Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for docker testclusters #20247

Merged
merged 66 commits into from
Apr 24, 2023
Merged
Show file tree
Hide file tree
Changes from 55 commits
Commits
Show all changes
66 commits
Select commit Hold shift + click to select a range
7d6da7f
First steps towards docker-based tests: tests using vault binary in -…
ncabatoff Apr 18, 2023
a7a6604
Declare setup dep.
ncabatoff Apr 18, 2023
115aa3f
Try to build vault the way test-ui is doing it.
ncabatoff Apr 18, 2023
194965c
Fix missing runs-on for build-vault.
ncabatoff Apr 18, 2023
4cabf20
Add missing fromJSON
ncabatoff Apr 18, 2023
5f54174
Add checkout, setup-go to build-vault
ncabatoff Apr 18, 2023
bc85429
Propagate dev vault binary to test-go
ncabatoff Apr 18, 2023
8a8aa9e
Improve vault dev binary handling
ncabatoff Apr 18, 2023
4e3f948
Move vault dev binary building into test-go
ncabatoff Apr 18, 2023
0bce1b0
Attempt to only run exec tests (and build vault binary) for the simpl…
ncabatoff Apr 18, 2023
027da9f
Attempt to only run exec tests (and build vault binary) for the simpl…
ncabatoff Apr 18, 2023
2f936f1
Use inputs instead of env
ncabatoff Apr 18, 2023
f3bfb40
Fix syntax error
ncabatoff Apr 18, 2023
0815d23
Fix syntax error, again
ncabatoff Apr 18, 2023
f99e734
Fix typo
ncabatoff Apr 18, 2023
65b04cd
Fix shell bug
ncabatoff Apr 18, 2023
f4c8c3e
Add test godoc
ncabatoff Apr 18, 2023
f8289b3
Fix JSON syntax
ncabatoff Apr 18, 2023
d8e4330
Add default to extra-flags input
ncabatoff Apr 18, 2023
157b0fb
Add parens around negated expr to workaround a yaml issue.
ncabatoff Apr 18, 2023
516c3d0
Exclude fips case as well
ncabatoff Apr 18, 2023
f531fec
We can't actually skip the build-vault job, since test-go depends on …
ncabatoff Apr 18, 2023
bd4f3da
Improve CL and godoc.
ncabatoff Apr 18, 2023
69d937c
Add support for docker testclusters and server option -dev-three-dock…
ncabatoff Apr 19, 2023
b2b1eee
Allow docker testclusters to build an image dynamically, shoving in t…
ncabatoff Apr 19, 2023
37c7e56
Pull out dev-three-docker-node stuff, maybe it doesn't belong here, c…
ncabatoff Apr 19, 2023
359972d
Minor cleanup. Also attempted to ensure that I didn't introduce unne…
ncabatoff Apr 19, 2023
fa42073
Review feedback.
ncabatoff Apr 19, 2023
e948cb9
Merge branch 'test-exec-vault-dev' into test-docker-vault
ncabatoff Apr 19, 2023
4f0f838
Merge branch 'main' into test-exec-vault-dev
ncabatoff Apr 19, 2023
a524046
Merge branch 'test-exec-vault-dev' into test-docker-vault
ncabatoff Apr 19, 2023
ade6602
Update our hack to pin etcd
ncabatoff Apr 19, 2023
7e1658f
Merge branch 'main' into test-exec-vault-dev
ncabatoff Apr 19, 2023
6a899b7
Merge branch 'test-exec-vault-dev' into test-docker-vault
ncabatoff Apr 19, 2023
fb259e1
go mod tidy
ncabatoff Apr 19, 2023
3bf9d7d
Merge branch 'main' into test-exec-vault-dev
ncabatoff Apr 19, 2023
1f60687
Use api v1.9.1
ncabatoff Apr 19, 2023
a7841ed
Remove replace directive and tidy.
ncabatoff Apr 19, 2023
359c691
Something went wrong in my previous tidy attempt. Let's try again.
ncabatoff Apr 19, 2023
82d508f
Remove sdk test that has inappropriate dependency on vault module.
ncabatoff Apr 20, 2023
5fb9d77
go mod tidy
ncabatoff Apr 20, 2023
648d7f4
Merge branch 'test-exec-vault-dev' into test-docker-vault
ncabatoff Apr 20, 2023
74b75ef
go mod tidy
ncabatoff Apr 20, 2023
54ab7ad
Improve logging, add support for base listen address so that multiple…
ncabatoff Apr 20, 2023
d93a05d
Merge branch 'main' into test-exec-vault-dev
ncabatoff Apr 20, 2023
e98fd62
Merge branch 'test-exec-vault-dev' into test-docker-vault
ncabatoff Apr 20, 2023
74bcb96
Add pwd to see why we're not finding bin/vault.
ncabatoff Apr 20, 2023
7e726a1
Add more instrumentation
ncabatoff Apr 20, 2023
ae60a37
Fix path for artifact download
ncabatoff Apr 20, 2023
d7b3c54
Bit of cleanup, and some reworking of how we scrub timestamps. Still…
ncabatoff Apr 20, 2023
0682d6b
Remove instrumentation, fix VAULT_BINARY setting.
ncabatoff Apr 20, 2023
110c661
Merge branch 'test-exec-vault-dev' into test-docker-vault
ncabatoff Apr 20, 2023
6c9bbfa
Got the JSON log approach from exec working with docker. Still a bit…
ncabatoff Apr 20, 2023
de14905
Remove hardcoded vault image tag.
ncabatoff Apr 21, 2023
cf69d45
Make APIClient always return a clone
ncabatoff Apr 21, 2023
cb6be71
Fix support on Podman service (#20300)
cipherboy Apr 24, 2023
89117bb
Fix APIClient: clone doesn't copy tokens.
ncabatoff Apr 24, 2023
e9c6a17
Merge branch 'main' into test-exec-vault-dev
ncabatoff Apr 24, 2023
cdc75c3
Revisit client cloning.
ncabatoff Apr 24, 2023
cdf3dd5
Merge branch 'test-exec-vault-dev' into test-docker-vault
ncabatoff Apr 24, 2023
4f2f99e
Follow the exec cluster's lead in how to manage vault clients.
ncabatoff Apr 24, 2023
0b51ffd
Merge branch 'main' into test-docker-vault
ncabatoff Apr 24, 2023
a6dd92a
Merge main, go tidy, document some weirdness.
ncabatoff Apr 24, 2023
bbefe63
Review feedback.
ncabatoff Apr 24, 2023
5cd4a84
export Container field
ncabatoff Apr 24, 2023
9e4deb3
Add godoc
ncabatoff Apr 24, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 48 additions & 0 deletions .github/workflows/test-go.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ on:
description: A space-separated list of additional build flags.
required: false
type: string
default: ''
runs-on:
description: An expression indicating which kind of runners to use.
required: false
Expand Down Expand Up @@ -59,13 +60,42 @@ jobs:
INDEX_LIST="$(seq 1 ${{ inputs.total-runners }})"
INDEX_JSON="$(jq --null-input --compact-output '. |= [inputs]' <<< "${INDEX_LIST}")"
echo "indexes=${INDEX_JSON}" >> "${GITHUB_OUTPUT}"
build-vault:
runs-on: ${{ fromJSON(inputs.runs-on) }}
name: Build Vault dev binary
steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
if: |
! contains(inputs.extra-flags, '-race') &&
! contains(inputs.go-build-tags, 'fips')
- uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613
if: |
! contains(inputs.extra-flags, '-race') &&
! contains(inputs.go-build-tags, 'fips')
with:
go-version-file: ./.go-version
cache: true
- id: build
if: |
! contains(inputs.extra-flags, '-race') &&
! contains(inputs.go-build-tags, 'fips')
run: make ci-bootstrap dev
- name: Save dev binary
if: |
! contains(inputs.extra-flags, '-race') &&
! contains(inputs.go-build-tags, 'fips')
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
with:
name: vault-dev
path: bin/vault
test-go:
permissions:
id-token: write # Note: this permission is explicitly required for Vault auth
contents: read
name: "${{ matrix.runner-index }}"
needs:
- runner-indexes
- build-vault
runs-on: ${{ fromJSON(inputs.runs-on) }}
strategy:
fail-fast: false
Expand Down Expand Up @@ -116,6 +146,19 @@ jobs:
if: github.repository != 'hashicorp/vault-enterprise'
run: |
git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN}}@github.com".insteadOf https://github.com
- name: Retrieve vault dev binary
if: |
! contains(inputs.extra-flags, '-race') &&
! contains(inputs.go-build-tags, 'fips')
uses: actions/download-artifact@e9ef242655d12993efdcda9058dee2db83a2cb9b
with:
name: vault-dev
path: bin
- name: Make vault dev binary executable
if: |
! contains(inputs.extra-flags, '-race') &&
! contains(inputs.go-build-tags, 'fips')
run: chmod a+x bin/vault
- id: run-go-tests
name: Run Go tests
timeout-minutes: ${{ fromJSON(env.TIMEOUT_IN_MINUTES) }}
Expand Down Expand Up @@ -158,6 +201,11 @@ jobs:
#export HCP_SCADA_ADDRESS=${{ secrets.HCP_SCADA_ADDRESS }}
fi

if [ -f bin/vault ]; then
VAULT_BINARY="$(pwd)/bin/vault"
export VAULT_BINARY
fi

# shellcheck disable=SC2086 # can't quote package list
GOARCH=${{ inputs.go-arch }} \
go run gotest.tools/gotestsum --format=short-verbose \
Expand Down
2 changes: 1 addition & 1 deletion builtin/credential/radius/backend_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,8 @@ import (
"testing"
"time"

"github.com/hashicorp/vault/helper/testhelpers/docker"
logicaltest "github.com/hashicorp/vault/helper/testhelpers/logical"
"github.com/hashicorp/vault/sdk/helper/docker"
"github.com/hashicorp/vault/sdk/logical"
)

Expand Down
2 changes: 1 addition & 1 deletion builtin/logical/nomad/backend_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ import (

nomadapi "github.com/hashicorp/nomad/api"
"github.com/hashicorp/vault/helper/testhelpers"
"github.com/hashicorp/vault/helper/testhelpers/docker"
"github.com/hashicorp/vault/sdk/helper/docker"
"github.com/hashicorp/vault/sdk/logical"
"github.com/mitchellh/mapstructure"
)
Expand Down
18 changes: 8 additions & 10 deletions builtin/logical/pkiext/nginx_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,9 @@ import (
"testing"
"time"

"github.com/hashicorp/vault/builtin/logical/pki"
"github.com/hashicorp/vault/helper/testhelpers/docker"

"github.com/hashicorp/go-uuid"

"github.com/hashicorp/vault/builtin/logical/pki"
"github.com/hashicorp/vault/sdk/helper/docker"
"github.com/stretchr/testify/require"
)

Expand Down Expand Up @@ -232,7 +230,7 @@ func CheckWithClients(t *testing.T, network string, address string, url string,
// Start our service with a random name to not conflict with other
// threads.
ctx := context.Background()
ctr, _, _, err := cwRunner.Start(ctx, true, false)
result, err := cwRunner.Start(ctx, true, false)
if err != nil {
t.Fatalf("Could not start golang container for wget/curl checks: %s", err)
}
Expand All @@ -258,14 +256,14 @@ func CheckWithClients(t *testing.T, network string, address string, url string,
wgetCmd = []string{"wget", "--verbose", "--ca-certificate=/root.pem", "--certificate=/client-cert.pem", "--private-key=/client-privkey.pem", url}
curlCmd = []string{"curl", "--verbose", "--cacert", "/root.pem", "--cert", "/client-cert.pem", "--key", "/client-privkey.pem", url}
}
if err := cwRunner.CopyTo(ctr.ID, "/", certCtx); err != nil {
if err := cwRunner.CopyTo(result.Container.ID, "/", certCtx); err != nil {
t.Fatalf("Could not copy certificate and key into container: %v", err)
}

for _, cmd := range [][]string{hostPrimeCmd, wgetCmd, curlCmd} {
t.Logf("Running client connection command: %v", cmd)

stdout, stderr, retcode, err := cwRunner.RunCmdWithOutput(ctx, ctr.ID, cmd)
stdout, stderr, retcode, err := cwRunner.RunCmdWithOutput(ctx, result.Container.ID, cmd)
if err != nil {
t.Fatalf("Could not run command (%v) in container: %v", cmd, err)
}
Expand Down Expand Up @@ -295,7 +293,7 @@ func CheckDeltaCRL(t *testing.T, network string, address string, url string, roo
// Start our service with a random name to not conflict with other
// threads.
ctx := context.Background()
ctr, _, _, err := cwRunner.Start(ctx, true, false)
result, err := cwRunner.Start(ctx, true, false)
if err != nil {
t.Fatalf("Could not start golang container for wget2 delta CRL checks: %s", err)
}
Expand All @@ -313,14 +311,14 @@ func CheckDeltaCRL(t *testing.T, network string, address string, url string, roo
certCtx := docker.NewBuildContext()
certCtx["root.pem"] = docker.PathContentsFromString(rootCert)
certCtx["crls.pem"] = docker.PathContentsFromString(crls)
if err := cwRunner.CopyTo(ctr.ID, "/", certCtx); err != nil {
if err := cwRunner.CopyTo(result.Container.ID, "/", certCtx); err != nil {
t.Fatalf("Could not copy certificate and key into container: %v", err)
}

for index, cmd := range [][]string{hostPrimeCmd, wgetCmd} {
t.Logf("Running client connection command: %v", cmd)

stdout, stderr, retcode, err := cwRunner.RunCmdWithOutput(ctx, ctr.ID, cmd)
stdout, stderr, retcode, err := cwRunner.RunCmdWithOutput(ctx, result.Container.ID, cmd)
if err != nil {
t.Fatalf("Could not run command (%v) in container: %v", cmd, err)
}
Expand Down
12 changes: 6 additions & 6 deletions builtin/logical/pkiext/zlint_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,7 @@ import (
"testing"

"github.com/hashicorp/vault/builtin/logical/pki"
"github.com/hashicorp/vault/helper/testhelpers/docker"

"github.com/hashicorp/vault/sdk/helper/docker"
"github.com/stretchr/testify/require"
)

Expand Down Expand Up @@ -67,25 +66,26 @@ func RunZLintContainer(t *testing.T, certificate string) []byte {
buildZLintContainer(t)
})

ctx := context.Background()
// We don't actually care about the address, we just want to start the
// container so we can run commands in it. We'd ideally like to skip this
// step and only build a new image, but the zlint output would be
// intermingled with container build stages, so its not that useful.
ctr, _, _, err := zRunner.Start(context.Background(), true, false)
result, err := zRunner.Start(ctx, true, false)
if err != nil {
t.Fatalf("Could not start golang container for zlint: %s", err)
}

// Copy the cert into the newly running container.
certCtx := docker.NewBuildContext()
certCtx["cert.pem"] = docker.PathContentsFromBytes([]byte(certificate))
if err := zRunner.CopyTo(ctr.ID, "/go/", certCtx); err != nil {
if err := zRunner.CopyTo(result.Container.ID, "/go/", certCtx); err != nil {
t.Fatalf("Could not copy certificate into container: %v", err)
}

// Run the zlint command and save the output.
cmd := []string{"/go/bin/zlint", "/go/cert.pem"}
stdout, stderr, retcode, err := zRunner.RunCmdWithOutput(context.Background(), ctr.ID, cmd)
stdout, stderr, retcode, err := zRunner.RunCmdWithOutput(ctx, result.Container.ID, cmd)
if err != nil {
t.Fatalf("Could not run command in container: %v", err)
}
Expand All @@ -100,7 +100,7 @@ func RunZLintContainer(t *testing.T, certificate string) []byte {
}

// Clean up after ourselves.
if err := zRunner.Stop(context.Background(), ctr.ID); err != nil {
if err := zRunner.Stop(context.Background(), result.Container.ID); err != nil {
t.Fatalf("failed to stop container: %v", err)
}

Expand Down
2 changes: 1 addition & 1 deletion builtin/logical/rabbitmq/backend_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,8 @@ import (
"testing"

"github.com/hashicorp/go-secure-stdlib/base62"
"github.com/hashicorp/vault/helper/testhelpers/docker"
logicaltest "github.com/hashicorp/vault/helper/testhelpers/logical"
"github.com/hashicorp/vault/sdk/helper/docker"
"github.com/hashicorp/vault/sdk/helper/jsonutil"
"github.com/hashicorp/vault/sdk/logical"
rabbithole "github.com/michaelklishin/rabbit-hole/v2"
Expand Down
10 changes: 4 additions & 6 deletions builtin/logical/ssh/backend_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,18 +16,16 @@ import (
"time"

"github.com/hashicorp/vault/api"
"github.com/hashicorp/vault/helper/testhelpers/corehelpers"
"github.com/hashicorp/vault/sdk/logical"
"golang.org/x/crypto/ssh"

"github.com/hashicorp/vault/builtin/credential/userpass"
"github.com/hashicorp/vault/helper/testhelpers/docker"
"github.com/hashicorp/vault/helper/testhelpers/corehelpers"
logicaltest "github.com/hashicorp/vault/helper/testhelpers/logical"
vaulthttp "github.com/hashicorp/vault/http"
"github.com/hashicorp/vault/sdk/helper/docker"
"github.com/hashicorp/vault/sdk/logical"
"github.com/hashicorp/vault/vault"
"github.com/mitchellh/mapstructure"

"github.com/stretchr/testify/require"
"golang.org/x/crypto/ssh"
)

const (
Expand Down
3 changes: 3 additions & 0 deletions changelog/20224.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:improvement
command/server: New -dev-cluster-json writes a file describing the dev cluster in -dev and -dev-three-node modes, plus -dev-three-node now enables unauthenticated metrics and pprof requests.
```
3 changes: 3 additions & 0 deletions changelog/20247.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:improvement
sdk: Add new docker-based cluster testing framework to the sdk.
```
Loading