luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

backport of commit 6654c425d2206624ff42cc7b7b92407a5e338311 (#22221) 

Co-authored-by: Rebecca Willett <47540675+rebwill@users.noreply.github.com>
This commit is contained in:
hc-github-team-secure-vault-core 2023-08-08 11:11:03 -04:00 committed by GitHub
parent 07c5ce083d
commit b4fa55858c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 81 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
enos/enos-scenario-replication.hcl
View File

@ -39,7 +39,9 @@ scenario "replication" {
]
locals {
backend_tag_key = "VaultStorage"
# The path to the backend license file (Consul Enterprise)
backend_license_path = abspath(var.backend_license_path != null ? var.backend_license_path : joinpath(path.root, "./support/consul.hclic"))
backend_tag_key = "VaultStorage"
build_tags = {
"ent" = ["ui", "enterprise", "ent"]
"ent.fips1402" = ["ui", "enterprise", "cgo", "hsm", "fips", "fips_140_2", "ent.fips1402"]
@ -103,7 +105,18 @@ scenario "replication" {
}
}
step "read_license" {
// This step reads the contents of the backend license if we're using a Consul backend and
// the edition is "ent".
step "read_backend_license" {
skip_step = (matrix.primary_backend == "raft" && matrix.secondary_backend == "raft") || var.backend_edition == "oss"
module = module.read_license
variables {
file_name = local.backend_license_path
}
}
step "read_vault_license" {
module = module.read_license
variables {
@ -218,6 +231,7 @@ scenario "replication" {
variables {
cluster_name = step.create_primary_cluster_backend_targets.cluster_name
cluster_tag_key = local.backend_tag_key
license = (matrix.primary_backend == "consul" && var.backend_edition == "ent") ? step.read_backend_license.license : null
release = {
edition = var.backend_edition
version = matrix.consul_version
@ -243,6 +257,7 @@ scenario "replication" {
awskms_unseal_key_arn = step.create_vpc.kms_key_arn
backend_cluster_name = step.create_primary_cluster_backend_targets.cluster_name
backend_cluster_tag_key = local.backend_tag_key
consul_license = (matrix.primary_backend == "consul" && var.backend_edition == "ent") ? step.read_backend_license.license : null
cluster_name = step.create_primary_cluster_targets.cluster_name
consul_release = matrix.primary_backend == "consul" ? {
edition = var.backend_edition
@ -250,7 +265,7 @@ scenario "replication" {
} : null
enable_file_audit_device = var.vault_enable_file_audit_device
install_dir = local.vault_install_dir
license = matrix.edition != "oss" ? step.read_license.license : null
license = matrix.edition != "oss" ? step.read_vault_license.license : null
local_artifact_path = local.bundle_path
packages = local.packages
storage_backend = matrix.primary_backend
@ -272,6 +287,7 @@ scenario "replication" {
variables {
cluster_name = step.create_secondary_cluster_backend_targets.cluster_name
cluster_tag_key = local.backend_tag_key
license = (matrix.secondary_backend == "consul" && var.backend_edition == "ent") ? step.read_backend_license.license : null
release = {
edition = var.backend_edition
version = matrix.consul_version
@ -297,6 +313,7 @@ scenario "replication" {
awskms_unseal_key_arn = step.create_vpc.kms_key_arn
backend_cluster_name = step.create_secondary_cluster_backend_targets.cluster_name
backend_cluster_tag_key = local.backend_tag_key
consul_license = (matrix.secondary_backend == "consul" && var.backend_edition == "ent") ? step.read_backend_license.license : null
cluster_name = step.create_secondary_cluster_targets.cluster_name
consul_release = matrix.secondary_backend == "consul" ? {
edition = var.backend_edition
@ -304,7 +321,7 @@ scenario "replication" {
} : null
enable_file_audit_device = var.vault_enable_file_audit_device
install_dir = local.vault_install_dir
license = matrix.edition != "oss" ? step.read_license.license : null
license = matrix.edition != "oss" ? step.read_vault_license.license : null
local_artifact_path = local.bundle_path
packages = local.packages
storage_backend = matrix.secondary_backend
@ -538,6 +555,7 @@ scenario "replication" {
backend_cluster_name = step.create_primary_cluster_backend_targets.cluster_name
backend_cluster_tag_key = local.backend_tag_key
cluster_name = step.create_primary_cluster_targets.cluster_name
consul_license = (matrix.primary_backend == "consul" && var.backend_edition == "ent") ? step.read_backend_license.license : null
consul_release = matrix.primary_backend == "consul" ? {
edition = var.backend_edition
version = matrix.consul_version
@ -545,7 +563,7 @@ scenario "replication" {
force_unseal = matrix.primary_seal == "shamir"
initialize_cluster = false
install_dir = local.vault_install_dir
license = matrix.edition != "oss" ? step.read_license.license : null
license = matrix.edition != "oss" ? step.read_vault_license.license : null
local_artifact_path = local.bundle_path
packages = local.packages
root_token = step.create_primary_cluster.root_token

22
enos/enos-scenario-smoke.hcl
View File

@ -34,7 +34,8 @@ scenario "smoke" {
]
locals {
backend_tag_key = "VaultStorage"
backend_license_path = abspath(var.backend_license_path != null ? var.backend_license_path : joinpath(path.root, "./support/consul.hclic"))
backend_tag_key = "VaultStorage"
build_tags = {
"oss" = ["ui"]
"ent" = ["ui", "enterprise", "ent"]
@ -104,7 +105,18 @@ scenario "smoke" {
}
}
step "read_license" {
// This step reads the contents of the backend license if we're using a Consul backend and
// the edition is "ent".
step "read_backend_license" {
skip_step = matrix.backend == "raft" || var.backend_edition == "oss"
module = module.read_license
variables {
file_name = local.backend_license_path
}
}
step "read_vault_license" {
skip_step = matrix.edition == "oss"
module = module.read_license
@ -150,7 +162,7 @@ scenario "smoke" {
step "create_backend_cluster" {
module = "backend_${matrix.backend}"
depends_on = [
step.create_vault_cluster_backend_targets,
step.create_vault_cluster_backend_targets
]
providers = {
@ -160,6 +172,7 @@ scenario "smoke" {
variables {
cluster_name = step.create_vault_cluster_backend_targets.cluster_name
cluster_tag_key = local.backend_tag_key
license = (matrix.backend == "consul" && var.backend_edition == "ent") ? step.read_backend_license.license : null
release = {
edition = var.backend_edition
version = matrix.consul_version
@ -186,13 +199,14 @@ scenario "smoke" {
backend_cluster_name = step.create_vault_cluster_backend_targets.cluster_name
backend_cluster_tag_key = local.backend_tag_key
cluster_name = step.create_vault_cluster_targets.cluster_name
consul_license = (matrix.backend == "consul" && var.backend_edition == "ent") ? step.read_backend_license.license : null
consul_release = matrix.backend == "consul" ? {
edition = var.backend_edition
version = matrix.consul_version
} : null
enable_file_audit_device = var.vault_enable_file_audit_device
install_dir = local.vault_install_dir
license = matrix.edition != "oss" ? step.read_license.license : null
license = matrix.edition != "oss" ? step.read_vault_license.license : null
local_artifact_path = local.bundle_path
packages = local.packages
storage_backend = matrix.backend

18
enos/enos-scenario-ui.hcl
View File

@ -17,6 +17,7 @@ scenario "ui" {
locals {
arch = "amd64"
artifact_type = "bundle"
backend_license_path = abspath(var.backend_license_path != null ? var.backend_license_path : joinpath(path.root, "./support/consul.hclic"))
backend_tag_key = "VaultStorage"
build_tags = {
"oss" = ["ui"]
@ -71,7 +72,18 @@ scenario "ui" {
}
}
step "read_license" {
// This step reads the contents of the backend license if we're using a Consul backend and
// the edition is "ent".
step "read_backend_license" {
skip_step = matrix.backend == "raft" || var.backend_edition == "oss"
module = module.read_license
variables {
file_name = local.backend_license_path
}
}
step "read_vault_license" {
skip_step = matrix.edition == "oss"
module = module.read_license
@ -127,6 +139,7 @@ scenario "ui" {
variables {
cluster_name = step.create_vault_cluster_backend_targets.cluster_name
cluster_tag_key = local.backend_tag_key
license = (matrix.backend == "consul" && var.backend_edition == "ent") ? step.read_backend_license.license : null
release = {
edition = var.backend_edition
version = local.consul_version
@ -152,13 +165,14 @@ scenario "ui" {
backend_cluster_name = step.create_vault_cluster_backend_targets.cluster_name
backend_cluster_tag_key = local.backend_tag_key
cluster_name = step.create_vault_cluster_targets.cluster_name
consul_license = (matrix.backend == "consul" && var.backend_edition == "ent") ? step.read_backend_license.license : null
consul_release = matrix.backend == "consul" ? {
edition = var.backend_edition
version = local.consul_version
} : null
enable_file_audit_device = var.vault_enable_file_audit_device
install_dir = local.vault_install_dir
license = matrix.edition != "oss" ? step.read_license.license : null
license = matrix.edition != "oss" ? step.read_vault_license.license : null
local_artifact_path = local.bundle_path
storage_backend = matrix.backend
target_hosts = step.create_vault_cluster_targets.hosts

23
enos/enos-scenario-upgrade.hcl
View File

@ -28,6 +28,7 @@ scenario "upgrade" {
]
locals {
backend_license_path = abspath(var.backend_license_path != null ? var.backend_license_path : joinpath(path.root, "./support/consul.hclic"))
backend_tag_key = "VaultStorage"
build_tags = {
"oss" = ["ui"]
@ -94,7 +95,18 @@ scenario "upgrade" {
}
}
step "read_license" {
// This step reads the contents of the backend license if we're using a Consul backend and
// the edition is "ent".
step "read_backend_license" {
skip_step = matrix.backend == "raft" || var.backend_edition == "oss"
module = module.read_license
variables {
file_name = local.backend_license_path
}
}
step "read_vault_license" {
skip_step = matrix.edition == "oss"
module = module.read_license
@ -103,11 +115,6 @@ scenario "upgrade" {
}
}
step "get_local_metadata" {
skip_step = matrix.artifact_source != "local"
module = module.get_local_metadata
}
step "create_vault_cluster_targets" {
module = module.target_ec2_instances
depends_on = [step.create_vpc]
@ -155,6 +162,7 @@ scenario "upgrade" {
variables {
cluster_name = step.create_vault_cluster_backend_targets.cluster_name
cluster_tag_key = local.backend_tag_key
license = (matrix.backend == "consul" && var.backend_edition == "ent") ? step.read_backend_license.license : null
release = {
edition = var.backend_edition
version = matrix.consul_version
@ -179,6 +187,7 @@ scenario "upgrade" {
awskms_unseal_key_arn = step.create_vpc.kms_key_arn
backend_cluster_name = step.create_vault_cluster_backend_targets.cluster_name
backend_cluster_tag_key = local.backend_tag_key
consul_license = (matrix.backend == "consul" && var.backend_edition == "ent") ? step.read_backend_license.license : null
cluster_name = step.create_vault_cluster_targets.cluster_name
consul_release = matrix.backend == "consul" ? {
edition = var.backend_edition
@ -186,7 +195,7 @@ scenario "upgrade" {
} : null
enable_file_audit_device = var.vault_enable_file_audit_device
install_dir = local.vault_install_dir
license = matrix.edition != "oss" ? step.read_license.license : null
license = matrix.edition != "oss" ? step.read_vault_license.license : null
packages = local.packages
release = var.vault_upgrade_initial_release
storage_backend = matrix.backend

6
enos/enos-variables.hcl
View File

@ -48,13 +48,13 @@ variable "aws_ssh_private_key_path" {
variable "backend_edition" {
description = "The backend release edition if applicable"
type = string
default = "oss"
default = "oss" // or "ent"
}
variable "backend_instance_type" {
description = "The instance type to use for the Vault backend. Must be arm64/nitro compatible"
type = string
default = "t4g.small"
type = string
default = "t4g.small"
}
variable "backend_license_path" {

4
enos/modules/backend_raft/main.tf
View File

@ -25,6 +25,10 @@ variable "config_dir" {
default = null
}
variable "consul_log_level" {
default = null
}
variable "data_dir" {
default = null
}

1
enos/modules/vault_cluster/main.tf
View File

@ -129,6 +129,7 @@ resource "enos_consul_start" "consul" {
log_level = var.consul_log_level
log_file = var.consul_log_file
}
license = var.consul_license
unit_name = "consul"
username = "consul"