vault

scottk/vault

Fork 0

mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-12-29 00:11:05 +00:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Ryan Cragun	174da88b9d	VAULT-28146: Add IPV6 support to enos scenarios (#27884 ) * VAULT-28146: Add IPV6 support to enos scenarios Add support for testing all raft storage scenarios and variants when running Vault with IPV6 networking. We retain our previous support for IPV4 and create a new variant `ip_version` which can be used to configure the IP version that we wish to test with. It's important to note that the VPC in IPV6 mode is technically mixed and that target machines still associate public IPV6 addresses. That allows us to execute our resources against them from IPV4 networks like developer machines and CI runners. Despite that, we've taken care to ensure that only IPV6 addresses are used in IPV6 mode. Because we previously had assumed the IP Version, Vault address, and listener ports in so many places, this PR is essentially a rewrite and removal of those assumptions. There are also a few places where improvements to scenarios have been included as I encountered them while working on the IPV6 changes. Signed-off-by: Ryan Cragun <me@ryan.ec>	2024-07-30 11:00:27 -06:00
Ryan Cragun	27ab988205	[QT-695] Add `config_mode` variant to some scenarios (#26380 ) Add `config_mode` variant to some scenarios so we can dynamically change how we primarily configure the Vault cluster, either by a configuration file or with environment variables. As part of this change we also: * Start consuming the Enos terraform provider from public Terraform registry. * Remove the old `seal_ha_beta` variant as it is no longer required. * Add a module that performs a `vault operator step-down` so that we can force leader elections in scenarios. * Wire up an operator step-down into some scenarios to test both the old and new multiseal code paths during leader elections. Signed-off-by: Ryan Cragun <me@ryan.ec>	2024-04-22 12:34:47 -06:00
Ryan Cragun	a46def288f	[QT-616] Add `seal_ha` enos scenario (#23812 ) Add support for testing Vault Enterprise with HA seal support by adding a new `seal_ha` scenario that configures more than one seal type for a Vault cluster. We also extend existing scenarios to support testing with or without the Seal HA code path enabled. * Extract starting vault into a separate enos module to allow for better handling of complex clusters that need to be started more than once. * Extract seal key creation into a separate module and provide it to target modules. This allows us to create more than one seal key and associate it with instances. This also allows us to forego creating keys when using shamir seals. * [QT-615] Add support for configuring more that one seal type to `vault_cluster` module. * [QT-616] Add `seal_ha` scenario * [QT-625] Add `seal_ha_beta` variant to existing scenarios to test with both code paths. * Unpin action-setup-terraform * Add `kms:TagResource` to service user IAM profile Signed-off-by: Ryan Cragun <me@ryan.ec>	2023-10-26 15:13:30 -06:00

Ryan Cragun

174da88b9d

VAULT-28146: Add IPV6 support to enos scenarios (#27884 )

* VAULT-28146: Add IPV6 support to enos scenarios

Add support for testing all raft storage scenarios and variants when
running Vault with IPV6 networking. We retain our previous support for
IPV4 and create a new variant `ip_version` which can be used to
configure the IP version that we wish to test with.

It's important to note that the VPC in IPV6 mode is technically mixed
and that target machines still associate public IPV6 addresses. That
allows us to execute our resources against them from IPV4 networks like
developer machines and CI runners. Despite that, we've taken care to
ensure that only IPV6 addresses are used in IPV6 mode.

Because we previously had assumed the IP Version, Vault address, and
listener ports in so many places, this PR is essentially a rewrite and
removal of those assumptions. There are also a few places where
improvements to scenarios have been included as I encountered them while
working on the IPV6 changes.

Signed-off-by: Ryan Cragun <me@ryan.ec>

2024-07-30 11:00:27 -06:00

Ryan Cragun

27ab988205

[QT-695] Add config_mode variant to some scenarios (#26380 )

Add `config_mode` variant to some scenarios so we can dynamically change
how we primarily configure the Vault cluster, either by a configuration
file or with environment variables.

As part of this change we also:
* Start consuming the Enos terraform provider from public Terraform
  registry.
* Remove the old `seal_ha_beta` variant as it is no longer required.
* Add a module that performs a `vault operator step-down` so that we can
  force leader elections in scenarios.
* Wire up an operator step-down into some scenarios to test both the old
  and new multiseal code paths during leader elections.

Signed-off-by: Ryan Cragun <me@ryan.ec>

2024-04-22 12:34:47 -06:00

Ryan Cragun

a46def288f

[QT-616] Add seal_ha enos scenario (#23812 )

Add support for testing Vault Enterprise with HA seal support by adding
a new `seal_ha` scenario that configures more than one seal type for a
Vault cluster. We also extend existing scenarios to support testing
with or without the Seal HA code path enabled.

* Extract starting vault into a separate enos module to allow for better
  handling of complex clusters that need to be started more than once.
* Extract seal key creation into a separate module and provide it to
  target modules. This allows us to create more than one seal key and
  associate it with instances. This also allows us to forego creating
  keys when using shamir seals.
* [QT-615] Add support for configuring more that one seal type to
  `vault_cluster` module.
* [QT-616] Add `seal_ha` scenario
* [QT-625] Add `seal_ha_beta` variant to existing scenarios to test with
  both code paths.
* Unpin action-setup-terraform
* Add `kms:TagResource` to service user IAM profile

Signed-off-by: Ryan Cragun <me@ryan.ec>

2023-10-26 15:13:30 -06:00

3 Commits