mirror of https://github.com/hashicorp/boundary
test(e2e): Add test for controller-led worker registration (#3882)
* test(e2e): Add test for controller led worker registration * chore(e2e): Rename log files to ensure uniqueness This updates the log files to be based on the scenario name instead of just the test package in case some scenarios run the same test packagepull/3949/head
parent
c93edfb612
commit
f0a4bce17c
@ -0,0 +1,192 @@
|
||||
# Copyright (c) HashiCorp, Inc.
|
||||
# SPDX-License-Identifier: BUSL-1.1
|
||||
|
||||
# For this scenario to work, add the following line to /etc/hosts
|
||||
# 127.0.0.1 localhost boundary
|
||||
# 127.0.0.1 localhost worker
|
||||
|
||||
scenario "e2e_docker_worker_registration_controller_led" {
|
||||
terraform_cli = terraform_cli.default
|
||||
terraform = terraform.default
|
||||
providers = [
|
||||
provider.enos.default
|
||||
]
|
||||
|
||||
matrix {
|
||||
builder = ["local", "crt"]
|
||||
}
|
||||
|
||||
locals {
|
||||
aws_ssh_private_key_path = abspath(var.aws_ssh_private_key_path)
|
||||
local_boundary_dir = abspath(var.local_boundary_dir)
|
||||
local_boundary_src_dir = abspath(var.local_boundary_src_dir)
|
||||
boundary_docker_image_file = abspath(var.boundary_docker_image_file)
|
||||
license_path = abspath(var.boundary_license_path != null ? var.boundary_license_path : joinpath(path.root, "./support/boundary.hclic"))
|
||||
|
||||
network_cluster = "e2e_cluster"
|
||||
network_host = "e2e_host"
|
||||
network_database = "e2e_db"
|
||||
|
||||
build_path = {
|
||||
"local" = "/tmp",
|
||||
"crt" = var.crt_bundle_path == null ? null : abspath(var.crt_bundle_path)
|
||||
}
|
||||
tags = merge({
|
||||
"Project Name" : var.project_name
|
||||
"Project" : "Enos",
|
||||
"Environment" : "ci"
|
||||
}, var.tags)
|
||||
}
|
||||
|
||||
step "build_boundary_docker_image" {
|
||||
module = matrix.builder == "crt" ? module.build_boundary_docker_crt : module.build_boundary_docker_local
|
||||
|
||||
variables {
|
||||
path = matrix.builder == "crt" ? local.boundary_docker_image_file : ""
|
||||
cli_build_path = local.build_path[matrix.builder]
|
||||
edition = var.boundary_edition
|
||||
}
|
||||
}
|
||||
|
||||
step "create_docker_network_database" {
|
||||
module = module.docker_network
|
||||
variables {
|
||||
network_name = local.network_database
|
||||
}
|
||||
}
|
||||
|
||||
step "create_docker_network_cluster" {
|
||||
module = module.docker_network
|
||||
variables {
|
||||
network_name = local.network_cluster
|
||||
}
|
||||
}
|
||||
|
||||
step "create_docker_network_host" {
|
||||
module = module.docker_network
|
||||
variables {
|
||||
network_name = local.network_host
|
||||
}
|
||||
}
|
||||
|
||||
step "create_boundary_database" {
|
||||
depends_on = [
|
||||
step.create_docker_network_cluster
|
||||
]
|
||||
variables {
|
||||
image_name = "${var.docker_mirror}/library/postgres:latest"
|
||||
network_name = [local.network_database]
|
||||
}
|
||||
module = module.docker_postgres
|
||||
}
|
||||
|
||||
step "read_license" {
|
||||
skip_step = var.boundary_edition == "oss"
|
||||
module = module.read_license
|
||||
|
||||
variables {
|
||||
file_name = local.license_path
|
||||
}
|
||||
}
|
||||
|
||||
step "create_boundary" {
|
||||
module = module.docker_boundary
|
||||
depends_on = [
|
||||
step.create_docker_network_cluster,
|
||||
step.create_docker_network_database,
|
||||
step.create_boundary_database,
|
||||
step.build_boundary_docker_image
|
||||
]
|
||||
variables {
|
||||
image_name = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name
|
||||
network_name = [local.network_cluster, local.network_database]
|
||||
database_network = local.network_database
|
||||
postgres_address = step.create_boundary_database.address
|
||||
boundary_license = var.boundary_edition != "oss" ? step.read_license.license : ""
|
||||
config_file = "boundary-config.hcl"
|
||||
get_auth_token = true
|
||||
get_worker_token = true
|
||||
}
|
||||
}
|
||||
|
||||
step "create_vault" {
|
||||
module = module.docker_vault
|
||||
depends_on = [
|
||||
step.create_docker_network_cluster
|
||||
]
|
||||
variables {
|
||||
image_name = "${var.docker_mirror}/hashicorp/vault:${var.vault_version}"
|
||||
network_name = [local.network_cluster]
|
||||
}
|
||||
}
|
||||
|
||||
step "create_host" {
|
||||
module = module.docker_openssh_server
|
||||
depends_on = [
|
||||
step.create_docker_network_host
|
||||
]
|
||||
variables {
|
||||
image_name = "${var.docker_mirror}/linuxserver/openssh-server:latest"
|
||||
network_name = [local.network_host]
|
||||
private_key_file_path = local.aws_ssh_private_key_path
|
||||
}
|
||||
}
|
||||
|
||||
locals {
|
||||
egress_tag = "egress"
|
||||
}
|
||||
|
||||
step "create_worker" {
|
||||
module = module.docker_worker
|
||||
depends_on = [
|
||||
step.create_docker_network_cluster,
|
||||
step.create_docker_network_host,
|
||||
step.build_boundary_docker_image,
|
||||
step.create_boundary
|
||||
]
|
||||
variables {
|
||||
image_name = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name
|
||||
boundary_license = var.boundary_edition != "oss" ? step.read_license.license : ""
|
||||
config_file = "worker-config-controller-led.hcl"
|
||||
container_name = "worker"
|
||||
initial_upstream = step.create_boundary.upstream_address
|
||||
network_name = [local.network_cluster, local.network_host]
|
||||
tags = [local.egress_tag]
|
||||
port = "9402"
|
||||
token = step.create_boundary.worker_token
|
||||
}
|
||||
}
|
||||
|
||||
step "run_e2e_test" {
|
||||
module = module.test_e2e_docker
|
||||
depends_on = [
|
||||
step.create_boundary,
|
||||
step.create_vault,
|
||||
step.create_host,
|
||||
step.create_worker,
|
||||
]
|
||||
variables {
|
||||
test_package = "github.com/hashicorp/boundary/testing/internal/e2e/tests/base_with_worker"
|
||||
docker_mirror = var.docker_mirror
|
||||
network_name = step.create_docker_network_cluster.network_name
|
||||
go_version = var.go_version
|
||||
debug_no_run = var.e2e_debug_no_run
|
||||
alb_boundary_api_addr = step.create_boundary.address
|
||||
auth_method_id = step.create_boundary.auth_method_id
|
||||
auth_login_name = step.create_boundary.login_name
|
||||
auth_password = step.create_boundary.password
|
||||
local_boundary_dir = step.build_boundary_docker_image.cli_zip_path
|
||||
local_boundary_src_dir = local.local_boundary_src_dir
|
||||
aws_ssh_private_key_path = local.aws_ssh_private_key_path
|
||||
target_address = step.create_host.address
|
||||
target_port = step.create_host.port
|
||||
target_user = "ubuntu"
|
||||
vault_addr = step.create_vault.address
|
||||
vault_addr_internal = step.create_vault.address_internal
|
||||
vault_root_token = step.create_vault.token
|
||||
vault_port = step.create_vault.port
|
||||
worker_tag_egress = local.egress_tag
|
||||
worker_tag_collocated = step.create_boundary.worker_tag
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,10 @@
|
||||
#!/usr/bin/env sh
|
||||
# Copyright (c) HashiCorp, Inc.
|
||||
# SPDX-License-Identifier: BUSL-1.1
|
||||
|
||||
set -eu -o pipefail
|
||||
|
||||
boundary authenticate password \
|
||||
-login-name $LOGIN_NAME \
|
||||
-password env://BPASS \
|
||||
-format json
|
||||
@ -0,0 +1,9 @@
|
||||
#!/usr/bin/env sh
|
||||
# Copyright (c) HashiCorp, Inc.
|
||||
# SPDX-License-Identifier: BUSL-1.1
|
||||
|
||||
set -eu -o pipefail
|
||||
|
||||
boundary workers create controller-led \
|
||||
-token env://BOUNDARY_TOKEN \
|
||||
-format json
|
||||
@ -0,0 +1,26 @@
|
||||
#!/usr/bin/env bash
|
||||
# Copyright (c) HashiCorp, Inc.
|
||||
# SPDX-License-Identifier: BUSL-1.1
|
||||
|
||||
# This script initializes a postgres database to work with Boundary by spinning up a temporary
|
||||
# Boundary docker container pointed to the specified database and invoking `boundary database init`.
|
||||
#
|
||||
# This script must only output the JSON that comes from `boundary database init` as the output is
|
||||
# consumed by other scripts.
|
||||
|
||||
TEST_CONTAINER_NAME=boundary-script-runner
|
||||
SOURCE=$(realpath $(dirname ${BASH_SOURCE[0]})) # get directory of this script
|
||||
|
||||
docker run \
|
||||
--rm \
|
||||
--name $TEST_CONTAINER_NAME \
|
||||
-e "BOUNDARY_ADDR=$BOUNDARY_ADDR" \
|
||||
-e "LOGIN_NAME=$E2E_PASSWORD_ADMIN_LOGIN_NAME" \
|
||||
-e "BPASS=$E2E_PASSWORD_ADMIN_PASSWORD" \
|
||||
-e "BOUNDARY_TOKEN=$BOUNDARY_TOKEN" \
|
||||
-e "SKIP_CHOWN=true" \
|
||||
--cap-add IPC_LOCK \
|
||||
--network $TEST_NETWORK_NAME \
|
||||
-v "$SCRIPT:/script.sh" \
|
||||
$TEST_BOUNDARY_IMAGE \
|
||||
/bin/sh -c /script.sh
|
||||
@ -0,0 +1,64 @@
|
||||
# Copyright (c) HashiCorp, Inc.
|
||||
# SPDX-License-Identifier: BUSL-1.1
|
||||
|
||||
disable_mlock = true
|
||||
|
||||
telemetry {
|
||||
prometheus_retention_time = "24h"
|
||||
disable_hostname = true
|
||||
}
|
||||
|
||||
listener "tcp" {
|
||||
address = "0.0.0.0:${port}"
|
||||
purpose = "proxy"
|
||||
tls_disable = true
|
||||
}
|
||||
|
||||
listener "tcp" {
|
||||
address = "0.0.0.0:${port_ops}"
|
||||
purpose = "ops"
|
||||
tls_disable = true
|
||||
}
|
||||
|
||||
worker {
|
||||
public_addr = "${worker_name}:${port}"
|
||||
initial_upstreams = ["${initial_upstream}"]
|
||||
controller_generated_activation_token = "${token}"
|
||||
|
||||
tags {
|
||||
type = ${type_tags},
|
||||
}
|
||||
|
||||
auth_storage_path = "/tmp/boundary/worker"
|
||||
}
|
||||
|
||||
events {
|
||||
audit_enabled = true
|
||||
sysevents_enabled = true
|
||||
observations_enable = true
|
||||
|
||||
sink "stderr" {
|
||||
name = "all-events"
|
||||
description = "All events sent to stderr"
|
||||
event_types = ["*"]
|
||||
format = "cloudevents-json"
|
||||
}
|
||||
|
||||
sink {
|
||||
name = "Log File"
|
||||
event_types = ["*"]
|
||||
format = "cloudevents-json"
|
||||
|
||||
file {
|
||||
path = "/boundary/logs"
|
||||
file_name = "events.log"
|
||||
}
|
||||
|
||||
audit_config {
|
||||
audit_filter_overrides {
|
||||
secret = "redact"
|
||||
sensitive = "redact"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
Reference in new issue