scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-02 03:27:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

[QT-527][QT-509] enos: use latest version of enos-provider (#21129)

Browse Source 
Use the latest version of enos-provider and upstream consul module.
These changes allow us to configure the vault log level in configuration
and also support configuring consul with an enterprise license.

Signed-off-by: Ryan Cragun <me@ryan.ec>
This commit is contained in:
Ryan Cragun
2023-06-12 08:00:16 -06:00
committed by GitHub
parent 0ff9059967
commit 27621e05d6
9 changed files with 31 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
enos/enos-modules.hcl
View File

@@ -105,6 +105,7 @@ module "vault_cluster" {
install_dir = var.vault_install_dir install_dir = var.vault_install_dir
consul_license = var.backend_license_path == null ? null : file(abspath(var.backend_license_path)) consul_license = var.backend_license_path == null ? null : file(abspath(var.backend_license_path))
log_level = var.vault_log_level
} }
module "vault_get_cluster_ips" { module "vault_get_cluster_ips" {

9
enos/enos-scenario-agent.hcl
View File

@@ -137,12 +137,9 @@ scenario "agent" {
} }
variables { variables {
artifactory_release = matrix.artifact_source == "artifactory" ? step.build_vault.vault_artifactory_release : null artifactory_release = matrix.artifact_source == "artifactory" ? step.build_vault.vault_artifactory_release : null
awskms_unseal_key_arn = step.create_vpc.kms_key_arn awskms_unseal_key_arn = step.create_vpc.kms_key_arn
cluster_name = step.create_vault_cluster_targets.cluster_name cluster_name = step.create_vault_cluster_targets.cluster_name
config_env_vars = {
VAULT_LOG_LEVEL = var.vault_log_level
}
install_dir = var.vault_install_dir install_dir = var.vault_install_dir
license = matrix.edition != "oss" ? step.read_license.license : null license = matrix.edition != "oss" ? step.read_license.license : null
local_artifact_path = local.bundle_path local_artifact_path = local.bundle_path

13
enos/enos-scenario-autopilot.hcl
View File

@@ -151,14 +151,11 @@ scenario "autopilot" {
variables { variables {
awskms_unseal_key_arn = step.create_vpc.kms_key_arn awskms_unseal_key_arn = step.create_vpc.kms_key_arn
cluster_name = step.create_vault_cluster_targets.cluster_name cluster_name = step.create_vault_cluster_targets.cluster_name
config_env_vars = { install_dir = local.vault_install_dir
VAULT_LOG_LEVEL = var.vault_log_level license = matrix.edition != "oss" ? step.read_license.license : null
} packages = local.packages
install_dir = local.vault_install_dir release = var.vault_autopilot_initial_release
license = matrix.edition != "oss" ? step.read_license.license : null storage_backend = "raft"
packages = local.packages
release = var.vault_autopilot_initial_release
storage_backend = "raft"
storage_backend_addl_config = { storage_backend_addl_config = {
autopilot_upgrade_version = var.vault_autopilot_initial_release.version autopilot_upgrade_version = var.vault_autopilot_initial_release.version
} }

15
enos/enos-scenario-replication.hcl
View File

@@ -179,10 +179,7 @@ scenario "replication" {
artifactory_release = matrix.artifact_source == "artifactory" ? step.build_vault.vault_artifactory_release : null artifactory_release = matrix.artifact_source == "artifactory" ? step.build_vault.vault_artifactory_release : null
awskms_unseal_key_arn = step.create_vpc.kms_key_arn awskms_unseal_key_arn = step.create_vpc.kms_key_arn
cluster_name = step.create_primary_cluster_targets.cluster_name cluster_name = step.create_primary_cluster_targets.cluster_name
config_env_vars = { consul_cluster_tag = step.create_primary_backend_cluster.consul_cluster_tag
VAULT_LOG_LEVEL = var.vault_log_level
}
consul_cluster_tag = step.create_primary_backend_cluster.consul_cluster_tag
consul_release = matrix.primary_backend == "consul" ? { consul_release = matrix.primary_backend == "consul" ? {
edition = var.backend_edition edition = var.backend_edition
version = matrix.consul_version version = matrix.consul_version
@@ -253,10 +250,7 @@ scenario "replication" {
artifactory_release = matrix.artifact_source == "artifactory" ? step.build_vault.vault_artifactory_release : null artifactory_release = matrix.artifact_source == "artifactory" ? step.build_vault.vault_artifactory_release : null
awskms_unseal_key_arn = step.create_vpc.kms_key_arn awskms_unseal_key_arn = step.create_vpc.kms_key_arn
cluster_name = step.create_secondary_cluster_targets.cluster_name cluster_name = step.create_secondary_cluster_targets.cluster_name
config_env_vars = { consul_cluster_tag = step.create_secondary_backend_cluster.consul_cluster_tag
VAULT_LOG_LEVEL = var.vault_log_level
}
consul_cluster_tag = step.create_secondary_backend_cluster.consul_cluster_tag
consul_release = matrix.secondary_backend == "consul" ? { consul_release = matrix.secondary_backend == "consul" ? {
edition = var.backend_edition edition = var.backend_edition
version = matrix.consul_version version = matrix.consul_version
@@ -513,10 +507,7 @@ scenario "replication" {
artifactory_release = matrix.artifact_source == "artifactory" ? step.build_vault.vault_artifactory_release : null artifactory_release = matrix.artifact_source == "artifactory" ? step.build_vault.vault_artifactory_release : null
awskms_unseal_key_arn = step.create_vpc.kms_key_arn awskms_unseal_key_arn = step.create_vpc.kms_key_arn
cluster_name = step.create_primary_cluster_targets.cluster_name cluster_name = step.create_primary_cluster_targets.cluster_name
config_env_vars = { consul_cluster_tag = step.create_primary_backend_cluster.consul_cluster_tag
VAULT_LOG_LEVEL = var.vault_log_level
}
consul_cluster_tag = step.create_primary_backend_cluster.consul_cluster_tag
consul_release = matrix.primary_backend == "consul" ? { consul_release = matrix.primary_backend == "consul" ? {
edition = var.backend_edition edition = var.backend_edition
version = matrix.consul_version version = matrix.consul_version

5
enos/enos-scenario-smoke.hcl
View File

@@ -182,10 +182,7 @@ scenario "smoke" {
artifactory_release = matrix.artifact_source == "artifactory" ? step.build_vault.vault_artifactory_release : null artifactory_release = matrix.artifact_source == "artifactory" ? step.build_vault.vault_artifactory_release : null
awskms_unseal_key_arn = step.create_vpc.kms_key_arn awskms_unseal_key_arn = step.create_vpc.kms_key_arn
cluster_name = step.create_vault_cluster_targets.cluster_name cluster_name = step.create_vault_cluster_targets.cluster_name
config_env_vars = { consul_cluster_tag = step.create_backend_cluster.consul_cluster_tag
VAULT_LOG_LEVEL = var.vault_log_level
}
consul_cluster_tag = step.create_backend_cluster.consul_cluster_tag
consul_release = matrix.backend == "consul" ? { consul_release = matrix.backend == "consul" ? {
edition = var.backend_edition edition = var.backend_edition
version = matrix.consul_version version = matrix.consul_version

5
enos/enos-scenario-upgrade.hcl
View File

@@ -176,10 +176,7 @@ scenario "upgrade" {
variables { variables {
awskms_unseal_key_arn = step.create_vpc.kms_key_arn awskms_unseal_key_arn = step.create_vpc.kms_key_arn
cluster_name = step.create_vault_cluster_targets.cluster_name cluster_name = step.create_vault_cluster_targets.cluster_name
config_env_vars = { consul_cluster_tag = step.create_backend_cluster.consul_cluster_tag
VAULT_LOG_LEVEL = var.vault_log_level
}
consul_cluster_tag = step.create_backend_cluster.consul_cluster_tag
consul_release = matrix.backend == "consul" ? { consul_release = matrix.backend == "consul" ? {
edition = var.backend_edition edition = var.backend_edition
version = matrix.consul_version version = matrix.consul_version

2
enos/enos-terraform.hcl
View File

@@ -28,7 +28,7 @@ terraform "default" {
enos = { enos = {
source = "app.terraform.io/hashicorp-qti/enos" source = "app.terraform.io/hashicorp-qti/enos"
version = "< 0.4.0" version = ">= 0.4.0"
} }
} }
} }

6
enos/modules/vault_cluster/main.tf
View File

@@ -4,7 +4,7 @@ terraform {
# to the public registry # to the public registry
enos = { enos = {
source = "app.terraform.io/hashicorp-qti/enos" source = "app.terraform.io/hashicorp-qti/enos"
version = ">= 0.3.2" version = ">= 0.4.0"
} }
} }
} }
@@ -126,7 +126,7 @@ resource "enos_consul_start" "consul" {
server = false server = false
bootstrap_expect = 0 bootstrap_expect = 0
license = var.consul_license license = var.consul_license
log_level = "INFO" log_level = var.consul_log_level
log_file = var.consul_log_file log_file = var.consul_log_file
} }
unit_name = "consul" unit_name = "consul"
@@ -160,6 +160,7 @@ resource "enos_vault_start" "leader" {
tls_disable = "true" tls_disable = "true"
} }
} }
log_level = var.log_level
storage = { storage = {
type = var.storage_backend type = var.storage_backend
attributes = ({ for key, value in local.storage_config[each.key] : key => value }) attributes = ({ for key, value in local.storage_config[each.key] : key => value })
@@ -199,6 +200,7 @@ resource "enos_vault_start" "followers" {
tls_disable = "true" tls_disable = "true"
} }
} }
log_level = var.log_level
storage = { storage = {
type = var.storage_backend type = var.storage_backend
attributes = { for key, value in local.storage_config[each.key] : key => value } attributes = { for key, value in local.storage_config[each.key] : key => value }

13
enos/modules/vault_cluster/variables.tf
View File

@@ -71,7 +71,7 @@ variable "consul_log_level" {
validation { validation {
condition = contains(["trace", "debug", "info", "warn", "error"], var.consul_log_level) condition = contains(["trace", "debug", "info", "warn", "error"], var.consul_log_level)
error_message = "The vault_log_level must be one of 'trace', 'debug', 'info', 'warn', or 'error'." error_message = "The consul_log_level must be one of 'trace', 'debug', 'info', 'warn', or 'error'."
} }
} }
@@ -118,6 +118,17 @@ variable "local_artifact_path" {
default = null default = null
} }
variable "log_level" {
type = string
description = "The vault service log level"
default = "info"
validation {
condition = contains(["trace", "debug", "info", "warn", "error"], var.log_level)
error_message = "The log_level must be one of 'trace', 'debug', 'info', 'warn', or 'error'."
}
}
variable "manage_service" { variable "manage_service" {
type = bool type = bool
description = "Manage the Vault service users and systemd unit. Disable this to use configuration in RPM and Debian packages" description = "Manage the Vault service users and systemd unit. Disable this to use configuration in RPM and Debian packages"