From 8ec98107b6d6567022820a0d32f558911782272d Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Tue, 17 May 2022 11:50:23 -0400 Subject: [PATCH 01/50] CI: Test against vault-enterprise 1.10.3-ent - run enterprise acceptance tests --- .circleci/config.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 283d7d63b..cd8b1dbf9 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -19,8 +19,9 @@ jobs: - image: circleci/mysql:latest environment: - MYSQL_ROOT_PASSWORD=mysql - - image: hashicorp/vault:latest + - image: hashicorp/vault-enterprise:1.10.3-ent environment: + - VAULT_LICENSE=$VAULT_LICENSE - VAULT_DEV_ROOT_TOKEN_ID=root - image: mcr.microsoft.com/mssql/server:2017-latest-ubuntu environment: @@ -56,7 +57,7 @@ jobs: export MONGODB_URL="mongodb://root:mongodb@127.0.0.1:27017/admin?ssl=false" export MSSQL_URL="sqlserver://sa:yourStrong1000Password@127.0.0.1:1433" # This will be removed after VAULT-4324 is fixed - make testacc TESTARGS='-v' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true + make testacc-ent TESTARGS='-v' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true - run: name: "Run Build" command: | From f0ec0f9cc52751d75be9f65b7d0cd232dc6bf528 Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Tue, 17 May 2022 12:56:17 -0400 Subject: [PATCH 02/50] Set docker environment from a dictionary --- .circleci/config.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index cd8b1dbf9..22bd24c2d 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -18,15 +18,15 @@ jobs: - MONGO_INITDB_DATABASE: admin - image: circleci/mysql:latest environment: - - MYSQL_ROOT_PASSWORD=mysql + MYSQL_ROOT_PASSWORD: mysql - image: hashicorp/vault-enterprise:1.10.3-ent environment: - - VAULT_LICENSE=$VAULT_LICENSE - - VAULT_DEV_ROOT_TOKEN_ID=root + VAULT_LICENSE: $VAULT_LICENSE + VAULT_DEV_ROOT_TOKEN_ID: root - image: mcr.microsoft.com/mssql/server:2017-latest-ubuntu environment: - - ACCEPT_EULA=Y - - SA_PASSWORD=yourStrong1000Password + ACCEPT_EULA: Y + SA_PASSWORD: yourStrong1000Password working_directory: /tmp/go/src/github.com/hashicorp/terraform-provider-vault steps: - checkout From 9312045fd84ec3f0c11fe96545d25555c550bbb0 Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Tue, 17 May 2022 14:23:00 -0400 Subject: [PATCH 03/50] try quoting the context env --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 22bd24c2d..1b6387121 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -21,7 +21,7 @@ jobs: MYSQL_ROOT_PASSWORD: mysql - image: hashicorp/vault-enterprise:1.10.3-ent environment: - VAULT_LICENSE: $VAULT_LICENSE + VAULT_LICENSE: "$VAULT_LICENSE" VAULT_DEV_ROOT_TOKEN_ID: root - image: mcr.microsoft.com/mssql/server:2017-latest-ubuntu environment: From fe0f35c9af3885afdd7060e122f41bd4cdae04b4 Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Tue, 17 May 2022 15:40:55 -0400 Subject: [PATCH 04/50] Revert CircleCI config, attempt move GHA instead --- .circleci/config.yml | 5 ++--- .github/workflows/build.yml | 31 +++++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/build.yml diff --git a/.circleci/config.yml b/.circleci/config.yml index 1b6387121..1b1640412 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -19,9 +19,8 @@ jobs: - image: circleci/mysql:latest environment: MYSQL_ROOT_PASSWORD: mysql - - image: hashicorp/vault-enterprise:1.10.3-ent + - image: hashicorp/vault:latest environment: - VAULT_LICENSE: "$VAULT_LICENSE" VAULT_DEV_ROOT_TOKEN_ID: root - image: mcr.microsoft.com/mssql/server:2017-latest-ubuntu environment: @@ -57,7 +56,7 @@ jobs: export MONGODB_URL="mongodb://root:mongodb@127.0.0.1:27017/admin?ssl=false" export MSSQL_URL="sqlserver://sa:yourStrong1000Password@127.0.0.1:1433" # This will be removed after VAULT-4324 is fixed - make testacc-ent TESTARGS='-v' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true + make testacc TESTARGS='-v' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true - run: name: "Run Build" command: | diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 000000000..8f14ea13b --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,31 @@ +name: Build + +on: push + +jobs: + go-version: + runs-on: ubuntu-latest + outputs: + version: ${{ steps.go-version.outputs.version }} + steps: + - uses: actions/checkout@v3 + - id: go-version + run: echo "::set-output name=version::$(cat ./.go-version)" + build: + needs: go-version + name: Build Terraform Vault Provider + runs-on: ubuntu-latest + strategy: + fail-fast: true + matrix: + arch: ["amd64"] + steps: + - name: Setup Go + uses: actions/setup-go@v2 + with: + go-version: '${{ needs.go-version.outputs.version }}' + + - uses: actions/checkout@v3 + - name: Build dev + run: | + make dev From 2bdd984f3b1458c3db2d8997005799c1624bae75 Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Tue, 17 May 2022 15:44:21 -0400 Subject: [PATCH 05/50] Make build --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8f14ea13b..8e357778b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -26,6 +26,6 @@ jobs: go-version: '${{ needs.go-version.outputs.version }}' - uses: actions/checkout@v3 - - name: Build dev + - name: Build run: | - make dev + make build From b03522de3fe2c2c51eb6d9fdde93c760f69a1099 Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Tue, 17 May 2022 16:07:26 -0400 Subject: [PATCH 06/50] Attempt to run some containers --- .github/workflows/build.yml | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8e357778b..616cf491d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -3,6 +3,21 @@ name: Build on: push jobs: + runner-job: + runs-on: ubuntu-latest + services: + vault: + image: hashicorp/vault:latest + env: + VAULT_DEV_ROOT_TOKEN_ID: root + ports: + - 8200:8200 + mysql: + image: circleci/mysql:latest + env: + MYSQL_ROOT_PASSWORD: mysql + ports: + - 3306:3306 go-version: runs-on: ubuntu-latest outputs: @@ -13,7 +28,7 @@ jobs: run: echo "::set-output name=version::$(cat ./.go-version)" build: needs: go-version - name: Build Terraform Vault Provider + name: build runs-on: ubuntu-latest strategy: fail-fast: true From 4a918b29889bae9a40163ec47df0ddb427a29b48 Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Tue, 17 May 2022 16:08:12 -0400 Subject: [PATCH 07/50] skip acc tests in CircleCI --- .circleci/config.yml | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 1b1640412..273d66c11 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -42,21 +42,21 @@ jobs: no_output_timeout: 30m command: | make test TESTARGS='-v' - - run: - name: "Run Acceptance Tests" - no_output_timeout: 35m - command: | - export VAULT_TOKEN="root" - export VAULT_ADDR="http://127.0.0.1:8200" - export TF_ACC_TERRAFORM_VERSION="1.0.7" - export MYSQL_URL="root:mysql@tcp(127.0.0.1:3306)/" - export MYSQL_CONNECTION_URL="{{username}}:{{password}}@tcp(127.0.0.1:3306)/" - export MYSQL_CONNECTION_USERNAME="root" - export MYSQL_CONNECTION_PASSWORD="mysql" - export MONGODB_URL="mongodb://root:mongodb@127.0.0.1:27017/admin?ssl=false" - export MSSQL_URL="sqlserver://sa:yourStrong1000Password@127.0.0.1:1433" - # This will be removed after VAULT-4324 is fixed - make testacc TESTARGS='-v' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true + #- run: + # name: "Run Acceptance Tests" + # no_output_timeout: 35m + # command: | + # export VAULT_TOKEN="root" + # export VAULT_ADDR="http://127.0.0.1:8200" + # export TF_ACC_TERRAFORM_VERSION="1.0.7" + # export MYSQL_URL="root:mysql@tcp(127.0.0.1:3306)/" + # export MYSQL_CONNECTION_URL="{{username}}:{{password}}@tcp(127.0.0.1:3306)/" + # export MYSQL_CONNECTION_USERNAME="root" + # export MYSQL_CONNECTION_PASSWORD="mysql" + # export MONGODB_URL="mongodb://root:mongodb@127.0.0.1:27017/admin?ssl=false" + # export MSSQL_URL="sqlserver://sa:yourStrong1000Password@127.0.0.1:1433" + # # This will be removed after VAULT-4324 is fixed + # make testacc TESTARGS='-v' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true - run: name: "Run Build" command: | From 9c122f5af06f51c1419fd8582b92431c1761effb Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Tue, 17 May 2022 16:16:20 -0400 Subject: [PATCH 08/50] Run build steps in runner-job --- .github/workflows/build.yml | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 616cf491d..5aca04e17 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -3,8 +3,22 @@ name: Build on: push jobs: + go-version: + runs-on: ubuntu-latest + outputs: + version: ${{ steps.go-version.outputs.version }} + steps: + - uses: actions/checkout@v3 + - id: go-version + run: echo "::set-output name=version::$(cat ./.go-version)" + runner-job: + needs: go-version runs-on: ubuntu-latest + strategy: + fail-fast: true + matrix: + arch: ["amd64"] services: vault: image: hashicorp/vault:latest @@ -18,22 +32,6 @@ jobs: MYSQL_ROOT_PASSWORD: mysql ports: - 3306:3306 - go-version: - runs-on: ubuntu-latest - outputs: - version: ${{ steps.go-version.outputs.version }} - steps: - - uses: actions/checkout@v3 - - id: go-version - run: echo "::set-output name=version::$(cat ./.go-version)" - build: - needs: go-version - name: build - runs-on: ubuntu-latest - strategy: - fail-fast: true - matrix: - arch: ["amd64"] steps: - name: Setup Go uses: actions/setup-go@v2 From 33239060f8e9e64ad2ee0f370bcdd4cbf32b6fc8 Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Tue, 17 May 2022 17:01:31 -0400 Subject: [PATCH 09/50] Try out a container job --- .github/workflows/build.yml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5aca04e17..b5563f8df 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -42,3 +42,30 @@ jobs: - name: Build run: | make build + + container-job: + runs-on: ubuntu-latest + strategy: + fail-fast: true + matrix: + arch: ["amd64"] + container: + image: docker.mirror.hashicorp.services/cimg/go:1.17.5 + services: + vault: + image: hashicorp/vault:latest + env: + VAULT_DEV_ROOT_TOKEN_ID: root + ports: + - 8200:8200 + mysql: + image: circleci/mysql:latest + env: + MYSQL_ROOT_PASSWORD: mysql + ports: + - 3306:3306 + steps: + - uses: actions/checkout@v3 + - name: Build + run: | + make build From 6031629458289e82a09ddcde66527b7c47fbe2ea Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Tue, 17 May 2022 17:06:45 -0400 Subject: [PATCH 10/50] Switch from cimg to golang docker repo --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b5563f8df..38c11890b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -50,7 +50,7 @@ jobs: matrix: arch: ["amd64"] container: - image: docker.mirror.hashicorp.services/cimg/go:1.17.5 + image: docker.mirror.hashicorp.services/golang:1.17.10 services: vault: image: hashicorp/vault:latest From 2b41ff6d5a07f050250d36e49b088ee46394361d Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Tue, 17 May 2022 17:28:12 -0400 Subject: [PATCH 11/50] Attempt to run tests --- .github/workflows/build.yml | 67 ++++++++++++------------------------- 1 file changed, 22 insertions(+), 45 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 38c11890b..54fa7fc0b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -3,46 +3,6 @@ name: Build on: push jobs: - go-version: - runs-on: ubuntu-latest - outputs: - version: ${{ steps.go-version.outputs.version }} - steps: - - uses: actions/checkout@v3 - - id: go-version - run: echo "::set-output name=version::$(cat ./.go-version)" - - runner-job: - needs: go-version - runs-on: ubuntu-latest - strategy: - fail-fast: true - matrix: - arch: ["amd64"] - services: - vault: - image: hashicorp/vault:latest - env: - VAULT_DEV_ROOT_TOKEN_ID: root - ports: - - 8200:8200 - mysql: - image: circleci/mysql:latest - env: - MYSQL_ROOT_PASSWORD: mysql - ports: - - 3306:3306 - steps: - - name: Setup Go - uses: actions/setup-go@v2 - with: - go-version: '${{ needs.go-version.outputs.version }}' - - - uses: actions/checkout@v3 - - name: Build - run: | - make build - container-job: runs-on: ubuntu-latest strategy: @@ -56,16 +16,33 @@ jobs: image: hashicorp/vault:latest env: VAULT_DEV_ROOT_TOKEN_ID: root - ports: - - 8200:8200 mysql: - image: circleci/mysql:latest + image: mysql:latest env: MYSQL_ROOT_PASSWORD: mysql - ports: - - 3306:3306 + mssql: + image: mcr.microsoft.com/mssql/server:2017-latest-ubuntu + env: + ACCEPT_EULA: Y + SA_PASSWORD: yourStrong1000Password steps: - uses: actions/checkout@v3 - name: Build run: | make build + - name: Unit Tests + run: | + make test TESTARGS='-v' + - name: Acceptance Tests + env: + VAULT_TOKEN: "root" + VAULT_ADDR: "http://127.0.0.1:8200" + TF_ACC_TERRAFORM_VERSION: "1.0.7" + MYSQL_URL: "root:mysql@mysql:3306/" + MYSQL_CONNECTION_URL: "{{username}}:{{password}}@mysql:3306/" + MYSQL_CONNECTION_USERNAME: "root" + MYSQL_CONNECTION_PASSWORD: "mysql" + #MONGODB_URL: "mongodb://root:mongodb@127.0.0.1:27017/admin?ssl: false" + MSSQL_URL: "sqlserver://sa:yourStrong1000Password@mssql:1433" + run: | + make testacc TESTARGS='-v' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true From 23e897668d9f9cccf0f789e36a251f0dca9fe8a0 Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Tue, 17 May 2022 18:01:53 -0400 Subject: [PATCH 12/50] Get the repo root from Git --- codegen/generate.go | 25 ++++++++++++------------- codegen/generate_test.go | 12 ++++++------ codegen/templates.go | 4 ++-- 3 files changed, 20 insertions(+), 21 deletions(-) diff --git a/codegen/generate.go b/codegen/generate.go index 0889f08ce..072ada3b2 100644 --- a/codegen/generate.go +++ b/codegen/generate.go @@ -2,9 +2,11 @@ package codegen import ( "bufio" + "bytes" "errors" "fmt" "os" + "os/exec" "path/filepath" "strings" @@ -14,7 +16,7 @@ import ( // generatedDirPerms uses 0775 because it is the same as for // the "vault" directory, which is at "drwxrwxr-x". -const generatedDirPerms os.FileMode = 0775 +const generatedDirPerms os.FileMode = 0o775 var errUnsupported = errors.New("code and doc generation for this item is unsupported") @@ -172,11 +174,11 @@ we eventually cover all >500 of them and add tests. */ func codeFilePath(tfTp tfType, endpoint string) (string, error) { filename := fmt.Sprintf("%ss%s.go", tfTp.String(), endpoint) - homeDirPath, err := pathToHomeDir() + repoRoot, err := getRepoRoot() if err != nil { return "", err } - path := filepath.Join(homeDirPath, "generated", filename) + path := filepath.Join(repoRoot, "generated", filename) return stripCurlyBraces(path), nil } @@ -211,11 +213,11 @@ we eventually cover all >500 of them and add tests. func docFilePath(tfTp tfType, endpoint string) (string, error) { endpoint = normalizeDocEndpoint(endpoint) filename := fmt.Sprintf("%s/%s.html.md", tfTp.DocType(), endpoint) - homeDirPath, err := pathToHomeDir() + repoRoot, err := getRepoRoot() if err != nil { return "", err } - return filepath.Join(homeDirPath, "website", "docs", filename), nil + return filepath.Join(repoRoot, "website", "docs", filename), nil } // normalizeDocEndpoint changes the raw endpoint into the format we expect for @@ -248,15 +250,12 @@ func stripCurlyBraces(path string) string { return path } -// pathToHomeDir yields the path to the terraform-vault-provider -// home directory on the machine on which it's running. -// ex. /home/your-name/go/src/github.com/hashicorp/terraform-provider-vault -func pathToHomeDir() (string, error) { - repoName := "terraform-provider-vault" - wd, err := os.Getwd() +// getRepoRoot relative to CWD. +func getRepoRoot() (string, error) { + out, err := exec.Command("git", "rev-parse", "--show-toplevel").Output() if err != nil { return "", err } - pathParts := strings.Split(wd, repoName) - return pathParts[0] + repoName, nil + + return string(bytes.TrimRight(out, "\n")), nil } diff --git a/codegen/generate_test.go b/codegen/generate_test.go index d303ba786..284c6dd31 100644 --- a/codegen/generate_test.go +++ b/codegen/generate_test.go @@ -5,7 +5,7 @@ import ( ) func TestCodeFilePath(t *testing.T) { - homeDirPath, err := pathToHomeDir() + homeDirPath, err := getRepoRoot() if err != nil { t.Fatal(err) } @@ -59,7 +59,7 @@ func TestCodeFilePath(t *testing.T) { } func TestDocFilePath(t *testing.T) { - homeDirPath, err := pathToHomeDir() + repoRoot, err := getRepoRoot() if err != nil { t.Fatal(err) } @@ -95,15 +95,15 @@ func TestDocFilePath(t *testing.T) { if err != nil { t.Fatal(err) } - if actualDataSourceDocPath != homeDirPath+testCase.expectedDataSourceFilePath { - t.Fatalf("expected %q but received %q", homeDirPath+testCase.expectedDataSourceFilePath, actualDataSourceDocPath) + if actualDataSourceDocPath != repoRoot+testCase.expectedDataSourceFilePath { + t.Fatalf("expected %q but received %q", repoRoot+testCase.expectedDataSourceFilePath, actualDataSourceDocPath) } actualResourceDocPath, err := docFilePath(tfTypeResource, testCase.input) if err != nil { t.Fatal(err) } - if actualResourceDocPath != homeDirPath+testCase.expectedResourceFilePath { - t.Fatalf("expected %q but received %q", homeDirPath+testCase.expectedResourceFilePath, actualResourceDocPath) + if actualResourceDocPath != repoRoot+testCase.expectedResourceFilePath { + t.Fatalf("expected %q but received %q", repoRoot+testCase.expectedResourceFilePath, actualResourceDocPath) } } } diff --git a/codegen/templates.go b/codegen/templates.go index 5c6764f49..d068de146 100644 --- a/codegen/templates.go +++ b/codegen/templates.go @@ -35,7 +35,7 @@ var ( ) func newTemplateHandler(logger hclog.Logger) (*templateHandler, error) { - homeDirPath, err := pathToHomeDir() + repoRoot, err := getRepoRoot() if err != nil { return nil, err } @@ -44,7 +44,7 @@ func newTemplateHandler(logger hclog.Logger) (*templateHandler, error) { // cache them to be used repeatedly. templates := make(map[templateType]*template.Template, len(templateRegistry)) for tmplType, pathFromHomeDir := range templateRegistry { - pathToFile := filepath.Join(homeDirPath, pathFromHomeDir) + pathToFile := filepath.Join(repoRoot, pathFromHomeDir) templateBytes, err := ioutil.ReadFile(pathToFile) if err != nil { return nil, errwrap.Wrapf("error reading "+pathToFile+": {{err}}", err) From f44fc7bbb17f1685e456440509a160f75bd69a33 Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Tue, 17 May 2022 21:00:52 -0400 Subject: [PATCH 13/50] Set vault addr to the service container name --- .github/workflows/build.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 54fa7fc0b..7525496c6 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -30,13 +30,13 @@ jobs: - name: Build run: | make build - - name: Unit Tests - run: | - make test TESTARGS='-v' + #- name: Unit Tests + # run: | + # make test TESTARGS='-v' - name: Acceptance Tests env: VAULT_TOKEN: "root" - VAULT_ADDR: "http://127.0.0.1:8200" + VAULT_ADDR: "http://vault:8200" TF_ACC_TERRAFORM_VERSION: "1.0.7" MYSQL_URL: "root:mysql@mysql:3306/" MYSQL_CONNECTION_URL: "{{username}}:{{password}}@mysql:3306/" @@ -45,4 +45,4 @@ jobs: #MONGODB_URL: "mongodb://root:mongodb@127.0.0.1:27017/admin?ssl: false" MSSQL_URL: "sqlserver://sa:yourStrong1000Password@mssql:1433" run: | - make testacc TESTARGS='-v' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true + make testacc TESTARGS='-v -test.count 1 -test.run TestResourceGenericSecret*' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true From 3dbf77c65e20bf2bd42b29702e00ab8565881667 Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Tue, 17 May 2022 21:09:26 -0400 Subject: [PATCH 14/50] Run all acceptance tests. --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7525496c6..68ee5e0cb 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -45,4 +45,4 @@ jobs: #MONGODB_URL: "mongodb://root:mongodb@127.0.0.1:27017/admin?ssl: false" MSSQL_URL: "sqlserver://sa:yourStrong1000Password@mssql:1433" run: | - make testacc TESTARGS='-v -test.count 1 -test.run TestResourceGenericSecret*' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true + make testacc TESTARGS='-v' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true From 07bb14f64a588667ec0485da5eb8f15268f84450 Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Tue, 17 May 2022 21:20:37 -0400 Subject: [PATCH 15/50] Attempt with vault-enterprise --- .github/workflows/build.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 68ee5e0cb..afd4117bc 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -13,9 +13,10 @@ jobs: image: docker.mirror.hashicorp.services/golang:1.17.10 services: vault: - image: hashicorp/vault:latest + image: hashicorp/vault-enterprise:latest env: VAULT_DEV_ROOT_TOKEN_ID: root + VAULT_LICENSE: ${{ secrets.VAULT_LICENSE_CI }} mysql: image: mysql:latest env: @@ -45,4 +46,4 @@ jobs: #MONGODB_URL: "mongodb://root:mongodb@127.0.0.1:27017/admin?ssl: false" MSSQL_URL: "sqlserver://sa:yourStrong1000Password@mssql:1433" run: | - make testacc TESTARGS='-v' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true + make testacc-ent TESTARGS='-v -test.count 1 -test.run TestNamespace_basic' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true From 7af886f5ca2a588c35e1f1b49132355ce3572fec Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Tue, 17 May 2022 21:34:01 -0400 Subject: [PATCH 16/50] Run all acceptance tests, switch back to OSS Vault --- .github/workflows/build.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index afd4117bc..0bf6f126e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -13,10 +13,11 @@ jobs: image: docker.mirror.hashicorp.services/golang:1.17.10 services: vault: - image: hashicorp/vault-enterprise:latest + #image: hashicorp/vault-enterprise:latest + image: hashicorp/vault:latest env: VAULT_DEV_ROOT_TOKEN_ID: root - VAULT_LICENSE: ${{ secrets.VAULT_LICENSE_CI }} + #VAULT_LICENSE: ${{ secrets.VAULT_LICENSE_CI }} mysql: image: mysql:latest env: @@ -31,6 +32,7 @@ jobs: - name: Build run: | make build + # TODO: re-enable #- name: Unit Tests # run: | # make test TESTARGS='-v' @@ -46,4 +48,4 @@ jobs: #MONGODB_URL: "mongodb://root:mongodb@127.0.0.1:27017/admin?ssl: false" MSSQL_URL: "sqlserver://sa:yourStrong1000Password@mssql:1433" run: | - make testacc-ent TESTARGS='-v -test.count 1 -test.run TestNamespace_basic' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true + make testacc TESTARGS='-v' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true From dc7c05d10a885028e87d515a3f12dbb5cc96e812 Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Wed, 18 May 2022 09:14:59 -0400 Subject: [PATCH 17/50] Get mysql tests passing --- .github/workflows/build.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0bf6f126e..2b2967056 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -41,11 +41,11 @@ jobs: VAULT_TOKEN: "root" VAULT_ADDR: "http://vault:8200" TF_ACC_TERRAFORM_VERSION: "1.0.7" - MYSQL_URL: "root:mysql@mysql:3306/" - MYSQL_CONNECTION_URL: "{{username}}:{{password}}@mysql:3306/" + MYSQL_URL: "root:mysql@tcp(mysql:3306)/" + MYSQL_CONNECTION_URL: "{{username}}:{{password}}@tcp(mysql:3306)/" MYSQL_CONNECTION_USERNAME: "root" MYSQL_CONNECTION_PASSWORD: "mysql" #MONGODB_URL: "mongodb://root:mongodb@127.0.0.1:27017/admin?ssl: false" MSSQL_URL: "sqlserver://sa:yourStrong1000Password@mssql:1433" run: | - make testacc TESTARGS='-v' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true + make testacc TESTARGS='-v -test.run TestAccDatabaseSecretBackendConnection_mysql' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true From 5f74ad6075a9e04ff32e66b619fbdd72610933f7 Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Wed, 18 May 2022 10:35:08 -0400 Subject: [PATCH 18/50] Run all acceptance tests, get ODIC tests passing --- .github/workflows/build.yml | 3 +- .../data_identity_oidc_openid_config_test.go | 88 +++++++++++-------- 2 files changed, 53 insertions(+), 38 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2b2967056..cb15e6774 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -48,4 +48,5 @@ jobs: #MONGODB_URL: "mongodb://root:mongodb@127.0.0.1:27017/admin?ssl: false" MSSQL_URL: "sqlserver://sa:yourStrong1000Password@mssql:1433" run: | - make testacc TESTARGS='-v -test.run TestAccDatabaseSecretBackendConnection_mysql' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true + #make testacc TESTARGS='-v -test.run TestAccDatabaseSecretBackendConnection_mysql' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true + make testacc TESTARGS='-v' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true diff --git a/vault/data_identity_oidc_openid_config_test.go b/vault/data_identity_oidc_openid_config_test.go index 7a0d135ce..9c00e8336 100644 --- a/vault/data_identity_oidc_openid_config_test.go +++ b/vault/data_identity_oidc_openid_config_test.go @@ -4,6 +4,7 @@ import ( "fmt" "net/url" "os" + "strings" "testing" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" @@ -13,52 +14,62 @@ import ( ) func TestDataSourceIdentityOIDCOpenIDConfig(t *testing.T) { + testutil.TestAccPreCheck(t) + providerName := acctest.RandomWithPrefix("test-provider") keyName := acctest.RandomWithPrefix("test-key") clientName := acctest.RandomWithPrefix("test-client") - resourceName := "data.vault_identity_oidc_openid_config.config" - vaultAddrEnv := os.Getenv("VAULT_ADDR") - parsedUrl, err := url.Parse(vaultAddrEnv) + u, err := url.Parse(os.Getenv("VAULT_ADDR")) + if err != nil { + t.Fatal(err) + } + + if u.Hostname() == "localhost" { + u.Host = fmt.Sprintf("%s:%s", "127.0.0.1", u.Port()) + } + + base, err := u.Parse(fmt.Sprintf("/v1/identity/oidc/provider/%s/", providerName)) if err != nil { t.Fatal(err) } - host := parsedUrl.Host - if host == "localhost:8200" { - host = "127.0.0.1:8200" + resourceName := "data.vault_identity_oidc_openid_config.config" + checks := []resource.TestCheckFunc{ + resource.TestCheckResourceAttr(resourceName, "name", providerName), + resource.TestCheckResourceAttr(resourceName, "issuer", strings.TrimRight(base.String(), "/")), + resource.TestCheckResourceAttr(resourceName, "request_uri_parameter_supported", "false"), + resource.TestCheckResourceAttr(resourceName, "id_token_signing_alg_values_supported.#", "7"), + resource.TestCheckResourceAttr(resourceName, "scopes_supported.#", "1"), + resource.TestCheckResourceAttr(resourceName, "scopes_supported.0", "openid"), } - issuer := "http://%s/v1/identity/oidc/provider/%s" - jwksURI := "http://%s/v1/identity/oidc/provider/%s/.well-known/keys" - authorizationEndpoint := "http://%s/ui/vault/identity/oidc/provider/%s/authorize" - tokenEndpoint := "http://%s/v1/identity/oidc/provider/%s/token" - userInfoEndpoint := "http://%s/v1/identity/oidc/provider/%s/userinfo" + expectedURLs := map[string]string{ + "jwks_uri": ".well-known/keys", + "token_endpoint": "token", + "userinfo_endpoint": "userinfo", + "authorization_endpoint": fmt.Sprintf("/ui/vault/identity/oidc/provider/%s/authorize", providerName), + } + for k, v := range expectedURLs { + i, err := base.Parse(v) + if err != nil { + t.Fatal(err) + } + checks = append(checks, resource.TestCheckResourceAttr(resourceName, k, i.String())) + } resource.Test(t, resource.TestCase{ Providers: testProviders, - PreCheck: func() { testutil.TestAccPreCheck(t) }, Steps: []resource.TestStep{ { - Config: testDataSourceIdentityOIDCOpenIDConfig_config(keyName, clientName, providerName), - Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr(resourceName, "name", providerName), - resource.TestCheckResourceAttr(resourceName, "issuer", fmt.Sprintf(issuer, host, providerName)), - resource.TestCheckResourceAttr(resourceName, "jwks_uri", fmt.Sprintf(jwksURI, host, providerName)), - resource.TestCheckResourceAttr(resourceName, "authorization_endpoint", fmt.Sprintf(authorizationEndpoint, host, providerName)), - resource.TestCheckResourceAttr(resourceName, "token_endpoint", fmt.Sprintf(tokenEndpoint, host, providerName)), - resource.TestCheckResourceAttr(resourceName, "userinfo_endpoint", fmt.Sprintf(userInfoEndpoint, host, providerName)), - resource.TestCheckResourceAttr(resourceName, "request_uri_parameter_supported", "false"), - resource.TestCheckResourceAttr(resourceName, "id_token_signing_alg_values_supported.#", "7"), - resource.TestCheckResourceAttr(resourceName, "scopes_supported.#", "1"), - resource.TestCheckResourceAttr(resourceName, "scopes_supported.0", "openid"), - ), + Config: testDataSourceIdentityOIDCOpenIDConfig_config(keyName, clientName, providerName, u.Host), + Check: resource.ComposeTestCheckFunc(checks...), }, }, }) } -func testDataSourceIdentityOIDCOpenIDConfig_config(keyName, clientName, providerName string) string { +func testDataSourceIdentityOIDCOpenIDConfig_config(keyName, clientName, providerName, issuerHost string) string { return fmt.Sprintf(` resource "vault_identity_oidc_key" "key" { name = "%s" @@ -68,27 +79,30 @@ resource "vault_identity_oidc_key" "key" { } resource "vault_identity_oidc_client" "app" { - name = "%s" - key = vault_identity_oidc_key.key.name - redirect_uris = [ - "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback", - "http://127.0.0.1:8251/callback", - "http://127.0.0.1:8080/callback" - ] + name = "%s" + key = vault_identity_oidc_key.key.name id_token_ttl = 2400 access_token_ttl = 7200 + + redirect_uris = [ + "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback", + "http://127.0.0.1:8251/callback", + "http://127.0.0.1:8080/callback" + ] } resource "vault_identity_oidc_provider" "test" { - name = "%s" + name = "%s" https_enabled = false - issuer_host = "127.0.0.1:8200" + issuer_host = "%s" + allowed_client_ids = [ - vault_identity_oidc_client.app.client_id + vault_identity_oidc_client.app.client_id ] } data "vault_identity_oidc_openid_config" "config" { name = vault_identity_oidc_provider.test.name -}`, keyName, clientName, providerName) +} +`, keyName, clientName, providerName, issuerHost) } From 21de7ab03f7d9aabf9b9f1a2223a474e9383d1b8 Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Wed, 18 May 2022 13:40:20 -0400 Subject: [PATCH 19/50] Try enterprise again, with a secret this time --- .github/workflows/build.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cb15e6774..32994a4be 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -13,11 +13,11 @@ jobs: image: docker.mirror.hashicorp.services/golang:1.17.10 services: vault: - #image: hashicorp/vault-enterprise:latest - image: hashicorp/vault:latest + image: hashicorp/vault-enterprise:latest + #image: hashicorp/vault:latest env: VAULT_DEV_ROOT_TOKEN_ID: root - #VAULT_LICENSE: ${{ secrets.VAULT_LICENSE_CI }} + VAULT_LICENSE: ${{ secrets.VAULT_LICENSE }} mysql: image: mysql:latest env: @@ -48,5 +48,5 @@ jobs: #MONGODB_URL: "mongodb://root:mongodb@127.0.0.1:27017/admin?ssl: false" MSSQL_URL: "sqlserver://sa:yourStrong1000Password@mssql:1433" run: | - #make testacc TESTARGS='-v -test.run TestAccDatabaseSecretBackendConnection_mysql' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true - make testacc TESTARGS='-v' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true + make testacc-ent TESTARGS='-v -test.run TestNamespace_basic' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true + #make testacc TESTARGS='-v' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true From f95f93ac378e22efd6ba86e5833651e4a46380bf Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Wed, 18 May 2022 13:48:46 -0400 Subject: [PATCH 20/50] Run all enterprise acceptance tests --- .github/workflows/build.yml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 32994a4be..8df1c55f6 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -13,8 +13,7 @@ jobs: image: docker.mirror.hashicorp.services/golang:1.17.10 services: vault: - image: hashicorp/vault-enterprise:latest - #image: hashicorp/vault:latest + image: hashicorp/vault-enterprise:1.10.3-ent env: VAULT_DEV_ROOT_TOKEN_ID: root VAULT_LICENSE: ${{ secrets.VAULT_LICENSE }} @@ -26,7 +25,7 @@ jobs: image: mcr.microsoft.com/mssql/server:2017-latest-ubuntu env: ACCEPT_EULA: Y - SA_PASSWORD: yourStrong1000Password + SA_PASSWORD: ${{ secrets.MSSQL_SA_PASSWORD }} steps: - uses: actions/checkout@v3 - name: Build @@ -46,7 +45,6 @@ jobs: MYSQL_CONNECTION_USERNAME: "root" MYSQL_CONNECTION_PASSWORD: "mysql" #MONGODB_URL: "mongodb://root:mongodb@127.0.0.1:27017/admin?ssl: false" - MSSQL_URL: "sqlserver://sa:yourStrong1000Password@mssql:1433" + MSSQL_URL: "sqlserver://sa:${{ secret.MSSQL_SA_PASSWORD }}@mssql:1433" run: | - make testacc-ent TESTARGS='-v -test.run TestNamespace_basic' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true - #make testacc TESTARGS='-v' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true + make testacc-ent TESTARGS='-v' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true From c4d9e809bad97298ef1fcf60d0501dcc7fea3fbb Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Wed, 18 May 2022 13:50:43 -0400 Subject: [PATCH 21/50] Fix typo --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8df1c55f6..a0bc3e28b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -45,6 +45,6 @@ jobs: MYSQL_CONNECTION_USERNAME: "root" MYSQL_CONNECTION_PASSWORD: "mysql" #MONGODB_URL: "mongodb://root:mongodb@127.0.0.1:27017/admin?ssl: false" - MSSQL_URL: "sqlserver://sa:${{ secret.MSSQL_SA_PASSWORD }}@mssql:1433" + MSSQL_URL: "sqlserver://sa:${{ secrets.MSSQL_SA_PASSWORD }}@mssql:1433" run: | make testacc-ent TESTARGS='-v' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true From 02f3bb7f0c99ffa369c12ca52271ec7748325f03 Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Wed, 18 May 2022 16:21:01 -0400 Subject: [PATCH 22/50] Fix up broken enterprise tests Bye Bye CircleCI --- .circleci/config.yml | 69 ------------------- .github/workflows/build.yml | 8 +-- .../resources/transform/template/name_test.go | 2 +- vault/resource_raft_autopilot_test.go | 5 +- ...esource_raft_snapshot_agent_config_test.go | 12 +++- 5 files changed, 15 insertions(+), 81 deletions(-) delete mode 100644 .circleci/config.yml diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index 273d66c11..000000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,69 +0,0 @@ -version: 2.1 - -workflows: - build: - jobs: - - build: - context: - - vault-plugin-secrets-terraform - -jobs: - build: - docker: - - image: docker.mirror.hashicorp.services/cimg/go:1.17.5 - - image: circleci/mongo:latest - environment: - - MONGO_INITDB_ROOT_USERNAME: root - - MONGO_INITDB_ROOT_PASSWORD: mongodb - - MONGO_INITDB_DATABASE: admin - - image: circleci/mysql:latest - environment: - MYSQL_ROOT_PASSWORD: mysql - - image: hashicorp/vault:latest - environment: - VAULT_DEV_ROOT_TOKEN_ID: root - - image: mcr.microsoft.com/mssql/server:2017-latest-ubuntu - environment: - ACCEPT_EULA: Y - SA_PASSWORD: yourStrong1000Password - working_directory: /tmp/go/src/github.com/hashicorp/terraform-provider-vault - steps: - - checkout - - run: - name: Wait for containers to starts - command: dockerize -wait http://127.0.0.1:8200 -wait tcp://127.0.0.1:3306 -wait tcp://127.0.0.1:1433 -timeout 30s - - run: - name: "Set Environment Variables" - command: | - echo 'GO111MODULE=on' >> $BASH_ENV - echo 'export GOBIN=$GOPATH/bin' >> $BASH_ENV - - run: - name: "Run Tests" - no_output_timeout: 30m - command: | - make test TESTARGS='-v' - #- run: - # name: "Run Acceptance Tests" - # no_output_timeout: 35m - # command: | - # export VAULT_TOKEN="root" - # export VAULT_ADDR="http://127.0.0.1:8200" - # export TF_ACC_TERRAFORM_VERSION="1.0.7" - # export MYSQL_URL="root:mysql@tcp(127.0.0.1:3306)/" - # export MYSQL_CONNECTION_URL="{{username}}:{{password}}@tcp(127.0.0.1:3306)/" - # export MYSQL_CONNECTION_USERNAME="root" - # export MYSQL_CONNECTION_PASSWORD="mysql" - # export MONGODB_URL="mongodb://root:mongodb@127.0.0.1:27017/admin?ssl=false" - # export MSSQL_URL="sqlserver://sa:yourStrong1000Password@127.0.0.1:1433" - # # This will be removed after VAULT-4324 is fixed - # make testacc TESTARGS='-v' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true - - run: - name: "Run Build" - command: | - go build - - run: - name: "Generate Coverage Report" - command: | - cd cmd/coverage/ - go build - ./coverage -openapi-doc=/tmp/go/src/github.com/hashicorp/terraform-provider-vault/testdata/openapi.json diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a0bc3e28b..f450e20cf 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -31,10 +31,9 @@ jobs: - name: Build run: | make build - # TODO: re-enable - #- name: Unit Tests - # run: | - # make test TESTARGS='-v' + - name: Unit Tests + run: | + make test TESTARGS='-v' - name: Acceptance Tests env: VAULT_TOKEN: "root" @@ -44,6 +43,7 @@ jobs: MYSQL_CONNECTION_URL: "{{username}}:{{password}}@tcp(mysql:3306)/" MYSQL_CONNECTION_USERNAME: "root" MYSQL_CONNECTION_PASSWORD: "mysql" + # TODO: setup mongodb tests #MONGODB_URL: "mongodb://root:mongodb@127.0.0.1:27017/admin?ssl: false" MSSQL_URL: "sqlserver://sa:${{ secrets.MSSQL_SA_PASSWORD }}@mssql:1433" run: | diff --git a/generated/resources/transform/template/name_test.go b/generated/resources/transform/template/name_test.go index 3413aa0b9..d7529f04e 100644 --- a/generated/resources/transform/template/name_test.go +++ b/generated/resources/transform/template/name_test.go @@ -65,7 +65,7 @@ func TestTemplateName(t *testing.T) { resource.TestCheckResourceAttr("vault_transform_template_name.test", "pattern", `(\d{9})`), resource.TestCheckResourceAttr("vault_transform_template_name.test", "alphabet", "builtin/numeric"), resource.TestCheckResourceAttr("vault_transform_template_name.test", "encode_format", ""), - resource.TestCheckNoResourceAttr("vault_transform_template_name.test", "decode_formats"), + resource.TestCheckResourceAttr("vault_transform_template_name.test", "decode_formats.#", "0"), ), }, { diff --git a/vault/resource_raft_autopilot_test.go b/vault/resource_raft_autopilot_test.go index 7ea54b434..67f330172 100644 --- a/vault/resource_raft_autopilot_test.go +++ b/vault/resource_raft_autopilot_test.go @@ -2,7 +2,6 @@ package vault import ( "fmt" - "os" "strconv" "testing" @@ -18,9 +17,7 @@ func TestAccRaftAutopilotConfig_basic(t *testing.T) { Providers: testProviders, PreCheck: func() { testutil.TestAccPreCheck(t) - if _, ok := os.LookupEnv("SKIP_RAFT_TESTS"); ok { - t.Skip("Warning: SKIP_RAFT_TESTS set, skipping test") - } + testutil.SkipTestEnvSet(t, "SKIP_RAFT_TESTS") }, CheckDestroy: testAccRaftAutopilotConfigCheckDestroy, Steps: []resource.TestStep{ diff --git a/vault/resource_raft_snapshot_agent_config_test.go b/vault/resource_raft_snapshot_agent_config_test.go index b80632c60..81c10ba91 100644 --- a/vault/resource_raft_snapshot_agent_config_test.go +++ b/vault/resource_raft_snapshot_agent_config_test.go @@ -15,8 +15,11 @@ import ( func TestAccRaftSnapshotAgentConfig_basic(t *testing.T) { name := acctest.RandomWithPrefix("tf-test-raft-snapshot") resource.Test(t, resource.TestCase{ - Providers: testProviders, - PreCheck: func() { testutil.TestEntPreCheck(t) }, + Providers: testProviders, + PreCheck: func() { + testutil.SkipTestEnvSet(t, "SKIP_RAFT_TESTS") + testutil.TestEntPreCheck(t) + }, CheckDestroy: testAccRaftSnapshotAgentConfigCheckDestroy, Steps: []resource.TestStep{ { @@ -95,7 +98,10 @@ func TestAccRaftSnapshotAgentConfig_basic(t *testing.T) { func TestAccRaftSnapshotAgentConfig_import(t *testing.T) { name := acctest.RandomWithPrefix("tf-test-raft-snapshot") resource.Test(t, resource.TestCase{ - PreCheck: func() { testutil.TestEntPreCheck(t) }, + PreCheck: func() { + testutil.SkipTestEnvSet(t, "SKIP_RAFT_TESTS") + testutil.TestEntPreCheck(t) + }, Providers: testProviders, CheckDestroy: testAccRaftSnapshotAgentConfigCheckDestroy, Steps: []resource.TestStep{ From 4190f486a3742e643876dbd825ea1ddc6ae05449 Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Wed, 18 May 2022 17:18:05 -0400 Subject: [PATCH 23/50] Skip if not acc test --- vault/data_identity_oidc_openid_config_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/vault/data_identity_oidc_openid_config_test.go b/vault/data_identity_oidc_openid_config_test.go index 9c00e8336..a01d3152d 100644 --- a/vault/data_identity_oidc_openid_config_test.go +++ b/vault/data_identity_oidc_openid_config_test.go @@ -14,6 +14,7 @@ import ( ) func TestDataSourceIdentityOIDCOpenIDConfig(t *testing.T) { + testutil.SkipTestAcc(t) testutil.TestAccPreCheck(t) providerName := acctest.RandomWithPrefix("test-provider") From 9961391e203b32652ef530298393d4a89ded9d6d Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Wed, 18 May 2022 17:27:51 -0400 Subject: [PATCH 24/50] Restore CircleCI config, until project is disabled --- .circleci/config.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 .circleci/config.yml diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 000000000..eb3f8ceb4 --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,13 @@ +version: 2.1 + +workflows: + build: + jobs: + - build +jobs: + build: + steps: + - run: + name: "Moved to GitHub Actions" + command: | + echo "Moved to GitHub Actions: https://github.com/hashicorp/terraform-provider-vault/actions" From 8e10622b5687f9bdc4699a011c4d341ffeaef512 Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Wed, 18 May 2022 17:35:53 -0400 Subject: [PATCH 25/50] This time for sure --- .circleci/config.yml | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index eb3f8ceb4..2ad240e79 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,13 +1,8 @@ version: 2.1 -workflows: - build: - jobs: - - build jobs: build: + docker: + - image: cimg/base:2022.03 steps: - - run: - name: "Moved to GitHub Actions" - command: | - echo "Moved to GitHub Actions: https://github.com/hashicorp/terraform-provider-vault/actions" + - run: echo 'Moved to GitHub Actions https://github.com/hashicorp/terraform-provider-vault/actions' From f645377f8291a2f9f5d11403fcf68b18cc635b99 Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Wed, 18 May 2022 17:41:10 -0400 Subject: [PATCH 26/50] Figlet in CircleCI --- .circleci/config.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 2ad240e79..70603dbb1 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -5,4 +5,6 @@ jobs: docker: - image: cimg/base:2022.03 steps: - - run: echo 'Moved to GitHub Actions https://github.com/hashicorp/terraform-provider-vault/actions' + - run: sudo apt-get update && sudo apt-get install -y figlet + - run: figlet 'Moved to GitHub Actions' + - run: echo https://github.com/hashicorp/terraform-provider-vault/actions From 2702f3109cd6aa453dbc4509aa96385317f8c20b Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Wed, 18 May 2022 17:48:55 -0400 Subject: [PATCH 27/50] 1 job --- .circleci/config.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 70603dbb1..49c181441 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -5,6 +5,9 @@ jobs: docker: - image: cimg/base:2022.03 steps: - - run: sudo apt-get update && sudo apt-get install -y figlet - - run: figlet 'Moved to GitHub Actions' - - run: echo https://github.com/hashicorp/terraform-provider-vault/actions + - run: + name: "Moved to GitHub Actions" + command: | + sudo apt-get update && sudo apt-get install -y figlet + figlet 'Moved to GitHub Actions' + echo 'See https://github.com/hashicorp/terraform-provider-vault/actions' From 1385e171fd6e250282bc57b66bae7a76ecfad22b Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Wed, 18 May 2022 18:20:00 -0400 Subject: [PATCH 28/50] Attempt to fix Vault quota issue --- .github/workflows/build.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f450e20cf..ec7a23723 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -27,6 +27,25 @@ jobs: ACCEPT_EULA: Y SA_PASSWORD: ${{ secrets.MSSQL_SA_PASSWORD }} steps: + - name: Tune Vault Quotas + env: + VAULT_TOKEN: "root" + VAULT_ADDR: "http://vault:8200" + run: | + cat > /tmp/payload.json < Date: Wed, 18 May 2022 18:26:24 -0400 Subject: [PATCH 29/50] Enable curl --fail option --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ec7a23723..6014d8dae 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -40,7 +40,7 @@ jobs: } HERE - curl \ + curl --fail --show-error --silent \ --request POST \ --header "X-Vault-Token: ${VAULT_TOKEN}" \ --data @/tmp/payload.json \ From f57fb513184f685a94d2d9dfdd8fced5336176ba Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Wed, 18 May 2022 18:58:41 -0400 Subject: [PATCH 30/50] Try multi-vault version matrix --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 6014d8dae..9e62e4251 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -8,12 +8,12 @@ jobs: strategy: fail-fast: true matrix: - arch: ["amd64"] + image: ["hashicorp/vault-enterprise:1.10-ent", "hashicorp/vault-enterprise:1.9-ent"] container: image: docker.mirror.hashicorp.services/golang:1.17.10 services: vault: - image: hashicorp/vault-enterprise:1.10.3-ent + image: ${{ matrix.image }} env: VAULT_DEV_ROOT_TOKEN_ID: root VAULT_LICENSE: ${{ secrets.VAULT_LICENSE }} From 2dd1462fe9b8177e5eba150cd1f71027a4e67e67 Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Wed, 18 May 2022 19:29:54 -0400 Subject: [PATCH 31/50] Disable KMIP role test, remove vault-1.9 job --- .github/workflows/build.yml | 8 +++++--- vault/resource_kmip_secret_role_test.go | 1 + 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9e62e4251..323ef3042 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -6,14 +6,16 @@ jobs: container-job: runs-on: ubuntu-latest strategy: - fail-fast: true + fail-fast: false matrix: - image: ["hashicorp/vault-enterprise:1.10-ent", "hashicorp/vault-enterprise:1.9-ent"] + # TODO: enable 1.9 job once the provider is Vault version aware + #image: ["vault-enterprise:1.9-ent", "vault-enterprise:1.10-ent"] + image: ["vault-enterprise:1.10-ent"] container: image: docker.mirror.hashicorp.services/golang:1.17.10 services: vault: - image: ${{ matrix.image }} + image: hashicorp/${{ matrix.image }} env: VAULT_DEV_ROOT_TOKEN_ID: root VAULT_LICENSE: ${{ secrets.VAULT_LICENSE }} diff --git a/vault/resource_kmip_secret_role_test.go b/vault/resource_kmip_secret_role_test.go index f693cf05b..24e979645 100644 --- a/vault/resource_kmip_secret_role_test.go +++ b/vault/resource_kmip_secret_role_test.go @@ -74,6 +74,7 @@ func TestAccKMIPSecretRole_basic(t *testing.T) { } func TestAccKMIPSecretRole_remount(t *testing.T) { + t.Skip("Skip until remount, and bind addr issues are resolved") path := acctest.RandomWithPrefix("tf-test-kmip") remountPath := acctest.RandomWithPrefix("tf-test-kmip-remount") resourceName := "vault_kmip_secret_role.test" From 386d19b41fa8e59ad95f0a0035227abfe32a9154 Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Wed, 18 May 2022 21:06:25 -0400 Subject: [PATCH 32/50] Another attempt at quota workaround --- .github/workflows/build.yml | 9 ++++++++- vault/resource_kmip_secret_backend_test.go | 1 + 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 323ef3042..8e2bc77c9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -37,7 +37,14 @@ jobs: cat > /tmp/payload.json < Date: Wed, 18 May 2022 21:37:37 -0400 Subject: [PATCH 33/50] Maybe /v1/auth/token/create --- .github/workflows/build.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8e2bc77c9..ba961049b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -44,7 +44,7 @@ jobs: "/v1/sys/health", "/v1/sys/seal-status", "/v1/sys/unseal", - "/v1/sys/auth/token/create" + "/v1/auth/token/create" ] } HERE @@ -59,9 +59,9 @@ jobs: - name: Build run: | make build - - name: Unit Tests - run: | - make test TESTARGS='-v' + #- name: Unit Tests + # run: | + # make test TESTARGS='-v' - name: Acceptance Tests env: VAULT_TOKEN: "root" From 41cf12199bd5b5bccc676319f2fd4f49052b4c39 Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Thu, 19 May 2022 12:50:49 -0400 Subject: [PATCH 34/50] Set max_leases on root --- .github/workflows/build.yml | 25 +++++-------------------- 1 file changed, 5 insertions(+), 20 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ba961049b..21043a5e6 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -34,27 +34,12 @@ jobs: VAULT_TOKEN: "root" VAULT_ADDR: "http://vault:8200" run: | - cat > /tmp/payload.json < Date: Thu, 19 May 2022 14:36:26 -0400 Subject: [PATCH 35/50] Run quota lease tests in a random namespace. This should prevent breaking downstream tests --- vault/resource_quota_lease_count_test.go | 45 ++++++++++++++---------- 1 file changed, 26 insertions(+), 19 deletions(-) diff --git a/vault/resource_quota_lease_count_test.go b/vault/resource_quota_lease_count_test.go index 746e7ab91..d3a991a1b 100644 --- a/vault/resource_quota_lease_count_test.go +++ b/vault/resource_quota_lease_count_test.go @@ -14,41 +14,44 @@ import ( ) func randomQuotaLeaseString() string { - whole := acctest.RandIntRange(1000, 2000) + whole := acctest.RandIntRange(50000, 60000) return strconv.Itoa(whole + 1000) } func TestQuotaLeaseCount(t *testing.T) { name := acctest.RandomWithPrefix("tf-test") - leaseCount := randomQuotaLeaseString() - newLeaseCount := randomQuotaLeaseString() + ns := "ns-" + name + leaseCount := "2" // randomQuotaLeaseString() + newLeaseCount := "3" // randomQuotaLeaseString() + resourceName := "vault_quota_lease_count.foobar" + resource.Test(t, resource.TestCase{ Providers: testProviders, PreCheck: func() { testutil.TestEntPreCheck(t) }, CheckDestroy: testQuotaLeaseCountCheckDestroy([]string{leaseCount, newLeaseCount}), Steps: []resource.TestStep{ { - Config: testQuotaLeaseCount_Config(name, "", leaseCount), + Config: testQuotaLeaseCountConfig(ns, name, "", leaseCount), Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr("vault_quota_lease_count.foobar", "name", name), - resource.TestCheckResourceAttr("vault_quota_lease_count.foobar", "path", ""), - resource.TestCheckResourceAttr("vault_quota_lease_count.foobar", "max_leases", leaseCount), + resource.TestCheckResourceAttr(resourceName, "name", name), + resource.TestCheckResourceAttr(resourceName, "path", ns+"/"), + resource.TestCheckResourceAttr(resourceName, "max_leases", leaseCount), ), }, { - Config: testQuotaLeaseCount_Config(name, "", newLeaseCount), + Config: testQuotaLeaseCountConfig(ns, name, "", newLeaseCount), Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr("vault_quota_lease_count.foobar", "name", name), - resource.TestCheckResourceAttr("vault_quota_lease_count.foobar", "path", ""), - resource.TestCheckResourceAttr("vault_quota_lease_count.foobar", "max_leases", newLeaseCount), + resource.TestCheckResourceAttr(resourceName, "name", name), + resource.TestCheckResourceAttr(resourceName, "path", ns+"/"), + resource.TestCheckResourceAttr(resourceName, "max_leases", newLeaseCount), ), }, { - Config: testQuotaLeaseCount_Config(name, "sys/", newLeaseCount), + Config: testQuotaLeaseCountConfig(ns, name, "sys/", newLeaseCount), Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr("vault_quota_lease_count.foobar", "name", name), - resource.TestCheckResourceAttr("vault_quota_lease_count.foobar", "path", "sys/"), - resource.TestCheckResourceAttr("vault_quota_lease_count.foobar", "max_leases", newLeaseCount), + resource.TestCheckResourceAttr(resourceName, "name", name), + resource.TestCheckResourceAttr(resourceName, "path", ns+"/sys/"), + resource.TestCheckResourceAttr(resourceName, "max_leases", newLeaseCount), ), }, }, @@ -75,12 +78,16 @@ func testQuotaLeaseCountCheckDestroy(leaseCounts []string) resource.TestCheckFun } // Caution: Don't set test max_leases values too low or other tests running concurrently might fail -func testQuotaLeaseCount_Config(name, path, max_leases string) string { +func testQuotaLeaseCountConfig(ns, name, path, maxLeases string) string { return fmt.Sprintf(` -resource "vault_quota_lease_count" "foobar" { - name = "%s" +resource "vault_namespace" "test" { path = "%s" +} + +resource "vault_quota_lease_count" "foobar" { + name = "%s" + path = "${vault_namespace.test.path}/%s" max_leases = %s } -`, name, path, max_leases) +`, ns, name, path, maxLeases) } From d7d4b659e826b46a4f53cc2d1419add6b77cc970 Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Thu, 19 May 2022 16:27:56 -0400 Subject: [PATCH 36/50] Fix up KMIP tests, fix issue with remount failure --- go.mod | 1 + go.sum | 1 + testutil/testutil.go | 40 +++++++++++++++++++ vault/resource_kmip_secret_backend.go | 33 +++++++++++++--- vault/resource_kmip_secret_backend_test.go | 28 ++++++------- vault/resource_kmip_secret_role_test.go | 46 +++++++++++++++++----- vault/resource_kmip_secret_scope_test.go | 22 +++++++++-- 7 files changed, 139 insertions(+), 32 deletions(-) diff --git a/go.mod b/go.mod index 3f139084e..79909f2df 100644 --- a/go.mod +++ b/go.mod @@ -10,6 +10,7 @@ require ( github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 // indirect github.com/aws/aws-sdk-go v1.41.8 github.com/containerd/containerd v1.6.2 // indirect + github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f github.com/denisenkom/go-mssqldb v0.11.0 github.com/docker/distribution v2.8.1+incompatible // indirect github.com/go-sql-driver/mysql v1.6.0 diff --git a/go.sum b/go.sum index 3966f7909..8b1c66ad8 100644 --- a/go.sum +++ b/go.sum @@ -454,6 +454,7 @@ github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+ github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= +github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f h1:lBNOc5arjvs8E5mO2tbpBpLoyyu8B6e44T7hJy6potg= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/couchbase/gocb/v2 v2.3.3/go.mod h1:h4b3UYDnGI89hMW9VypVjAr+EE0Ki4jjlXJrVdmSZhQ= github.com/couchbase/gocbcore/v10 v10.0.4/go.mod h1:s6dwBFs4c3+cAzZbo1q0VW+QasudhHJuehE8b8U2YNg= diff --git a/testutil/testutil.go b/testutil/testutil.go index 96da012ad..54fd43871 100644 --- a/testutil/testutil.go +++ b/testutil/testutil.go @@ -11,6 +11,7 @@ import ( "reflect" "testing" + "github.com/coreos/pkg/multierror" "github.com/hashicorp/go-retryablehttp" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" @@ -289,3 +290,42 @@ func TestHTTPServer(t *testing.T, handler http.Handler) (*api.Config, net.Listen return config, ln } + +func GetDynamicTCPListeners(host string, count int) ([]net.Listener, func() error, error) { + _, p, err := net.SplitHostPort(host) + if err != nil { + pErr := err.(*net.AddrError) + if pErr.Err != "missing port in address" { + return nil, nil, err + } + } + if p != "" { + return nil, nil, fmt.Errorf("host %q contains a port", host) + } + + addr := host + ":0" + listeners := make([]net.Listener, count) + for i := 0; i < count; i++ { + ln, err := net.Listen("tcp", addr) + if err != nil { + return nil, nil, err + } + listeners[i] = ln + } + + closer := func() error { + errs := multierror.Error{} + for _, ln := range listeners { + if err := ln.Close(); err != nil { + errs = append(errs, err) + } + } + + if len(errs) > 0 { + return errs + } + return nil + } + + return listeners, closer, nil +} diff --git a/vault/resource_kmip_secret_backend.go b/vault/resource_kmip_secret_backend.go index 5d29a7200..32e560178 100644 --- a/vault/resource_kmip_secret_backend.go +++ b/vault/resource_kmip_secret_backend.go @@ -3,6 +3,7 @@ package vault import ( "fmt" "log" + "time" "github.com/hashicorp/terraform-provider-vault/util" @@ -133,17 +134,39 @@ func kmipSecretBackendUpdate(d *schema.ResourceData, meta interface{}) error { path := d.Id() if !d.IsNewResource() && d.HasChange("path") { - newPath := d.Get("path").(string) + src := path + dest := d.Get("path").(string) - log.Printf("[DEBUG] Remount %s to %s in Vault", path, newPath) + log.Printf("[DEBUG] Remount %s to %s in Vault", src, dest) - err := client.Sys().Remount(path, newPath) + err := client.Sys().Remount(src, dest) if err != nil { return fmt.Errorf("error remounting in Vault: %s", err) } - d.SetId(newPath) - path = newPath + // There is something similar in resource_mount.go, but in the call to TuneMount(). + var tries int + for { + if tries > 10 { + return fmt.Errorf( + "mount %q did did not become available after %d tries, interval=1s", dest, tries) + } + + enabled, err := util.CheckMountEnabled(client, dest) + if err != nil { + return err + } + if !enabled { + tries++ + time.Sleep(1 * time.Second) + continue + } + + break + } + + path = dest + d.SetId(path) } log.Printf("[DEBUG] Updating mount %s in Vault", path) diff --git a/vault/resource_kmip_secret_backend_test.go b/vault/resource_kmip_secret_backend_test.go index 8908b349f..fa7dfb2e2 100644 --- a/vault/resource_kmip_secret_backend_test.go +++ b/vault/resource_kmip_secret_backend_test.go @@ -2,7 +2,6 @@ package vault import ( "fmt" - "net" "strings" "testing" @@ -15,24 +14,21 @@ import ( ) func TestAccKMIPSecretBackend_basic(t *testing.T) { - t.Skip("Skip until listen_addr issues are resolved") + testutil.SkipTestAccEnt(t) + path := acctest.RandomWithPrefix("tf-test-kmip") resourceName := "vault_kmip_secret_backend.test" - ln1, err := net.Listen("tcp", "127.0.0.1:0") - if err != nil { - t.Fatal(err) - } - ln2, err := net.Listen("tcp", "127.0.0.1:0") + lns, closer, err := testutil.GetDynamicTCPListeners("127.0.0.1", 2) if err != nil { t.Fatal(err) } - addr1 := ln1.Addr().String() - addr2 := ln2.Addr().String() + addr1, addr2 := lns[0].Addr().String(), lns[1].Addr().String() - ln1.Close() - ln2.Close() + if err = closer(); err != nil { + t.Fatal(err) + } resource.Test(t, resource.TestCase{ Providers: testProviders, @@ -80,18 +76,22 @@ func TestAccKMIPSecretBackend_basic(t *testing.T) { } func TestAccKMIPSecretBackend_remount(t *testing.T) { + testutil.SkipTestAccEnt(t) + path := acctest.RandomWithPrefix("tf-test-kmip") remountPath := acctest.RandomWithPrefix("tf-test-kmip-updated") resourceName := "vault_kmip_secret_backend.test" - ln1, err := net.Listen("tcp", "127.0.0.1:0") + lns, closer, err := testutil.GetDynamicTCPListeners("127.0.0.1", 1) if err != nil { t.Fatal(err) } - addr1 := ln1.Addr().String() + addr1 := lns[0].Addr().String() - ln1.Close() + if err = closer(); err != nil { + t.Fatal(err) + } resource.Test(t, resource.TestCase{ Providers: testProviders, diff --git a/vault/resource_kmip_secret_role_test.go b/vault/resource_kmip_secret_role_test.go index 24e979645..a7d585c97 100644 --- a/vault/resource_kmip_secret_role_test.go +++ b/vault/resource_kmip_secret_role_test.go @@ -14,15 +14,29 @@ import ( ) func TestAccKMIPSecretRole_basic(t *testing.T) { + testutil.SkipTestAccEnt(t) + path := acctest.RandomWithPrefix("tf-test-kmip") resourceName := "vault_kmip_secret_role.test" + + lns, closer, err := testutil.GetDynamicTCPListeners("127.0.0.1", 1) + if err != nil { + t.Fatal(err) + } + + if err = closer(); err != nil { + t.Fatal(err) + } + + addr1 := lns[0].Addr().String() + resource.Test(t, resource.TestCase{ Providers: testProviders, PreCheck: func() { testutil.TestEntPreCheck(t) }, CheckDestroy: testAccKMIPSecretRoleCheckDestroy, Steps: []resource.TestStep{ { - Config: testKMIPSecretRole_initialConfig(path), + Config: testKMIPSecretRole_initialConfig(path, addr1), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(resourceName, "path", path), resource.TestCheckResourceAttr(resourceName, "scope", "scope-1"), @@ -46,7 +60,7 @@ func TestAccKMIPSecretRole_basic(t *testing.T) { ), }, { - Config: testKMIPSecretRole_updatedConfig(path), + Config: testKMIPSecretRole_updatedConfig(path, addr1), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(resourceName, "path", path), resource.TestCheckResourceAttr(resourceName, "scope", "scope-1"), @@ -74,7 +88,19 @@ func TestAccKMIPSecretRole_basic(t *testing.T) { } func TestAccKMIPSecretRole_remount(t *testing.T) { - t.Skip("Skip until remount, and bind addr issues are resolved") + testutil.SkipTestAccEnt(t) + + lns, closer, err := testutil.GetDynamicTCPListeners("127.0.0.1", 1) + if err != nil { + t.Fatal(err) + } + + if err = closer(); err != nil { + t.Fatal(err) + } + + addr1 := lns[0].Addr().String() + path := acctest.RandomWithPrefix("tf-test-kmip") remountPath := acctest.RandomWithPrefix("tf-test-kmip-remount") resourceName := "vault_kmip_secret_role.test" @@ -84,7 +110,7 @@ func TestAccKMIPSecretRole_remount(t *testing.T) { CheckDestroy: testAccKMIPSecretRoleCheckDestroy, Steps: []resource.TestStep{ { - Config: testKMIPSecretRole_initialConfig(path), + Config: testKMIPSecretRole_initialConfig(path, addr1), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(resourceName, "path", path), resource.TestCheckResourceAttr(resourceName, "scope", "scope-1"), @@ -108,7 +134,7 @@ func TestAccKMIPSecretRole_remount(t *testing.T) { ), }, { - Config: testKMIPSecretRole_initialConfig(remountPath), + Config: testKMIPSecretRole_initialConfig(remountPath, addr1), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(resourceName, "path", remountPath), resource.TestCheckResourceAttr(resourceName, "scope", "scope-1"), @@ -160,10 +186,11 @@ func testAccKMIPSecretRoleCheckDestroy(s *terraform.State) error { return nil } -func testKMIPSecretRole_initialConfig(path string) string { +func testKMIPSecretRole_initialConfig(path string, listenAddr string) string { return fmt.Sprintf(` resource "vault_kmip_secret_backend" "kmip" { path = "%s" + listen_addrs = ["%s"] description = "test description" } @@ -182,13 +209,14 @@ resource "vault_kmip_secret_role" "test" { operation_get = true operation_get_attributes = true } -`, path) +`, path, listenAddr) } -func testKMIPSecretRole_updatedConfig(path string) string { +func testKMIPSecretRole_updatedConfig(path string, listenAddr string) string { return fmt.Sprintf(` resource "vault_kmip_secret_backend" "kmip" { path = "%s" + listen_addrs = ["%s"] description = "test description" } @@ -210,5 +238,5 @@ resource "vault_kmip_secret_role" "test" { operation_create = true operation_destroy = true } -`, path) +`, path, listenAddr) } diff --git a/vault/resource_kmip_secret_scope_test.go b/vault/resource_kmip_secret_scope_test.go index 79978a0f9..de3fe02d6 100644 --- a/vault/resource_kmip_secret_scope_test.go +++ b/vault/resource_kmip_secret_scope_test.go @@ -14,23 +14,36 @@ import ( ) func TestAccKMIPSecretScope_remount(t *testing.T) { + testutil.SkipTestAccEnt(t) + path := acctest.RandomWithPrefix("tf-test-kmip") remountPath := acctest.RandomWithPrefix("tf-test-kmip-updated") resourceName := "vault_kmip_secret_scope.test" + + lns, closer, err := testutil.GetDynamicTCPListeners("127.0.0.1", 1) + if err != nil { + t.Fatal(err) + } + + if err = closer(); err != nil { + t.Fatal(err) + } + + addr1 := lns[0].Addr().String() resource.Test(t, resource.TestCase{ Providers: testProviders, PreCheck: func() { testutil.TestEntPreCheck(t) }, CheckDestroy: testAccKMIPSecretScopeCheckDestroy, Steps: []resource.TestStep{ { - Config: testKMIPSecretScope_initialConfig(path), + Config: testKMIPSecretScope_initialConfig(path, addr1), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(resourceName, "path", path), resource.TestCheckResourceAttr(resourceName, "scope", "test"), ), }, { - Config: testKMIPSecretScope_initialConfig(remountPath), + Config: testKMIPSecretScope_initialConfig(remountPath, addr1), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(resourceName, "path", remountPath), resource.TestCheckResourceAttr(resourceName, "scope", "test"), @@ -64,15 +77,16 @@ func testAccKMIPSecretScopeCheckDestroy(s *terraform.State) error { return nil } -func testKMIPSecretScope_initialConfig(path string) string { +func testKMIPSecretScope_initialConfig(path string, listenAddr string) string { return fmt.Sprintf(` resource "vault_kmip_secret_backend" "kmip" { path = "%s" + listen_addrs = ["%s"] description = "test description" } resource "vault_kmip_secret_scope" "test" { path = vault_kmip_secret_backend.kmip.path scope = "test" -}`, path) +}`, path, listenAddr) } From 93e37b4d56ad2615b6d3d57a9e0deb83847a740a Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Thu, 19 May 2022 21:29:29 -0400 Subject: [PATCH 37/50] Use set type specific check func --- codegen/generate_test.go | 10 +++++----- vault/resource_kmip_secret_backend_test.go | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/codegen/generate_test.go b/codegen/generate_test.go index 284c6dd31..3a8e76828 100644 --- a/codegen/generate_test.go +++ b/codegen/generate_test.go @@ -5,7 +5,7 @@ import ( ) func TestCodeFilePath(t *testing.T) { - homeDirPath, err := getRepoRoot() + repoRoot, err := getRepoRoot() if err != nil { t.Fatal(err) } @@ -45,15 +45,15 @@ func TestCodeFilePath(t *testing.T) { if err != nil { t.Fatal(err) } - if actualDataSourceFilePath != homeDirPath+testCase.expectedDataSourceFilePath { - t.Fatalf("expected %q but received %q", homeDirPath+testCase.expectedDataSourceFilePath, actualDataSourceFilePath) + if actualDataSourceFilePath != repoRoot+testCase.expectedDataSourceFilePath { + t.Fatalf("expected %q but received %q", repoRoot+testCase.expectedDataSourceFilePath, actualDataSourceFilePath) } actualResourceFilePath, err := codeFilePath(tfTypeResource, testCase.input) if err != nil { t.Fatal(err) } - if actualResourceFilePath != homeDirPath+testCase.expectedResourceFilePath { - t.Fatalf("expected %q but received %q", homeDirPath+testCase.expectedResourceFilePath, actualResourceFilePath) + if actualResourceFilePath != repoRoot+testCase.expectedResourceFilePath { + t.Fatalf("expected %q but received %q", repoRoot+testCase.expectedResourceFilePath, actualResourceFilePath) } } } diff --git a/vault/resource_kmip_secret_backend_test.go b/vault/resource_kmip_secret_backend_test.go index fa7dfb2e2..49bb65d0a 100644 --- a/vault/resource_kmip_secret_backend_test.go +++ b/vault/resource_kmip_secret_backend_test.go @@ -41,7 +41,7 @@ func TestAccKMIPSecretBackend_basic(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "path", path), resource.TestCheckResourceAttr(resourceName, "description", "test description"), resource.TestCheckResourceAttr(resourceName, "listen_addrs.#", "1"), - resource.TestCheckResourceAttr(resourceName, "listen_addrs.0", addr1), + resource.TestCheckTypeSetElemAttr(resourceName, "listen_addrs.*", addr1), resource.TestCheckResourceAttr(resourceName, "server_ips.#", "1"), resource.TestCheckResourceAttr(resourceName, "server_ips.0", "127.0.0.1"), resource.TestCheckResourceAttr(resourceName, "tls_ca_key_type", "ec"), @@ -58,8 +58,8 @@ func TestAccKMIPSecretBackend_basic(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "path", path), resource.TestCheckResourceAttr(resourceName, "description", "test description"), resource.TestCheckResourceAttr(resourceName, "listen_addrs.#", "2"), - resource.TestCheckResourceAttr(resourceName, "listen_addrs.0", addr1), - resource.TestCheckResourceAttr(resourceName, "listen_addrs.1", addr2), + resource.TestCheckTypeSetElemAttr(resourceName, "listen_addrs.*", addr1), + resource.TestCheckTypeSetElemAttr(resourceName, "listen_addrs.*", addr2), resource.TestCheckResourceAttr(resourceName, "server_ips.#", "2"), resource.TestCheckResourceAttr(resourceName, "server_ips.0", "127.0.0.1"), resource.TestCheckResourceAttr(resourceName, "server_ips.1", "192.168.1.1"), @@ -104,7 +104,7 @@ func TestAccKMIPSecretBackend_remount(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "path", path), resource.TestCheckResourceAttr(resourceName, "description", "test description"), resource.TestCheckResourceAttr(resourceName, "listen_addrs.#", "1"), - resource.TestCheckResourceAttr(resourceName, "listen_addrs.0", addr1), + resource.TestCheckTypeSetElemAttr(resourceName, "listen_addrs.*", addr1), resource.TestCheckResourceAttr(resourceName, "server_ips.#", "1"), resource.TestCheckResourceAttr(resourceName, "server_ips.0", "127.0.0.1"), resource.TestCheckResourceAttr(resourceName, "tls_ca_key_type", "ec"), @@ -121,7 +121,7 @@ func TestAccKMIPSecretBackend_remount(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "path", remountPath), resource.TestCheckResourceAttr(resourceName, "description", "test description"), resource.TestCheckResourceAttr(resourceName, "listen_addrs.#", "1"), - resource.TestCheckResourceAttr(resourceName, "listen_addrs.0", addr1), + resource.TestCheckTypeSetElemAttr(resourceName, "listen_addrs.*", addr1), resource.TestCheckResourceAttr(resourceName, "server_ips.#", "1"), resource.TestCheckResourceAttr(resourceName, "server_ips.0", "127.0.0.1"), resource.TestCheckResourceAttr(resourceName, "tls_ca_key_type", "ec"), From 8ddf717c13ee1935df9e8c7b1896e9aa2af2c6c3 Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Fri, 20 May 2022 11:49:47 -0400 Subject: [PATCH 38/50] Restore mongodb tests --- .github/workflows/build.yml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 21043a5e6..f47f54ac6 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -28,6 +28,12 @@ jobs: env: ACCEPT_EULA: Y SA_PASSWORD: ${{ secrets.MSSQL_SA_PASSWORD }} + mongo: + image: docker.mirror.hashicorp.services/mongo + env: + MONGO_INITDB_ROOT_USERNAME: root + MONGO_INITDB_ROOT_PASSWORD: mongodb + MONGO_INITDB_DATABASE: admin steps: - name: Tune Vault Quotas env: @@ -56,8 +62,7 @@ jobs: MYSQL_CONNECTION_URL: "{{username}}:{{password}}@tcp(mysql:3306)/" MYSQL_CONNECTION_USERNAME: "root" MYSQL_CONNECTION_PASSWORD: "mysql" - # TODO: setup mongodb tests - #MONGODB_URL: "mongodb://root:mongodb@127.0.0.1:27017/admin?ssl: false" + MONGODB_URL: "mongodb://root:mongodb@mongo:27017/admin?ssl=false" MSSQL_URL: "sqlserver://sa:${{ secrets.MSSQL_SA_PASSWORD }}@mssql:1433" run: | - make testacc-ent TESTARGS='-v' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true + make testacc-ent TESTARGS='-v -test.run TestAccDatabaseSecretBackendConnection_mongodb' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true From 099d4c5b52531d60c13f80326811e95f42a2cc1f Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Fri, 20 May 2022 13:11:17 -0400 Subject: [PATCH 39/50] Add postgres support --- .github/workflows/build.yml | 12 +++++++++--- ...source_database_secret_backend_connection_test.go | 2 +- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f47f54ac6..a907e4422 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -20,7 +20,7 @@ jobs: VAULT_DEV_ROOT_TOKEN_ID: root VAULT_LICENSE: ${{ secrets.VAULT_LICENSE }} mysql: - image: mysql:latest + image: docker.mirror.hashicorp.services/mysql:latest env: MYSQL_ROOT_PASSWORD: mysql mssql: @@ -29,11 +29,16 @@ jobs: ACCEPT_EULA: Y SA_PASSWORD: ${{ secrets.MSSQL_SA_PASSWORD }} mongo: - image: docker.mirror.hashicorp.services/mongo + image: docker.mirror.hashicorp.services/mongo:latest env: MONGO_INITDB_ROOT_USERNAME: root MONGO_INITDB_ROOT_PASSWORD: mongodb MONGO_INITDB_DATABASE: admin + postgres: + image: docker.mirror.hashicorp.services/postgres:latest + env: + POSTGRES_PASSWORD: secret + POSTGRES_DB: database steps: - name: Tune Vault Quotas env: @@ -64,5 +69,6 @@ jobs: MYSQL_CONNECTION_PASSWORD: "mysql" MONGODB_URL: "mongodb://root:mongodb@mongo:27017/admin?ssl=false" MSSQL_URL: "sqlserver://sa:${{ secrets.MSSQL_SA_PASSWORD }}@mssql:1433" + POSTGRES_URL: "postgres://postgres:secret@postgres:5432/database?sslmode=disable" run: | - make testacc-ent TESTARGS='-v -test.run TestAccDatabaseSecretBackendConnection_mongodb' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true + make testacc-ent TESTARGS='-v -test.run TestAccDatabaseSecretBackendConnection_postgresql*' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true diff --git a/vault/resource_database_secret_backend_connection_test.go b/vault/resource_database_secret_backend_connection_test.go index 8ca4af264..f7fa5f231 100644 --- a/vault/resource_database_secret_backend_connection_test.go +++ b/vault/resource_database_secret_backend_connection_test.go @@ -30,7 +30,7 @@ const testDefaultDatabaseSecretBackendResource = "vault_database_secret_backend_ // Currently we have to configure the Vault server with a plugin_directory, // copy/build a db plugin and install it with a unique name, then register it in vault. -func TestAccDatabaseSecretBackendConnection_import(t *testing.T) { +func TestAccDatabaseSecretBackendConnection_postgresql_import(t *testing.T) { MaybeSkipDBTests(t, dbEnginePostgres) // TODO: make these fatal once we auto provision the required test infrastructure. From 93d1a2ff0e061770d6a105b16806d02d528b7059 Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Fri, 20 May 2022 13:29:27 -0400 Subject: [PATCH 40/50] Re-enable disable_escaping support for Postgres --- vault/resource_database_secret_backend_connection.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vault/resource_database_secret_backend_connection.go b/vault/resource_database_secret_backend_connection.go index 89cba15f5..3e9df5cf8 100644 --- a/vault/resource_database_secret_backend_connection.go +++ b/vault/resource_database_secret_backend_connection.go @@ -538,7 +538,8 @@ func getDatabaseSchema(typ schema.ValueType) schemaMap { Optional: true, Description: "Connection parameters for the postgresql-database-plugin plugin.", Elem: connectionStringResource(&connectionStringConfig{ - includeUserPass: true, + includeUserPass: true, + includeDisableEscaping: true, }), MaxItems: 1, ConflictsWith: util.CalculateConflictsWith(dbEnginePostgres.Name(), dbEngineTypes), From 5ef373799aa079d7e3f973952d9e9f31e02e8878 Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Fri, 20 May 2022 13:38:39 -0400 Subject: [PATCH 41/50] Fix disable_escaping regression introduced in v3.5.0 --- vault/resource_database_secret_backend_connection.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/vault/resource_database_secret_backend_connection.go b/vault/resource_database_secret_backend_connection.go index 3e9df5cf8..4f56add6c 100644 --- a/vault/resource_database_secret_backend_connection.go +++ b/vault/resource_database_secret_backend_connection.go @@ -482,6 +482,7 @@ func getDatabaseSchema(typ schema.ValueType) schemaMap { Description: "Connection parameters for the hana-database-plugin plugin.", Elem: connectionStringResource(&connectionStringConfig{ excludeUsernameTemplate: true, + includeDisableEscaping: true, includeUserPass: true, }), MaxItems: 1, @@ -559,7 +560,8 @@ func getDatabaseSchema(typ schema.ValueType) schemaMap { Optional: true, Description: "Connection parameters for the redshift-database-plugin plugin.", Elem: connectionStringResource(&connectionStringConfig{ - includeUserPass: true, + includeUserPass: true, + includeDisableEscaping: true, }), MaxItems: 1, ConflictsWith: util.CalculateConflictsWith(dbEngineRedshift.Name(), dbEngineTypes), @@ -1501,7 +1503,8 @@ func getDBCommonConfig(d *schema.ResourceData, resp *api.Secret, } func getDBConnectionConfig(d *schema.ResourceData, engine *dbEngine, idx int, - resp *api.Secret) (map[string]interface{}, error) { + resp *api.Secret, +) (map[string]interface{}, error) { var result map[string]interface{} prefix := engine.ResourcePrefix(idx) From 71ec0725e1bfeac14de3e0f9652c9ebaed57ff05 Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Fri, 20 May 2022 13:41:39 -0400 Subject: [PATCH 42/50] Run all acceptance tests --- .github/workflows/build.yml | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a907e4422..d9dbb59bf 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -40,24 +40,20 @@ jobs: POSTGRES_PASSWORD: secret POSTGRES_DB: database steps: - - name: Tune Vault Quotas - env: - VAULT_TOKEN: "root" - VAULT_ADDR: "http://vault:8200" - run: | - echo '{"max_leases": 60000}' | curl --fail --show-error --silent \ - --request POST \ - --header "X-Vault-Token: ${VAULT_TOKEN}" \ - --data @- \ - ${VAULT_ADDR}/v1/sys/quotas/lease-count/default - + #- name: Tune Vault Quotas + # env: + # VAULT_TOKEN: "root" + # VAULT_ADDR: "http://vault:8200" + # run: | + # echo '{"max_leases": 60000}' | curl --fail --show-error --silent \ + # --request POST \ + # --header "X-Vault-Token: ${VAULT_TOKEN}" \ + # --data @- \ + # ${VAULT_ADDR}/v1/sys/quotas/lease-count/default - uses: actions/checkout@v3 - name: Build run: | make build - #- name: Unit Tests - # run: | - # make test TESTARGS='-v' - name: Acceptance Tests env: VAULT_TOKEN: "root" @@ -71,4 +67,4 @@ jobs: MSSQL_URL: "sqlserver://sa:${{ secrets.MSSQL_SA_PASSWORD }}@mssql:1433" POSTGRES_URL: "postgres://postgres:secret@postgres:5432/database?sslmode=disable" run: | - make testacc-ent TESTARGS='-v -test.run TestAccDatabaseSecretBackendConnection_postgresql*' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true + make testacc-ent TESTARGS='-v -test.run *' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true From b7f9267a29737c440b85e173526f98cef26ce8cf Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Fri, 20 May 2022 14:19:16 -0400 Subject: [PATCH 43/50] Fix test args --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d9dbb59bf..38f0d8cd0 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -67,4 +67,4 @@ jobs: MSSQL_URL: "sqlserver://sa:${{ secrets.MSSQL_SA_PASSWORD }}@mssql:1433" POSTGRES_URL: "postgres://postgres:secret@postgres:5432/database?sslmode=disable" run: | - make testacc-ent TESTARGS='-v -test.run *' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true + make testacc-ent TESTARGS='-v' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true From 57607bd624b7d009ea1a92dc04e0868e0443d996 Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Fri, 20 May 2022 14:47:42 -0400 Subject: [PATCH 44/50] Remove vault quota config step --- .github/workflows/build.yml | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 38f0d8cd0..5070be595 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -40,16 +40,6 @@ jobs: POSTGRES_PASSWORD: secret POSTGRES_DB: database steps: - #- name: Tune Vault Quotas - # env: - # VAULT_TOKEN: "root" - # VAULT_ADDR: "http://vault:8200" - # run: | - # echo '{"max_leases": 60000}' | curl --fail --show-error --silent \ - # --request POST \ - # --header "X-Vault-Token: ${VAULT_TOKEN}" \ - # --data @- \ - # ${VAULT_ADDR}/v1/sys/quotas/lease-count/default - uses: actions/checkout@v3 - name: Build run: | From 3c57f4f3f0df30e464b4fff5242101bbeaf5a521 Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Fri, 20 May 2022 14:52:34 -0400 Subject: [PATCH 45/50] Generate API coverage report --- .github/workflows/build.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5070be595..d2b9469a2 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -58,3 +58,6 @@ jobs: POSTGRES_URL: "postgres://postgres:secret@postgres:5432/database?sslmode=disable" run: | make testacc-ent TESTARGS='-v' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true + - name: "Generate Vault API Path Coverage Report" + run: | + go run cmd/coverage/main.go -openapi-doc=./testdata/openapi.json From 48dcf6bee14ba6166fd25274e3011084eef1703a Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Fri, 20 May 2022 14:58:20 -0400 Subject: [PATCH 46/50] Rename GNUMakefile to Makefile --- GNUmakefile => Makefile | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename GNUmakefile => Makefile (100%) diff --git a/GNUmakefile b/Makefile similarity index 100% rename from GNUmakefile rename to Makefile From 1f726722db1d92f4c78841a3fbf9147ab246282b Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Fri, 20 May 2022 15:12:31 -0400 Subject: [PATCH 47/50] Re-jig the build config --- .github/workflows/build.yml | 29 +++++++++++++++++++++++------ .go-version | 2 +- 2 files changed, 24 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d2b9469a2..104e1daff 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -3,7 +3,26 @@ name: Build on: push jobs: - container-job: + go-version: + runs-on: ubuntu-latest + outputs: + version: ${{ steps.go-version.outputs.version }} + steps: + - uses: actions/checkout@v3 + - id: go-version + run: echo "::set-output name=version::$(cat ./.go-version)" + build: + needs: [go-version] + runs-on: ubuntu-latest + container: + image: "docker.mirror.hashicorp.services/golang:${{ needs.go-version.outputs.version }}" + steps: + - uses: actions/checkout@v3 + - name: Build + run: | + make build + acceptance: + needs: [go-version] runs-on: ubuntu-latest strategy: fail-fast: false @@ -12,7 +31,7 @@ jobs: #image: ["vault-enterprise:1.9-ent", "vault-enterprise:1.10-ent"] image: ["vault-enterprise:1.10-ent"] container: - image: docker.mirror.hashicorp.services/golang:1.17.10 + image: "docker.mirror.hashicorp.services/golang:${{ needs.go-version.outputs.version }}" services: vault: image: hashicorp/${{ matrix.image }} @@ -41,9 +60,6 @@ jobs: POSTGRES_DB: database steps: - uses: actions/checkout@v3 - - name: Build - run: | - make build - name: Acceptance Tests env: VAULT_TOKEN: "root" @@ -57,7 +73,8 @@ jobs: MSSQL_URL: "sqlserver://sa:${{ secrets.MSSQL_SA_PASSWORD }}@mssql:1433" POSTGRES_URL: "postgres://postgres:secret@postgres:5432/database?sslmode=disable" run: | - make testacc-ent TESTARGS='-v' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true + # TODO: re-enable + echo make testacc-ent TESTARGS='-v' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true - name: "Generate Vault API Path Coverage Report" run: | go run cmd/coverage/main.go -openapi-doc=./testdata/openapi.json diff --git a/.go-version b/.go-version index ff278344b..ada2e4fce 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.17.5 +1.17.10 From 1f63e61327de8a2ac87b9d89832e4a5dd8d2a374 Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Fri, 20 May 2022 15:14:59 -0400 Subject: [PATCH 48/50] acceptance tests depends on build --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 104e1daff..3d1d40c94 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -22,7 +22,7 @@ jobs: run: | make build acceptance: - needs: [go-version] + needs: [go-version, build] runs-on: ubuntu-latest strategy: fail-fast: false From 9e02616f0b474276cc9312e14ebc7b96177b340c Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Fri, 20 May 2022 15:22:43 -0400 Subject: [PATCH 49/50] Re-enable acc tests --- .github/workflows/build.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3d1d40c94..90e8d7f30 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -73,8 +73,7 @@ jobs: MSSQL_URL: "sqlserver://sa:${{ secrets.MSSQL_SA_PASSWORD }}@mssql:1433" POSTGRES_URL: "postgres://postgres:secret@postgres:5432/database?sslmode=disable" run: | - # TODO: re-enable - echo make testacc-ent TESTARGS='-v' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true + make testacc-ent TESTARGS='-v' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true - name: "Generate Vault API Path Coverage Report" run: | go run cmd/coverage/main.go -openapi-doc=./testdata/openapi.json From 99fa2897f8a55c5dbe56989e24965f9c46f19cfe Mon Sep 17 00:00:00 2001 From: Ben Ash Date: Fri, 20 May 2022 20:04:35 -0400 Subject: [PATCH 50/50] Drop random lease count from lease quota test --- vault/resource_quota_lease_count_test.go | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/vault/resource_quota_lease_count_test.go b/vault/resource_quota_lease_count_test.go index d3a991a1b..e9770b6ca 100644 --- a/vault/resource_quota_lease_count_test.go +++ b/vault/resource_quota_lease_count_test.go @@ -2,7 +2,6 @@ package vault import ( "fmt" - "strconv" "testing" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" @@ -13,16 +12,11 @@ import ( "github.com/hashicorp/terraform-provider-vault/testutil" ) -func randomQuotaLeaseString() string { - whole := acctest.RandIntRange(50000, 60000) - return strconv.Itoa(whole + 1000) -} - func TestQuotaLeaseCount(t *testing.T) { name := acctest.RandomWithPrefix("tf-test") ns := "ns-" + name - leaseCount := "2" // randomQuotaLeaseString() - newLeaseCount := "3" // randomQuotaLeaseString() + leaseCount := "1001" + newLeaseCount := "2001" resourceName := "vault_quota_lease_count.foobar" resource.Test(t, resource.TestCase{