Commit graph

178 commits

Author SHA1 Message Date
hc-github-team-secure-vault-core 1c44b797b2
backport of commit 30aac443d0037852b0a5e4b50d59a9bedc5e4445 (#21324)
Co-authored-by: miagilepner <mia.epner@hashicorp.com>
2023-06-16 13:10:36 -04:00
hc-github-team-secure-vault-core 92e2ae8897
backport of commit a1fdf105b3cc2e88483f3fca27729fa06bfbfa7f (#21312)
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2023-06-16 14:41:28 +00:00
hc-github-team-secure-vault-core 66fc3d6154
backport of commit d3ae2085ae6242d752cbafb0d0aa9a48b8f4a16b (#21288)
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2023-06-15 15:56:29 -04:00
hc-github-team-secure-vault-core 6da06be1cf
backport of commit 567917efacd62639103133a7a07efd3076be713b (#21205)
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
2023-06-13 21:07:38 +00:00
hc-github-team-secure-vault-core afef4629c8
backport of commit 21eccf8b8df7868c7d454f8ba42d5bec5235a69e (#20866)
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
2023-05-31 23:06:59 +00:00
Alexander Scheel 30488bc374
sdk/helper/nonce -> go-secure-stdlib/nonceutil (#20737)
Depends on https://github.com/hashicorp/go-secure-stdlib/pull/73

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-25 20:57:08 +00:00
Marc Boudreau 6ef35feeb9
update security-scanner version to latest to pickup changes that eliminate use of deprecated GitHub Actions commands (#20690) 2023-05-25 12:09:43 -04:00
Angel Garbarino 4a402ca128
Address Test-ui suite failure for package install issues (#20756)
* fix

* apparently its going to take me two commits.. for one line.

* test removing the installation of the packages.

* remove browser dependencies
2023-05-24 15:24:47 -06:00
Alexander Scheel 83d32240c7
Add nonce service to sdk/helpers, use in PKI (#20688)
* Build a better nonce service

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add internal nonce service for testing

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add benchmarks for nonce service

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add statistics around how long tidy took

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Replace ACME nonces with shared nonce service

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add an initialize method to nonce services

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Use the new initialize helper on nonce service in PKI

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add additional tests for nonces

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Format sdk/helper/nonce

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Use default 90s nonce expiry in PKI

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Remove parallel test case as covered by benchmark

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add additional commentary to encrypted nonce implementation

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add nonce to test_packages

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-23 19:44:05 +00:00
Ryan Cragun 1e752e0cba
ci: request vpc quota increase (#20360)
* Fix regions on two service quotas
* Request an increase in VPCs per region
* Pin github actions workflows

Signed-off-by: Ryan Cragun <me@ryan.ec>
2023-05-22 11:18:06 -06:00
Violet Hynes 92dc054bb3
VAULT-15547 Agent/proxy decoupling, take two (#20634)
* VAULT-15547 Additional tests, refactoring, for proxy split

* VAULT-15547 Additional tests, refactoring, for proxy split

* VAULT-15547 Import reorganization

* VAULT-15547 Some missed updates for PersistConfig

* VAULT-15547 address comments

* VAULT-15547 address comments
2023-05-19 13:17:48 -04:00
Violet Hynes b2468d3481
VAULT-15547 First pass at agent/proxy decoupling (#20548)
* VAULT-15547 First pass at agent/proxy decoupling

* VAULT-15547 Fix some imports

* VAULT-15547 cases instead of string.Title

* VAULT-15547 changelog

* VAULT-15547 Fix some imports

* VAULT-15547 some more dependency updates

* VAULT-15547 More dependency paths

* VAULT-15547 godocs for tests

* VAULT-15547 godocs for tests

* VAULT-15547 test package updates

* VAULT-15547 test packages

* VAULT-15547 add proxy to test packages

* VAULT-15547 gitignore

* VAULT-15547 address comments

* VAULT-15547 Some typos and small fixes
2023-05-17 09:38:34 -04:00
Jaymala b5606770f6
Update verify-changes to support external docs branches (#20535)
* Update verify-changes to support external docs branches

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Revert QT-545 as it Enos workflow is not a workflow_run event

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

---------

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>
2023-05-08 15:03:23 -04:00
Nick Cabatoff 3eb5fb3eb7
Use newer version of backport-assistant (#20484) 2023-05-03 12:40:01 -04:00
Nick Cabatoff 120830681e
Don't run build workflow on draft PRs. (#20443) 2023-05-01 13:52:41 -04:00
Nick Cabatoff 9eee5f3438
CI tests should run on release branches as well as main (#20444) 2023-05-01 15:42:03 +00:00
Ryan Cragun 190783a87f
release testing: always save the metadata (#20402)
Signed-off-by: Ryan Cragun <me@ryan.ec>
2023-04-28 15:15:03 -06:00
Nick Cabatoff a816ef6c15
Use a dedicated runner for the binary-based tests. (#20377) 2023-04-27 09:41:49 -04:00
Jaymala 5164069708
Fail completed successfully check for failing Enos tests (#20335)
* Force required completed-successfully check to fail when builds or tests fail

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Update to fail cancelled workflows

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

---------

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>
2023-04-26 15:16:31 -04:00
Kuba Wieczorek 2445637829
Run DataDog-related steps every time test-go CI workflow runs (#20364) 2023-04-26 16:28:39 +01:00
Nick Cabatoff ad18fc6398
Docker testing: handle licensing, different images per node (#20347) 2023-04-25 17:11:46 -04:00
Nick Cabatoff 1e433add83
Add ent-specific test binary build rules (#20334)
This fixes the binary building on ent, except because I ran into problems with the binary-based tests there, I've included a bunch of `github.repository != 'hashicorp/vault-enterprise'` conditions to disable the binary building.  I'll fix the test problems in a future PR and remove those repo conditions.
2023-04-25 10:49:34 -04:00
Luis (LT) Carbonell 8b4ce9c1c2
Re-run Milestone Check when Milestones are Applied (#20299)
* re-run when milestones are applied

* update milestone check conditions
2023-04-25 08:49:43 -05:00
Jaymala 2893342c60
Fix script to verify docs changes (#20317)
Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>
2023-04-24 13:16:01 -04:00
Nick Cabatoff b7e6090a21
Move all checkout@v2 users to v3. (#20315) 2023-04-24 15:25:58 +00:00
Nick Cabatoff 313957b911
Add tests based on vault binary (#20224)
First steps towards docker-based tests: tests using vault binary in -dev or -dev-three-node modes.
2023-04-24 09:57:37 -04:00
Jaymala e3a39f4adc
[QT-517] Skip builds for docs PRs (#20036)
* [QT-517] Skip builds for docs changes

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* [QT-545] Enable Enos tests to also run on forked PRs

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Add comments and fix CI errors

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

---------

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>
2023-04-21 10:58:47 -04:00
claire bontempo f4928cf7cb
Run UI tests on PRs with "ui" label (#20209)
* add conditional for label

* VAULT-14643 link jira
2023-04-18 12:03:35 -07:00
Ryan Cragun a19f7dbda5
[QT-525] enos: use spot instances for Vault targets (#20037)
The previous strategy for provisioning infrastructure targets was to use
the cheapest instances that could reliably perform as Vault cluster
nodes. With this change we introduce a new model for target node
infrastructure. We've replaced on-demand instances for a spot
fleet. While the spot price fluctuates based on dynamic pricing, 
capacity, region, instance type, and platform, cost savings for our
most common combinations range between 20-70%.

This change only includes spot fleet targets for Vault clusters.
We'll be updating our Consul backend bidding in another PR.

* Create a new `vault_cluster` module that handles installation,
  configuration, initializing, and unsealing Vault clusters.
* Create a `target_ec2_instances` module that can provision a group of
  instances on-demand.
* Create a `target_ec2_spot_fleet` module that can bid on a fleet of
  spot instances.
* Extend every Enos scenario to utilize the spot fleet target acquisition
  strategy and the `vault_cluster` module.
* Update our Enos CI modules to handle both the `aws-nuke` permissions
  and also the privileges to provision spot fleets.
* Only use us-east-1 and us-west-2 in our scenario matrices as costs are
  lower than us-west-1.

Signed-off-by: Ryan Cragun <me@ryan.ec>
2023-04-13 15:44:43 -04:00
Kuba Wieczorek deb215a8e1
Stop running UI tests on every PR into a release branch in CI (#20149) 2023-04-13 18:10:17 +00:00
Bryce Kalow 9f9bceda88
remove check-legacy-links-format workflow (#20115) 2023-04-12 21:52:54 -04:00
Kuba Wieczorek 7e48d06e20
Add smaller runner groups for CI jobs (#20081) 2023-04-11 14:05:15 -04:00
Jaymala d414a703e4
Use absolute path for debug datadir (#20069)
Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>
2023-04-11 13:06:51 -04:00
Kuba Wieczorek af0adf85fa
Fix issues tripping the actionlint linter again (#20026) 2023-04-06 17:04:09 +00:00
Jaymala d0ac3d8fe2
[QT-488] Get artifact summary info along with product metadata (#19977)
* [QT-488] Get artifact summary info along with product metadata

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Fix GH Lint warnings

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

---------

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>
2023-04-05 13:49:46 -06:00
Marc Boudreau 209671c25e
add workflow_dispatch trigger to ci.yml workflow (#19979) 2023-04-05 10:03:08 -04:00
Kuba Wieczorek f7aacbe74a
Fix an issue tripping the actionlint linter in test-run-enos-scenario-matrix.yml (#19986) 2023-04-05 13:14:44 +00:00
Jordan Reimer 7fe9a2b328
Node Version CI Update (#19978)
* updates github workflows to read node version from .nvmrc file

* updates to double quotes for shell expression

* removes set-output workflow command

* updates to use node-version-file option for gh workflows

* pins node version to 16
2023-04-04 15:39:17 -06:00
Peter Wilson 4fc4516b49
Moved 'WaitForNodesExcludingSelectedStandbys' to shared testhelpers file (#19976) 2023-04-04 15:32:01 +01:00
Jordan Reimer 3f0620ce2c
Address Critical Vulnerabilities from Dependencies (#19901)
* cleans up dependencies with critical warnigns

* adds changelog entry

* updates dockerfiles and ci github workflow to use node 16

* removes ui gh workflow not being used
2023-04-03 15:24:38 -06:00
Kuba Wieczorek b86a09fb2a
Ensure tests-completed job fails if required jobs either fail or are cancelled (#19948)
Otherwise, the tests-completed job should succeed, including when the test-ui
job is skipped.
2023-04-03 15:16:42 -04:00
Marc Boudreau 1bcaa0c0d9
Add dependabot Configuration (#19792)
* add dependabot configuration

* Add missing newline at end of file

Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>

---------

Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
2023-04-03 12:29:11 -04:00
Marc Boudreau 6e2f1cdcaf
fix inconsistencies in test-go.yml between OSS and ENT repositories (#19943) 2023-04-03 10:26:55 -04:00
Mike Baum 38101792cb
Download Application log files and upload as an artifact when enos scenarios fail (#19860) 2023-03-31 14:31:35 -04:00
Kuba Wieczorek 77105a27bd
Add DataDog test visibility to the test-go job in CI (#19890) 2023-03-31 18:15:57 +01:00
Jaymala 6a62e99fdd
[QT-488] Fix Enos testing workflow name (#19905)
Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>
2023-03-31 13:15:19 -04:00
Marc Boudreau 4528689486
use correct commit hash from latest branch of browser-actions/setup-chrome (#19876) 2023-03-31 12:17:16 -04:00
Jaymala 337adbb4c9
Add workflow summary to Enos tests (#19858)
* Add workflow summary to Enos tests

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Fix GHA lint errors for setup outputs

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

---------

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>
2023-03-31 09:21:08 -04:00
Kuba Wieczorek bbeb8b8a47
Update the if conditions for test-go jobs in CI (#19809)
* Update the if conditions for test-go jobs in CI

* Fix errors in comments

* Update the if condition for the UI tests
2023-03-30 16:27:42 -04:00
Kuba Wieczorek 818d89645b
Make the suffix for CI Go test matrix jobs optional (#19752) 2023-03-30 15:09:57 -04:00