luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Rename reusable enos-run workflow file (#18757) 

* Rename reusable enos-run workflow file

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Update Enos README file

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>
This commit is contained in:
Jaymala 2023-01-18 18:37:38 -05:00 committed by GitHub
parent da2849217c
commit 9501b56ffa
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 30 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/build.yml vendored
View File

@ -173,7 +173,7 @@ jobs:
needs: needs:
- product-metadata - product-metadata
- build-linux - build-linux
uses: ./.github/workflows/enos-run.yml uses: ./.github/workflows/test-run-enos-scenario-matrix.yml
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:

2
.github/workflows/enos-release-testing-oss.yml vendored
View File

@ -35,7 +35,7 @@ jobs:
name: Test ${{ matrix.build-artifact-name }} name: Test ${{ matrix.build-artifact-name }}
if: ${{ startsWith(github.event.client_payload.payload.branch, 'release/') }} if: ${{ startsWith(github.event.client_payload.payload.branch, 'release/') }}
needs: product-metadata needs: product-metadata
uses: ./.github/workflows/enos-run.yml uses: ./.github/workflows/test-run-enos-scenario-matrix.yml
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:

0
.github/workflows/enos-run.yml → .github/workflows/test-run-enos-scenario-matrix.yml vendored
View File

40
enos/README.md
View File

@ -45,9 +45,7 @@ the following cases as examples of when one might opt for an Enos scenario:
Slack. Slack.
* An SSH keypair in the AWS region you wish to run the scenario. You can use * An SSH keypair in the AWS region you wish to run the scenario. You can use
Doormat to log in to the AWS console to create or upload an existing keypair. Doormat to log in to the AWS console to create or upload an existing keypair.
* A Vault install bundle downloaded from releases.hashicorp.com or Artifactory * A Vault artifact is downloaded from the GHA artifacts when using the `artifact_source:crt` variants, from Artifactory when using `artifact_source:artifactory`, and is built locally from the current branch when using `artifact_source:local` variant.
when using the `builder:crt` variants. When using the `builder:local` variants
Enos will build a Vault bundle from the current branch for you.
## Scenario Variables ## Scenario Variables
In CI, each scenario is executed via Github Actions and has been configured using In CI, each scenario is executed via Github Actions and has been configured using
@ -75,24 +73,24 @@ enos scenario list
# Run the smoke or upgrade scenario with an artifact that is built locally. Make sure # Run the smoke or upgrade scenario with an artifact that is built locally. Make sure
# the local machine has been configured as detailed in the requirements # the local machine has been configured as detailed in the requirements
# section. This will execute the scenario and clean up any resources if successful. # section. This will execute the scenario and clean up any resources if successful.
enos scenario run smoke builder:local enos scenario run smoke artifact_source:local
enos scenario run upgrade builder:local enos scenario run upgrade artifact_source:local
# To run the same scenario variants that are run in CI, refer to the scenarios listed # To run the same scenario variants that are run in CI, refer to the scenarios listed
# in .github/workflows/enos-run.yml under `jobs.enos.strategy.matrix.include`, # in json files under .github/enos-run-matrices directory,
# adding `builder:local` to run locally. # adding `artifact_source:local` to run locally.
enos scenario run smoke backend:consul consul_version:1.12.3 distro:ubuntu seal:awskms builder:local arch:amd64 edition:oss enos scenario run smoke backend:consul consul_version:1.12.3 distro:ubuntu seal:awskms artifact_source:local arch:amd64 edition:oss
# Launch an individual scenario but leave infrastructure up after execution # Launch an individual scenario but leave infrastructure up after execution
enos scenario launch smoke builder:local enos scenario launch smoke artifact_source:local
# Check an individual scenario for validity. This is useful during scenario # Check an individual scenario for validity. This is useful during scenario
# authoring and debugging. # authoring and debugging.
enos scenario validate smoke builder:local enos scenario validate smoke artifact_source:local
# If you've run the tests and desire to see the outputs, such as the URL or # If you've run the tests and desire to see the outputs, such as the URL or
# credentials, you can run the output command to see them. Please note that # credentials, you can run the output command to see them. Please note that
# after "run" or destroy there will be no "outputs" as the infrastructure # after "run" or destroy there will be no "outputs" as the infrastructure
# will have been destroyed and state cleared. # will have been destroyed and state cleared.
enos scenario output smoke builder:local enos scenario output smoke artifact_source:local
# Explicitly destroy all existing infrastructure # Explicitly destroy all existing infrastructure
enos scenario destroy smoke builder:local enos scenario destroy smoke artifact_source:local
``` ```
Refer to the [Enos documentation](https://github.com/hashicorp/Enos-Docs) Refer to the [Enos documentation](https://github.com/hashicorp/Enos-Docs)
@ -100,7 +98,7 @@ for further information regarding installation, execution or composing scenarios
# Scenarios # Scenarios
There are current two scenarios: `smoke` and `upgrade`. Both begin by building Vault There are current two scenarios: `smoke` and `upgrade`. Both begin by building Vault
as specified by the selected `builder` variant (see Variants section below for more as specified by the selected `artifact_source` variant (see Variants section below for more
information). information).
## Smoke ## Smoke
@ -114,7 +112,7 @@ depending on the backend and seal type.
The [`upgrade` scenario](./enos-scenario-upgrade.hcl) creates a Vault cluster using The [`upgrade` scenario](./enos-scenario-upgrade.hcl) creates a Vault cluster using
the version specified in `vault_upgrade_initial_release`, with the backend specified the version specified in `vault_upgrade_initial_release`, with the backend specified
by the `backend` variant (`raft` or `consul`). Next, it upgrades the Vault binary by the `backend` variant (`raft` or `consul`). Next, it upgrades the Vault binary
that is determined by the `builder` variant. After the upgrade, it verifies that that is determined by the `artifact_source` variant. After the upgrade, it verifies that
cluster is at the desired version, along with additional verifications. cluster is at the desired version, along with additional verifications.
@ -142,16 +140,26 @@ Both scenarios support a matrix of variants. In order to achieve broad coverage
keeping test run time reasonable, the variants executed by the `enos-run` Github keeping test run time reasonable, the variants executed by the `enos-run` Github
Actions are tailored to maximize variant distribution per scenario. Actions are tailored to maximize variant distribution per scenario.
## `builder:crt` ## `artifact_source:crt`
This variant is designed for use in Github Actions. The `enos-run.yml` workflow This variant is designed for use in Github Actions. The `enos-run.yml` workflow
downloads the artifact built by the `build.yml` workflow, unzips it, and sets the downloads the artifact built by the `build.yml` workflow, unzips it, and sets the
`vault_bundle_path` to the zip file and the `vault_local_binary_path` to the binary. `vault_bundle_path` to the zip file and the `vault_local_binary_path` to the binary.
## `builder:local` ## `artifact_source:local`
This variant is for running the Enos scenario locally. It builds the Vault bundle This variant is for running the Enos scenario locally. It builds the Vault bundle
from the current branch, placing the bundle at the `vault_bundle_path` and the from the current branch, placing the bundle at the `vault_bundle_path` and the
unzipped Vault binary at the `vault_local_binary_path`. unzipped Vault binary at the `vault_local_binary_path`.
## `artifact_source:artifactory`
This variant is for running the Enos scenario to test an artifact from Artifactory. It requires following Enos variables to be set:
* `artifactory_username`
* `artifactory_token`
* `aws_ssh_keypair_name`
* `aws_ssh_private_key_path`
* `tfc_api_token`
* `vault_product_version`
* `vault_revision`
# CI Bootstrap # CI Bootstrap
In order to execute any of the scenarios in this repository, it is first necessary to bootstrap the In order to execute any of the scenarios in this repository, it is first necessary to bootstrap the
CI AWS account with the required permissions, service quotas and supporting AWS resources. There are CI AWS account with the required permissions, service quotas and supporting AWS resources. There are

8
enos/modules/vault_verify_write_data/scripts/smoke-enable-secrets-kv.sh
View File

@ -33,16 +33,16 @@ test -x "$binpath" || fail "unable to locate vault binary at $binpath"
retry 5 "$binpath" status > /dev/null 2>&1 retry 5 "$binpath" status > /dev/null 2>&1
# Create user policy # Create user policy
$binpath policy write reguser -<<EOF retry 5 $binpath policy write reguser -<<EOF
path "*" { path "*" {
capabilities = ["read", "list"] capabilities = ["read", "list"]
} }
EOF EOF
# Enable the userpass auth method # Enable the userpass auth method
$binpath auth enable userpass > /dev/null 2>&1 retry 5 $binpath auth enable userpass > /dev/null 2>&1
# Create new user and attach reguser policy # Create new user and attach reguser policy
$binpath write auth/userpass/users/testuser password="passuser1" policies="reguser" retry 5 $binpath write auth/userpass/users/testuser password="passuser1" policies="reguser"
$binpath secrets enable -path="secret" kv retry 5 $binpath secrets enable -path="secret" kv