Add Artifactory build to the matrix (#17353)

* Add Artifactory build to the matrix

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Update test scenarios

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Fix Terraform format

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Updates with verification

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Integrate variables from CRT inputs

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Latest update to add Artifactory support

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Address review feedback

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Enable Enos run in CRT workflow

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Remove unused variables

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Update Artifactory module

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Address review feedback

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

.github/enos-run-matrices/artifactory-ent.json

@@ -0,0 +1,44 @@
+{
+  "include": [
+    {
+      "scenario": "smoke arch:amd64 artifact_source:artifactory backend:consul consul_version:1.13.2 distro:rhel edition:ent seal:awskms",
+      "aws_region": "us-east-1"
+    },
+    {
+      "scenario": "smoke arch:amd64 artifact_source:artifactory backend:consul consul_version:1.13.2 distro:ubuntu edition:ent seal:shamir",
+      "aws_region": "us-east-2"
+    },
+    {
+      "scenario": "smoke arch:arm64 artifact_source:artifactory backend:raft consul_version:1.11.10 distro:ubuntu edition:ent seal:awskms",
+      "aws_region": "us-west-1"
+    },
+    {
+      "scenario": "smoke arch:arm64 artifact_source:artifactory backend:raft consul_version:1.11.10 distro:rhel edition:ent seal:shamir",
+      "aws_region": "us-west-2"
+    },
+    {
+      "scenario": "upgrade arch:arm64 artifact_source:artifactory backend:consul consul_version:1.12.5 distro:ubuntu edition:ent seal:shamir",
+      "aws_region": "us-west-1"
+    },
+    {
+      "scenario": "upgrade arch:amd64 artifact_source:artifactory backend:consul consul_version:1.13.2 distro:rhel edition:ent seal:awskms",
+      "aws_region": "us-west-2"
+    },
+    {
+      "scenario": "upgrade arch:arm64 artifact_source:artifactory backend:raft consul_version:1.12.5 distro:rhel edition:ent seal:shamir",
+      "aws_region": "us-east-1"
+    },
+    {
+      "scenario": "upgrade arch:amd64 artifact_source:artifactory backend:raft consul_version:1.13.2 distro:ubuntu edition:ent seal:awskms",
+      "aws_region": "us-east-2"
+    },
+    {
+      "scenario": "autopilot arch:amd64 artifact_source:artifactory distro:ubuntu edition:ent seal:awskms",
+      "aws_region": "us-west-1"
+    },
+    {
+      "scenario": "autopilot arch:arm64 artifact_source:artifactory distro:rhel edition:ent seal:shamir",
+      "aws_region": "us-west-2"
+    }
+  ]
+}

.github/enos-run-matrices/artifactory-oss.json

@@ -0,0 +1,36 @@
+{
+  "include": [
+    {
+      "scenario": "smoke arch:amd64 artifact_source:artifactory backend:consul consul_version:1.13.2 distro:rhel edition:oss seal:awskms",
+      "aws_region": "us-east-1"
+    },
+    {
+      "scenario": "smoke arch:amd64 artifact_source:artifactory backend:consul consul_version:1.12.5 distro:ubuntu edition:oss seal:shamir",
+      "aws_region": "us-east-2"
+    },
+    {
+      "scenario": "smoke arch:arm64 artifact_source:artifactory backend:raft consul_version:1.11.10 distro:ubuntu edition:oss seal:awskms",
+      "aws_region": "us-west-1"
+    },
+    {
+      "scenario": "smoke arch:arm64 artifact_source:artifactory backend:raft consul_version:1.11.10 distro:rhel edition:oss seal:shamir",
+      "aws_region": "us-west-2"
+    },
+    {
+      "scenario": "upgrade arch:arm64 artifact_source:artifactory backend:consul consul_version:1.11.10 distro:ubuntu edition:oss seal:shamir",
+      "aws_region": "us-west-1"
+    },
+    {
+      "scenario": "upgrade arch:amd64 artifact_source:artifactory backend:consul consul_version:1.13.2 distro:rhel edition:oss seal:awskms",
+      "aws_region": "us-west-2"
+    },
+    {
+      "scenario": "upgrade arch:arm64 artifact_source:artifactory backend:raft consul_version:1.12.5 distro:rhel edition:oss seal:shamir",
+      "aws_region": "us-east-1"
+    },
+    {
+      "scenario": "upgrade arch:amd64 artifact_source:artifactory backend:raft consul_version:1.13.2 distro:ubuntu edition:oss seal:awskms",
+      "aws_region": "us-east-2"
+    }
+  ]
+}

.github/enos-run-matrices/crt-ent.json

@@ -0,0 +1,24 @@
+{
+  "include": [
+    {
+      "scenario": "smoke backend:consul consul_version:1.13.2 distro:ubuntu seal:awskms arch:amd64 artifact_source:crt edition:ent",
+      "aws_region": "us-west-1"
+    },
+    {
+      "scenario": "smoke backend:raft consul_version:1.13.2 distro:ubuntu seal:shamir arch:amd64 artifact_source:crt edition:ent",
+      "aws_region": "us-west-2"
+    },
+    {
+      "scenario": "upgrade backend:raft consul_version:1.12.5 distro:rhel seal:shamir arch:amd64 artifact_source:crt edition:ent",
+      "aws_region": "us-west-1"
+    },
+    {
+      "scenario": "upgrade backend:consul consul_version:1.12.5 distro:rhel seal:awskms arch:amd64 artifact_source:crt edition:ent",
+      "aws_region": "us-west-2"
+    },
+    {
+      "scenario": "autopilot distro:ubuntu seal:shamir arch:amd64 artifact_source:crt edition:ent",
+      "aws_region": "us-west-1"
+    }
+  ]
+}

.github/enos-run-matrices/crt-oss.json

@@ -0,0 +1,20 @@
+{
+  "include": [
+    {
+      "scenario": "smoke backend:consul consul_version:1.13.2 distro:ubuntu seal:awskms arch:amd64 artifact_source:crt edition:oss",
+      "aws_region": "us-west-1"
+    },
+    {
+      "scenario": "smoke backend:raft consul_version:1.13.2 distro:ubuntu seal:shamir arch:amd64 artifact_source:crt edition:oss",
+      "aws_region": "us-west-2"
+    },
+    {
+      "scenario": "upgrade backend:raft consul_version:1.12.5 distro:rhel seal:shamir arch:amd64 artifact_source:crt edition:oss",
+      "aws_region": "us-west-1"
+    },
+    {
+      "scenario": "upgrade backend:consul consul_version:1.12.5 distro:rhel seal:awskms arch:amd64 artifact_source:crt edition:oss",
+      "aws_region": "us-west-2"
+    }
+  ]
+}

.github/enos-run-matrices/ent.json

@@ -1,24 +0,0 @@
-{
-  "include": [
-    {
-      "scenario": "smoke backend:consul consul_version:1.12.3 distro:ubuntu seal:awskms arch:amd64 builder:crt edition:ent",
-      "aws_region": "us-west-1"
-    },
-    {
-      "scenario": "smoke backend:raft consul_version:1.12.3 distro:ubuntu seal:shamir arch:amd64 builder:crt edition:ent",
-      "aws_region": "us-west-2"
-    },
-    {
-      "scenario": "upgrade backend:raft consul_version:1.11.7 distro:rhel seal:shamir arch:amd64 builder:crt edition:ent",
-      "aws_region": "us-west-1"
-    },
-    {
-      "scenario": "upgrade backend:consul consul_version:1.11.7 distro:rhel seal:awskms arch:amd64 builder:crt edition:ent",
-      "aws_region": "us-west-2"
-    },
-    {
-      "scenario": "autopilot distro:ubuntu seal:shamir arch:amd64 builder:crt edition:ent",
-      "aws_region": "us-west-1"
-    }
-  ]
-}

.github/enos-run-matrices/oss.json

@@ -1,20 +0,0 @@
-{
-  "include": [
-    {
-      "scenario": "smoke backend:consul consul_version:1.12.3 distro:ubuntu seal:awskms arch:amd64 builder:crt edition:oss",
-      "aws_region": "us-west-1"
-    },
-    {
-      "scenario": "smoke backend:raft consul_version:1.12.3 distro:ubuntu seal:shamir arch:amd64 builder:crt edition:oss",
-      "aws_region": "us-west-2"
-    },
-    {
-      "scenario": "upgrade backend:raft consul_version:1.11.7 distro:rhel seal:shamir arch:amd64 builder:crt edition:oss",
-      "aws_region": "us-west-1"
-    },
-    {
-      "scenario": "upgrade backend:consul consul_version:1.11.7 distro:rhel seal:awskms arch:amd64 builder:crt edition:oss",
-      "aws_region": "us-west-2"
-    }
-  ]
-}

.github/workflows/build.yml

@@ -294,5 +294,6 @@ jobs:
       artifact-build-date: "${{needs.product-metadata.outputs.build-date}}"
       artifact-name: "vault_${{ needs.product-metadata.outputs.product-version }}_linux_amd64.zip"
       artifact-revision: "${{needs.product-metadata.outputs.product-revision}}"
+      artifact-source: "crt"
       artifact-version: "${{needs.product-metadata.outputs.product-version}}"
     secrets: inherit

.github/workflows/enos-run.yml

@@ -15,6 +15,9 @@ on:
       artifact-revision:
         required: true
         type: string
+      artifact-source:
+        required: false
+        type: string
       artifact-version:
         required: true
         type: string
@@ -24,6 +27,7 @@ env:
   ARTIFACT_BUILD_DATE: ${{ inputs.artifact-build-date }}
   ARTIFACT_NAME: ${{ inputs.artifact-name }}
   ARTIFACT_REVISION: ${{ inputs.artifact-revision }}
+  ARTIFACT_SOURCE: ${{ inputs.artifact-source }}
   ARTIFACT_VERSION: ${{ inputs.artifact-version }}
 
 jobs:
@@ -38,7 +42,7 @@ jobs:
       - name: Create Enos scenario matrix
         id: enos-matrix
         run: |
-          [[ ${{ env.ARTIFACT_NAME }} == *"ent"* ]] && scenarioFile=$(cat ./.github/enos-run-matrices/ent.json |jq -c .) || scenarioFile=$(cat ./.github/enos-run-matrices/oss.json |jq -c .)
+          [[ ${{ env.ARTIFACT_NAME }} == *"ent"* ]] && scenarioFile=$(cat ./.github/enos-run-matrices/${{ env.ARTIFACT_SOURCE }}-ent.json |jq -c .) || scenarioFile=$(cat ./.github/enos-run-matrices/${{ env.ARTIFACT_SOURCE }}-oss.json |jq -c .)
           echo "::set-output name=matrix::$scenarioFile"
   # Run Integration tests on Enos scenario matrix
   enos:

.github/workflows/enos-verify-stable.yml

@@ -0,0 +1,17 @@
+name: enos-verify-stable
+
+on:
+  repository_dispatch:
+    types:
+      - enos-verify-stable
+
+jobs:
+  enos-verify-stable:
+    name: Enos verify stable artifact
+    uses: ./.github/workflows/enos-run.yml
+    with:
+      artifact-source: "artifactory"
+      artifact-name: "${{ github.event.client_payload.payload.product }}_${{ github.event.client_payload.payload.version }}_linux_amd64.zip"
+      artifact-revision: "${{ github.event.client_payload.payload.sha }}"
+      artifact-version: "${{ github.event.client_payload.payload.version }}"
+    secrets: inherit

.release/ci.hcl

@@ -175,6 +175,18 @@ event "verify" {
   }
 }
 
+event "enos-verify-stable" {
+  depends = ["verify"]
+  action "enos-verify-stable" {
+    organization = "hashicorp"
+    repository = "vault"
+    workflow = "enos-verify-stable"
+  }
+
+  notification {
+    on = "fail"
+  }
+}
 ## These events are publish and post-publish events and should be added to the end of the file
 ## after the verify event stanza.
 

enos/enos-modules.hcl

@@ -30,6 +30,10 @@ module "build_local" {
   source = "./modules/build_local"
 }
 
+module "build_artifactory" {
+  source = "./modules/vault_artifactory_artifact"
+}
+
 module "create_vpc" {
   source = "app.terraform.io/hashicorp-qti/aws-infra/enos"
 

enos/enos-scenario-autopilot.hcl

@@ -1,10 +1,10 @@
 scenario "autopilot" {
   matrix {
-    arch    = ["amd64", "arm64"]
-    builder = ["local", "crt"]
-    distro  = ["ubuntu", "rhel"]
-    edition = ["ent"]
-    seal    = ["awskms", "shamir"]
+    arch            = ["amd64", "arm64"]
+    artifact_source = ["local", "crt", "artifactory"]
+    distro          = ["ubuntu", "rhel"]
+    edition         = ["ent"]
+    seal            = ["awskms", "shamir"]
   }
 
   terraform_cli = terraform_cli.default
@@ -19,12 +19,13 @@ scenario "autopilot" {
     build_tags = {
       "ent" = ["enterprise", "ent"]
     }
-    bundle_path             = abspath(var.vault_bundle_path)
+    bundle_path             = matrix.artifact_source != "artifactory" ? abspath(var.vault_bundle_path) : null
     dependencies_to_install = ["jq"]
     enos_provider = {
       rhel   = provider.enos.rhel
       ubuntu = provider.enos.ubuntu
     }
+    install_artifactory_artifact = local.bundle_path == null
     tags = merge({
       "Project Name" : var.project_name
       "Project" : "Enos",
@@ -38,13 +39,24 @@ scenario "autopilot" {
   }
 
   step "build_vault" {
-    module = matrix.builder == "crt" ? module.build_crt : module.build_local
+    module = "build_${matrix.artifact_source}"
 
     variables {
-      build_tags  = var.vault_local_build_tags != null ? var.vault_local_build_tags : local.build_tags[matrix.edition]
-      bundle_path = local.bundle_path
-      goarch      = matrix.arch
-      goos        = "linux"
+      build_tags            = try(var.vault_local_build_tags, local.build_tags[matrix.edition])
+      bundle_path           = local.bundle_path
+      goarch                = matrix.arch
+      goos                  = "linux"
+      artifactory_host      = matrix.artifact_source == "artifactory" ? var.artifactory_host : null
+      artifactory_repo      = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null
+      artifactory_username  = matrix.artifact_source == "artifactory" ? var.artifactory_username : null
+      artifactory_token     = matrix.artifact_source == "artifactory" ? var.artifactory_token : null
+      arch                  = matrix.artifact_source == "artifactory" ? matrix.arch : null
+      vault_product_version = var.vault_product_version
+      artifact_type         = matrix.artifact_source == "artifactory" ? var.vault_artifact_type : null
+      distro                = matrix.artifact_source == "artifactory" ? matrix.distro : null
+      edition               = matrix.artifact_source == "artifactory" ? matrix.edition : null
+      instance_type         = matrix.artifact_source == "artifactory" ? local.vault_instance_type : null
+      revision              = var.vault_revision
     }
   }
 
@@ -105,7 +117,7 @@ scenario "autopilot" {
   }
 
   step "get_local_metadata" {
-    skip_step = matrix.builder != "local"
+    skip_step = matrix.artifact_source != "local"
     module    = module.get_local_metadata
   }
 
@@ -113,7 +125,7 @@ scenario "autopilot" {
     module = module.autopilot_upgrade_storageconfig
 
     variables {
-      vault_product_version = matrix.builder == "local" ? step.get_local_metadata.version : var.vault_product_version
+      vault_product_version = matrix.artifact_source == "local" ? step.get_local_metadata.version : var.vault_product_version
     }
   }
 
@@ -121,6 +133,7 @@ scenario "autopilot" {
     module = module.vault_cluster
     depends_on = [
       step.create_vault_cluster,
+      step.build_vault,
       step.create_autopilot_upgrade_storageconfig,
     ]
 
@@ -141,6 +154,7 @@ scenario "autopilot" {
       vault_init                  = false
       vault_license               = step.read_license.license
       vault_local_artifact_path   = local.bundle_path
+      vault_artifactory_release   = local.install_artifactory_artifact ? step.build_vault.vault_artifactory_release : null
       vault_node_prefix           = "upgrade_node"
       vault_root_token            = step.create_vault_cluster.vault_root_token
       vault_unseal_when_no_init   = matrix.seal == "shamir"
@@ -158,7 +172,7 @@ scenario "autopilot" {
     }
 
     variables {
-      vault_autopilot_upgrade_version = matrix.builder == "local" ? step.get_local_metadata.version : var.vault_product_version
+      vault_autopilot_upgrade_version = matrix.artifact_source == "local" ? step.get_local_metadata.version : var.vault_product_version
       vault_instances                 = step.create_vault_cluster.vault_instances
       vault_root_token                = step.create_vault_cluster.vault_root_token
     }

enos/enos-scenario-smoke.hcl

@@ -1,12 +1,12 @@
 scenario "smoke" {
   matrix {
-    arch           = ["amd64", "arm64"]
-    backend        = ["consul", "raft"]
-    builder        = ["local", "crt"]
-    consul_version = ["1.12.3", "1.11.7", "1.10.12"]
-    distro         = ["ubuntu", "rhel"]
-    edition        = ["oss", "ent"]
-    seal           = ["awskms", "shamir"]
+    arch            = ["amd64", "arm64"]
+    backend         = ["consul", "raft"]
+    artifact_source = ["local", "crt", "artifactory"]
+    consul_version  = ["1.13.2", "1.12.5", "1.11.10"]
+    distro          = ["ubuntu", "rhel"]
+    edition         = ["oss", "ent"]
+    seal            = ["awskms", "shamir"]
   }
 
   terraform_cli = terraform_cli.default
@@ -22,12 +22,13 @@ scenario "smoke" {
       "oss" = ["ui"]
       "ent" = ["enterprise", "ent"]
     }
-    bundle_path             = abspath(var.vault_bundle_path)
+    bundle_path             = matrix.artifact_source != "artifactory" ? abspath(var.vault_bundle_path) : null
     dependencies_to_install = ["jq"]
     enos_provider = {
       rhel   = provider.enos.rhel
       ubuntu = provider.enos.ubuntu
     }
+    install_artifactory_artifact = local.bundle_path == null
     tags = merge({
       "Project Name" : var.project_name
       "Project" : "Enos",
@@ -40,14 +41,30 @@ scenario "smoke" {
     vault_instance_type = coalesce(var.vault_instance_type, local.vault_instance_types[matrix.arch])
   }
 
+  step "get_local_metadata" {
+    skip_step = matrix.artifact_source != "local"
+    module    = module.get_local_metadata
+  }
+
   step "build_vault" {
-    module = matrix.builder == "crt" ? module.build_crt : module.build_local
+    module = "build_${matrix.artifact_source}"
 
     variables {
-      build_tags  = var.vault_local_build_tags != null ? var.vault_local_build_tags : local.build_tags[matrix.edition]
-      bundle_path = local.bundle_path
-      goarch      = matrix.arch
-      goos        = "linux"
+      build_tags            = try(var.vault_local_build_tags, local.build_tags[matrix.edition])
+      bundle_path           = local.bundle_path
+      goarch                = matrix.arch
+      goos                  = "linux"
+      artifactory_host      = matrix.artifact_source == "artifactory" ? var.artifactory_host : null
+      artifactory_repo      = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null
+      artifactory_username  = matrix.artifact_source == "artifactory" ? var.artifactory_username : null
+      artifactory_token     = matrix.artifact_source == "artifactory" ? var.artifactory_token : null
+      arch                  = matrix.artifact_source == "artifactory" ? matrix.arch : null
+      vault_product_version = var.vault_product_version
+      artifact_type         = matrix.artifact_source == "artifactory" ? var.vault_artifact_type : null
+      distro                = matrix.artifact_source == "artifactory" ? matrix.distro : null
+      edition               = matrix.artifact_source == "artifactory" ? matrix.edition : null
+      instance_type         = matrix.artifact_source == "artifactory" ? local.vault_instance_type : null
+      revision              = var.vault_revision
     }
   }
 
@@ -82,11 +99,8 @@ scenario "smoke" {
   }
 
   step "create_backend_cluster" {
-    module = "backend_${matrix.backend}"
-    depends_on = [
-      step.create_vpc,
-      step.build_vault,
-    ]
+    module     = "backend_${matrix.backend}"
+    depends_on = [step.create_vpc]
 
     providers = {
       enos = provider.enos.ubuntu
@@ -105,16 +119,11 @@ scenario "smoke" {
     }
   }
 
-  step "get_local_metadata" {
-    skip_step = matrix.builder != "local"
-    module    = module.get_local_metadata
-  }
-
   step "create_vault_cluster" {
     module = module.vault_cluster
     depends_on = [
-      step.create_vpc,
       step.create_backend_cluster,
+      step.build_vault,
     ]
 
     providers = {
@@ -131,6 +140,7 @@ scenario "smoke" {
       storage_backend           = matrix.backend
       unseal_method             = matrix.seal
       vault_local_artifact_path = local.bundle_path
+      vault_artifactory_release = local.install_artifactory_artifact ? step.build_vault.vault_artifactory_release : null
       vault_license             = matrix.edition != "oss" ? step.read_license.license : null
       vpc_id                    = step.create_vpc.vpc_id
     }
@@ -149,9 +159,9 @@ scenario "smoke" {
     variables {
       vault_instances       = step.create_vault_cluster.vault_instances
       vault_edition         = matrix.edition
-      vault_product_version = matrix.builder == "local" ? step.get_local_metadata.version : var.vault_product_version
-      vault_revision        = matrix.builder == "local" ? step.get_local_metadata.revision : var.vault_revision
-      vault_build_date      = matrix.builder == "local" ? step.get_local_metadata.build_date : var.vault_build_date
+      vault_product_version = matrix.artifact_source == "local" ? step.get_local_metadata.version : var.vault_product_version
+      vault_revision        = matrix.artifact_source == "local" ? step.get_local_metadata.revision : var.vault_revision
+      vault_build_date      = matrix.artifact_source == "local" ? step.get_local_metadata.build_date : var.vault_build_date
       vault_root_token      = step.create_vault_cluster.vault_root_token
     }
   }

enos/enos-scenario-upgrade.hcl

@@ -1,12 +1,12 @@
 scenario "upgrade" {
   matrix {
-    arch           = ["amd64", "arm64"]
-    backend        = ["consul", "raft"]
-    builder        = ["local", "crt"]
-    consul_version = ["1.12.3", "1.11.7", "1.10.12"]
-    distro         = ["ubuntu", "rhel"]
-    edition        = ["oss", "ent"]
-    seal           = ["awskms", "shamir"]
+    arch            = ["amd64", "arm64"]
+    backend         = ["consul", "raft"]
+    artifact_source = ["local", "crt", "artifactory"]
+    consul_version  = ["1.13.2", "1.12.5", "1.11.10"]
+    distro          = ["ubuntu", "rhel"]
+    edition         = ["oss", "ent"]
+    seal            = ["awskms", "shamir"]
   }
 
   terraform_cli = terraform_cli.default
@@ -22,12 +22,13 @@ scenario "upgrade" {
       "oss" = ["ui"]
       "ent" = ["enterprise", "ent"]
     }
-    bundle_path             = abspath(var.vault_bundle_path)
+    bundle_path             = matrix.artifact_source != "artifactory" ? abspath(var.vault_bundle_path) : null
     dependencies_to_install = ["jq"]
     enos_provider = {
       rhel   = provider.enos.rhel
       ubuntu = provider.enos.ubuntu
     }
+    install_artifactory_artifact = local.bundle_path == null
     tags = merge({
       "Project Name" : var.project_name
       "Project" : "Enos",
@@ -41,13 +42,24 @@ scenario "upgrade" {
   }
 
   step "build_vault" {
-    module = matrix.builder == "crt" ? module.build_crt : module.build_local
+    module = "build_${matrix.artifact_source}"
 
     variables {
-      build_tags  = var.vault_local_build_tags != null ? var.vault_local_build_tags : local.build_tags[matrix.edition]
-      bundle_path = local.bundle_path
-      goarch      = matrix.arch
-      goos        = "linux"
+      build_tags            = try(var.vault_local_build_tags, local.build_tags[matrix.edition])
+      bundle_path           = local.bundle_path
+      goarch                = matrix.arch
+      goos                  = "linux"
+      artifactory_host      = matrix.artifact_source == "artifactory" ? var.artifactory_host : null
+      artifactory_repo      = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null
+      artifactory_username  = matrix.artifact_source == "artifactory" ? var.artifactory_username : null
+      artifactory_token     = matrix.artifact_source == "artifactory" ? var.artifactory_token : null
+      arch                  = matrix.artifact_source == "artifactory" ? matrix.arch : null
+      vault_product_version = var.vault_product_version
+      artifact_type         = matrix.artifact_source == "artifactory" ? var.vault_artifact_type : null
+      distro                = matrix.artifact_source == "artifactory" ? matrix.distro : null
+      edition               = matrix.artifact_source == "artifactory" ? matrix.edition : null
+      instance_type         = matrix.artifact_source == "artifactory" ? local.vault_instance_type : null
+      revision              = var.vault_revision
     }
   }
 
@@ -82,16 +94,13 @@ scenario "upgrade" {
   }
 
   step "get_local_metadata" {
-    skip_step = matrix.builder != "local"
+    skip_step = matrix.artifact_source != "local"
     module    = module.get_local_metadata
   }
 
   step "create_backend_cluster" {
-    module = "backend_${matrix.backend}"
-    depends_on = [
-      step.create_vpc,
-      step.build_vault,
-    ]
+    module     = "backend_${matrix.backend}"
+    depends_on = [step.create_vpc]
 
     providers = {
       enos = provider.enos.ubuntu
@@ -113,8 +122,8 @@ scenario "upgrade" {
   step "create_vault_cluster" {
     module = module.vault_cluster
     depends_on = [
-      step.create_vpc,
       step.create_backend_cluster,
+      step.build_vault,
     ]
 
     providers = {
@@ -147,11 +156,13 @@ scenario "upgrade" {
     }
 
     variables {
-      vault_api_addr          = "http://localhost:8200"
-      vault_instances         = step.create_vault_cluster.vault_instances
-      vault_local_bundle_path = local.bundle_path
-      vault_unseal_keys       = matrix.seal == "shamir" ? step.create_vault_cluster.vault_unseal_keys_hex : null
-      vault_seal_type         = matrix.seal
+      vault_api_addr            = "http://localhost:8200"
+      vault_instances           = step.create_vault_cluster.vault_instances
+      vault_local_bundle_path   = local.bundle_path
+      vault_local_artifact_path = local.bundle_path
+      vault_artifactory_release = local.install_artifactory_artifact ? step.build_vault.vault_artifactory_release : null
+      vault_unseal_keys         = matrix.seal == "shamir" ? step.create_vault_cluster.vault_unseal_keys_hex : null
+      vault_seal_type           = matrix.seal
     }
   }
 
@@ -169,9 +180,9 @@ scenario "upgrade" {
     variables {
       vault_instances       = step.create_vault_cluster.vault_instances
       vault_edition         = matrix.edition
-      vault_product_version = matrix.builder == "local" ? step.get_local_metadata.version : var.vault_product_version
-      vault_revision        = matrix.builder == "local" ? step.get_local_metadata.revision : var.vault_revision
-      vault_build_date      = matrix.builder == "local" ? step.get_local_metadata.build_date : var.vault_build_date
+      vault_product_version = matrix.artifact_source == "local" ? step.get_local_metadata.version : var.vault_product_version
+      vault_revision        = matrix.artifact_source == "local" ? step.get_local_metadata.revision : var.vault_revision
+      vault_build_date      = matrix.artifact_source == "local" ? step.get_local_metadata.build_date : var.vault_build_date
       vault_root_token      = step.create_vault_cluster.vault_root_token
     }
   }

enos/enos-variables.hcl

@@ -1,3 +1,35 @@
+variable "artifact_path" {
+  type        = string
+  description = "The local path for dev artifact to test"
+  default     = null
+}
+
+variable "artifactory_username" {
+  type        = string
+  description = "The username to use when connecting to artifactory"
+  default     = null
+  sensitive   = true
+}
+
+variable "artifactory_token" {
+  type        = string
+  description = "The token to use when connecting to artifactory"
+  default     = null
+  sensitive   = true
+}
+
+variable "artifactory_host" {
+  type        = string
+  description = "The artifactory host to search for vault artifacts"
+  default     = "https://artifactory.hashicorp.engineering/artifactory"
+}
+
+variable "artifactory_repo" {
+  type        = string
+  description = "The artifactory repo to search for vault artifacts"
+  default     = "hashicorp-crt-stable-local*"
+}
+
 variable "aws_region" {
   description = "The AWS region where we'll create infrastructure"
   type        = string
@@ -55,6 +87,12 @@ variable "terraform_plugin_cache_dir" {
 variable "tfc_api_token" {
   description = "The Terraform Cloud QTI Organization API token."
   type        = string
+  sensitive   = true
+}
+
+variable "vault_artifact_type" {
+  description = "The Vault artifact type package or bundle"
+  default     = "bundle"
 }
 
 variable "vault_autopilot_initial_release" {

enos/modules/build_crt/main.tf

@@ -18,3 +18,32 @@ variable "goos" {
   description = "The Go OS target"
   default     = "linux"
 }
+
+variable "artifactory_host" { default = null }
+variable "artifactory_repo" { default = null }
+variable "artifactory_username" { default = null }
+variable "artifactory_token" { default = null }
+variable "arch" {
+  default = null
+}
+variable "artifact_path" {
+  default = null
+}
+variable "artifact_type" {
+  default = null
+}
+variable "distro" {
+  default = null
+}
+variable "edition" {
+  default = null
+}
+variable "instance_type" {
+  default = null
+}
+variable "revision" {
+  default = null
+}
+variable "vault_product_version" {
+  default = null
+}

enos/modules/build_local/main.tf

@@ -20,6 +20,35 @@ variable "goos" {
   default     = "linux"
 }
 
+variable "artifactory_host" { default = null }
+variable "artifactory_repo" { default = null }
+variable "artifactory_username" { default = null }
+variable "artifactory_token" { default = null }
+variable "arch" {
+  default = null
+}
+variable "artifact_path" {
+  default = null
+}
+variable "artifact_type" {
+  default = null
+}
+variable "distro" {
+  default = null
+}
+variable "edition" {
+  default = null
+}
+variable "instance_type" {
+  default = null
+}
+variable "revision" {
+  default = null
+}
+variable "vault_product_version" {
+  default = null
+}
+
 resource "enos_local_exec" "build" {
   content = templatefile("${path.module}/templates/build.sh", {
     bundle_path = var.bundle_path,

enos/modules/vault_artifactory_artifact/locals.tf

@@ -0,0 +1,57 @@
+locals {
+
+  // file name extensions for the install packages of vault for the various architectures, distributions and editions
+  package_extensions = {
+    amd64 = {
+      ubuntu = {
+        "oss"     = "-1_amd64.deb"
+        "ent"     = "+ent-1_amd64.deb"
+        "ent.hsm" = "+ent-1_amd64.deb"
+      }
+      rhel = {
+        "oss"     = "-1.x86_64.rpm"
+        "ent"     = "+ent-1.x86_64.rpm"
+        "ent.hsm" = "+ent-1.x86_64.rpm"
+      }
+    }
+    arm64 = {
+      ubuntu = {
+        "oss" = "-1_arm64.deb"
+        "ent" = "+ent-1_arm64.deb"
+      }
+      rhel = {
+        "oss" = "-1.aarch64.rpm"
+        "ent" = "+ent-1.aarch64.rpm"
+      }
+    }
+  }
+
+  // file name prefixes for the install packages of vault for the various distributions and artifact types (package or bundle)
+  artifact_package_release_names = {
+    ubuntu = {
+      "oss"     = "vault_"
+      "ent"     = "vault-enterprise_",
+      "ent.hsm" = "vault-enterprise-hsm_",
+    },
+    rhel = {
+      "oss"     = "vault-"
+      "ent"     = "vault-enterprise-",
+      "ent.hsm" = "vault-enterprise-hsm-",
+    }
+  }
+
+  artifact_types = ["package", "bundle"]
+
+  // edition --> artifact name edition
+  artifact_name_edition = {
+    "oss"              = ""
+    "ent"              = ""
+    "ent.hsm"          = "+ent.hsm"
+    "ent.fips1402"     = "+ent.fips1402"
+    "ent.hsm.fips1402" = "+ent.hsm.fips1402"
+  }
+
+  artifact_name_prefix    = var.artifact_type == "package" ? local.artifact_package_release_names[var.distro][var.edition] : "vault_"
+  artifact_name_extension = var.artifact_type == "package" ? local.package_extensions[var.arch][var.distro][var.edition] : "${local.artifact_name_edition[var.edition]}_linux_${var.arch}.zip"
+  artifact_name           = var.artifact_type == "package" ? "${local.artifact_name_prefix}${replace(var.vault_product_version, "-", "~")}${local.artifact_name_extension}" : "${local.artifact_name_prefix}${var.vault_product_version}${local.artifact_name_extension}"
+}

enos/modules/vault_artifactory_artifact/main.tf

@@ -0,0 +1,22 @@
+terraform {
+  required_providers {
+    enos = {
+      source  = "app.terraform.io/hashicorp-qti/enos"
+      version = ">= 0.2.3"
+    }
+  }
+}
+
+data "enos_artifactory_item" "vault" {
+  username = var.artifactory_username
+  token    = var.artifactory_token
+  name     = local.artifact_name
+  host     = var.artifactory_host
+  repo     = var.artifactory_repo
+  path     = var.edition == "oss" ? "vault/*" : "vault-enterprise/*"
+  properties = tomap({
+    "commit"          = var.revision
+    "product-name"    = var.edition == "oss" ? "vault" : "vault-enterprise"
+    "product-version" = var.vault_product_version
+  })
+}

enos/modules/vault_artifactory_artifact/outputs.tf

@@ -0,0 +1,29 @@
+
+output "url" {
+  value       = data.enos_artifactory_item.vault.results[0].url
+  description = "The artifactory download url for the artifact"
+}
+
+output "sha256" {
+  value       = data.enos_artifactory_item.vault.results[0].sha256
+  description = "The sha256 checksum for the artifact"
+}
+
+output "size" {
+  value       = data.enos_artifactory_item.vault.results[0].size
+  description = "The size in bytes of the artifact"
+}
+
+output "name" {
+  value       = data.enos_artifactory_item.vault.results[0].name
+  description = "The name of the artifact"
+}
+
+output "vault_artifactory_release" {
+  value = {
+    url      = data.enos_artifactory_item.vault.results[0].url
+    sha256   = data.enos_artifactory_item.vault.results[0].sha256
+    username = var.artifactory_username
+    token    = var.artifactory_token
+  }
+}

enos/modules/vault_artifactory_artifact/variables.tf

@@ -0,0 +1,36 @@
+
+variable "artifactory_username" {
+  type        = string
+  description = "The username to use when connecting to artifactory"
+  default     = null
+}
+
+variable "artifactory_token" {
+  type        = string
+  description = "The token to use when connecting to artifactory"
+  default     = null
+  sensitive   = true
+}
+
+variable "artifactory_host" {
+  type        = string
+  description = "The artifactory host to search for vault artifacts"
+  default     = "https://artifactory.hashicorp.engineering/artifactory"
+}
+
+variable "artifactory_repo" {
+  type        = string
+  description = "The artifactory repo to search for vault artifacts"
+  default     = "hashicorp-crt-stable-local*"
+}
+variable "arch" {}
+variable "artifact_type" {}
+variable "distro" {}
+variable "edition" {}
+variable "instance_type" {}
+variable "revision" {}
+variable "vault_product_version" {}
+variable "build_tags" { default = null }
+variable "bundle_path" { default = null }
+variable "goarch" { default = null }
+variable "goos" { default = null }

enos/modules/vault_upgrade/main.tf

@@ -37,6 +37,23 @@ variable "vault_local_bundle_path" {
   description = "The path to the local Vault (vault.zip) bundle"
 }
 
+variable "vault_local_artifact_path" {
+  type        = string
+  description = "The path to a locally built vault artifact to install"
+  default     = null
+}
+
+variable "vault_artifactory_release" {
+  type = object({
+    username = string
+    token    = string
+    url      = string
+    sha256   = string
+  })
+  description = "Vault release version and edition to install from artifactory.hashicorp.engineering"
+  default     = null
+}
+
 variable "vault_seal_type" {
   type        = string
   description = "The Vault seal type"

enos/modules/vault_verify_unsealed/main.tf

@@ -44,7 +44,7 @@ locals {
   }
 }
 
-resource "enos_remote_exec" "verify_raft_auto_join_voter" {
+resource "enos_remote_exec" "verify_node_unsealed" {
   for_each = local.instances
 
   content = templatefile("${path.module}/templates/verify-vault-node-unsealed.sh", {