refact(e2e): Consolidate tests (#4569) (#4577)

* refact(e2e): Move -remote-command check into ssh test

* refact(e2e): Remove duplicate test

* fix(e2e): Modify unnecessary use of Logf

* fix(e2e): Add error checks

* fix(e2e): Remove unused parameter

(cherry picked from commit 8533433868)

# Conflicts:
#	testing/internal/e2e/tests/base/target_tcp_connect_ssh_remote_command_test.go

Co-authored-by: Michael Li <michael.li@hashicorp.com>

testing/internal/e2e/tests/aws/worker_test.go

@@ -63,7 +63,7 @@ func TestCliWorker(t *testing.T) {
 	require.Error(t, output.Err, string(output.Stderr))
 	assert.Equal(t, 255, output.ExitCode)
 	require.Contains(t, string(output.Stderr), "timed out")
-	t.Logf("Successfully detected connection failure")
+	t.Log("Successfully detected connection failure")
 
 	// Set correct worker filter, expect connection success
 	t.Logf("Setting correct worker filter...")
@@ -94,5 +94,5 @@ func TestCliWorker(t *testing.T) {
 		),
 	)
 	require.NoError(t, output.Err, string(output.Stderr))
-	t.Logf("Successfully connected to target")
+	t.Log("Successfully connected to target")
 }

testing/internal/e2e/tests/base/auth_token_delete_test.go

@@ -83,5 +83,5 @@ func TestUserIsLoggedOutWhenAuthTokenIsDeletedCli(t *testing.T) {
 
 	// Expect error as the user got logged out
 	require.Error(t, output.Err, fmt.Sprintf("User '%s' is still logged in", testAccountName))
-	t.Logf("Successfully verified that token name is invalid")
+	t.Log("Successfully verified that token name is invalid")
 }

testing/internal/e2e/tests/base/authenticate_primary_test.go

@@ -39,9 +39,12 @@ func TestCliAuthenticatePrimary(t *testing.T) {
 		require.NoError(t, err)
 	})
 
-	f.Write([]byte(bc.AdminLoginName + "\n"))
-	f.Write([]byte(bc.AdminLoginPassword + "\n"))
-	f.Write([]byte{4}) // EOT (End of Transmission - marks end of file stream)
+	_, err = f.Write([]byte(bc.AdminLoginName + "\n"))
+	require.NoError(t, err)
+	_, err = f.Write([]byte(bc.AdminLoginPassword + "\n"))
+	require.NoError(t, err)
+	_, err = f.Write([]byte{4}) // EOT (End of Transmission - marks end of file stream)
+	require.NoError(t, err)
 
 	// Get last line from output (authentication response)
 	var buf bytes.Buffer

testing/internal/e2e/tests/base/credential_store_test.go

@@ -148,7 +148,7 @@ func TestCliStaticCredentialStore(t *testing.T) {
 		},
 	)
 	require.NoError(t, err)
-	t.Logf("Successfully deleted credential store")
+	t.Log("Successfully deleted credential store")
 }
 
 func createPrivateKeyPemFile(fileName string) error {

testing/internal/e2e/tests/base/paginate_session_test.go

@@ -127,7 +127,8 @@ func TestApiPaginateSessions(t *testing.T) {
 	// Create enough sessions to overflow a single page
 	for i := 0; i < c.MaxPageSize+1; i++ {
 		// boundary.ConnectCli(t, ctx, newTargetId)
-		tClient.AuthorizeSession(ctx, newTargetId)
+		_, err := tClient.AuthorizeSession(ctx, newTargetId)
+		require.NoError(t, err)
 	}
 
 	// List sessions

testing/internal/e2e/tests/base/target_tcp_connect_ssh_remote_command_test.go

@@ -1,84 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package base_test
-
-import (
-	"context"
-	"encoding/json"
-	"os"
-	"strings"
-	"testing"
-
-	"github.com/hashicorp/boundary/api/targets"
-	"github.com/hashicorp/boundary/testing/internal/e2e"
-	"github.com/hashicorp/boundary/testing/internal/e2e/boundary"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-// TestCliTcpTargetConnectTargetWithSshRemoteCommand uses the boundary cli to
-// connect to a target using `connect ssh -remote-commmand`
-func TestCliTcpTargetConnectTargetWithSshRemoteCommand(t *testing.T) {
-	e2e.MaybeSkipTest(t)
-	c, err := loadTestConfig()
-	require.NoError(t, err)
-
-	ctx := context.Background()
-	boundary.AuthenticateAdminCli(t, ctx)
-	newOrgId := boundary.CreateNewOrgCli(t, ctx)
-	t.Cleanup(func() {
-		ctx := context.Background()
-		boundary.AuthenticateAdminCli(t, ctx)
-		output := e2e.RunCommand(ctx, "boundary", e2e.WithArgs("scopes", "delete", "-id", newOrgId))
-		require.NoError(t, output.Err, string(output.Stderr))
-	})
-	newProjectId := boundary.CreateNewProjectCli(t, ctx, newOrgId)
-	newHostCatalogId := boundary.CreateNewHostCatalogCli(t, ctx, newProjectId)
-	newHostSetId := boundary.CreateNewHostSetCli(t, ctx, newHostCatalogId)
-	newHostId := boundary.CreateNewHostCli(t, ctx, newHostCatalogId, c.TargetAddress)
-	boundary.AddHostToHostSetCli(t, ctx, newHostSetId, newHostId)
-	newTargetId := boundary.CreateNewTargetCli(t, ctx, newProjectId, c.TargetPort)
-	boundary.AddHostSourceToTargetCli(t, ctx, newTargetId, newHostSetId)
-	newCredentialStoreId := boundary.CreateNewCredentialStoreStaticCli(t, ctx, newProjectId)
-	newCredentialsId := boundary.CreateNewStaticCredentialPrivateKeyCli(t, ctx, newCredentialStoreId, c.TargetSshUser, c.TargetSshKeyPath)
-	boundary.AddBrokeredCredentialSourceToTargetCli(t, ctx, newTargetId, newCredentialsId)
-
-	// Get credentials for target
-	output := e2e.RunCommand(ctx, "boundary",
-		e2e.WithArgs("targets", "authorize-session", "-id", newTargetId, "-format", "json"),
-	)
-	require.NoError(t, output.Err, string(output.Stderr))
-	var newSessionAuthorizationResult targets.SessionAuthorizationResult
-	err = json.Unmarshal(output.Stdout, &newSessionAuthorizationResult)
-	require.NoError(t, err)
-
-	newSessionAuthorization := newSessionAuthorizationResult.Item
-	retrievedUser, ok := newSessionAuthorization.Credentials[0].Credential["username"].(string)
-	require.True(t, ok)
-	retrievedKey, ok := newSessionAuthorization.Credentials[0].Credential["private_key"].(string)
-	require.True(t, ok)
-	retrievedKey += "\n"
-	assert.Equal(t, c.TargetSshUser, retrievedUser)
-
-	k, err := os.ReadFile(c.TargetSshKeyPath)
-	require.NoError(t, err)
-	require.Equal(t, string(k), retrievedKey)
-	t.Log("Successfully retrieved credentials for target")
-
-	// Connect to target using ssh option
-	output = e2e.RunCommand(ctx, "boundary",
-		e2e.WithArgs(
-			"connect", "ssh",
-			"-target-id", newTargetId,
-			"-remote-command", "hostname -i",
-			"--",
-			"-o", "UserKnownHostsFile=/dev/null",
-			"-o", "StrictHostKeyChecking=no",
-			"-o", "IdentitiesOnly=yes", // forces the use of the provided key
-		),
-	)
-	require.NoError(t, output.Err, string(output.Stderr))
-	require.Equal(t, c.TargetAddress, strings.TrimSpace(string(output.Stdout)))
-	t.Log("Successfully connected to target")
-}

testing/internal/e2e/tests/base/target_tcp_connect_ssh_test.go

@@ -7,6 +7,7 @@ import (
 	"context"
 	"encoding/json"
 	"os"
+	"strings"
 	"testing"
 
 	"github.com/hashicorp/boundary/api/targets"
@@ -77,4 +78,20 @@ func TestCliTcpTargetConnectTargetWithSsh(t *testing.T) {
 	)
 	require.NoError(t, output.Err, string(output.Stderr))
 	t.Log("Successfully connected to target")
+
+	// Connect to target using ssh option with remote command
+	output = e2e.RunCommand(ctx, "boundary",
+		e2e.WithArgs(
+			"connect", "ssh",
+			"-target-id", newTargetId,
+			"-remote-command", "hostname -i",
+			"--",
+			"-o", "UserKnownHostsFile=/dev/null",
+			"-o", "StrictHostKeyChecking=no",
+			"-o", "IdentitiesOnly=yes", // forces the use of the provided key
+		),
+	)
+	require.NoError(t, output.Err, string(output.Stderr))
+	require.Equal(t, c.TargetAddress, strings.TrimSpace(string(output.Stdout)))
+	t.Log("Successfully connected to target")
 }

testing/internal/e2e/tests/base_plus/key_destruction_test.go

@@ -234,7 +234,7 @@ func TestCliKeyDestruction(t *testing.T) {
 		}
 	}
 
-	t.Logf("Successfully destroyed a root key and data key")
+	t.Log("Successfully destroyed a root key and data key")
 }
 
 // TestApiKeyDestruction uses the boundary Go api to test key destruction.
@@ -359,5 +359,5 @@ func TestApiKeyDestruction(t *testing.T) {
 		}
 	}
 
-	t.Logf("Successfully destroyed a root key and data key")
+	t.Log("Successfully destroyed a root key and data key")
 }

testing/internal/e2e/tests/base_plus/rate_limit_test.go

@@ -135,7 +135,7 @@ func TestHttpRateLimit(t *testing.T) {
 	time.Sleep(time.Duration(retryAfter) * time.Second)
 
 	// Do another request. Verify that request is successful
-	t.Logf("Retrying...")
+	t.Log("Retrying...")
 	requestURL = fmt.Sprintf("%s/v1/hosts/%s", bc.Address, newHostId)
 	req, err = http.NewRequest(http.MethodGet, requestURL, nil)
 	require.NoError(t, err)
@@ -394,7 +394,7 @@ func TestCliRateLimit(t *testing.T) {
 		require.NoError(t, output.Err, string(output.Stderr))
 		require.Equal(t, 0, output.ExitCode)
 	}
-	t.Logf("Successfully auto-retried CLI request")
+	t.Log("Successfully auto-retried CLI request")
 }
 
 func getRateLimitStat(rateLimitHeader, stat string) (int, error) {

testing/internal/e2e/tests/base_plus/target_tcp_connect_postgres_test.go

@@ -72,7 +72,7 @@ func TestCliTcpTargetConnectPostgres(t *testing.T) {
 	f.Write([]byte{4})                    // EOT (End of Transmission - marks end of file stream)
 
 	var buf bytes.Buffer
-	io.Copy(&buf, f)
+	_, _ = io.Copy(&buf, f)
 	require.Contains(t, buf.String(), "List of relations", "Session did not return expected output")
 	require.Contains(t, buf.String(), c.PostgresDbName, "Session did not return expected output")
 	t.Log("Successfully connected to target")

testing/internal/e2e/tests/base_with_vault/target_tcp_vault_connect_test.go

@@ -1,167 +0,0 @@
-// Copyright (c) HashiCorp, Inc.
-// SPDX-License-Identifier: BUSL-1.1
-
-package base_with_vault_test
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"os"
-	"strings"
-	"testing"
-
-	"github.com/hashicorp/boundary/api/targets"
-	"github.com/hashicorp/boundary/testing/internal/e2e"
-	"github.com/hashicorp/boundary/testing/internal/e2e/boundary"
-	"github.com/hashicorp/boundary/testing/internal/e2e/vault"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-// TestCliTcpTargetVaultConnectTarget uses the boundary and vault clis to add secrets management
-// for a target. The test sets up vault as a credential store, creates a set of credentials
-// in vault to be attached to a target, and attempts to connect to that target using those
-// credentials.
-func TestCliTcpTargetVaultConnectTarget(t *testing.T) {
-	e2e.MaybeSkipTest(t)
-	c, err := loadTestConfig()
-	require.NoError(t, err)
-
-	ctx := context.Background()
-	boundary.AuthenticateAdminCli(t, ctx)
-	newOrgId := boundary.CreateNewOrgCli(t, ctx)
-	t.Cleanup(func() {
-		ctx := context.Background()
-		boundary.AuthenticateAdminCli(t, ctx)
-		output := e2e.RunCommand(ctx, "boundary", e2e.WithArgs("scopes", "delete", "-id", newOrgId))
-		require.NoError(t, output.Err, string(output.Stderr))
-	})
-	newProjectId := boundary.CreateNewProjectCli(t, ctx, newOrgId)
-	newHostCatalogId := boundary.CreateNewHostCatalogCli(t, ctx, newProjectId)
-	newHostSetId := boundary.CreateNewHostSetCli(t, ctx, newHostCatalogId)
-	newHostId := boundary.CreateNewHostCli(t, ctx, newHostCatalogId, c.TargetAddress)
-	boundary.AddHostToHostSetCli(t, ctx, newHostSetId, newHostId)
-	newTargetId := boundary.CreateNewTargetCli(t, ctx, newProjectId, c.TargetPort)
-	boundary.AddHostSourceToTargetCli(t, ctx, newTargetId, newHostSetId)
-
-	// Configure vault
-	boundaryPolicyName, kvPolicyFilePath := vault.Setup(t, "testdata/boundary-controller-policy.hcl")
-	t.Cleanup(func() {
-		output := e2e.RunCommand(ctx, "vault",
-			e2e.WithArgs("policy", "delete", boundaryPolicyName),
-		)
-		require.NoError(t, output.Err, string(output.Stderr))
-	})
-
-	output := e2e.RunCommand(ctx, "vault",
-		e2e.WithArgs("secrets", "enable", fmt.Sprintf("-path=%s", c.VaultSecretPath), "kv-v2"),
-	)
-	require.NoError(t, output.Err, string(output.Stderr))
-	t.Cleanup(func() {
-		output := e2e.RunCommand(ctx, "vault",
-			e2e.WithArgs("secrets", "disable", c.VaultSecretPath),
-		)
-		require.NoError(t, output.Err, string(output.Stderr))
-	})
-
-	// Create credential in vault
-	privateKeySecretName := vault.CreateKvPrivateKeyCredential(t, c.VaultSecretPath, c.TargetSshUser, c.TargetSshKeyPath, kvPolicyFilePath)
-	kvPolicyName := vault.WritePolicy(t, ctx, kvPolicyFilePath)
-	t.Cleanup(func() {
-		output := e2e.RunCommand(ctx, "vault",
-			e2e.WithArgs("policy", "delete", kvPolicyName),
-		)
-		require.NoError(t, output.Err, string(output.Stderr))
-	})
-	t.Log("Created Vault Credential")
-
-	// Create vault token for boundary
-	output = e2e.RunCommand(ctx, "vault",
-		e2e.WithArgs(
-			"token", "create",
-			"-no-default-policy=true",
-			fmt.Sprintf("-policy=%s", boundaryPolicyName),
-			fmt.Sprintf("-policy=%s", kvPolicyName),
-			"-orphan=true",
-			"-period=20m",
-			"-renewable=true",
-			"-format=json",
-		),
-	)
-	require.NoError(t, output.Err, string(output.Stderr))
-	var tokenCreateResult vault.CreateTokenResponse
-	err = json.Unmarshal(output.Stdout, &tokenCreateResult)
-	require.NoError(t, err)
-	credStoreToken := tokenCreateResult.Auth.Client_Token
-	t.Log("Created Vault Cred Store Token")
-
-	// Create a credential store
-	newCredentialStoreId := boundary.CreateNewCredentialStoreVaultCli(t, ctx, newProjectId, c.VaultAddr, credStoreToken)
-
-	// Create a credential library
-	newCredentialLibraryId, err := boundary.CreateVaultGenericCredentialLibraryCli(
-		t,
-		ctx,
-		newCredentialStoreId,
-		fmt.Sprintf("%s/data/%s", c.VaultSecretPath, privateKeySecretName),
-		"ssh_private_key",
-	)
-	require.NoError(t, err)
-
-	// Add brokered credentials to target
-	boundary.AddBrokeredCredentialSourceToTargetCli(t, ctx, newTargetId, newCredentialLibraryId)
-
-	// Get credentials for target
-	output = e2e.RunCommand(ctx, "boundary",
-		e2e.WithArgs("targets", "authorize-session", "-id", newTargetId, "-format", "json"),
-	)
-	require.NoError(t, output.Err, string(output.Stderr))
-	var newSessionAuthorizationResult targets.SessionAuthorizationResult
-	err = json.Unmarshal(output.Stdout, &newSessionAuthorizationResult)
-	require.NoError(t, err)
-
-	newSessionAuthorization := newSessionAuthorizationResult.Item
-	retrievedUser, ok := newSessionAuthorization.Credentials[0].Credential["username"].(string)
-	require.True(t, ok)
-	retrievedKey, ok := newSessionAuthorization.Credentials[0].Credential["private_key"].(string)
-	require.True(t, ok)
-	assert.Equal(t, c.TargetSshUser, retrievedUser)
-
-	k, err := os.ReadFile(c.TargetSshKeyPath)
-	require.NoError(t, err)
-	require.Equal(t, string(k), retrievedKey)
-	t.Log("Successfully retrieved credentials for target")
-
-	// Create key file
-	retrievedKeyPath := fmt.Sprintf("%s/%s", t.TempDir(), "target_private_key.pem")
-	f, err := os.Create(retrievedKeyPath)
-	require.NoError(t, err)
-	_, err = f.WriteString(retrievedKey)
-	require.NoError(t, err)
-	err = os.Chmod(retrievedKeyPath, 0o400)
-	require.NoError(t, err)
-
-	// Connect to target and print host's IP address using retrieved credentials
-	output = e2e.RunCommand(ctx, "boundary",
-		e2e.WithArgs(
-			"connect",
-			"-target-id", newTargetId,
-			"-exec", "/usr/bin/ssh", "--",
-			"-l", retrievedUser,
-			"-i", retrievedKeyPath,
-			"-o", "UserKnownHostsFile=/dev/null",
-			"-o", "StrictHostKeyChecking=no",
-			"-o", "IdentitiesOnly=yes", // forces the use of the provided key
-			"-p", "{{boundary.port}}", // this is provided by boundary
-			"{{boundary.ip}}",
-			"hostname", "-i",
-		),
-	)
-	require.NoError(t, output.Err, string(output.Stderr))
-
-	parts := strings.Fields(string(output.Stdout))
-	hostIp := parts[len(parts)-1]
-	require.Equal(t, c.TargetAddress, hostIp, "SSH session did not return expected output")
-	t.Log("Successfully connected to target")
-}

testing/internal/e2e/tests/database/migration_test.go

@@ -49,7 +49,7 @@ func TestDatabaseMigration(t *testing.T) {
 
 	boundaryRepo := "hashicorp/boundary"
 	boundaryTag := "latest"
-	te := setupEnvironment(t, ctx, c, boundaryRepo, boundaryTag)
+	te := setupEnvironment(t, c, boundaryRepo, boundaryTag)
 	populateBoundaryDatabase(t, ctx, c, te, boundaryRepo, boundaryTag)
 
 	// Migrate database
@@ -74,7 +74,7 @@ func TestDatabaseMigration(t *testing.T) {
 	t.Logf("Migration Output: %s", output.Stderr)
 }
 
-func setupEnvironment(t testing.TB, ctx context.Context, c *config, boundaryRepo, boundaryTag string) TestEnvironment {
+func setupEnvironment(t testing.TB, c *config, boundaryRepo, boundaryTag string) TestEnvironment {
 	pool, err := dockertest.NewPool("")
 	require.NoError(t, err)
 	err = pool.Client.Ping()