From 94dd9e84fef97b5a97f13cd2313df4a0acb5dddb Mon Sep 17 00:00:00 2001 From: Michael Li Date: Thu, 14 Sep 2023 14:12:09 -0400 Subject: [PATCH] test(e2e): Refactor vault setup method (#3724) * refact(e2e): Pass in boundary-controller-policy to method This allows any boundary-enterprise specific test packages to point to their own testdata directory * test(e2e): Fix assertion statement * refact(e2e): Move method call for clarity --- .../base_with_vault/credential_store_test.go | 4 ++-- .../target_tcp_vault_connect_test.go | 2 +- ..._vault_generic_connect_authz_token_test.go | 2 +- ...rget_tcp_vault_generic_connect_ssh_test.go | 2 +- .../target_tcp_vault_generic_connect_test.go | 2 +- .../target_tcp_worker_connect_ssh_test.go | 22 ++++++++++--------- .../e2e/tests/database/migration_test.go | 2 +- testing/internal/e2e/vault/vault.go | 4 ++-- 8 files changed, 21 insertions(+), 19 deletions(-) diff --git a/testing/internal/e2e/tests/base_with_vault/credential_store_test.go b/testing/internal/e2e/tests/base_with_vault/credential_store_test.go index 46c5250089..15a90a1db5 100644 --- a/testing/internal/e2e/tests/base_with_vault/credential_store_test.go +++ b/testing/internal/e2e/tests/base_with_vault/credential_store_test.go @@ -45,7 +45,7 @@ func TestCliVaultCredentialStore(t *testing.T) { boundary.AddHostSourceToTargetCli(t, ctx, newTargetId, newHostSetId) // Configure vault - boundaryPolicyName, kvPolicyFilePath := vault.Setup(t) + boundaryPolicyName, kvPolicyFilePath := vault.Setup(t, "testdata/boundary-controller-policy.hcl") t.Cleanup(func() { output := e2e.RunCommand(ctx, "vault", e2e.WithArgs("policy", "delete", boundaryPolicyName), @@ -209,7 +209,7 @@ func TestApiVaultCredentialStore(t *testing.T) { boundary.AddHostSourceToTargetApi(t, ctx, client, newTargetId, newHostSetId) // Configure vault - boundaryPolicyName, kvPolicyFilePath := vault.Setup(t) + boundaryPolicyName, kvPolicyFilePath := vault.Setup(t, "testdata/boundary-controller-policy.hcl") output := e2e.RunCommand(ctx, "vault", e2e.WithArgs("secrets", "enable", "-path="+c.VaultSecretPath, "kv-v2"), ) diff --git a/testing/internal/e2e/tests/base_with_vault/target_tcp_vault_connect_test.go b/testing/internal/e2e/tests/base_with_vault/target_tcp_vault_connect_test.go index 139b7c79d5..852eed0e37 100644 --- a/testing/internal/e2e/tests/base_with_vault/target_tcp_vault_connect_test.go +++ b/testing/internal/e2e/tests/base_with_vault/target_tcp_vault_connect_test.go @@ -47,7 +47,7 @@ func TestCliTcpTargetVaultConnectTarget(t *testing.T) { boundary.AddHostSourceToTargetCli(t, ctx, newTargetId, newHostSetId) // Configure vault - boundaryPolicyName, kvPolicyFilePath := vault.Setup(t) + boundaryPolicyName, kvPolicyFilePath := vault.Setup(t, "testdata/boundary-controller-policy.hcl") t.Cleanup(func() { output := e2e.RunCommand(ctx, "vault", e2e.WithArgs("policy", "delete", boundaryPolicyName), diff --git a/testing/internal/e2e/tests/base_with_vault/target_tcp_vault_generic_connect_authz_token_test.go b/testing/internal/e2e/tests/base_with_vault/target_tcp_vault_generic_connect_authz_token_test.go index 02cb9eeb91..2041ba2c7e 100644 --- a/testing/internal/e2e/tests/base_with_vault/target_tcp_vault_generic_connect_authz_token_test.go +++ b/testing/internal/e2e/tests/base_with_vault/target_tcp_vault_generic_connect_authz_token_test.go @@ -46,7 +46,7 @@ func TestCliTcpTargetVaultGenericConnectTargetWithAuthzToken(t *testing.T) { boundary.AddHostSourceToTargetCli(t, ctx, newTargetId, newHostSetId) // Configure vault - boundaryPolicyName, kvPolicyFilePath := vault.Setup(t) + boundaryPolicyName, kvPolicyFilePath := vault.Setup(t, "testdata/boundary-controller-policy.hcl") t.Cleanup(func() { output := e2e.RunCommand(ctx, "vault", e2e.WithArgs("policy", "delete", boundaryPolicyName), diff --git a/testing/internal/e2e/tests/base_with_vault/target_tcp_vault_generic_connect_ssh_test.go b/testing/internal/e2e/tests/base_with_vault/target_tcp_vault_generic_connect_ssh_test.go index c7343d478d..79d12a5717 100644 --- a/testing/internal/e2e/tests/base_with_vault/target_tcp_vault_generic_connect_ssh_test.go +++ b/testing/internal/e2e/tests/base_with_vault/target_tcp_vault_generic_connect_ssh_test.go @@ -46,7 +46,7 @@ func TestCliTcpTargetVaultGenericConnectTargetWithSsh(t *testing.T) { boundary.AddHostSourceToTargetCli(t, ctx, newTargetId, newHostSetId) // Configure vault - boundaryPolicyName, kvPolicyFilePath := vault.Setup(t) + boundaryPolicyName, kvPolicyFilePath := vault.Setup(t, "testdata/boundary-controller-policy.hcl") t.Cleanup(func() { output := e2e.RunCommand(ctx, "vault", e2e.WithArgs("policy", "delete", boundaryPolicyName), diff --git a/testing/internal/e2e/tests/base_with_vault/target_tcp_vault_generic_connect_test.go b/testing/internal/e2e/tests/base_with_vault/target_tcp_vault_generic_connect_test.go index a6b571542a..e64f329b58 100644 --- a/testing/internal/e2e/tests/base_with_vault/target_tcp_vault_generic_connect_test.go +++ b/testing/internal/e2e/tests/base_with_vault/target_tcp_vault_generic_connect_test.go @@ -47,7 +47,7 @@ func TestCliTcpTargetVaultGenericConnectTarget(t *testing.T) { boundary.AddHostSourceToTargetCli(t, ctx, newTargetId, newHostSetId) // Configure vault - boundaryPolicyName, kvPolicyFilePath := vault.Setup(t) + boundaryPolicyName, kvPolicyFilePath := vault.Setup(t, "testdata/boundary-controller-policy.hcl") t.Cleanup(func() { output := e2e.RunCommand(ctx, "vault", e2e.WithArgs("policy", "delete", boundaryPolicyName), diff --git a/testing/internal/e2e/tests/base_with_worker/target_tcp_worker_connect_ssh_test.go b/testing/internal/e2e/tests/base_with_worker/target_tcp_worker_connect_ssh_test.go index 7b64764d01..0819690c0a 100644 --- a/testing/internal/e2e/tests/base_with_worker/target_tcp_worker_connect_ssh_test.go +++ b/testing/internal/e2e/tests/base_with_worker/target_tcp_worker_connect_ssh_test.go @@ -42,17 +42,9 @@ func TestCliTcpTargetWorkerConnectTarget(t *testing.T) { require.NoError(t, output.Err, string(output.Stderr)) }) newProjectId := boundary.CreateNewProjectCli(t, ctx, newOrgId) - newTargetId := boundary.CreateNewTargetCli( - t, - ctx, - newProjectId, - c.TargetPort, - target.WithAddress("openssh-server"), - target.WithEgressWorkerFilter(fmt.Sprintf(`"%s" in "/tags/type"`, c.WorkerTagEgress)), - ) // Configure vault - boundaryPolicyName, kvPolicyFilePath := vault.Setup(t) + boundaryPolicyName, kvPolicyFilePath := vault.Setup(t, "testdata/boundary-controller-policy.hcl") t.Cleanup(func() { output := e2e.RunCommand(ctx, "vault", e2e.WithArgs("policy", "delete", boundaryPolicyName), @@ -123,6 +115,16 @@ func TestCliTcpTargetWorkerConnectTarget(t *testing.T) { newCredentialLibraryId := newCredentialLibraryResult.Item.Id t.Logf("Created Credential Library: %s", newCredentialLibraryId) + // Create a target + newTargetId := boundary.CreateNewTargetCli( + t, + ctx, + newProjectId, + c.TargetPort, + target.WithAddress("openssh-server"), + target.WithEgressWorkerFilter(fmt.Sprintf(`"%s" in "/tags/type"`, c.WorkerTagEgress)), + ) + // Add brokered credentials to target boundary.AddBrokeredCredentialSourceToTargetCli(t, ctx, newTargetId, newCredentialLibraryId) @@ -166,7 +168,7 @@ func TestCliTcpTargetWorkerConnectTarget(t *testing.T) { ), ) require.Error(t, output.Err) - require.Equal(t, output.ExitCode, 255) + require.Equal(t, 255, output.ExitCode) t.Log("Successfully failed to connect to target with wrong worker filter") // Try creating targets with an ingress worker filter. This should result in diff --git a/testing/internal/e2e/tests/database/migration_test.go b/testing/internal/e2e/tests/database/migration_test.go index a8fa071b50..ade44d4d6c 100644 --- a/testing/internal/e2e/tests/database/migration_test.go +++ b/testing/internal/e2e/tests/database/migration_test.go @@ -235,7 +235,7 @@ func populateBoundaryDatabase(t testing.TB, ctx context.Context, c *config, te T boundary.AddBrokeredCredentialSourceToTargetCli(t, ctx, newTargetId, newCredentialsId) // Create vault credentials - boundaryPolicyName, kvPolicyFilePath := vault.Setup(t) + boundaryPolicyName, kvPolicyFilePath := vault.Setup(t, "testdata/boundary-controller-policy.hcl") output := e2e.RunCommand(ctx, "vault", e2e.WithArgs("secrets", "enable", "-path="+c.VaultSecretPath, "kv-v2"), ) diff --git a/testing/internal/e2e/vault/vault.go b/testing/internal/e2e/vault/vault.go index cec76f7c0f..1458f3bd51 100644 --- a/testing/internal/e2e/vault/vault.go +++ b/testing/internal/e2e/vault/vault.go @@ -25,9 +25,9 @@ type CreateTokenResponse struct { // Setup verifies if appropriate credentials are set and adds the boundary controller // policy to vault. Returns the vault address. -func Setup(t testing.TB) (boundaryPolicyName string, kvPolicyFilePath string) { +func Setup(t testing.TB, boundaryControllerFilePath string) (boundaryPolicyName string, kvPolicyFilePath string) { // Set up boundary policy - boundaryPolicyFilePath, err := filepath.Abs("testdata/boundary-controller-policy.hcl") + boundaryPolicyFilePath, err := filepath.Abs(boundaryControllerFilePath) require.NoError(t, err) boundaryPolicyName = WritePolicy(t, context.Background(), boundaryPolicyFilePath)