diff --git a/testing/internal/e2e/tests/aws/worker_test.go b/testing/internal/e2e/tests/aws/worker_test.go index 39785b544b..a7242996cf 100644 --- a/testing/internal/e2e/tests/aws/worker_test.go +++ b/testing/internal/e2e/tests/aws/worker_test.go @@ -63,7 +63,7 @@ func TestCliWorker(t *testing.T) { require.Error(t, output.Err, string(output.Stderr)) assert.Equal(t, 255, output.ExitCode) require.Contains(t, string(output.Stderr), "timed out") - t.Logf("Successfully detected connection failure") + t.Log("Successfully detected connection failure") // Set correct worker filter, expect connection success t.Logf("Setting correct worker filter...") @@ -94,5 +94,5 @@ func TestCliWorker(t *testing.T) { ), ) require.NoError(t, output.Err, string(output.Stderr)) - t.Logf("Successfully connected to target") + t.Log("Successfully connected to target") } diff --git a/testing/internal/e2e/tests/base/auth_token_delete_test.go b/testing/internal/e2e/tests/base/auth_token_delete_test.go index 6b297308ea..6cb13a206f 100644 --- a/testing/internal/e2e/tests/base/auth_token_delete_test.go +++ b/testing/internal/e2e/tests/base/auth_token_delete_test.go @@ -83,5 +83,5 @@ func TestUserIsLoggedOutWhenAuthTokenIsDeletedCli(t *testing.T) { // Expect error as the user got logged out require.Error(t, output.Err, fmt.Sprintf("User '%s' is still logged in", testAccountName)) - t.Logf("Successfully verified that token name is invalid") + t.Log("Successfully verified that token name is invalid") } diff --git a/testing/internal/e2e/tests/base/authenticate_primary_test.go b/testing/internal/e2e/tests/base/authenticate_primary_test.go index 95a5ac6cc4..3d94d76f2d 100644 --- a/testing/internal/e2e/tests/base/authenticate_primary_test.go +++ b/testing/internal/e2e/tests/base/authenticate_primary_test.go @@ -39,9 +39,12 @@ func TestCliAuthenticatePrimary(t *testing.T) { require.NoError(t, err) }) - f.Write([]byte(bc.AdminLoginName + "\n")) - f.Write([]byte(bc.AdminLoginPassword + "\n")) - f.Write([]byte{4}) // EOT (End of Transmission - marks end of file stream) + _, err = f.Write([]byte(bc.AdminLoginName + "\n")) + require.NoError(t, err) + _, err = f.Write([]byte(bc.AdminLoginPassword + "\n")) + require.NoError(t, err) + _, err = f.Write([]byte{4}) // EOT (End of Transmission - marks end of file stream) + require.NoError(t, err) // Get last line from output (authentication response) var buf bytes.Buffer diff --git a/testing/internal/e2e/tests/base/credential_store_test.go b/testing/internal/e2e/tests/base/credential_store_test.go index 657a5bff69..36e4ddf923 100644 --- a/testing/internal/e2e/tests/base/credential_store_test.go +++ b/testing/internal/e2e/tests/base/credential_store_test.go @@ -148,7 +148,7 @@ func TestCliStaticCredentialStore(t *testing.T) { }, ) require.NoError(t, err) - t.Logf("Successfully deleted credential store") + t.Log("Successfully deleted credential store") } func createPrivateKeyPemFile(fileName string) error { diff --git a/testing/internal/e2e/tests/base/paginate_session_test.go b/testing/internal/e2e/tests/base/paginate_session_test.go index c7ee8e6888..6436b683b5 100644 --- a/testing/internal/e2e/tests/base/paginate_session_test.go +++ b/testing/internal/e2e/tests/base/paginate_session_test.go @@ -127,7 +127,8 @@ func TestApiPaginateSessions(t *testing.T) { // Create enough sessions to overflow a single page for i := 0; i < c.MaxPageSize+1; i++ { // boundary.ConnectCli(t, ctx, newTargetId) - tClient.AuthorizeSession(ctx, newTargetId) + _, err := tClient.AuthorizeSession(ctx, newTargetId) + require.NoError(t, err) } // List sessions diff --git a/testing/internal/e2e/tests/base/target_tcp_connect_ssh_remote_command_test.go b/testing/internal/e2e/tests/base/target_tcp_connect_ssh_remote_command_test.go deleted file mode 100644 index a601d6c9ae..0000000000 --- a/testing/internal/e2e/tests/base/target_tcp_connect_ssh_remote_command_test.go +++ /dev/null @@ -1,84 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package base_test - -import ( - "context" - "encoding/json" - "os" - "strings" - "testing" - - "github.com/hashicorp/boundary/api/targets" - "github.com/hashicorp/boundary/testing/internal/e2e" - "github.com/hashicorp/boundary/testing/internal/e2e/boundary" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" -) - -// TestCliTcpTargetConnectTargetWithSshRemoteCommand uses the boundary cli to -// connect to a target using `connect ssh -remote-commmand` -func TestCliTcpTargetConnectTargetWithSshRemoteCommand(t *testing.T) { - e2e.MaybeSkipTest(t) - c, err := loadTestConfig() - require.NoError(t, err) - - ctx := context.Background() - boundary.AuthenticateAdminCli(t, ctx) - newOrgId := boundary.CreateNewOrgCli(t, ctx) - t.Cleanup(func() { - ctx := context.Background() - boundary.AuthenticateAdminCli(t, ctx) - output := e2e.RunCommand(ctx, "boundary", e2e.WithArgs("scopes", "delete", "-id", newOrgId)) - require.NoError(t, output.Err, string(output.Stderr)) - }) - newProjectId := boundary.CreateNewProjectCli(t, ctx, newOrgId) - newHostCatalogId := boundary.CreateNewHostCatalogCli(t, ctx, newProjectId) - newHostSetId := boundary.CreateNewHostSetCli(t, ctx, newHostCatalogId) - newHostId := boundary.CreateNewHostCli(t, ctx, newHostCatalogId, c.TargetAddress) - boundary.AddHostToHostSetCli(t, ctx, newHostSetId, newHostId) - newTargetId := boundary.CreateNewTargetCli(t, ctx, newProjectId, c.TargetPort) - boundary.AddHostSourceToTargetCli(t, ctx, newTargetId, newHostSetId) - newCredentialStoreId := boundary.CreateNewCredentialStoreStaticCli(t, ctx, newProjectId) - newCredentialsId := boundary.CreateNewStaticCredentialPrivateKeyCli(t, ctx, newCredentialStoreId, c.TargetSshUser, c.TargetSshKeyPath) - boundary.AddBrokeredCredentialSourceToTargetCli(t, ctx, newTargetId, newCredentialsId) - - // Get credentials for target - output := e2e.RunCommand(ctx, "boundary", - e2e.WithArgs("targets", "authorize-session", "-id", newTargetId, "-format", "json"), - ) - require.NoError(t, output.Err, string(output.Stderr)) - var newSessionAuthorizationResult targets.SessionAuthorizationResult - err = json.Unmarshal(output.Stdout, &newSessionAuthorizationResult) - require.NoError(t, err) - - newSessionAuthorization := newSessionAuthorizationResult.Item - retrievedUser, ok := newSessionAuthorization.Credentials[0].Credential["username"].(string) - require.True(t, ok) - retrievedKey, ok := newSessionAuthorization.Credentials[0].Credential["private_key"].(string) - require.True(t, ok) - retrievedKey += "\n" - assert.Equal(t, c.TargetSshUser, retrievedUser) - - k, err := os.ReadFile(c.TargetSshKeyPath) - require.NoError(t, err) - require.Equal(t, string(k), retrievedKey) - t.Log("Successfully retrieved credentials for target") - - // Connect to target using ssh option - output = e2e.RunCommand(ctx, "boundary", - e2e.WithArgs( - "connect", "ssh", - "-target-id", newTargetId, - "-remote-command", "hostname -i", - "--", - "-o", "UserKnownHostsFile=/dev/null", - "-o", "StrictHostKeyChecking=no", - "-o", "IdentitiesOnly=yes", // forces the use of the provided key - ), - ) - require.NoError(t, output.Err, string(output.Stderr)) - require.Equal(t, c.TargetAddress, strings.TrimSpace(string(output.Stdout))) - t.Log("Successfully connected to target") -} diff --git a/testing/internal/e2e/tests/base/target_tcp_connect_ssh_test.go b/testing/internal/e2e/tests/base/target_tcp_connect_ssh_test.go index a7d80e5823..f8d55b04e9 100644 --- a/testing/internal/e2e/tests/base/target_tcp_connect_ssh_test.go +++ b/testing/internal/e2e/tests/base/target_tcp_connect_ssh_test.go @@ -7,6 +7,7 @@ import ( "context" "encoding/json" "os" + "strings" "testing" "github.com/hashicorp/boundary/api/targets" @@ -77,4 +78,20 @@ func TestCliTcpTargetConnectTargetWithSsh(t *testing.T) { ) require.NoError(t, output.Err, string(output.Stderr)) t.Log("Successfully connected to target") + + // Connect to target using ssh option with remote command + output = e2e.RunCommand(ctx, "boundary", + e2e.WithArgs( + "connect", "ssh", + "-target-id", newTargetId, + "-remote-command", "hostname -i", + "--", + "-o", "UserKnownHostsFile=/dev/null", + "-o", "StrictHostKeyChecking=no", + "-o", "IdentitiesOnly=yes", // forces the use of the provided key + ), + ) + require.NoError(t, output.Err, string(output.Stderr)) + require.Equal(t, c.TargetAddress, strings.TrimSpace(string(output.Stdout))) + t.Log("Successfully connected to target") } diff --git a/testing/internal/e2e/tests/base_plus/key_destruction_test.go b/testing/internal/e2e/tests/base_plus/key_destruction_test.go index fa9199d53e..deff204cbc 100644 --- a/testing/internal/e2e/tests/base_plus/key_destruction_test.go +++ b/testing/internal/e2e/tests/base_plus/key_destruction_test.go @@ -234,7 +234,7 @@ func TestCliKeyDestruction(t *testing.T) { } } - t.Logf("Successfully destroyed a root key and data key") + t.Log("Successfully destroyed a root key and data key") } // TestApiKeyDestruction uses the boundary Go api to test key destruction. @@ -359,5 +359,5 @@ func TestApiKeyDestruction(t *testing.T) { } } - t.Logf("Successfully destroyed a root key and data key") + t.Log("Successfully destroyed a root key and data key") } diff --git a/testing/internal/e2e/tests/base_plus/rate_limit_test.go b/testing/internal/e2e/tests/base_plus/rate_limit_test.go index b4efd0ef17..ff94dba9d8 100644 --- a/testing/internal/e2e/tests/base_plus/rate_limit_test.go +++ b/testing/internal/e2e/tests/base_plus/rate_limit_test.go @@ -135,7 +135,7 @@ func TestHttpRateLimit(t *testing.T) { time.Sleep(time.Duration(retryAfter) * time.Second) // Do another request. Verify that request is successful - t.Logf("Retrying...") + t.Log("Retrying...") requestURL = fmt.Sprintf("%s/v1/hosts/%s", bc.Address, newHostId) req, err = http.NewRequest(http.MethodGet, requestURL, nil) require.NoError(t, err) @@ -394,7 +394,7 @@ func TestCliRateLimit(t *testing.T) { require.NoError(t, output.Err, string(output.Stderr)) require.Equal(t, 0, output.ExitCode) } - t.Logf("Successfully auto-retried CLI request") + t.Log("Successfully auto-retried CLI request") } func getRateLimitStat(rateLimitHeader, stat string) (int, error) { diff --git a/testing/internal/e2e/tests/base_plus/target_tcp_connect_postgres_test.go b/testing/internal/e2e/tests/base_plus/target_tcp_connect_postgres_test.go index fd06e288bf..4697a7a620 100644 --- a/testing/internal/e2e/tests/base_plus/target_tcp_connect_postgres_test.go +++ b/testing/internal/e2e/tests/base_plus/target_tcp_connect_postgres_test.go @@ -72,7 +72,7 @@ func TestCliTcpTargetConnectPostgres(t *testing.T) { f.Write([]byte{4}) // EOT (End of Transmission - marks end of file stream) var buf bytes.Buffer - io.Copy(&buf, f) + _, _ = io.Copy(&buf, f) require.Contains(t, buf.String(), "List of relations", "Session did not return expected output") require.Contains(t, buf.String(), c.PostgresDbName, "Session did not return expected output") t.Log("Successfully connected to target") diff --git a/testing/internal/e2e/tests/base_with_vault/target_tcp_vault_connect_test.go b/testing/internal/e2e/tests/base_with_vault/target_tcp_vault_connect_test.go deleted file mode 100644 index 92fe04d75f..0000000000 --- a/testing/internal/e2e/tests/base_with_vault/target_tcp_vault_connect_test.go +++ /dev/null @@ -1,167 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package base_with_vault_test - -import ( - "context" - "encoding/json" - "fmt" - "os" - "strings" - "testing" - - "github.com/hashicorp/boundary/api/targets" - "github.com/hashicorp/boundary/testing/internal/e2e" - "github.com/hashicorp/boundary/testing/internal/e2e/boundary" - "github.com/hashicorp/boundary/testing/internal/e2e/vault" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" -) - -// TestCliTcpTargetVaultConnectTarget uses the boundary and vault clis to add secrets management -// for a target. The test sets up vault as a credential store, creates a set of credentials -// in vault to be attached to a target, and attempts to connect to that target using those -// credentials. -func TestCliTcpTargetVaultConnectTarget(t *testing.T) { - e2e.MaybeSkipTest(t) - c, err := loadTestConfig() - require.NoError(t, err) - - ctx := context.Background() - boundary.AuthenticateAdminCli(t, ctx) - newOrgId := boundary.CreateNewOrgCli(t, ctx) - t.Cleanup(func() { - ctx := context.Background() - boundary.AuthenticateAdminCli(t, ctx) - output := e2e.RunCommand(ctx, "boundary", e2e.WithArgs("scopes", "delete", "-id", newOrgId)) - require.NoError(t, output.Err, string(output.Stderr)) - }) - newProjectId := boundary.CreateNewProjectCli(t, ctx, newOrgId) - newHostCatalogId := boundary.CreateNewHostCatalogCli(t, ctx, newProjectId) - newHostSetId := boundary.CreateNewHostSetCli(t, ctx, newHostCatalogId) - newHostId := boundary.CreateNewHostCli(t, ctx, newHostCatalogId, c.TargetAddress) - boundary.AddHostToHostSetCli(t, ctx, newHostSetId, newHostId) - newTargetId := boundary.CreateNewTargetCli(t, ctx, newProjectId, c.TargetPort) - boundary.AddHostSourceToTargetCli(t, ctx, newTargetId, newHostSetId) - - // Configure vault - boundaryPolicyName, kvPolicyFilePath := vault.Setup(t, "testdata/boundary-controller-policy.hcl") - t.Cleanup(func() { - output := e2e.RunCommand(ctx, "vault", - e2e.WithArgs("policy", "delete", boundaryPolicyName), - ) - require.NoError(t, output.Err, string(output.Stderr)) - }) - - output := e2e.RunCommand(ctx, "vault", - e2e.WithArgs("secrets", "enable", fmt.Sprintf("-path=%s", c.VaultSecretPath), "kv-v2"), - ) - require.NoError(t, output.Err, string(output.Stderr)) - t.Cleanup(func() { - output := e2e.RunCommand(ctx, "vault", - e2e.WithArgs("secrets", "disable", c.VaultSecretPath), - ) - require.NoError(t, output.Err, string(output.Stderr)) - }) - - // Create credential in vault - privateKeySecretName := vault.CreateKvPrivateKeyCredential(t, c.VaultSecretPath, c.TargetSshUser, c.TargetSshKeyPath, kvPolicyFilePath) - kvPolicyName := vault.WritePolicy(t, ctx, kvPolicyFilePath) - t.Cleanup(func() { - output := e2e.RunCommand(ctx, "vault", - e2e.WithArgs("policy", "delete", kvPolicyName), - ) - require.NoError(t, output.Err, string(output.Stderr)) - }) - t.Log("Created Vault Credential") - - // Create vault token for boundary - output = e2e.RunCommand(ctx, "vault", - e2e.WithArgs( - "token", "create", - "-no-default-policy=true", - fmt.Sprintf("-policy=%s", boundaryPolicyName), - fmt.Sprintf("-policy=%s", kvPolicyName), - "-orphan=true", - "-period=20m", - "-renewable=true", - "-format=json", - ), - ) - require.NoError(t, output.Err, string(output.Stderr)) - var tokenCreateResult vault.CreateTokenResponse - err = json.Unmarshal(output.Stdout, &tokenCreateResult) - require.NoError(t, err) - credStoreToken := tokenCreateResult.Auth.Client_Token - t.Log("Created Vault Cred Store Token") - - // Create a credential store - newCredentialStoreId := boundary.CreateNewCredentialStoreVaultCli(t, ctx, newProjectId, c.VaultAddr, credStoreToken) - - // Create a credential library - newCredentialLibraryId, err := boundary.CreateVaultGenericCredentialLibraryCli( - t, - ctx, - newCredentialStoreId, - fmt.Sprintf("%s/data/%s", c.VaultSecretPath, privateKeySecretName), - "ssh_private_key", - ) - require.NoError(t, err) - - // Add brokered credentials to target - boundary.AddBrokeredCredentialSourceToTargetCli(t, ctx, newTargetId, newCredentialLibraryId) - - // Get credentials for target - output = e2e.RunCommand(ctx, "boundary", - e2e.WithArgs("targets", "authorize-session", "-id", newTargetId, "-format", "json"), - ) - require.NoError(t, output.Err, string(output.Stderr)) - var newSessionAuthorizationResult targets.SessionAuthorizationResult - err = json.Unmarshal(output.Stdout, &newSessionAuthorizationResult) - require.NoError(t, err) - - newSessionAuthorization := newSessionAuthorizationResult.Item - retrievedUser, ok := newSessionAuthorization.Credentials[0].Credential["username"].(string) - require.True(t, ok) - retrievedKey, ok := newSessionAuthorization.Credentials[0].Credential["private_key"].(string) - require.True(t, ok) - assert.Equal(t, c.TargetSshUser, retrievedUser) - - k, err := os.ReadFile(c.TargetSshKeyPath) - require.NoError(t, err) - require.Equal(t, string(k), retrievedKey) - t.Log("Successfully retrieved credentials for target") - - // Create key file - retrievedKeyPath := fmt.Sprintf("%s/%s", t.TempDir(), "target_private_key.pem") - f, err := os.Create(retrievedKeyPath) - require.NoError(t, err) - _, err = f.WriteString(retrievedKey) - require.NoError(t, err) - err = os.Chmod(retrievedKeyPath, 0o400) - require.NoError(t, err) - - // Connect to target and print host's IP address using retrieved credentials - output = e2e.RunCommand(ctx, "boundary", - e2e.WithArgs( - "connect", - "-target-id", newTargetId, - "-exec", "/usr/bin/ssh", "--", - "-l", retrievedUser, - "-i", retrievedKeyPath, - "-o", "UserKnownHostsFile=/dev/null", - "-o", "StrictHostKeyChecking=no", - "-o", "IdentitiesOnly=yes", // forces the use of the provided key - "-p", "{{boundary.port}}", // this is provided by boundary - "{{boundary.ip}}", - "hostname", "-i", - ), - ) - require.NoError(t, output.Err, string(output.Stderr)) - - parts := strings.Fields(string(output.Stdout)) - hostIp := parts[len(parts)-1] - require.Equal(t, c.TargetAddress, hostIp, "SSH session did not return expected output") - t.Log("Successfully connected to target") -} diff --git a/testing/internal/e2e/tests/database/migration_test.go b/testing/internal/e2e/tests/database/migration_test.go index 89acec05ca..ca1fa6a5c7 100644 --- a/testing/internal/e2e/tests/database/migration_test.go +++ b/testing/internal/e2e/tests/database/migration_test.go @@ -49,7 +49,7 @@ func TestDatabaseMigration(t *testing.T) { boundaryRepo := "hashicorp/boundary" boundaryTag := "latest" - te := setupEnvironment(t, ctx, c, boundaryRepo, boundaryTag) + te := setupEnvironment(t, c, boundaryRepo, boundaryTag) populateBoundaryDatabase(t, ctx, c, te, boundaryRepo, boundaryTag) // Migrate database @@ -74,7 +74,7 @@ func TestDatabaseMigration(t *testing.T) { t.Logf("Migration Output: %s", output.Stderr) } -func setupEnvironment(t testing.TB, ctx context.Context, c *config, boundaryRepo, boundaryTag string) TestEnvironment { +func setupEnvironment(t testing.TB, c *config, boundaryRepo, boundaryTag string) TestEnvironment { pool, err := dockertest.NewPool("") require.NoError(t, err) err = pool.Client.Ping()