]
}
variables {
vault_edition = matrix.edition
vault_install_dir = local.vault_install_dir
vault_instances = step.create_vault_cluster.vault_instances
}
}
step "verify_ui" {
module = module.vault_verify_ui
depends_on = [step.create_vault_cluster]
providers = {
enos = local.enos_provider[matrix.distro]
}
variables {
vault_instances = step.create_vault_cluster.vault_instances
vault_install_dir = local.vault_install_dir
}
}
step "verify_write_test_data" {
module = module.vault_verify_write_test_data
depends_on = [step.create_vault_cluster]
providers = {
enos = local.enos_provider[matrix.distro]
}
variables {
vault_instances = step.create_vault_cluster.vault_instances
vault_install_dir = local.vault_install_dir
vault_root_token = step.create_vault_cluster.vault_root_token
}
}

65
enos/enos-scenario-upgrade.hcl
View File

@ -3,10 +3,18 @@ scenario "upgrade" {
arch = ["amd64", "arm64"]
backend = ["consul", "raft"]
artifact_source = ["local", "crt", "artifactory"]
artifact_type = ["bundle", "package"]
consul_version = ["1.13.2", "1.12.5", "1.11.10"]
distro = ["ubuntu", "rhel"]
edition = ["oss", "ent"]
seal = ["awskms", "shamir"]
# Packages are not offered for the oss edition
exclude {
edition = ["oss"]
artifact_type = ["package"]
}
}
terraform_cli = terraform_cli.default
@ -28,7 +36,6 @@ scenario "upgrade" {
rhel = provider.enos.rhel
ubuntu = provider.enos.ubuntu
}
install_artifactory_artifact = local.bundle_path == null
tags = merge({
"Project Name" : var.project_name
"Project" : "Enos",
@ -40,27 +47,33 @@ scenario "upgrade" {
}
vault_instance_type = coalesce(var.vault_instance_type, local.vault_instance_types[matrix.arch])
vault_license_path = abspath(var.vault_license_path != null ? var.vault_license_path : joinpath(path.root, "./support/vault.hclic"))
vault_install_dir_packages = {
rhel = "/bin"
ubuntu = "/usr/bin"
}
vault_install_dir = matrix.artifact_type == "bundle" ? var.vault_install_dir : local.vault_install_dir_packages[matrix.distro]
}
# This step gets/builds the upgrade artifact that we will upgrade to
step "build_vault" {
module = "build_${matrix.artifact_source}"
variables {
build_tags = var.vault_local_build_tags != null ? var.vault_local_build_tags : local.build_tags[matrix.edition]
bundle_path = local.bundle_path
goarch = matrix.arch
goos = "linux"
artifactory_host = matrix.artifact_source == "artifactory" ? var.artifactory_host : null
artifactory_repo = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null
artifactory_username = matrix.artifact_source == "artifactory" ? var.artifactory_username : null
artifactory_token = matrix.artifact_source == "artifactory" ? var.artifactory_token : null
arch = matrix.artifact_source == "artifactory" ? matrix.arch : null
vault_product_version = var.vault_product_version
artifact_type = matrix.artifact_source == "artifactory" ? var.vault_artifact_type : null
distro = matrix.artifact_source == "artifactory" ? matrix.distro : null
edition = matrix.artifact_source == "artifactory" ? matrix.edition : null
instance_type = matrix.artifact_source == "artifactory" ? local.vault_instance_type : null
revision = var.vault_revision
build_tags = var.vault_local_build_tags != null ? var.vault_local_build_tags : local.build_tags[matrix.edition]
bundle_path = local.bundle_path
goarch = matrix.arch
goos = "linux"
artifactory_host = matrix.artifact_source == "artifactory" ? var.artifactory_host : null
artifactory_repo = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null
artifactory_username = matrix.artifact_source == "artifactory" ? var.artifactory_username : null
artifactory_token = matrix.artifact_source == "artifactory" ? var.artifactory_token : null
arch = matrix.artifact_source == "artifactory" ? matrix.arch : null
product_version = var.vault_product_version
artifact_type = matrix.artifact_type
distro = matrix.artifact_source == "artifactory" ? matrix.distro : null
edition = matrix.artifact_source == "artifactory" ? matrix.edition : null
instance_type = matrix.artifact_source == "artifactory" ? local.vault_instance_type : null
revision = var.vault_revision
}
}
@ -120,6 +133,8 @@ scenario "upgrade" {
}
}
# This step creates a Vault cluster using a bundle downloaded from
# releases.hashicorp.com, with the version specified in var.vault_autopilot_initial_release
step "create_vault_cluster" {
module = module.vault_cluster
depends_on = [
@ -140,12 +155,15 @@ scenario "upgrade" {
kms_key_arn = step.create_vpc.kms_key_arn
storage_backend = matrix.backend
unseal_method = matrix.seal
vault_install_dir = local.vault_install_dir
vault_release = var.vault_upgrade_initial_release
vault_license = matrix.edition != "oss" ? step.read_license.license : null
vpc_id = step.create_vpc.vpc_id
}
}
# This step upgrades the Vault cluster to the var.vault_product_version
# by getting a bundle or package of that version from the matrix.artifact_source
step "upgrade_vault" {
module = module.vault_upgrade
depends_on = [
@ -159,9 +177,9 @@ scenario "upgrade" {
variables {
vault_api_addr = "http://localhost:8200"
vault_instances = step.create_vault_cluster.vault_instances
vault_local_bundle_path = local.bundle_path
vault_local_artifact_path = local.bundle_path
vault_artifactory_release = local.install_artifactory_artifact ? step.build_vault.vault_artifactory_release : null
vault_artifactory_release = matrix.artifact_source == "artifactory" ? step.build_vault.vault_artifactory_release : null
vault_install_dir = local.vault_install_dir
vault_unseal_keys = matrix.seal == "shamir" ? step.create_vault_cluster.vault_unseal_keys_hex : null
vault_seal_type = matrix.seal
}
@ -181,6 +199,7 @@ scenario "upgrade" {
variables {
vault_instances = step.create_vault_cluster.vault_instances
vault_edition = matrix.edition
vault_install_dir = local.vault_install_dir
vault_product_version = matrix.artifact_source == "local" ? step.get_local_metadata.version : var.vault_product_version
vault_revision = matrix.artifact_source == "local" ? step.get_local_metadata.revision : var.vault_revision
vault_build_date = matrix.artifact_source == "local" ? step.get_local_metadata.build_date : var.vault_build_date
@ -200,8 +219,9 @@ scenario "upgrade" {
}
variables {
vault_instances = step.create_vault_cluster.vault_instances
vault_root_token = step.create_vault_cluster.vault_root_token
vault_instances = step.create_vault_cluster.vault_instances
vault_install_dir = local.vault_install_dir
vault_root_token = step.create_vault_cluster.vault_root_token
}
}
@ -218,8 +238,9 @@ scenario "upgrade" {
}
variables {
vault_instances = step.create_vault_cluster.vault_instances
vault_root_token = step.create_vault_cluster.vault_root_token
vault_install_dir = local.vault_install_dir
vault_instances = step.create_vault_cluster.vault_instances
vault_root_token = step.create_vault_cluster.vault_root_token
}
}

2
enos/modules/build_crt/main.tf
View File

@ -44,6 +44,6 @@ variable "instance_type" {
variable "revision" {
default = null
}
variable "vault_product_version" {
variable "product_version" {
default = null
}

2
enos/modules/build_local/main.tf
View File

@ -53,7 +53,7 @@ variable "instance_type" {
variable "revision" {
default = null
}
variable "vault_product_version" {
variable "product_version" {
default = null
}

31
enos/modules/vault-verify-replication/main.tf Normal file
View File

@ -0,0 +1,31 @@
terraform {
required_providers {
enos = {
source = "app.terraform.io/hashicorp-qti/enos"
}
}
}
locals {
instances = {
for idx in range(var.vault_instance_count) : idx => {
public_ip = values(var.vault_instances)[idx].public_ip
private_ip = values(var.vault_instances)[idx].private_ip
}
}
}
resource "enos_remote_exec" "smoke-verify-replication" {
for_each = local.instances
content = templatefile("${path.module}/templates/smoke-verify-replication.sh", {
vault_edition = var.vault_edition
})
transport = {
ssh = {
host = each.value.public_ip
}
}
}

28
enos/modules/vault-verify-replication/templates/smoke-verify-replication.sh Normal file
View File

@ -0,0 +1,28 @@
#!/usr/bin/env bash
# The Vault replication smoke test, documented in
# https://docs.google.com/document/d/16sjIk3hzFDPyY5A9ncxTZV_9gnpYSF1_Vx6UA1iiwgI/edit#heading=h.kgrxf0f1et25
set -e
edition=${vault_edition}
function fail() {
echo "$1" 1>&2
exit 1
}
# Replication status endpoint should have data.mode disabled for OSS release
status=$(curl -s http://localhost:8200/v1/sys/replication/status)
if [ "$edition" == "oss" ]; then
if [ "$(jq -r '.data.mode' <<< "$status")" != "disabled" ]; then
fail "replication data mode is not disabled for OSS release!"
fi
else
if [ "$(jq -r '.data.dr' <<< "$status")" == "" ]; then
fail "DR replication should be available for an ENT release!"
fi
if [ "$(jq -r '.data.performance' <<< "$status")" == "" ]; then
fail "Performance replication should be available for an ENT release!"
fi
fi

24
enos/modules/vault-verify-replication/variables.tf Normal file
View File

@ -0,0 +1,24 @@
variable "vault_edition" {
type = string
description = "The vault product edition"
default = null
}
variable "vault_install_dir" {
type = string
description = "The directory where the Vault binary will be installed"
}
variable "vault_instance_count" {
type = number
description = "How many vault instances are in the cluster"
}
variable "vault_instances" {
type = map(object({
private_ip = string
public_ip = string
}))
description = "The vault cluster instances that were created"
}

31
enos/modules/vault-verify-ui/main.tf Normal file
View File

@ -0,0 +1,31 @@
terraform {
required_providers {
enos = {
source = "app.terraform.io/hashicorp-qti/enos"
}
}
}
locals {
instances = {
for idx in range(var.vault_instance_count) : idx => {
public_ip = values(var.vault_instances)[idx].public_ip
private_ip = values(var.vault_instances)[idx].private_ip
}
}
}
resource "enos_remote_exec" "smoke-verify-ui" {
for_each = local.instances
content = templatefile("${path.module}/templates/smoke-verify-ui.sh", {
vault_install_dir = var.vault_install_dir,
})
transport = {
ssh = {
host = each.value.public_ip
}
}
}

14
enos/modules/vault-verify-ui/templates/smoke-verify-ui.sh Normal file
View File

@ -0,0 +1,14 @@
#!/usr/bin/env bash
set -e
fail() {
echo "$1" 1>&2
exit 1
}
if [ "$(curl -s -o /dev/null -w "%%{redirect_url}" http://localhost:8200/)" != "http://localhost:8200/ui/" ]; then
fail "Port 8200 not redirecting to UI"
fi
if curl -s http://localhost:8200/ui/ | grep -q 'Vault UI is not available'; then
fail "Vault UI is not available"
fi

19
enos/modules/vault-verify-ui/variables.tf Normal file
View File

@ -0,0 +1,19 @@
variable "vault_install_dir" {
type = string
description = "The directory where the Vault binary will be installed"
default = null
}
variable "vault_instance_count" {
type = number
description = "How many vault instances are in the cluster"
}
variable "vault_instances" {
type = map(object({
private_ip = string
public_ip = string
}))
description = "The vault cluster instances that were created"
}

50
enos/modules/vault-verify-write-data/main.tf Normal file
View File

@ -0,0 +1,50 @@
terraform {
required_providers {
enos = {
source = "app.terraform.io/hashicorp-qti/enos"
}
}
}
locals {
instances = {
for idx in range(var.vault_instance_count) : idx => {
public_ip = values(var.vault_instances)[idx].public_ip
private_ip = values(var.vault_instances)[idx].private_ip
}
}
}
resource "enos_remote_exec" "smoke-enable-secrets-kv" {
content = templatefile("${path.module}/templates/smoke-enable-secrets-kv.sh", {
vault_install_dir = var.vault_install_dir,
vault_token = var.vault_root_token,
})
transport = {
ssh = {
host = local.instances[0].public_ip
}
}
}
# Verify that we can enable the k/v secrets engine and write data to it.
resource "enos_remote_exec" "smoke-write-test-data" {
depends_on = [enos_remote_exec.smoke-enable-secrets-kv]
for_each = local.instances
content = templatefile("${path.module}/templates/smoke-write-test-data.sh", {
test_key = "smoke${each.key}"
test_value = "fire"
vault_install_dir = var.vault_install_dir,
vault_token = var.vault_root_token,
})
transport = {
ssh = {
host = each.value.public_ip
}
}
}

37
enos/modules/vault-verify-write-data/templates/smoke-enable-secrets-kv.sh Normal file
View File

@ -0,0 +1,37 @@
#!/usr/bin/env bash
set -e
function retry {
local retries=$1
shift
local count=0
until "$@"; do
exit=$?
wait=$((2 ** count))
count=$((count + 1))
if [ "$count" -lt "$retries" ]; then
sleep "$wait"
else
return "$exit"
fi
done
return 0
}
function fail {
echo "$1" 1>&2
exit 1
}
binpath=${vault_install_dir}/vault
test -x "$binpath" || fail "unable to locate vault binary at $binpath"
export VAULT_ADDR='http://127.0.0.1:8200'
export VAULT_TOKEN='${vault_token}'
retry 5 "$binpath" status > /dev/null 2>&1
retry 5 $binpath secrets enable -path="secret" kv

39
enos/modules/vault-verify-write-data/templates/smoke-write-test-data.sh Normal file
View File

@ -0,0 +1,39 @@
#!/usr/bin/env bash
set -e
function retry {
local retries=$1
shift
local count=0
until "$@"; do
exit=$?
wait=$((2 ** count))
count=$((count + 1))
if [ "$count" -lt "$retries" ]; then
sleep "$wait"
else
return "$exit"
fi
done
return 0
}
function fail {
echo "$1" 1>&2
exit 1
}
binpath=${vault_install_dir}/vault
testkey=${test_key}
testvalue=${test_value}
test -x "$binpath" || fail "unable to locate vault binary at $binpath"
export VAULT_ADDR='http://127.0.0.1:8200'
export VAULT_TOKEN='${vault_token}'
retry 5 "$binpath" status > /dev/null 2>&1
retry 5 $binpath kv put secret/test $testkey=$testvalue

25
enos/modules/vault-verify-write-data/variables.tf Normal file
View File

@ -0,0 +1,25 @@
variable "vault_install_dir" {
type = string
description = "The directory where the Vault binary will be installed"
default = null
}
variable "vault_instance_count" {
type = number
description = "How many vault instances are in the cluster"
}
variable "vault_instances" {
type = map(object({
private_ip = string
public_ip = string
}))
description = "The vault cluster instances that were created"
}
variable "vault_root_token" {
type = string
description = "The vault root token"
default = null
}

28
enos/modules/vault_artifactory_artifact/locals.tf
View File

@ -4,24 +4,24 @@ locals {
package_extensions = {
amd64 = {
ubuntu = {
"oss" = "-1_amd64.deb"
"ent" = "+ent-1_amd64.deb"
"ent.hsm" = "+ent-1_amd64.deb"
# "oss" = "-1_amd64.deb"
"ent" = "-1_amd64.deb"
"ent.hsm" = "-1_amd64.deb"
}
rhel = {
"oss" = "-1.x86_64.rpm"
"ent" = "+ent-1.x86_64.rpm"
"ent.hsm" = "+ent-1.x86_64.rpm"
# "oss" = "-1.x86_64.rpm"
"ent" = "-1.x86_64.rpm"
"ent.hsm" = "-1.x86_64.rpm"
}
}
arm64 = {
ubuntu = {
"oss" = "-1_arm64.deb"
"ent" = "+ent-1_arm64.deb"
# "oss" = "-1_arm64.deb"
"ent" = "-1_arm64.deb"
}
rhel = {
"oss" = "-1.aarch64.rpm"
"ent" = "+ent-1.aarch64.rpm"
# "oss" = "-1.aarch64.rpm"
"ent" = "-1.aarch64.rpm"
}
}
}
@ -46,12 +46,12 @@ locals {
artifact_name_edition = {
"oss" = ""
"ent" = ""
"ent.hsm" = "+ent.hsm"
"ent.fips1402" = "+ent.fips1402"
"ent.hsm.fips1402" = "+ent.hsm.fips1402"
"ent.hsm" = ".hsm"
"ent.fips1402" = ".fips1402"
"ent.hsm.fips1402" = ".hsm.fips1402"
}
artifact_name_prefix = var.artifact_type == "package" ? local.artifact_package_release_names[var.distro][var.edition] : "vault_"
artifact_name_extension = var.artifact_type == "package" ? local.package_extensions[var.arch][var.distro][var.edition] : "${local.artifact_name_edition[var.edition]}_linux_${var.arch}.zip"
artifact_name = var.artifact_type == "package" ? "${local.artifact_name_prefix}${replace(var.vault_product_version, "-", "~")}${local.artifact_name_extension}" : "${local.artifact_name_prefix}${var.vault_product_version}${local.artifact_name_extension}"
artifact_name = var.artifact_type == "package" ? "${local.artifact_name_prefix}${replace(var.product_version, "-", "~")}${local.artifact_name_extension}" : "${local.artifact_name_prefix}${var.product_version}${local.artifact_name_extension}"
}

2
enos/modules/vault_artifactory_artifact/main.tf
View File

@ -17,6 +17,6 @@ data "enos_artifactory_item" "vault" {
properties = tomap({
"commit" = var.revision
"product-name" = var.edition == "oss" ? "vault" : "vault-enterprise"
"product-version" = var.vault_product_version
"product-version" = var.product_version
})
}

2
enos/modules/vault_artifactory_artifact/variables.tf
View File

@ -29,7 +29,7 @@ variable "distro" {}
variable "edition" {}
variable "instance_type" {}
variable "revision" {}
variable "vault_product_version" {}
variable "product_version" {}
variable "build_tags" { default = null }
variable "bundle_path" { default = null }
variable "goarch" { default = null }

8
enos/modules/vault_upgrade/main.tf
View File

@ -32,11 +32,6 @@ variable "vault_instances" {
description = "The vault cluster instances that were created"
}
variable "vault_local_bundle_path" {
type = string
description = "The path to the local Vault (vault.zip) bundle"
}
variable "vault_local_artifact_path" {
type = string
description = "The path to a locally built vault artifact to install"
@ -81,7 +76,8 @@ resource "enos_bundle_install" "upgrade_vault_binary" {
for_each = local.instances
destination = var.vault_install_dir
path = var.vault_local_bundle_path
artifactory = var.vault_artifactory_release
path = var.vault_local_artifact_path
transport = {
ssh = {