From a22d436ae5b804ae17b336e114047e91ef8ccdef Mon Sep 17 00:00:00 2001 From: Michael Li Date: Fri, 14 Feb 2025 16:10:06 -0500 Subject: [PATCH] test(e2e): Differentiate between public and private vault addresses --- .../enos-scenario-e2e-aws-base-with-vault.hcl | 4 ++-- ...os-scenario-e2e-docker-base-with-vault.hcl | 4 ++-- ...s-scenario-e2e-docker-base-with-worker.hcl | 4 ++-- ...ker-worker-registration-controller-led.hcl | 4 ++-- ...-docker-worker-registration-worker-led.hcl | 4 ++-- enos/enos-scenario-e2e-ui-aws.hcl | 4 ++-- enos/enos-scenario-e2e-ui-docker.hcl | 4 ++-- enos/modules/aws_vault/outputs.tf | 7 ++++++- enos/modules/docker_vault/main.tf | 6 +++--- enos/modules/test_e2e/main.tf | 21 +++++++------------ enos/modules/test_e2e_docker/main.tf | 16 +++++++------- enos/modules/test_e2e_docker/test_runner.sh | 3 ++- enos/modules/test_e2e_ui/main.tf | 14 +++++++------ .../e2e/tests/base_with_vault/env_test.go | 7 ++++--- .../e2e/tests/base_with_worker/env_test.go | 5 +++-- 15 files changed, 57 insertions(+), 50 deletions(-) diff --git a/enos/enos-scenario-e2e-aws-base-with-vault.hcl b/enos/enos-scenario-e2e-aws-base-with-vault.hcl index b352f5885a..8a912a9387 100644 --- a/enos/enos-scenario-e2e-aws-base-with-vault.hcl +++ b/enos/enos-scenario-e2e-aws-base-with-vault.hcl @@ -159,8 +159,8 @@ scenario "e2e_aws_base_with_vault" { target_address = step.create_target.target_private_ips[0] target_user = "ubuntu" target_port = "22" - vault_addr = step.create_vault_cluster.instance_addresses[0] - vault_addr_internal = step.create_vault_cluster.instance_addresses[0] + vault_addr_public = step.create_vault_cluster.instance_addresses[0] + vault_addr_private = step.create_vault_cluster.instance_addresses[0] vault_root_token = step.create_vault_cluster.vault_root_token aws_region = var.aws_region max_page_size = step.create_boundary_cluster.max_page_size diff --git a/enos/enos-scenario-e2e-docker-base-with-vault.hcl b/enos/enos-scenario-e2e-docker-base-with-vault.hcl index 4e14211a20..637e068751 100644 --- a/enos/enos-scenario-e2e-docker-base-with-vault.hcl +++ b/enos/enos-scenario-e2e-docker-base-with-vault.hcl @@ -136,8 +136,8 @@ scenario "e2e_docker_base_with_vault" { target_address = step.create_host.address target_port = step.create_host.port target_user = "ubuntu" - vault_addr = step.create_vault.address - vault_addr_internal = step.create_vault.address_internal + vault_addr_public = step.create_vault.address_public + vault_addr_private = step.create_vault.address_private vault_root_token = step.create_vault.token vault_port = step.create_vault.port max_page_size = step.create_boundary.max_page_size diff --git a/enos/enos-scenario-e2e-docker-base-with-worker.hcl b/enos/enos-scenario-e2e-docker-base-with-worker.hcl index bf75db9528..d4ccd13a33 100644 --- a/enos/enos-scenario-e2e-docker-base-with-worker.hcl +++ b/enos/enos-scenario-e2e-docker-base-with-worker.hcl @@ -177,8 +177,8 @@ scenario "e2e_docker_base_with_worker" { target_address = step.create_host.address target_port = step.create_host.port target_user = "ubuntu" - vault_addr = step.create_vault.address - vault_addr_internal = step.create_vault.address_internal + vault_addr_public = step.create_vault.address_public + vault_addr_private = step.create_vault.address_private vault_root_token = step.create_vault.token vault_port = step.create_vault.port worker_tag_egress = local.egress_tag diff --git a/enos/enos-scenario-e2e-docker-worker-registration-controller-led.hcl b/enos/enos-scenario-e2e-docker-worker-registration-controller-led.hcl index 36e108bcd9..bf437060d0 100644 --- a/enos/enos-scenario-e2e-docker-worker-registration-controller-led.hcl +++ b/enos/enos-scenario-e2e-docker-worker-registration-controller-led.hcl @@ -192,8 +192,8 @@ scenario "e2e_docker_worker_registration_controller_led" { target_address = step.create_host.address target_port = step.create_host.port target_user = "ubuntu" - vault_addr = step.create_vault.address - vault_addr_internal = step.create_vault.address_internal + vault_addr_public = step.create_vault.address_public + vault_addr_private = step.create_vault.address_private vault_root_token = step.create_vault.token vault_port = step.create_vault.port worker_tag_egress = local.egress_tag diff --git a/enos/enos-scenario-e2e-docker-worker-registration-worker-led.hcl b/enos/enos-scenario-e2e-docker-worker-registration-worker-led.hcl index a896848a13..bfe13004d9 100644 --- a/enos/enos-scenario-e2e-docker-worker-registration-worker-led.hcl +++ b/enos/enos-scenario-e2e-docker-worker-registration-worker-led.hcl @@ -207,8 +207,8 @@ scenario "e2e_docker_worker_registration_worker_led" { target_address = step.create_host.address target_port = step.create_host.port target_user = "ubuntu" - vault_addr = step.create_vault.address - vault_addr_internal = step.create_vault.address_internal + vault_addr_public = step.create_vault.address_public + vault_addr_private = step.create_vault.address_private vault_root_token = step.create_vault.token vault_port = step.create_vault.port worker_tag_egress = local.egress_tag diff --git a/enos/enos-scenario-e2e-ui-aws.hcl b/enos/enos-scenario-e2e-ui-aws.hcl index 4c6142edbb..af089748d1 100644 --- a/enos/enos-scenario-e2e-ui-aws.hcl +++ b/enos/enos-scenario-e2e-ui-aws.hcl @@ -201,8 +201,8 @@ scenario "e2e_ui_aws" { target_address = step.create_targets_with_tag.target_private_ips[0] target_user = "ubuntu" target_port = "22" - vault_addr = step.create_vault_cluster.instance_addresses[0] - vault_addr_internal = step.create_vault_cluster.instance_addresses[0] + vault_addr_public = step.create_vault_cluster.instance_addresses[0] + vault_addr_private = step.create_vault_cluster.instance_addresses_private[0] vault_root_token = step.create_vault_cluster.vault_root_token aws_access_key_id = step.iam_setup.access_key_id aws_secret_access_key = step.iam_setup.secret_access_key diff --git a/enos/enos-scenario-e2e-ui-docker.hcl b/enos/enos-scenario-e2e-ui-docker.hcl index 080f5e3dc3..290c90f03b 100644 --- a/enos/enos-scenario-e2e-ui-docker.hcl +++ b/enos/enos-scenario-e2e-ui-docker.hcl @@ -168,8 +168,8 @@ scenario "e2e_ui_docker" { target_user = "ubuntu" target_ca_key = step.create_host.ca_key_private target_ca_key_public = step.create_host.ca_key_public - vault_addr = step.create_vault.address - vault_addr_internal = step.create_vault.address_internal + vault_addr_public = step.create_vault.address_public + vault_addr_private = step.create_vault.address_private vault_root_token = step.create_vault.token vault_port = step.create_vault.port ldap_address = step.create_ldap_server.address diff --git a/enos/modules/aws_vault/outputs.tf b/enos/modules/aws_vault/outputs.tf index fb04f22412..1947ab1073 100644 --- a/enos/modules/aws_vault/outputs.tf +++ b/enos/modules/aws_vault/outputs.tf @@ -18,7 +18,12 @@ output "instance_private_ips" { output "instance_addresses" { description = "Addresses of Vault instances" - value = [for instance in aws_instance.vault_instance : "http://${instance.public_ip}:8200"] + value = var.ip_version == "4" ? [for instance in aws_instance.vault_instance : "http://${instance.public_ip}:8200"] : flatten([for instance in aws_instance.vault_instance : instance.ipv6_addresses]) +} + +output "instance_addresses_private" { + description = "Private addresses of Vault instances" + value = [for instance in aws_instance.vault_instance : "http://${instance.private_ip}:8200"] } output "key_id" { diff --git a/enos/modules/docker_vault/main.tf b/enos/modules/docker_vault/main.tf index c013e99525..fcb6f2f0c7 100644 --- a/enos/modules/docker_vault/main.tf +++ b/enos/modules/docker_vault/main.tf @@ -132,11 +132,11 @@ resource "enos_local_exec" "check_health" { inline = ["timeout 10s bash -c 'until vault status; do sleep 2; done'"] } -output "address" { - value = "http://${var.container_name}:${var.vault_port}" +output "address_public" { + value = "http://localhost:${var.vault_port}" } -output "address_internal" { +output "address_private" { value = "http://${var.container_name}:${var.vault_port_internal}" } diff --git a/enos/modules/test_e2e/main.tf b/enos/modules/test_e2e/main.tf index ff964386a4..7dac110885 100644 --- a/enos/modules/test_e2e/main.tf +++ b/enos/modules/test_e2e/main.tf @@ -66,13 +66,14 @@ variable "target_port" { type = string default = "" } -variable "vault_addr" { - description = "External network address of Vault. Will be converted to a URL below" +variable "vault_addr_public" { + description = "Public address to a vault instance" type = string default = "" } -variable "vault_addr_internal" { - description = "Internal network address of Vault (i.e. within a docker network). Will be converted to a URL below" + +variable "vault_addr_private" { + description = "Private address to a vault instance" type = string default = "" } @@ -81,11 +82,6 @@ variable "vault_root_token" { type = string default = "" } -variable "vault_port" { - description = "External Port that vault instance is attached to (outside of docker network)" - type = string - default = "8200" -} variable "aws_access_key_id" { description = "Access Key Id for AWS IAM user used in dynamic host catalogs" type = string @@ -174,8 +170,6 @@ variable "ip_version" { locals { aws_ssh_private_key_path = abspath(var.aws_ssh_private_key_path) - vault_addr = var.vault_addr != "" ? "http://${var.vault_addr}:${var.vault_port}" : "" - vault_addr_internal = var.vault_addr_internal != "" ? "http://${var.vault_addr_internal}:8200" : local.vault_addr aws_host_set_ips1 = jsonencode(var.aws_host_set_ips1) aws_host_set_ips2 = jsonencode(var.aws_host_set_ips2) package_name = reverse(split("/", var.test_package))[0] @@ -194,9 +188,10 @@ resource "enos_local_exec" "run_e2e_test" { E2E_SSH_USER = var.target_user E2E_SSH_KEY_PATH = local.aws_ssh_private_key_path E2E_SSH_CA_KEY = "" - VAULT_ADDR = local.vault_addr + VAULT_ADDR = var.vault_addr_public VAULT_TOKEN = var.vault_root_token - E2E_VAULT_ADDR = local.vault_addr_internal + E2E_VAULT_ADDR_PUBLIC = var.vault_addr_public + E2E_VAULT_ADDR_PRIVATE = var.vault_addr_private E2E_AWS_ACCESS_KEY_ID = var.aws_access_key_id E2E_AWS_SECRET_ACCESS_KEY = var.aws_secret_access_key E2E_AWS_HOST_SET_FILTER = var.aws_host_set_filter1 diff --git a/enos/modules/test_e2e_docker/main.tf b/enos/modules/test_e2e_docker/main.tf index 254e5d627a..d79d7e9d29 100644 --- a/enos/modules/test_e2e_docker/main.tf +++ b/enos/modules/test_e2e_docker/main.tf @@ -94,13 +94,14 @@ variable "target_ca_key" { type = string default = "" } -variable "vault_addr" { - description = "External network address of Vault. Will be converted to a URL below" +variable "vault_addr_public" { + description = "Public address to a vault instance" type = string default = "" } -variable "vault_addr_internal" { - description = "Internal network address of Vault (i.e. within a docker network). Will be converted to a URL below" + +variable "vault_addr_private" { + description = "Private address to a vault instance" type = string default = "" } @@ -314,10 +315,11 @@ resource "enos_local_exec" "run_e2e_test" { E2E_SSH_USER = var.target_user E2E_SSH_KEY_PATH = local.aws_ssh_private_key_path E2E_SSH_CA_KEY = var.target_ca_key - VAULT_ADDR = var.vault_addr - VAULT_ADDR_INTERNAL = var.vault_addr_internal + VAULT_ADDR = var.vault_addr_public + VAULT_ADDR_INTERNAL = var.vault_addr_private VAULT_TOKEN = var.vault_root_token - E2E_VAULT_ADDR = var.vault_addr_internal + E2E_VAULT_ADDR_PUBLIC = var.vault_addr_public + E2E_VAULT_ADDR_PRIVATE = var.vault_addr_private E2E_BUCKET_NAME = var.bucket_name E2E_BUCKET_ENDPOINT_URL = var.bucket_endpoint_url E2E_BUCKET_USER_ID = var.bucket_user_id diff --git a/enos/modules/test_e2e_docker/test_runner.sh b/enos/modules/test_e2e_docker/test_runner.sh index 24e1e99d5b..9e8c330f55 100644 --- a/enos/modules/test_e2e_docker/test_runner.sh +++ b/enos/modules/test_e2e_docker/test_runner.sh @@ -31,7 +31,8 @@ docker run \ -e "E2E_MINIO_ALIAS=$E2E_MINIO_ALIAS" \ -e "VAULT_ADDR=$VAULT_ADDR_INTERNAL" \ -e "VAULT_TOKEN=$VAULT_TOKEN" \ - -e "E2E_VAULT_ADDR=$E2E_VAULT_ADDR" \ + -e "E2E_VAULT_ADDR_PUBLIC=$E2E_VAULT_ADDR_PUBLIC" \ + -e "E2E_VAULT_ADDR_PRIVATE=$E2E_VAULT_ADDR_PRIVATE" \ -e "E2E_POSTGRES_USER=$E2E_POSTGRES_USER" \ -e "E2E_POSTGRES_PASSWORD=$E2E_POSTGRES_PASSWORD" \ -e "E2E_POSTGRES_DB_NAME=$E2E_POSTGRES_DB_NAME" \ diff --git a/enos/modules/test_e2e_ui/main.tf b/enos/modules/test_e2e_ui/main.tf index 2f3348dba9..72896bce31 100644 --- a/enos/modules/test_e2e_ui/main.tf +++ b/enos/modules/test_e2e_ui/main.tf @@ -73,13 +73,14 @@ variable "target_ca_key_public" { type = string default = "" } -variable "vault_addr" { - description = "External network address of Vault. Will be converted to a URL below" +variable "vault_addr_public" { + description = "Public address to a vault instance" type = string default = "" } -variable "vault_addr_internal" { - description = "Internal network address of Vault (i.e. within a docker network). Will be converted to a URL below" + +variable "vault_addr_private" { + description = "Private address to a vault instance" type = string default = "" } @@ -211,9 +212,10 @@ resource "enos_local_exec" "run_e2e_test" { E2E_SSH_KEY_PATH = local.aws_ssh_private_key_path E2E_SSH_CA_KEY = var.target_ca_key E2E_SSH_CA_KEY_PUBLIC = var.target_ca_key_public - VAULT_ADDR = var.vault_addr + VAULT_ADDR = var.vault_addr_public VAULT_TOKEN = var.vault_root_token - E2E_VAULT_ADDR = var.vault_addr_internal + E2E_VAULT_ADDR_PUBLIC = var.vault_addr_public + E2E_VAULT_ADDR_PRIVATE = var.vault_addr_private E2E_AWS_ACCESS_KEY_ID = var.aws_access_key_id E2E_AWS_SECRET_ACCESS_KEY = var.aws_secret_access_key E2E_AWS_HOST_SET_FILTER = var.aws_host_set_filter diff --git a/testing/internal/e2e/tests/base_with_vault/env_test.go b/testing/internal/e2e/tests/base_with_vault/env_test.go index b732f31bda..c213a2e80d 100644 --- a/testing/internal/e2e/tests/base_with_vault/env_test.go +++ b/testing/internal/e2e/tests/base_with_vault/env_test.go @@ -13,9 +13,10 @@ type config struct { // Note: Key is base64 encoded TargetCaKey string `envconfig:"E2E_SSH_CA_KEY" required:"true"` // VaultAddr is the address that the Boundary server uses to interact with the running Vault instance - VaultAddr string `envconfig:"E2E_VAULT_ADDR" required:"true"` // e.g. "http://127.0.0.1:8200" - VaultSecretPath string `envconfig:"E2E_VAULT_SECRET_PATH" default:"e2e_secrets"` - MaxPageSize int `envconfig:"E2E_MAX_PAGE_SIZE" default:"1000"` + VaultAddr string `envconfig:"E2E_VAULT_ADDR_PUBLIC" required:"true"` // e.g. "http://127.0.0.1:8200" + VaultAddrPrivate string `envconfig:"E2E_VAULT_ADDR_PRIVATE" required:"true"` // e.g. "http://10.10.10.10:8200" + VaultSecretPath string `envconfig:"E2E_VAULT_SECRET_PATH" default:"e2e_secrets"` + MaxPageSize int `envconfig:"E2E_MAX_PAGE_SIZE" default:"1000"` } func loadTestConfig() (*config, error) { diff --git a/testing/internal/e2e/tests/base_with_worker/env_test.go b/testing/internal/e2e/tests/base_with_worker/env_test.go index 7ecd3ab80f..8246251d2e 100644 --- a/testing/internal/e2e/tests/base_with_worker/env_test.go +++ b/testing/internal/e2e/tests/base_with_worker/env_test.go @@ -14,8 +14,9 @@ type config struct { WorkerTagEgress string `envconfig:"E2E_WORKER_TAG_EGRESS" required:"true"` // e.g. "egress" WorkerTagCollocated string `envconfig:"E2E_WORKER_TAG_COLLOCATED" required:"true"` // e.g. "collocated" // VaultAddr is the address that the Boundary server uses to interact with the running Vault instance - VaultAddr string `envconfig:"E2E_VAULT_ADDR" required:"true"` // e.g. "http://127.0.0.1:8200" - VaultSecretPath string `envconfig:"E2E_VAULT_SECRET_PATH" default:"e2e_secrets"` + VaultAddr string `envconfig:"E2E_VAULT_ADDR_PUBLIC" required:"true"` // e.g. "http://127.0.0.1:8200" + VaultAddrPrivate string `envconfig:"E2E_VAULT_ADDR_PRIVATE" required:"true"` // e.g. "http://10.10.10.10:8200" + VaultSecretPath string `envconfig:"E2E_VAULT_SECRET_PATH" default:"e2e_secrets"` } func loadTestConfig() (*config, error) {