@@ -8,25 +8,13 @@ import (
88 "time"
99
1010 "github.com/gruntwork-io/terratest/modules/aws"
11- "github.com/gruntwork-io/terratest/modules/logger"
1211 "github.com/gruntwork-io/terratest/modules/random"
1312 "github.com/gruntwork-io/terratest/modules/retry"
1413 "github.com/gruntwork-io/terratest/modules/ssh"
1514 "github.com/gruntwork-io/terratest/modules/terraform"
1615 "github.com/gruntwork-io/terratest/modules/test-structure"
1716)
1817
19- // This is the alias of a KMS key we have previously created that lives in the
20- // AWS account where our CI tests run. We have one with the same alias in
21- // every region. This key is necessary for the test of an Enterprise Vault feature
22- // called auto unseal. If you wish to run test this locally, replace this with
23- // the alias of an KMS key you already have on the AWS account you use for running
24- // your tests or create a new one. Beware that creating an AWS KMS key costs money.
25- const AUTO_UNSEAL_KMS_KEY_ALIAS = "dedicated-test-key"
26-
27- const VAULT_AUTO_UNSEAL_AUTH_PATH = "examples/vault-auto-unseal"
28- const VAR_VAULT_AUTO_UNSEAL_KMS_KEY_ALIAS = "auto_unseal_kms_key_alias"
29-
3018// To test this on circle ci you need a url set as an environment variable, VAULT_AMI_TEMPLATE_VAR_DOWNLOAD_URL
3119// which you would also have to set locally if you want to run this test locally.
3220// The reason is to prevent the actual url from being visible on code and logs
@@ -38,45 +26,6 @@ func getUrlFromEnv(t *testing.T) string {
3826 return url
3927}
4028
41- // Test the Vault auto unseal example by:
42- //
43- // 1. Copying the code in this repo to a temp folder so tests on the Terraform code can run in parallel without the
44- // state files overwriting each other.
45- // 2. Building the AMI in the vault-consul-ami example with the given build name
46- // 3. Deploying a cluster of 1 vault server using the example Terraform code
47- // 4. Sshing into vault node to initialize the server and check that it booted unsealed
48- // 5. Increasing the the cluster size to 3 and check that new nodes are unsealed when they boot and join the cluster
49- func runVaultAutoUnsealTest (t * testing.T , amiId string , awsRegion string , sshUserName string ) {
50- examplesDir := test_structure .CopyTerraformFolderToTemp (t , REPO_ROOT , VAULT_AUTO_UNSEAL_AUTH_PATH )
51-
52- defer test_structure .RunTestStage (t , "teardown" , func () {
53- teardownResources (t , examplesDir )
54- })
55-
56- defer test_structure .RunTestStage (t , "log" , func () {
57- terraformOptions := test_structure .LoadTerraformOptions (t , examplesDir )
58- keyPair := test_structure .LoadEc2KeyPair (t , examplesDir )
59-
60- getVaultLogs (t , "vaultAutoUnseal" , terraformOptions , amiId , awsRegion , sshUserName , keyPair )
61- })
62-
63- test_structure .RunTestStage (t , "deploy" , func () {
64- uniqueId := random .UniqueId ()
65- terraformVars := map [string ]interface {}{
66- VAR_VAULT_AUTO_UNSEAL_KMS_KEY_ALIAS : AUTO_UNSEAL_KMS_KEY_ALIAS ,
67- VAR_VAULT_CLUSTER_SIZE : 1 ,
68- }
69- deployCluster (t , amiId , awsRegion , examplesDir , uniqueId , terraformVars )
70- })
71-
72- test_structure .RunTestStage (t , "validate" , func () {
73- terraformOptions := test_structure .LoadTerraformOptions (t , examplesDir )
74- keyPair := test_structure .LoadEc2KeyPair (t , examplesDir )
75-
76- testAutoUnseal (t , OUTPUT_VAULT_CLUSTER_ASG_NAME , sshUserName , terraformOptions , awsRegion , keyPair )
77- })
78- }
79-
8029// Test the Vault enterprise cluster example by:
8130//
8231// 1. Copy the code in this repo to a temp folder so tests on the Terraform code can run in parallel without the
@@ -115,40 +64,6 @@ func runVaultEnterpriseClusterTest(t *testing.T, amiId string, awsRegion string,
11564 })
11665}
11766
118- func testAutoUnseal (t * testing.T , asgNameOutputVar string , sshUserName string , terraformOptions * terraform.Options , awsRegion string , keyPair * aws.Ec2Keypair ) {
119- asgName := terraform .OutputRequired (t , terraformOptions , asgNameOutputVar )
120- nodeIpAddresses := getIpAddressesOfAsgInstances (t , asgName , awsRegion )
121- logger .Logf (t , fmt .Sprintf ("IP ADDRESS OF INSTANCE %s" , nodeIpAddresses [0 ]))
122- initialCluster := VaultCluster {
123- Leader : ssh.Host {
124- Hostname : nodeIpAddresses [0 ],
125- SshUserName : sshUserName ,
126- SshKeyPair : keyPair .KeyPair ,
127- },
128- }
129-
130- establishConnectionToCluster (t , initialCluster )
131- waitForVaultToBoot (t , initialCluster )
132-
133- retry .DoWithRetry (t , "Initializing the cluster" , 10 , 10 * time .Second , func () (string , error ) {
134- return ssh .CheckSshCommandE (t , initialCluster .Leader , "vault operator init" )
135- })
136- assertStatus (t , initialCluster .Leader , Leader )
137-
138- logger .Logf (t , "Increasing the cluster size and running 'terraform apply' again" )
139- terraformOptions .Vars [VAR_VAULT_CLUSTER_SIZE ] = 3
140- terraform .Apply (t , terraformOptions )
141-
142- logger .Logf (t , "The cluster now should be bigger and the new nodes should boot unsealed (on standby mode already)" )
143- newCluster := findVaultClusterNodes (t , asgNameOutputVar , sshUserName , terraformOptions , awsRegion , keyPair )
144- establishConnectionToCluster (t , newCluster )
145- for _ , node := range newCluster .Nodes () {
146- if node .Hostname != initialCluster .Leader .Hostname {
147- assertStatus (t , node , Standby )
148- }
149- }
150- }
151-
15267// Check if the enterprise version of consul and vault is installed
15368func checkEnterpriseInstall (t * testing.T , asgNameOutputVar string , sshUserName string , terratestOptions * terraform.Options , awsRegion string , keyPair * aws.Ec2Keypair ) {
15469 asgName := terraform .OutputRequired (t , terratestOptions , asgNameOutputVar )
0 commit comments