From 5365b2900759832233967fcd656be3fc482ab8b4 Mon Sep 17 00:00:00 2001 From: Michael Li Date: Mon, 10 Oct 2022 11:47:19 -0400 Subject: [PATCH] refact(e2e): Port enos smoke test into e2e test suite This adds a test case to the e2e test suite and unifies where testing is located. --- .github/workflows/enos-run.yml | 1 - enos/enos.hcl | 37 +-- enos/modules/test_smoke/README.md | 5 - enos/modules/test_smoke/main.tf | 140 ---------- enos/templates/connect-target.sh | 24 -- .../e2e/host/static/staticcredential_test.go | 257 ++++++++++++++++++ 6 files changed, 258 insertions(+), 206 deletions(-) delete mode 100644 enos/modules/test_smoke/README.md delete mode 100644 enos/modules/test_smoke/main.tf delete mode 100644 enos/templates/connect-target.sh create mode 100644 testing/internal/e2e/host/static/staticcredential_test.go diff --git a/.github/workflows/enos-run.yml b/.github/workflows/enos-run.yml index ff95d4fe20..9a25d4493a 100644 --- a/.github/workflows/enos-run.yml +++ b/.github/workflows/enos-run.yml @@ -25,7 +25,6 @@ jobs: fail-fast: false # don't fail as that can skip required cleanup steps for jobs matrix: include: - - filter: 'integration test:smoke' - filter: 'integration test:cli_ui' - filter: 'e2e_credential_vault' - filter: 'e2e_host_aws' diff --git a/enos/enos.hcl b/enos/enos.hcl index 09b106af1c..8cd76d6654 100644 --- a/enos/enos.hcl +++ b/enos/enos.hcl @@ -43,7 +43,7 @@ scenario "integration" { matrix { builder = ["local", "crt"] - test = ["smoke", "cli_ui"] + test = ["cli_ui"] } locals { @@ -120,41 +120,6 @@ scenario "integration" { } } - step "launch_smoke_targets" { - skip_step = matrix.test != "smoke" - module = module.target - depends_on = [step.create_base_infra] - - variables { - ami_id = step.create_base_infra.ami_ids["ubuntu"]["amd64"] - aws_ssh_keypair_name = var.aws_ssh_keypair_name - enos_user = var.enos_user - instance_type = var.target_instance_type - vpc_id = step.create_base_infra.vpc_id - } - } - - step "run_test_smoke" { - skip_step = matrix.test != "smoke" - module = module.test_smoke - depends_on = [step.create_boundary_cluster] - - variables { - alb_boundary_api_addr = step.create_boundary_cluster.alb_boundary_api_addr - auth_login_name = step.create_boundary_cluster.auth_login_name - auth_method_id = step.create_boundary_cluster.auth_method_id - auth_password = step.create_boundary_cluster.auth_password - aws_ssh_private_key_path = local.aws_ssh_private_key_path - boundary_install_dir = local.boundary_install_dir - controller_ips = step.create_boundary_cluster.controller_ips - local_boundary_dir = local.local_boundary_dir - project_scope_id = step.create_boundary_cluster.project_scope_id - target_count = var.target_count - target_id = step.create_boundary_cluster.target_id - target_ips = step.launch_smoke_targets.target_ips - } - } - step "run_test_cli_ui" { skip_step = matrix.test != "cli_ui" module = module.test_cli_ui diff --git a/enos/modules/test_smoke/README.md b/enos/modules/test_smoke/README.md deleted file mode 100644 index 2b824609c8..0000000000 --- a/enos/modules/test_smoke/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# Smoke Test - -This test runs a basic smoke test that gets a Boundary Auth token, creates a -test catalog and host set, adds the "target" node(s) as hosts/targets and -attempts to SSH to a target to verify that it is able. diff --git a/enos/modules/test_smoke/main.tf b/enos/modules/test_smoke/main.tf deleted file mode 100644 index 3f903a3d38..0000000000 --- a/enos/modules/test_smoke/main.tf +++ /dev/null @@ -1,140 +0,0 @@ -terraform { - required_providers { - enos = { - source = "app.terraform.io/hashicorp-qti/enos" - } - } -} - -variable "alb_boundary_api_addr" {} -variable "auth_login_name" {} -variable "auth_method_id" {} -variable "auth_password" {} -variable "aws_ssh_private_key_path" {} -variable "boundary_install_dir" {} -variable "controller_ips" {} -variable "local_boundary_dir" {} -variable "project_scope_id" {} -variable "target_count" {} -variable "target_id" {} -variable "target_ips" {} - -resource "enos_local_exec" "local_boundary_version" { - inline = ["${var.local_boundary_dir}/boundary version -format=json"] -} - -resource "enos_remote_exec" "remote_boundary_version" { - inline = ["${var.boundary_install_dir}/boundary version -format=json"] - transport = { - ssh = { - host = var.controller_ips.0 - } - } -} - -locals { - base_environment = { - BOUNDARY_ADDR = var.alb_boundary_api_addr, - BOUNDARY_TOKEN = local.auth_token - } -} - -resource "enos_local_exec" "get_token" { - environment = { - BOUNDARY_ADDR = var.alb_boundary_api_addr, - BOUNDARY_PATH = var.local_boundary_dir, - METHOD_ID = var.auth_method_id, - LOGIN_NAME = var.auth_login_name, - PASSWORD = var.auth_password, - } - scripts = ["${path.module}/../../templates/get-token.sh"] -} - -locals { - auth_token = jsondecode(enos_local_exec.get_token.stdout).item.attributes.token -} - -resource "enos_local_exec" "read_target" { - environment = local.base_environment - inline = ["${var.local_boundary_dir}/boundary targets read -id ${var.target_id}"] -} - -resource "enos_local_exec" "create_catalog" { - environment = local.base_environment - inline = ["${var.local_boundary_dir}/boundary host-catalogs create static -scope-id=${var.project_scope_id} -name=enos1 -description=test -format=json"] -} - -locals { - catalog_id = jsondecode(enos_local_exec.create_catalog.stdout).item.id -} - -resource "enos_local_exec" "create_static_hosts" { - environment = local.base_environment - for_each = toset([for idx in range(var.target_count) : tostring(idx)]) - inline = ["${var.local_boundary_dir}/boundary hosts create static -name=${var.target_ips[each.value]} -description=${var.target_ips[each.value]} -address=${var.target_ips[each.value]} -host-catalog-id=${local.catalog_id} -format=json"] -} - -locals { - host_ids = [for idx in range(var.target_count) : jsondecode(values(enos_local_exec.create_static_hosts)[idx].stdout).item.id] -} - -resource "enos_local_exec" "create_host_set" { - environment = local.base_environment - inline = ["${var.local_boundary_dir}/boundary host-sets create static -name='test-machines' -description='Test machine host set' -host-catalog-id=${local.catalog_id} -format=json"] -} - -locals { - host_set_id = jsondecode(enos_local_exec.create_host_set.stdout).item.id -} - -resource "enos_local_exec" "add_to_host_set" { - environment = local.base_environment - for_each = toset([for idx in range(var.target_count) : tostring(idx)]) - inline = ["${var.local_boundary_dir}/boundary host-sets add-hosts -id=${local.host_set_id} -host=${local.host_ids[each.value]} -format=json"] -} - -resource "enos_local_exec" "create_static_credential_store" { - environment = local.base_environment - inline = ["${var.local_boundary_dir}/boundary credential-stores create static -scope-id=${var.project_scope_id} -format=json"] -} - -locals { - credential_store_id = jsondecode(enos_local_exec.create_static_credential_store.stdout).item.id -} - -resource "enos_local_exec" "create_ssh_private_key_credential" { - environment = local.base_environment - inline = ["${var.local_boundary_dir}/boundary credentials create ssh-private-key -credential-store-id=${local.credential_store_id} -username=ubuntu -private-key=file://${var.aws_ssh_private_key_path} -format=json"] -} - -locals { - credential_id = jsondecode(enos_local_exec.create_ssh_private_key_credential.stdout).item.id -} - -resource "enos_local_exec" "create_target" { - environment = local.base_environment - inline = ["${var.local_boundary_dir}/boundary targets create tcp -name='test target' -description='test target' -default-port=22 -scope-id=${var.project_scope_id} -session-connection-limit='-1' -session-max-seconds=900 -format=json"] -} - -locals { - target_id = jsondecode(enos_local_exec.create_target.stdout).item.id -} - -resource "enos_local_exec" "add_hosts_to_target" { - environment = local.base_environment - inline = ["${var.local_boundary_dir}/boundary targets add-host-sources -id=${local.target_id} -host-source=${local.host_set_id} -format=json"] -} - -resource "enos_local_exec" "add_credential_to_target" { - environment = local.base_environment - inline = ["${var.local_boundary_dir}/boundary targets add-credential-sources -id=${local.target_id} -brokered-credential-source=${local.credential_id} -format=json"] -} - -resource "enos_local_exec" "connect_target" { - environment = merge(local.base_environment, - { - BOUNDARY_PATH = var.local_boundary_dir - TARGET_ID = local.target_id - }) - scripts = ["${path.module}/../../templates/connect-target.sh"] -} diff --git a/enos/templates/connect-target.sh b/enos/templates/connect-target.sh deleted file mode 100644 index 41eb3804b6..0000000000 --- a/enos/templates/connect-target.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash -set -e - -function retry { - local retries=$1 - shift - local count=0 - - until "$@"; do - exit=$? - wait=$((2 ** count)) - count=$((count + 1)) - - if [ "$count" -lt "$retries" ]; then - sleep "$wait" - else - return "$exit" - fi - done - - return 0 -} - -retry 10 ${BOUNDARY_PATH}/boundary connect ssh -target-id=${TARGET_ID} -- -o StrictHostKeyChecking=no diff --git a/testing/internal/e2e/host/static/staticcredential_test.go b/testing/internal/e2e/host/static/staticcredential_test.go new file mode 100644 index 0000000000..278c3a58ba --- /dev/null +++ b/testing/internal/e2e/host/static/staticcredential_test.go @@ -0,0 +1,257 @@ +package static_test + +import ( + "context" + "encoding/json" + "fmt" + "os" + "strconv" + "testing" + + "github.com/hashicorp/boundary/api/credentials" + "github.com/hashicorp/boundary/api/credentialstores" + "github.com/hashicorp/boundary/api/hostcatalogs" + "github.com/hashicorp/boundary/api/hosts" + "github.com/hashicorp/boundary/api/hostsets" + "github.com/hashicorp/boundary/api/targets" + "github.com/hashicorp/boundary/testing/internal/e2e" + "github.com/hashicorp/boundary/testing/internal/e2e/boundary" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +// TestConnectTargetWithStaticCredentialStoreCli uses the boundary cli to create a credential using +// boundary's built-in credential store. The test attaches that credential to a target and attempts +// to connect to that target using those credentials. +func TestConnectTargetWithStaticCredentialStoreCli(t *testing.T) { + e2e.MaybeSkipTest(t) + c, err := loadConfig() + require.NoError(t, err) + + boundary.AuthenticateCli(t) + + // Create an org and project + newOrgId := boundary.CreateNewOrgCli(t) + t.Logf("Created Org Id: %s", newOrgId) + newProjectId := boundary.CreateNewProjectCli(t, newOrgId) + t.Logf("Created Project Id: %s", newProjectId) + + // Create a credential store + output := e2e.RunCommand("boundary", "credential-stores", "create", "static", + "-scope-id", newProjectId, + "-format", "json", + ) + require.NoError(t, output.Err, string(output.Stderr)) + var newCredentialStoreResult credentialstores.CredentialStoreCreateResult + err = json.Unmarshal(output.Stdout, &newCredentialStoreResult) + require.NoError(t, err) + newCredentialStoreId := newCredentialStoreResult.Item.Id + t.Logf("Created Credential Store: %s", newCredentialStoreId) + + // Create credentials + output = e2e.RunCommand("boundary", "credentials", "create", "ssh-private-key", + "-credential-store-id", newCredentialStoreId, + "-username", c.TargetSshUser, + "-private-key", "file://"+c.TargetSshKeyPath, + "-format", "json", + ) + require.NoError(t, output.Err, string(output.Stderr)) + var newCredentialsResult credentials.CredentialCreateResult + err = json.Unmarshal(output.Stdout, &newCredentialsResult) + require.NoError(t, err) + newCredentialsId := newCredentialsResult.Item.Id + t.Logf("Created Credentials: %s", newCredentialsId) + + // Create a host catalog + output = e2e.RunCommand("boundary", "host-catalogs", "create", "static", + "-scope-id", newProjectId, + "-name", "e2e Automated Test Host Catalog", + "-format", "json", + ) + require.NoError(t, output.Err, string(output.Stderr)) + var newHostCatalogResult hostcatalogs.HostCatalogCreateResult + err = json.Unmarshal(output.Stdout, &newHostCatalogResult) + require.NoError(t, err) + newHostCatalogId := newHostCatalogResult.Item.Id + t.Logf("Created Host Catalog: %s", newHostCatalogId) + + // Create a host set and add to catalog + output = e2e.RunCommand("boundary", "host-sets", "create", "static", + "-host-catalog-id", newHostCatalogId, + "-name", "e2e Automated Test Host Set", + "-format", "json", + ) + require.NoError(t, output.Err, string(output.Stderr)) + var newHostSetResult hostsets.HostSetCreateResult + err = json.Unmarshal(output.Stdout, &newHostSetResult) + require.NoError(t, err) + newHostSetId := newHostSetResult.Item.Id + t.Logf("Created Host Set: %s", newHostSetId) + + // Create a host + output = e2e.RunCommand("boundary", "hosts", "create", "static", + "-host-catalog-id", newHostCatalogId, + "-name", c.TargetIp, + "-address", c.TargetIp, + "-format", "json", + ) + require.NoError(t, output.Err, string(output.Stderr)) + var newHostResult hosts.HostCreateResult + err = json.Unmarshal(output.Stdout, &newHostResult) + require.NoError(t, err) + newHostId := newHostResult.Item.Id + t.Logf("Created Host: %s", newHostId) + + // Add host to host set + output = e2e.RunCommand("boundary", "host-sets", "add-hosts", "-id", newHostSetId, "-host", newHostId) + require.NoError(t, output.Err, string(output.Stderr)) + + // Create a target + output = e2e.RunCommand("boundary", "targets", "create", "tcp", + "-scope-id", newProjectId, + "-default-port", c.TargetPort, + "-name", "e2e Automated Test Target", + "-format", "json", + ) + require.NoError(t, output.Err, string(output.Stderr)) + var newTargetResult targets.TargetCreateResult + err = json.Unmarshal(output.Stdout, &newTargetResult) + require.NoError(t, err) + newTargetId := newTargetResult.Item.Id + t.Logf("Created Target: %s", newTargetId) + + // Add host set to target + output = e2e.RunCommand("boundary", "targets", "add-host-sources", + "-id", newTargetId, + "-host-source", newHostSetId, + ) + require.NoError(t, output.Err, string(output.Stderr)) + + // Add credentials to target + output = e2e.RunCommand("boundary", "targets", "add-credential-sources", + "-id", newTargetId, + "-brokered-credential-source", newCredentialsId, + ) + require.NoError(t, output.Err, string(output.Stderr)) + + // Get credentials for target + output = e2e.RunCommand("boundary", "targets", "authorize-session", "-id", newTargetId, "-format", "json") + require.NoError(t, output.Err, string(output.Stderr)) + var newSessionAuthorizationResult targets.SessionAuthorizationResult + err = json.Unmarshal(output.Stdout, &newSessionAuthorizationResult) + require.NoError(t, err) + + newSessionAuthorization := newSessionAuthorizationResult.Item + retrievedUser := fmt.Sprintf("%s", newSessionAuthorization.Credentials[0].Credential["username"]) + retrievedKey := fmt.Sprintf("%s\n", newSessionAuthorization.Credentials[0].Credential["private_key"]) + assert.Equal(t, c.TargetSshUser, retrievedUser) + + k, err := os.ReadFile(c.TargetSshKeyPath) + require.NoError(t, err) + require.Equal(t, string(k), retrievedKey) + t.Log("Successfully retrieved credentials for target") + + // Connect to target and print host's IP address using retrieved credentials + output = e2e.RunCommand("boundary", "connect", "ssh", + "-target-id", newTargetId, "--", + "-o", "UserKnownHostsFile=/dev/null", + "-o", "StrictHostKeyChecking=no", + "-o", "IdentitiesOnly=yes", // forces the use of the provided key + ) + require.NoError(t, output.Err, string(output.Stderr)) + t.Log("Successfully connected to target") +} + +// TestCreateTargetWithStaticCredentialStoreApi uses the boundary go api to create a credential using +// boundary's built-in credential store. The test then attaches that credential to a target. +func TestCreateTargetWithStaticCredentialStoreApi(t *testing.T) { + e2e.MaybeSkipTest(t) + c, err := loadConfig() + require.NoError(t, err) + + // Create boundary api client + client, err := boundary.NewApiClient() + require.NoError(t, err) + ctx := context.Background() + + // Create an org and project + newOrgId := boundary.CreateNewOrgApi(t, ctx, client) + t.Logf("Created Org Id: %s", newOrgId) + newProjectId := boundary.CreateNewProjectApi(t, ctx, client, newOrgId) + t.Logf("Created Project Id: %s", newProjectId) + + // Create a credential store + csClient := credentialstores.NewClient(client) + newCredentialStoreResult, err := csClient.Create(ctx, "static", newProjectId) + require.NoError(t, err) + newCredentialStoreId := newCredentialStoreResult.Item.Id + t.Logf("Created Credential Store: %s", newCredentialStoreId) + + // Create credentials + cClient := credentials.NewClient(client) + k, err := os.ReadFile(c.TargetSshKeyPath) + require.NoError(t, err) + newCredentialsResult, err := cClient.Create(ctx, "ssh_private_key", newCredentialStoreId, + credentials.WithSshPrivateKeyCredentialUsername(c.TargetSshUser), + credentials.WithSshPrivateKeyCredentialPrivateKey(string(k)), + ) + require.NoError(t, err) + newCredentialsId := newCredentialsResult.Item.Id + t.Logf("Created Credentials: %s", newCredentialsId) + + // Create a host catalog + hcClient := hostcatalogs.NewClient(client) + newHostCatalogResult, err := hcClient.Create(ctx, "static", newProjectId, + hostcatalogs.WithName("e2e Automated Test Host Catalog"), + ) + require.NoError(t, err) + newHostCatalogId := newHostCatalogResult.Item.Id + t.Logf("Created Host Catalog: %s", newHostCatalogId) + + // Create a host set and add to catalog + hsClient := hostsets.NewClient(client) + newHostSetResult, err := hsClient.Create(ctx, newHostCatalogId) + require.NoError(t, err) + newHostSetId := newHostSetResult.Item.Id + t.Logf("Created Host Set: %s", newHostSetId) + + // Create a host + hClient := hosts.NewClient(client) + newHostResult, err := hClient.Create(ctx, newHostCatalogId, + hosts.WithName(c.TargetIp), + hosts.WithStaticHostAddress(c.TargetIp), + ) + require.NoError(t, err) + newHostId := newHostResult.Item.Id + t.Logf("Created Host: %s", newHostId) + + // Add host to host set + _, err = hsClient.AddHosts(ctx, newHostSetId, 0, []string{newHostId}, hostsets.WithAutomaticVersioning(true)) + require.NoError(t, err) + + // Create a target + tClient := targets.NewClient(client) + targetPort, err := strconv.ParseInt(c.TargetPort, 10, 32) + require.NoError(t, err) + newTargetResult, err := tClient.Create(ctx, "tcp", newProjectId, + targets.WithName("e2e Automated Test Target"), + targets.WithTcpTargetDefaultPort(uint32(targetPort)), + ) + require.NoError(t, err) + newTargetId := newTargetResult.Item.Id + t.Logf("Created Target: %s", newTargetId) + + // Add host set to target + _, err = tClient.AddHostSources(ctx, newTargetId, 0, + []string{newHostSetId}, + targets.WithAutomaticVersioning(true), + ) + require.NoError(t, err) + + // Add credentials to target + _, err = tClient.AddCredentialSources(ctx, newTargetId, 0, + targets.WithAutomaticVersioning(true), + targets.WithBrokeredCredentialSourceIds([]string{newCredentialsId}), + ) + require.NoError(t, err) +}