Skip to content

Commit

Permalink
Update Vault version verification integration test (hashicorp#17377)
Browse files Browse the repository at this point in the history
* Update Vault version verification integration test

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Refactor to validate artifact build date

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Address review comments

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Fix capitalization in variable descriptions

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>
  • Loading branch information
Jaymala authored and jayant07-yb committed Mar 15, 2023
1 parent 3cb5b9b commit d3f79ec
Show file tree
Hide file tree
Showing 13 changed files with 206 additions and 47 deletions.
7 changes: 7 additions & 0 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,12 +16,16 @@ jobs:
product-metadata:
runs-on: ubuntu-latest
outputs:
product-revision: ${{ steps.get-product-revision.outputs.product-revision }}
product-version: ${{ steps.get-product-version.outputs.product-version }}
product-base-version: ${{ steps.get-product-version.outputs.product-base-version }}
build-date: ${{ steps.get-build-date.outputs.build-date }}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
- name: Get product revision
id: get-product-revision
run: echo "::set-output name=product-revision::$(git rev-parse HEAD)"
- name: Get product version
id: get-product-version
run: |
Expand Down Expand Up @@ -287,5 +291,8 @@ jobs:
- build-linux
uses: ./.github/workflows/enos-run.yml
with:
artifact-build-date: "${{needs.product-metadata.outputs.build-date}}"
artifact-name: "vault_${{ needs.product-metadata.outputs.product-version }}_linux_amd64.zip"
artifact-revision: "${{needs.product-metadata.outputs.product-revision}}"
artifact-version: "${{needs.product-metadata.outputs.product-version}}"
secrets: inherit
21 changes: 21 additions & 0 deletions .github/workflows/enos-run.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,25 @@ on:
# being inherited from the caller.
workflow_call:
inputs:
artifact-build-date:
required: false
type: string
artifact-name:
required: true
type: string
artifact-revision:
required: true
type: string
artifact-version:
required: true
type: string

env:
PKG_NAME: vault
ARTIFACT_BUILD_DATE: ${{ inputs.artifact-build-date }}
ARTIFACT_NAME: ${{ inputs.artifact-name }}
ARTIFACT_REVISION: ${{ inputs.artifact-revision }}
ARTIFACT_VERSION: ${{ inputs.artifact-version }}

jobs:
# Read Enos scenario matrix file based on artifact-name input to test
Expand Down Expand Up @@ -88,6 +100,9 @@ jobs:
ENOS_VAR_aws_ssh_private_key_path: ./support/private_key.pem
ENOS_VAR_tfc_api_token: ${{ secrets.TF_API_TOKEN }}
ENOS_VAR_terraform_plugin_cache_dir: ./support/terraform-plugin-cache
ENOS_VAR_vault_build_date: ${{ env.ARTIFACT_BUILD_DATE }}
ENOS_VAR_vault_product_version: ${{ env.ARTIFACT_VERSION }}
ENOS_VAR_vault_revision: ${{ env.ARTIFACT_REVISION }}
ENOS_VAR_vault_bundle_path: ./support/vault.zip
run: |
enos scenario run --timeout 60m0s --chdir ./enos ${{ matrix.scenario }}
Expand All @@ -100,6 +115,9 @@ jobs:
ENOS_VAR_aws_ssh_private_key_path: ./support/private_key.pem
ENOS_VAR_tfc_api_token: ${{ secrets.TF_API_TOKEN }}
ENOS_VAR_terraform_plugin_cache_dir: ./support/terraform-plugin-cache
ENOS_VAR_vault_build_date: ${{ env.ARTIFACT_BUILD_DATE }}
ENOS_VAR_vault_product_version: ${{ env.ARTIFACT_VERSION }}
ENOS_VAR_vault_revision: ${{ env.ARTIFACT_REVISION }}
ENOS_VAR_vault_bundle_path: ./support/vault.zip
run: |
enos scenario run --timeout 60m0s --chdir ./enos ${{ matrix.scenario }}
Expand All @@ -114,6 +132,9 @@ jobs:
ENOS_VAR_aws_ssh_private_key_path: ./support/private_key.pem
ENOS_VAR_tfc_api_token: ${{ secrets.TF_API_TOKEN }}
ENOS_VAR_terraform_plugin_cache_dir: ./support/terraform-plugin-cache
ENOS_VAR_vault_build_date: ${{ env.ARTIFACT_BUILD_DATE }}
ENOS_VAR_vault_product_version: ${{ env.ARTIFACT_VERSION }}
ENOS_VAR_vault_revision: ${{ env.ARTIFACT_REVISION }}
ENOS_VAR_vault_bundle_path: ./support/vault.zip
run: |
enos scenario destroy --timeout 60m0s --chdir ./enos ${{ matrix.scenario }}
Expand Down
4 changes: 2 additions & 2 deletions enos/enos-modules.hcl
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,8 @@ module "create_vpc" {
ami_architectures = ["amd64", "arm64"]
}

module "get_local_version_from_make" {
source = "./modules/get_local_version_from_make"
module "get_local_metadata" {
source = "./modules/get_local_metadata"
}

module "read_license" {
Expand Down
12 changes: 6 additions & 6 deletions enos/enos-scenario-autopilot.hcl
Original file line number Diff line number Diff line change
Expand Up @@ -104,16 +104,16 @@ scenario "autopilot" {
}
}

step "get_local_version" {
module = module.get_local_version_from_make
step "get_local_metadata" {
skip_step = matrix.builder != "local"
module = module.get_local_metadata
}

step "create_autopilot_upgrade_storageconfig" {
module = module.autopilot_upgrade_storageconfig
depends_on = [step.get_local_version]
module = module.autopilot_upgrade_storageconfig

variables {
vault_product_version = step.get_local_version.version
vault_product_version = matrix.builder == "local" ? step.get_local_metadata.version : var.vault_product_version
}
}

Expand Down Expand Up @@ -158,7 +158,7 @@ scenario "autopilot" {
}

variables {
vault_autopilot_upgrade_version = step.get_local_version.version
vault_autopilot_upgrade_version = matrix.builder == "local" ? step.get_local_metadata.version : var.vault_product_version
vault_instances = step.create_vault_cluster.vault_instances
vault_root_token = step.create_vault_cluster.vault_root_token
}
Expand Down
25 changes: 25 additions & 0 deletions enos/enos-scenario-smoke.hcl
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,11 @@ scenario "smoke" {
}
}

step "get_local_metadata" {
skip_step = matrix.builder != "local"
module = module.get_local_metadata
}

step "create_vault_cluster" {
module = module.vault_cluster
depends_on = [
Expand All @@ -131,6 +136,26 @@ scenario "smoke" {
}
}

step "verify_vault_version" {
module = module.vault_verify_version
depends_on = [
step.create_vault_cluster,
]

providers = {
enos = local.enos_provider[matrix.distro]
}

variables {
vault_instances = step.create_vault_cluster.vault_instances
vault_edition = matrix.edition
vault_product_version = matrix.builder == "local" ? step.get_local_metadata.version : var.vault_product_version
vault_revision = matrix.builder == "local" ? step.get_local_metadata.revision : var.vault_revision
vault_build_date = matrix.builder == "local" ? step.get_local_metadata.build_date : var.vault_build_date
vault_root_token = step.create_vault_cluster.vault_root_token
}
}

step "verify_vault_unsealed" {
module = module.vault_verify_unsealed
depends_on = [
Expand Down
12 changes: 11 additions & 1 deletion enos/enos-scenario-upgrade.hcl
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,11 @@ scenario "upgrade" {
}
}

step "get_local_metadata" {
skip_step = matrix.builder != "local"
module = module.get_local_metadata
}

step "create_backend_cluster" {
module = "backend_${matrix.backend}"
depends_on = [
Expand Down Expand Up @@ -162,7 +167,12 @@ scenario "upgrade" {
}

variables {
vault_instances = step.create_vault_cluster.vault_instances
vault_instances = step.create_vault_cluster.vault_instances
vault_edition = matrix.edition
vault_product_version = matrix.builder == "local" ? step.get_local_metadata.version : var.vault_product_version
vault_revision = matrix.builder == "local" ? step.get_local_metadata.revision : var.vault_revision
vault_build_date = matrix.builder == "local" ? step.get_local_metadata.build_date : var.vault_build_date
vault_root_token = step.create_vault_cluster.vault_root_token
}
}

Expand Down
22 changes: 20 additions & 2 deletions enos/enos-variables.hcl
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ variable "vault_bundle_path" {

variable "vault_install_dir" {
type = string
description = "The directory where the vault binary will be installed"
description = "The directory where the Vault binary will be installed"
default = "/opt/vault/bin"
}

Expand Down Expand Up @@ -101,11 +101,29 @@ variable "vault_local_build_tags" {
default = null
}

variable "vault_build_date" {
description = "The build date for Vault artifact"
type = string
default = ""
}

variable "vault_product_version" {
description = "The version of Vault we are testing"
type = string
default = null
}

variable "vault_revision" {
description = "The git sha of Vault artifact we are testing"
type = string
default = null
}

variable "vault_upgrade_initial_release" {
description = "The Vault release to deploy before upgrading"
default = {
edition = "oss"
// vault 1.10.5 has a known issue with retry_join.
// Vault 1.10.5 has a known issue with retry_join.
version = "1.10.4"
}
}
31 changes: 31 additions & 0 deletions enos/modules/get_local_metadata/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
terraform {
required_providers {
enos = {
source = "app.terraform.io/hashicorp-qti/enos"
}
}
}

resource "enos_local_exec" "get_build_date" {
scripts = ["${path.module}/scripts/build_date.sh"]
}

output "build_date" {
value = trimspace(enos_local_exec.get_build_date.stdout)
}

resource "enos_local_exec" "get_version" {
scripts = ["${path.module}/scripts/version.sh"]
}

output "version" {
value = trimspace(enos_local_exec.get_version.stdout)
}

resource "enos_local_exec" "get_revision" {
inline = ["git rev-parse HEAD"]
}

output "revision" {
value = trimspace(enos_local_exec.get_revision.stdout)
}
10 changes: 10 additions & 0 deletions enos/modules/get_local_metadata/scripts/build_date.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
#!/bin/env bash
set -eu -o pipefail

# Set up the environment for building Vault.
root_dir="$(git rev-parse --show-toplevel)"

pushd "$root_dir" > /dev/null

IFS="-" read -r VAULT_BUILD_DATE _other <<< "$(make build-date)"
echo $VAULT_BUILD_DATE
15 changes: 0 additions & 15 deletions enos/modules/get_local_version_from_make/main.tf

This file was deleted.

39 changes: 37 additions & 2 deletions enos/modules/vault_verify_version/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -6,22 +6,52 @@ terraform {
}
}

variable "vault_build_date" {
type = string
description = "The Vault artifact build date"
default = null
}

variable "vault_install_dir" {
type = string
description = "The directory where the Vault binary will be installed"
}

variable "vault_instance_count" {
type = number
description = "How many vault instances are in the cluster"
description = "How many Vault instances are in the cluster"
}

variable "vault_instances" {
type = map(object({
private_ip = string
public_ip = string
}))
description = "The vault cluster instances that were created"
description = "The Vault cluster instances that were created"
}

variable "vault_product_version" {
type = string
description = "The Vault product version"
default = null
}

variable "vault_edition" {
type = string
description = "The Vault product edition"
default = null
}

variable "vault_revision" {
type = string
description = "The Vault product revision"
default = null
}

variable "vault_root_token" {
type = string
description = "The Vault root token"
default = null
}

locals {
Expand All @@ -38,6 +68,11 @@ resource "enos_remote_exec" "verify_all_nodes_have_updated_version" {

content = templatefile("${path.module}/templates/verify-cluster-version.sh", {
vault_install_dir = var.vault_install_dir,
vault_build_date = var.vault_build_date,
vault_version = var.vault_product_version,
vault_edition = var.vault_edition,
vault_revision = var.vault_revision,
vault_token = var.vault_root_token,
})

transport = {
Expand Down

0 comments on commit d3f79ec

Please sign in to comment.