refact(e2e): Port enos smoke test into e2e test suite

This adds a test case to the e2e test suite and unifies where testing is located.

.github/workflows/enos-run.yml

@@ -25,7 +25,6 @@ jobs:
       fail-fast: false # don't fail as that can skip required cleanup steps for jobs
       matrix:
         include:
-          - filter: 'integration test:smoke'
           - filter: 'integration test:cli_ui'
           - filter: 'e2e_credential_vault'
           - filter: 'e2e_host_aws'

enos/enos.hcl

@@ -43,7 +43,7 @@ scenario "integration" {
 
   matrix {
     builder = ["local", "crt"]
-    test    = ["smoke", "cli_ui"]
+    test    = ["cli_ui"]
   }
 
   locals {
@@ -120,41 +120,6 @@ scenario "integration" {
     }
   }
 
-  step "launch_smoke_targets" {
-    skip_step  = matrix.test != "smoke"
-    module     = module.target
-    depends_on = [step.create_base_infra]
-
-    variables {
-      ami_id               = step.create_base_infra.ami_ids["ubuntu"]["amd64"]
-      aws_ssh_keypair_name = var.aws_ssh_keypair_name
-      enos_user            = var.enos_user
-      instance_type        = var.target_instance_type
-      vpc_id               = step.create_base_infra.vpc_id
-    }
-  }
-
-  step "run_test_smoke" {
-    skip_step  = matrix.test != "smoke"
-    module     = module.test_smoke
-    depends_on = [step.create_boundary_cluster]
-
-    variables {
-      alb_boundary_api_addr    = step.create_boundary_cluster.alb_boundary_api_addr
-      auth_login_name          = step.create_boundary_cluster.auth_login_name
-      auth_method_id           = step.create_boundary_cluster.auth_method_id
-      auth_password            = step.create_boundary_cluster.auth_password
-      aws_ssh_private_key_path = local.aws_ssh_private_key_path
-      boundary_install_dir     = local.boundary_install_dir
-      controller_ips           = step.create_boundary_cluster.controller_ips
-      local_boundary_dir       = local.local_boundary_dir
-      project_scope_id         = step.create_boundary_cluster.project_scope_id
-      target_count             = var.target_count
-      target_id                = step.create_boundary_cluster.target_id
-      target_ips               = step.launch_smoke_targets.target_ips
-    }
-  }
-
   step "run_test_cli_ui" {
     skip_step  = matrix.test != "cli_ui"
     module     = module.test_cli_ui

enos/modules/test_smoke/README.md

@@ -1,5 +0,0 @@
-# Smoke Test
-
-This test runs a basic smoke test that gets a Boundary Auth token, creates a
-test catalog and host set, adds the "target" node(s) as hosts/targets and
-attempts to SSH to a target to verify that it is able.

enos/modules/test_smoke/main.tf

@@ -1,140 +0,0 @@
-terraform {
-  required_providers {
-    enos = {
-      source = "app.terraform.io/hashicorp-qti/enos"
-    }
-  }
-}
-
-variable "alb_boundary_api_addr" {}
-variable "auth_login_name" {}
-variable "auth_method_id" {}
-variable "auth_password" {}
-variable "aws_ssh_private_key_path" {}
-variable "boundary_install_dir" {}
-variable "controller_ips" {}
-variable "local_boundary_dir" {}
-variable "project_scope_id" {}
-variable "target_count" {}
-variable "target_id" {}
-variable "target_ips" {}
-
-resource "enos_local_exec" "local_boundary_version" {
-  inline = ["${var.local_boundary_dir}/boundary version -format=json"]
-}
-
-resource "enos_remote_exec" "remote_boundary_version" {
-  inline = ["${var.boundary_install_dir}/boundary version -format=json"]
-  transport = {
-    ssh = {
-      host = var.controller_ips.0
-    }
-  }
-}
-
-locals {
-  base_environment = {
-    BOUNDARY_ADDR  = var.alb_boundary_api_addr,
-    BOUNDARY_TOKEN = local.auth_token
-  }
-}
-
-resource "enos_local_exec" "get_token" {
-  environment = {
-    BOUNDARY_ADDR = var.alb_boundary_api_addr,
-    BOUNDARY_PATH = var.local_boundary_dir,
-    METHOD_ID     = var.auth_method_id,
-    LOGIN_NAME    = var.auth_login_name,
-    PASSWORD      = var.auth_password,
-  }
-  scripts = ["${path.module}/../../templates/get-token.sh"]
-}
-
-locals {
-  auth_token = jsondecode(enos_local_exec.get_token.stdout).item.attributes.token
-}
-
-resource "enos_local_exec" "read_target" {
-  environment = local.base_environment
-  inline      = ["${var.local_boundary_dir}/boundary targets read -id ${var.target_id}"]
-}
-
-resource "enos_local_exec" "create_catalog" {
-  environment = local.base_environment
-  inline      = ["${var.local_boundary_dir}/boundary host-catalogs create static -scope-id=${var.project_scope_id} -name=enos1 -description=test -format=json"]
-}
-
-locals {
-  catalog_id = jsondecode(enos_local_exec.create_catalog.stdout).item.id
-}
-
-resource "enos_local_exec" "create_static_hosts" {
-  environment = local.base_environment
-  for_each    = toset([for idx in range(var.target_count) : tostring(idx)])
-  inline      = ["${var.local_boundary_dir}/boundary hosts create static -name=${var.target_ips[each.value]} -description=${var.target_ips[each.value]} -address=${var.target_ips[each.value]} -host-catalog-id=${local.catalog_id} -format=json"]
-}
-
-locals {
-  host_ids = [for idx in range(var.target_count) : jsondecode(values(enos_local_exec.create_static_hosts)[idx].stdout).item.id]
-}
-
-resource "enos_local_exec" "create_host_set" {
-  environment = local.base_environment
-  inline      = ["${var.local_boundary_dir}/boundary host-sets create static -name='test-machines' -description='Test machine host set' -host-catalog-id=${local.catalog_id} -format=json"]
-}
-
-locals {
-  host_set_id = jsondecode(enos_local_exec.create_host_set.stdout).item.id
-}
-
-resource "enos_local_exec" "add_to_host_set" {
-  environment = local.base_environment
-  for_each    = toset([for idx in range(var.target_count) : tostring(idx)])
-  inline      = ["${var.local_boundary_dir}/boundary host-sets add-hosts -id=${local.host_set_id} -host=${local.host_ids[each.value]} -format=json"]
-}
-
-resource "enos_local_exec" "create_static_credential_store" {
-  environment = local.base_environment
-  inline      = ["${var.local_boundary_dir}/boundary credential-stores create static -scope-id=${var.project_scope_id} -format=json"]
-}
-
-locals {
-  credential_store_id = jsondecode(enos_local_exec.create_static_credential_store.stdout).item.id
-}
-
-resource "enos_local_exec" "create_ssh_private_key_credential" {
-  environment = local.base_environment
-  inline      = ["${var.local_boundary_dir}/boundary credentials create ssh-private-key -credential-store-id=${local.credential_store_id} -username=ubuntu -private-key=file://${var.aws_ssh_private_key_path} -format=json"]
-}
-
-locals {
-  credential_id = jsondecode(enos_local_exec.create_ssh_private_key_credential.stdout).item.id
-}
-
-resource "enos_local_exec" "create_target" {
-  environment = local.base_environment
-  inline      = ["${var.local_boundary_dir}/boundary targets create tcp -name='test target' -description='test target' -default-port=22 -scope-id=${var.project_scope_id} -session-connection-limit='-1' -session-max-seconds=900 -format=json"]
-}
-
-locals {
-  target_id = jsondecode(enos_local_exec.create_target.stdout).item.id
-}
-
-resource "enos_local_exec" "add_hosts_to_target" {
-  environment = local.base_environment
-  inline      = ["${var.local_boundary_dir}/boundary targets add-host-sources -id=${local.target_id} -host-source=${local.host_set_id} -format=json"]
-}
-
-resource "enos_local_exec" "add_credential_to_target" {
-  environment = local.base_environment
-  inline      = ["${var.local_boundary_dir}/boundary targets add-credential-sources -id=${local.target_id} -brokered-credential-source=${local.credential_id} -format=json"]
-}
-
-resource "enos_local_exec" "connect_target" {
-  environment = merge(local.base_environment,
-    {
-      BOUNDARY_PATH = var.local_boundary_dir
-      TARGET_ID     = local.target_id
-  })
-  scripts = ["${path.module}/../../templates/connect-target.sh"]
-}

enos/templates/connect-target.sh

@@ -1,24 +0,0 @@
-#!/bin/bash
-set -e
-
-function retry {
-  local retries=$1
-  shift
-  local count=0
-
-  until "$@"; do
-    exit=$?
-    wait=$((2 ** count))
-    count=$((count + 1))
-
-    if [ "$count" -lt "$retries" ]; then
-      sleep "$wait"
-    else
-      return "$exit"
-    fi
-  done
-
-  return 0
-}
-
-retry 10 ${BOUNDARY_PATH}/boundary connect ssh -target-id=${TARGET_ID} -- -o StrictHostKeyChecking=no

testing/internal/e2e/host/static/staticcredential_test.go

@@ -0,0 +1,257 @@
+package static_test
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"os"
+	"strconv"
+	"testing"
+
+	"github.com/hashicorp/boundary/api/credentials"
+	"github.com/hashicorp/boundary/api/credentialstores"
+	"github.com/hashicorp/boundary/api/hostcatalogs"
+	"github.com/hashicorp/boundary/api/hosts"
+	"github.com/hashicorp/boundary/api/hostsets"
+	"github.com/hashicorp/boundary/api/targets"
+	"github.com/hashicorp/boundary/testing/internal/e2e"
+	"github.com/hashicorp/boundary/testing/internal/e2e/boundary"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+// TestConnectTargetWithStaticCredentialStoreCli uses the boundary cli to create a credential using
+// boundary's built-in credential store. The test attaches that credential to a target and attempts
+// to connect to that target using those credentials.
+func TestConnectTargetWithStaticCredentialStoreCli(t *testing.T) {
+	e2e.MaybeSkipTest(t)
+	c, err := loadConfig()
+	require.NoError(t, err)
+
+	boundary.AuthenticateCli(t)
+
+	// Create an org and project
+	newOrgId := boundary.CreateNewOrgCli(t)
+	t.Logf("Created Org Id: %s", newOrgId)
+	newProjectId := boundary.CreateNewProjectCli(t, newOrgId)
+	t.Logf("Created Project Id: %s", newProjectId)
+
+	// Create a credential store
+	output := e2e.RunCommand("boundary", "credential-stores", "create", "static",
+		"-scope-id", newProjectId,
+		"-format", "json",
+	)
+	require.NoError(t, output.Err, string(output.Stderr))
+	var newCredentialStoreResult credentialstores.CredentialStoreCreateResult
+	err = json.Unmarshal(output.Stdout, &newCredentialStoreResult)
+	require.NoError(t, err)
+	newCredentialStoreId := newCredentialStoreResult.Item.Id
+	t.Logf("Created Credential Store: %s", newCredentialStoreId)
+
+	// Create credentials
+	output = e2e.RunCommand("boundary", "credentials", "create", "ssh-private-key",
+		"-credential-store-id", newCredentialStoreId,
+		"-username", c.TargetSshUser,
+		"-private-key", "file://"+c.TargetSshKeyPath,
+		"-format", "json",
+	)
+	require.NoError(t, output.Err, string(output.Stderr))
+	var newCredentialsResult credentials.CredentialCreateResult
+	err = json.Unmarshal(output.Stdout, &newCredentialsResult)
+	require.NoError(t, err)
+	newCredentialsId := newCredentialsResult.Item.Id
+	t.Logf("Created Credentials: %s", newCredentialsId)
+
+	// Create a host catalog
+	output = e2e.RunCommand("boundary", "host-catalogs", "create", "static",
+		"-scope-id", newProjectId,
+		"-name", "e2e Automated Test Host Catalog",
+		"-format", "json",
+	)
+	require.NoError(t, output.Err, string(output.Stderr))
+	var newHostCatalogResult hostcatalogs.HostCatalogCreateResult
+	err = json.Unmarshal(output.Stdout, &newHostCatalogResult)
+	require.NoError(t, err)
+	newHostCatalogId := newHostCatalogResult.Item.Id
+	t.Logf("Created Host Catalog: %s", newHostCatalogId)
+
+	// Create a host set and add to catalog
+	output = e2e.RunCommand("boundary", "host-sets", "create", "static",
+		"-host-catalog-id", newHostCatalogId,
+		"-name", "e2e Automated Test Host Set",
+		"-format", "json",
+	)
+	require.NoError(t, output.Err, string(output.Stderr))
+	var newHostSetResult hostsets.HostSetCreateResult
+	err = json.Unmarshal(output.Stdout, &newHostSetResult)
+	require.NoError(t, err)
+	newHostSetId := newHostSetResult.Item.Id
+	t.Logf("Created Host Set: %s", newHostSetId)
+
+	// Create a host
+	output = e2e.RunCommand("boundary", "hosts", "create", "static",
+		"-host-catalog-id", newHostCatalogId,
+		"-name", c.TargetIp,
+		"-address", c.TargetIp,
+		"-format", "json",
+	)
+	require.NoError(t, output.Err, string(output.Stderr))
+	var newHostResult hosts.HostCreateResult
+	err = json.Unmarshal(output.Stdout, &newHostResult)
+	require.NoError(t, err)
+	newHostId := newHostResult.Item.Id
+	t.Logf("Created Host: %s", newHostId)
+
+	// Add host to host set
+	output = e2e.RunCommand("boundary", "host-sets", "add-hosts", "-id", newHostSetId, "-host", newHostId)
+	require.NoError(t, output.Err, string(output.Stderr))
+
+	// Create a target
+	output = e2e.RunCommand("boundary", "targets", "create", "tcp",
+		"-scope-id", newProjectId,
+		"-default-port", c.TargetPort,
+		"-name", "e2e Automated Test Target",
+		"-format", "json",
+	)
+	require.NoError(t, output.Err, string(output.Stderr))
+	var newTargetResult targets.TargetCreateResult
+	err = json.Unmarshal(output.Stdout, &newTargetResult)
+	require.NoError(t, err)
+	newTargetId := newTargetResult.Item.Id
+	t.Logf("Created Target: %s", newTargetId)
+
+	// Add host set to target
+	output = e2e.RunCommand("boundary", "targets", "add-host-sources",
+		"-id", newTargetId,
+		"-host-source", newHostSetId,
+	)
+	require.NoError(t, output.Err, string(output.Stderr))
+
+	// Add credentials to target
+	output = e2e.RunCommand("boundary", "targets", "add-credential-sources",
+		"-id", newTargetId,
+		"-brokered-credential-source", newCredentialsId,
+	)
+	require.NoError(t, output.Err, string(output.Stderr))
+
+	// Get credentials for target
+	output = e2e.RunCommand("boundary", "targets", "authorize-session", "-id", newTargetId, "-format", "json")
+	require.NoError(t, output.Err, string(output.Stderr))
+	var newSessionAuthorizationResult targets.SessionAuthorizationResult
+	err = json.Unmarshal(output.Stdout, &newSessionAuthorizationResult)
+	require.NoError(t, err)
+
+	newSessionAuthorization := newSessionAuthorizationResult.Item
+	retrievedUser := fmt.Sprintf("%s", newSessionAuthorization.Credentials[0].Credential["username"])
+	retrievedKey := fmt.Sprintf("%s\n", newSessionAuthorization.Credentials[0].Credential["private_key"])
+	assert.Equal(t, c.TargetSshUser, retrievedUser)
+
+	k, err := os.ReadFile(c.TargetSshKeyPath)
+	require.NoError(t, err)
+	require.Equal(t, string(k), retrievedKey)
+	t.Log("Successfully retrieved credentials for target")
+
+	// Connect to target and print host's IP address using retrieved credentials
+	output = e2e.RunCommand("boundary", "connect", "ssh",
+		"-target-id", newTargetId, "--",
+		"-o", "UserKnownHostsFile=/dev/null",
+		"-o", "StrictHostKeyChecking=no",
+		"-o", "IdentitiesOnly=yes", // forces the use of the provided key
+	)
+	require.NoError(t, output.Err, string(output.Stderr))
+	t.Log("Successfully connected to target")
+}
+
+// TestCreateTargetWithStaticCredentialStoreApi uses the boundary go api to create a credential using
+// boundary's built-in credential store. The test then attaches that credential to a target.
+func TestCreateTargetWithStaticCredentialStoreApi(t *testing.T) {
+	e2e.MaybeSkipTest(t)
+	c, err := loadConfig()
+	require.NoError(t, err)
+
+	// Create boundary api client
+	client, err := boundary.NewApiClient()
+	require.NoError(t, err)
+	ctx := context.Background()
+
+	// Create an org and project
+	newOrgId := boundary.CreateNewOrgApi(t, ctx, client)
+	t.Logf("Created Org Id: %s", newOrgId)
+	newProjectId := boundary.CreateNewProjectApi(t, ctx, client, newOrgId)
+	t.Logf("Created Project Id: %s", newProjectId)
+
+	// Create a credential store
+	csClient := credentialstores.NewClient(client)
+	newCredentialStoreResult, err := csClient.Create(ctx, "static", newProjectId)
+	require.NoError(t, err)
+	newCredentialStoreId := newCredentialStoreResult.Item.Id
+	t.Logf("Created Credential Store: %s", newCredentialStoreId)
+
+	// Create credentials
+	cClient := credentials.NewClient(client)
+	k, err := os.ReadFile(c.TargetSshKeyPath)
+	require.NoError(t, err)
+	newCredentialsResult, err := cClient.Create(ctx, "ssh_private_key", newCredentialStoreId,
+		credentials.WithSshPrivateKeyCredentialUsername(c.TargetSshUser),
+		credentials.WithSshPrivateKeyCredentialPrivateKey(string(k)),
+	)
+	require.NoError(t, err)
+	newCredentialsId := newCredentialsResult.Item.Id
+	t.Logf("Created Credentials: %s", newCredentialsId)
+
+	// Create a host catalog
+	hcClient := hostcatalogs.NewClient(client)
+	newHostCatalogResult, err := hcClient.Create(ctx, "static", newProjectId,
+		hostcatalogs.WithName("e2e Automated Test Host Catalog"),
+	)
+	require.NoError(t, err)
+	newHostCatalogId := newHostCatalogResult.Item.Id
+	t.Logf("Created Host Catalog: %s", newHostCatalogId)
+
+	// Create a host set and add to catalog
+	hsClient := hostsets.NewClient(client)
+	newHostSetResult, err := hsClient.Create(ctx, newHostCatalogId)
+	require.NoError(t, err)
+	newHostSetId := newHostSetResult.Item.Id
+	t.Logf("Created Host Set: %s", newHostSetId)
+
+	// Create a host
+	hClient := hosts.NewClient(client)
+	newHostResult, err := hClient.Create(ctx, newHostCatalogId,
+		hosts.WithName(c.TargetIp),
+		hosts.WithStaticHostAddress(c.TargetIp),
+	)
+	require.NoError(t, err)
+	newHostId := newHostResult.Item.Id
+	t.Logf("Created Host: %s", newHostId)
+
+	// Add host to host set
+	_, err = hsClient.AddHosts(ctx, newHostSetId, 0, []string{newHostId}, hostsets.WithAutomaticVersioning(true))
+	require.NoError(t, err)
+
+	// Create a target
+	tClient := targets.NewClient(client)
+	targetPort, err := strconv.ParseInt(c.TargetPort, 10, 32)
+	require.NoError(t, err)
+	newTargetResult, err := tClient.Create(ctx, "tcp", newProjectId,
+		targets.WithName("e2e Automated Test Target"),
+		targets.WithTcpTargetDefaultPort(uint32(targetPort)),
+	)
+	require.NoError(t, err)
+	newTargetId := newTargetResult.Item.Id
+	t.Logf("Created Target: %s", newTargetId)
+
+	// Add host set to target
+	_, err = tClient.AddHostSources(ctx, newTargetId, 0,
+		[]string{newHostSetId},
+		targets.WithAutomaticVersioning(true),
+	)
+	require.NoError(t, err)
+
+	// Add credentials to target
+	_, err = tClient.AddCredentialSources(ctx, newTargetId, 0,
+		targets.WithAutomaticVersioning(true),
+		targets.WithBrokeredCredentialSourceIds([]string{newCredentialsId}),
+	)
+	require.NoError(t, err)
+}