From 93af7c87560b0904ee2b0852fb008a55f715372f Mon Sep 17 00:00:00 2001 From: hc-github-team-secure-vault-core <82990506+hc-github-team-secure-vault-core@users.noreply.github.com> Date: Mon, 12 Jun 2023 12:46:11 -0400 Subject: [PATCH] backport of commit 27621e05d63ae14475e7a5ec8e8f23277d9eeb98 (#21137) Co-authored-by: Ryan Cragun --- enos/enos-modules.hcl | 1 + enos/enos-scenario-agent.hcl | 9 +++------ enos/enos-scenario-autopilot.hcl | 13 +++++-------- enos/enos-scenario-replication.hcl | 15 +++------------ enos/enos-scenario-smoke.hcl | 5 +---- enos/enos-scenario-upgrade.hcl | 5 +---- enos/enos-terraform.hcl | 2 +- enos/modules/vault_cluster/main.tf | 6 ++++-- enos/modules/vault_cluster/variables.tf | 13 ++++++++++++- 9 files changed, 31 insertions(+), 38 deletions(-) diff --git a/enos/enos-modules.hcl b/enos/enos-modules.hcl index 4f2aba8ce..0886b46a0 100644 --- a/enos/enos-modules.hcl +++ b/enos/enos-modules.hcl @@ -105,6 +105,7 @@ module "vault_cluster" { install_dir = var.vault_install_dir consul_license = var.backend_license_path == null ? null : file(abspath(var.backend_license_path)) + log_level = var.vault_log_level } module "vault_get_cluster_ips" { diff --git a/enos/enos-scenario-agent.hcl b/enos/enos-scenario-agent.hcl index a0e38ec89..22015f1dd 100644 --- a/enos/enos-scenario-agent.hcl +++ b/enos/enos-scenario-agent.hcl @@ -137,12 +137,9 @@ scenario "agent" { } variables { - artifactory_release = matrix.artifact_source == "artifactory" ? step.build_vault.vault_artifactory_release : null - awskms_unseal_key_arn = step.create_vpc.kms_key_arn - cluster_name = step.create_vault_cluster_targets.cluster_name - config_env_vars = { - VAULT_LOG_LEVEL = var.vault_log_level - } + artifactory_release = matrix.artifact_source == "artifactory" ? step.build_vault.vault_artifactory_release : null + awskms_unseal_key_arn = step.create_vpc.kms_key_arn + cluster_name = step.create_vault_cluster_targets.cluster_name install_dir = var.vault_install_dir license = matrix.edition != "oss" ? step.read_license.license : null local_artifact_path = local.bundle_path diff --git a/enos/enos-scenario-autopilot.hcl b/enos/enos-scenario-autopilot.hcl index 534e11033..25b4af8ea 100644 --- a/enos/enos-scenario-autopilot.hcl +++ b/enos/enos-scenario-autopilot.hcl @@ -151,14 +151,11 @@ scenario "autopilot" { variables { awskms_unseal_key_arn = step.create_vpc.kms_key_arn cluster_name = step.create_vault_cluster_targets.cluster_name - config_env_vars = { - VAULT_LOG_LEVEL = var.vault_log_level - } - install_dir = local.vault_install_dir - license = matrix.edition != "oss" ? step.read_license.license : null - packages = local.packages - release = var.vault_autopilot_initial_release - storage_backend = "raft" + install_dir = local.vault_install_dir + license = matrix.edition != "oss" ? step.read_license.license : null + packages = local.packages + release = var.vault_autopilot_initial_release + storage_backend = "raft" storage_backend_addl_config = { autopilot_upgrade_version = var.vault_autopilot_initial_release.version } diff --git a/enos/enos-scenario-replication.hcl b/enos/enos-scenario-replication.hcl index 9daeef1e3..fb6c10dd4 100644 --- a/enos/enos-scenario-replication.hcl +++ b/enos/enos-scenario-replication.hcl @@ -179,10 +179,7 @@ scenario "replication" { artifactory_release = matrix.artifact_source == "artifactory" ? step.build_vault.vault_artifactory_release : null awskms_unseal_key_arn = step.create_vpc.kms_key_arn cluster_name = step.create_primary_cluster_targets.cluster_name - config_env_vars = { - VAULT_LOG_LEVEL = var.vault_log_level - } - consul_cluster_tag = step.create_primary_backend_cluster.consul_cluster_tag + consul_cluster_tag = step.create_primary_backend_cluster.consul_cluster_tag consul_release = matrix.primary_backend == "consul" ? { edition = var.backend_edition version = matrix.consul_version @@ -253,10 +250,7 @@ scenario "replication" { artifactory_release = matrix.artifact_source == "artifactory" ? step.build_vault.vault_artifactory_release : null awskms_unseal_key_arn = step.create_vpc.kms_key_arn cluster_name = step.create_secondary_cluster_targets.cluster_name - config_env_vars = { - VAULT_LOG_LEVEL = var.vault_log_level - } - consul_cluster_tag = step.create_secondary_backend_cluster.consul_cluster_tag + consul_cluster_tag = step.create_secondary_backend_cluster.consul_cluster_tag consul_release = matrix.secondary_backend == "consul" ? { edition = var.backend_edition version = matrix.consul_version @@ -513,10 +507,7 @@ scenario "replication" { artifactory_release = matrix.artifact_source == "artifactory" ? step.build_vault.vault_artifactory_release : null awskms_unseal_key_arn = step.create_vpc.kms_key_arn cluster_name = step.create_primary_cluster_targets.cluster_name - config_env_vars = { - VAULT_LOG_LEVEL = var.vault_log_level - } - consul_cluster_tag = step.create_primary_backend_cluster.consul_cluster_tag + consul_cluster_tag = step.create_primary_backend_cluster.consul_cluster_tag consul_release = matrix.primary_backend == "consul" ? { edition = var.backend_edition version = matrix.consul_version diff --git a/enos/enos-scenario-smoke.hcl b/enos/enos-scenario-smoke.hcl index 43e997e20..8500e9061 100644 --- a/enos/enos-scenario-smoke.hcl +++ b/enos/enos-scenario-smoke.hcl @@ -182,10 +182,7 @@ scenario "smoke" { artifactory_release = matrix.artifact_source == "artifactory" ? step.build_vault.vault_artifactory_release : null awskms_unseal_key_arn = step.create_vpc.kms_key_arn cluster_name = step.create_vault_cluster_targets.cluster_name - config_env_vars = { - VAULT_LOG_LEVEL = var.vault_log_level - } - consul_cluster_tag = step.create_backend_cluster.consul_cluster_tag + consul_cluster_tag = step.create_backend_cluster.consul_cluster_tag consul_release = matrix.backend == "consul" ? { edition = var.backend_edition version = matrix.consul_version diff --git a/enos/enos-scenario-upgrade.hcl b/enos/enos-scenario-upgrade.hcl index 49109ced3..634a94806 100644 --- a/enos/enos-scenario-upgrade.hcl +++ b/enos/enos-scenario-upgrade.hcl @@ -176,10 +176,7 @@ scenario "upgrade" { variables { awskms_unseal_key_arn = step.create_vpc.kms_key_arn cluster_name = step.create_vault_cluster_targets.cluster_name - config_env_vars = { - VAULT_LOG_LEVEL = var.vault_log_level - } - consul_cluster_tag = step.create_backend_cluster.consul_cluster_tag + consul_cluster_tag = step.create_backend_cluster.consul_cluster_tag consul_release = matrix.backend == "consul" ? { edition = var.backend_edition version = matrix.consul_version diff --git a/enos/enos-terraform.hcl b/enos/enos-terraform.hcl index cf99dd2d1..4048f5e18 100644 --- a/enos/enos-terraform.hcl +++ b/enos/enos-terraform.hcl @@ -28,7 +28,7 @@ terraform "default" { enos = { source = "app.terraform.io/hashicorp-qti/enos" - version = "< 0.4.0" + version = ">= 0.4.0" } } } diff --git a/enos/modules/vault_cluster/main.tf b/enos/modules/vault_cluster/main.tf index 2c38ee66e..fc904d733 100644 --- a/enos/modules/vault_cluster/main.tf +++ b/enos/modules/vault_cluster/main.tf @@ -4,7 +4,7 @@ terraform { # to the public registry enos = { source = "app.terraform.io/hashicorp-qti/enos" - version = ">= 0.3.2" + version = ">= 0.4.0" } } } @@ -126,7 +126,7 @@ resource "enos_consul_start" "consul" { server = false bootstrap_expect = 0 license = var.consul_license - log_level = "INFO" + log_level = var.consul_log_level log_file = var.consul_log_file } unit_name = "consul" @@ -160,6 +160,7 @@ resource "enos_vault_start" "leader" { tls_disable = "true" } } + log_level = var.log_level storage = { type = var.storage_backend attributes = ({ for key, value in local.storage_config[each.key] : key => value }) @@ -199,6 +200,7 @@ resource "enos_vault_start" "followers" { tls_disable = "true" } } + log_level = var.log_level storage = { type = var.storage_backend attributes = { for key, value in local.storage_config[each.key] : key => value } diff --git a/enos/modules/vault_cluster/variables.tf b/enos/modules/vault_cluster/variables.tf index 92ac0a078..368a50ff4 100644 --- a/enos/modules/vault_cluster/variables.tf +++ b/enos/modules/vault_cluster/variables.tf @@ -71,7 +71,7 @@ variable "consul_log_level" { validation { condition = contains(["trace", "debug", "info", "warn", "error"], var.consul_log_level) - error_message = "The vault_log_level must be one of 'trace', 'debug', 'info', 'warn', or 'error'." + error_message = "The consul_log_level must be one of 'trace', 'debug', 'info', 'warn', or 'error'." } } @@ -118,6 +118,17 @@ variable "local_artifact_path" { default = null } +variable "log_level" { + type = string + description = "The vault service log level" + default = "info" + + validation { + condition = contains(["trace", "debug", "info", "warn", "error"], var.log_level) + error_message = "The log_level must be one of 'trace', 'debug', 'info', 'warn', or 'error'." + } +} + variable "manage_service" { type = bool description = "Manage the Vault service users and systemd unit. Disable this to use configuration in RPM and Debian packages"