From 9e776332c5f910fd0c2ac8ff4fc52f6df2ba1ad7 Mon Sep 17 00:00:00 2001 From: Rebecca Willett <47540675+rebwill@users.noreply.github.com> Date: Wed, 16 Nov 2022 14:23:58 -0500 Subject: [PATCH] Migrate package_manager smoke test to Enos scenario (#17653) Integrate package testing to Enos scenarios as a matrix variant instead of a standalone scenario --- .../enos-run-matrices/artifactory-ent.json | 20 +-- .../enos-run-matrices/artifactory-oss.json | 16 +-- .github/enos-run-matrices/crt-ent.json | 10 +- .github/enos-run-matrices/crt-oss.json | 8 +- enos/enos-modules.hcl | 21 +++ enos/enos-scenario-autopilot.hcl | 64 +++++---- enos/enos-scenario-smoke.hcl | 125 +++++++++++++----- enos/enos-scenario-upgrade.hcl | 65 ++++++--- enos/modules/build_crt/main.tf | 2 +- enos/modules/build_local/main.tf | 2 +- enos/modules/vault-verify-replication/main.tf | 31 +++++ .../templates/smoke-verify-replication.sh | 28 ++++ .../vault-verify-replication/variables.tf | 24 ++++ enos/modules/vault-verify-ui/main.tf | 31 +++++ .../templates/smoke-verify-ui.sh | 14 ++ enos/modules/vault-verify-ui/variables.tf | 19 +++ enos/modules/vault-verify-write-data/main.tf | 50 +++++++ .../templates/smoke-enable-secrets-kv.sh | 37 ++++++ .../templates/smoke-write-test-data.sh | 39 ++++++ .../vault-verify-write-data/variables.tf | 25 ++++ .../vault_artifactory_artifact/locals.tf | 28 ++-- .../vault_artifactory_artifact/main.tf | 2 +- .../vault_artifactory_artifact/variables.tf | 2 +- enos/modules/vault_upgrade/main.tf | 8 +- 24 files changed, 537 insertions(+), 134 deletions(-) create mode 100644 enos/modules/vault-verify-replication/main.tf create mode 100644 enos/modules/vault-verify-replication/templates/smoke-verify-replication.sh create mode 100644 enos/modules/vault-verify-replication/variables.tf create mode 100644 enos/modules/vault-verify-ui/main.tf create mode 100644 enos/modules/vault-verify-ui/templates/smoke-verify-ui.sh create mode 100644 enos/modules/vault-verify-ui/variables.tf create mode 100644 enos/modules/vault-verify-write-data/main.tf create mode 100644 enos/modules/vault-verify-write-data/templates/smoke-enable-secrets-kv.sh create mode 100644 enos/modules/vault-verify-write-data/templates/smoke-write-test-data.sh create mode 100644 enos/modules/vault-verify-write-data/variables.tf diff --git a/.github/enos-run-matrices/artifactory-ent.json b/.github/enos-run-matrices/artifactory-ent.json index 2df3a1c566..abbea6eb08 100644 --- a/.github/enos-run-matrices/artifactory-ent.json +++ b/.github/enos-run-matrices/artifactory-ent.json @@ -1,43 +1,43 @@ { "include": [ { - "scenario": "smoke arch:amd64 artifact_source:artifactory backend:consul consul_version:1.13.2 distro:rhel edition:ent seal:awskms", + "scenario": "smoke arch:amd64 artifact_source:artifactory backend:consul consul_version:1.13.2 distro:rhel edition:ent seal:awskms artifact_type:bundle", "aws_region": "us-east-1" }, { - "scenario": "smoke arch:amd64 artifact_source:artifactory backend:consul consul_version:1.13.2 distro:ubuntu edition:ent seal:shamir", + "scenario": "smoke arch:amd64 artifact_source:artifactory backend:consul consul_version:1.13.2 distro:ubuntu edition:ent seal:shamir artifact_type:bundle", "aws_region": "us-east-2" }, { - "scenario": "smoke arch:arm64 artifact_source:artifactory backend:raft consul_version:1.11.10 distro:ubuntu edition:ent seal:awskms", + "scenario": "smoke arch:arm64 artifact_source:artifactory backend:raft consul_version:1.11.10 distro:ubuntu edition:ent seal:awskms artifact_type:bundle", "aws_region": "us-west-1" }, { - "scenario": "smoke arch:arm64 artifact_source:artifactory backend:raft consul_version:1.11.10 distro:rhel edition:ent seal:shamir", + "scenario": "smoke arch:arm64 artifact_source:artifactory backend:raft consul_version:1.11.10 distro:rhel edition:ent seal:shamir artifact_type:bundle", "aws_region": "us-west-2" }, { - "scenario": "upgrade arch:arm64 artifact_source:artifactory backend:consul consul_version:1.12.5 distro:ubuntu edition:ent seal:shamir", + "scenario": "upgrade arch:arm64 artifact_source:artifactory backend:consul consul_version:1.12.5 distro:ubuntu edition:ent seal:shamir artifact_type:bundle", "aws_region": "us-west-1" }, { - "scenario": "upgrade arch:amd64 artifact_source:artifactory backend:consul consul_version:1.13.2 distro:rhel edition:ent seal:awskms", + "scenario": "upgrade arch:amd64 artifact_source:artifactory backend:consul consul_version:1.13.2 distro:rhel edition:ent seal:awskms artifact_type:bundle", "aws_region": "us-west-2" }, { - "scenario": "upgrade arch:arm64 artifact_source:artifactory backend:raft consul_version:1.12.5 distro:rhel edition:ent seal:shamir", + "scenario": "upgrade arch:arm64 artifact_source:artifactory backend:raft consul_version:1.12.5 distro:rhel edition:ent seal:shamir artifact_type:bundle", "aws_region": "us-east-1" }, { - "scenario": "upgrade arch:amd64 artifact_source:artifactory backend:raft consul_version:1.13.2 distro:ubuntu edition:ent seal:awskms", + "scenario": "upgrade arch:amd64 artifact_source:artifactory backend:raft consul_version:1.13.2 distro:ubuntu edition:ent seal:awskms artifact_type:bundle", "aws_region": "us-east-2" }, { - "scenario": "autopilot arch:amd64 artifact_source:artifactory distro:ubuntu edition:ent seal:awskms", + "scenario": "autopilot arch:amd64 artifact_source:artifactory distro:ubuntu edition:ent seal:awskms artifact_type:bundle", "aws_region": "us-west-1" }, { - "scenario": "autopilot arch:arm64 artifact_source:artifactory distro:rhel edition:ent seal:shamir", + "scenario": "autopilot arch:arm64 artifact_source:artifactory distro:rhel edition:ent seal:shamir artifact_type:bundle", "aws_region": "us-west-2" } ] diff --git a/.github/enos-run-matrices/artifactory-oss.json b/.github/enos-run-matrices/artifactory-oss.json index fccc26542f..1a4cf2d0f8 100644 --- a/.github/enos-run-matrices/artifactory-oss.json +++ b/.github/enos-run-matrices/artifactory-oss.json @@ -1,35 +1,35 @@ { "include": [ { - "scenario": "smoke arch:amd64 artifact_source:artifactory backend:consul consul_version:1.13.2 distro:rhel edition:oss seal:awskms", + "scenario": "smoke arch:amd64 artifact_source:artifactory backend:consul consul_version:1.13.2 distro:rhel edition:oss seal:awskms artifact_type:bundle", "aws_region": "us-east-1" }, { - "scenario": "smoke arch:amd64 artifact_source:artifactory backend:consul consul_version:1.12.5 distro:ubuntu edition:oss seal:shamir", + "scenario": "smoke arch:amd64 artifact_source:artifactory backend:consul consul_version:1.12.5 distro:ubuntu edition:oss seal:shamir artifact_type:bundle", "aws_region": "us-east-2" }, { - "scenario": "smoke arch:arm64 artifact_source:artifactory backend:raft consul_version:1.11.10 distro:ubuntu edition:oss seal:awskms", + "scenario": "smoke arch:arm64 artifact_source:artifactory backend:raft consul_version:1.11.10 distro:ubuntu edition:oss seal:awskms artifact_type:bundle", "aws_region": "us-west-1" }, { - "scenario": "smoke arch:arm64 artifact_source:artifactory backend:raft consul_version:1.11.10 distro:rhel edition:oss seal:shamir", + "scenario": "smoke arch:arm64 artifact_source:artifactory backend:raft consul_version:1.11.10 distro:rhel edition:oss seal:shamir artifact_type:bundle", "aws_region": "us-west-2" }, { - "scenario": "upgrade arch:arm64 artifact_source:artifactory backend:consul consul_version:1.11.10 distro:ubuntu edition:oss seal:shamir", + "scenario": "upgrade arch:arm64 artifact_source:artifactory backend:consul consul_version:1.11.10 distro:ubuntu edition:oss seal:shamir artifact_type:bundle", "aws_region": "us-west-1" }, { - "scenario": "upgrade arch:amd64 artifact_source:artifactory backend:consul consul_version:1.13.2 distro:rhel edition:oss seal:awskms", + "scenario": "upgrade arch:amd64 artifact_source:artifactory backend:consul consul_version:1.13.2 distro:rhel edition:oss seal:awskms artifact_type:bundle", "aws_region": "us-west-2" }, { - "scenario": "upgrade arch:arm64 artifact_source:artifactory backend:raft consul_version:1.12.5 distro:rhel edition:oss seal:shamir", + "scenario": "upgrade arch:arm64 artifact_source:artifactory backend:raft consul_version:1.12.5 distro:rhel edition:oss seal:shamir artifact_type:bundle", "aws_region": "us-east-1" }, { - "scenario": "upgrade arch:amd64 artifact_source:artifactory backend:raft consul_version:1.13.2 distro:ubuntu edition:oss seal:awskms", + "scenario": "upgrade arch:amd64 artifact_source:artifactory backend:raft consul_version:1.13.2 distro:ubuntu edition:oss seal:awskms artifact_type:bundle", "aws_region": "us-east-2" } ] diff --git a/.github/enos-run-matrices/crt-ent.json b/.github/enos-run-matrices/crt-ent.json index 29a5b8c508..1f61898efe 100644 --- a/.github/enos-run-matrices/crt-ent.json +++ b/.github/enos-run-matrices/crt-ent.json @@ -1,23 +1,23 @@ { "include": [ { - "scenario": "smoke backend:consul consul_version:1.13.2 distro:ubuntu seal:awskms arch:amd64 artifact_source:crt edition:ent", + "scenario": "smoke backend:consul consul_version:1.13.2 distro:ubuntu seal:awskms arch:amd64 artifact_source:crt edition:ent artifact_type:bundle", "aws_region": "us-west-1" }, { - "scenario": "smoke backend:raft consul_version:1.13.2 distro:ubuntu seal:shamir arch:amd64 artifact_source:crt edition:ent", + "scenario": "smoke backend:raft consul_version:1.13.2 distro:ubuntu seal:shamir arch:amd64 artifact_source:crt edition:ent artifact_type:bundle", "aws_region": "us-west-2" }, { - "scenario": "upgrade backend:raft consul_version:1.12.5 distro:rhel seal:shamir arch:amd64 artifact_source:crt edition:ent", + "scenario": "upgrade backend:raft consul_version:1.12.5 distro:rhel seal:shamir arch:amd64 artifact_source:crt edition:ent artifact_type:bundle", "aws_region": "us-west-1" }, { - "scenario": "upgrade backend:consul consul_version:1.12.5 distro:rhel seal:awskms arch:amd64 artifact_source:crt edition:ent", + "scenario": "upgrade backend:consul consul_version:1.12.5 distro:rhel seal:awskms arch:amd64 artifact_source:crt edition:ent artifact_type:bundle", "aws_region": "us-west-2" }, { - "scenario": "autopilot distro:ubuntu seal:shamir arch:amd64 artifact_source:crt edition:ent", + "scenario": "autopilot distro:ubuntu seal:shamir arch:amd64 artifact_source:crt edition:ent artifact_type:bundle", "aws_region": "us-west-1" } ] diff --git a/.github/enos-run-matrices/crt-oss.json b/.github/enos-run-matrices/crt-oss.json index ddd35345af..29b303814f 100644 --- a/.github/enos-run-matrices/crt-oss.json +++ b/.github/enos-run-matrices/crt-oss.json @@ -1,19 +1,19 @@ { "include": [ { - "scenario": "smoke backend:consul consul_version:1.13.2 distro:ubuntu seal:awskms arch:amd64 artifact_source:crt edition:oss", + "scenario": "smoke backend:consul consul_version:1.13.2 distro:ubuntu seal:awskms arch:amd64 artifact_source:crt edition:oss artifact_type:bundle", "aws_region": "us-west-1" }, { - "scenario": "smoke backend:raft consul_version:1.13.2 distro:ubuntu seal:shamir arch:amd64 artifact_source:crt edition:oss", + "scenario": "smoke backend:raft consul_version:1.13.2 distro:ubuntu seal:shamir arch:amd64 artifact_source:crt edition:oss artifact_type:bundle", "aws_region": "us-west-2" }, { - "scenario": "upgrade backend:raft consul_version:1.12.5 distro:rhel seal:shamir arch:amd64 artifact_source:crt edition:oss", + "scenario": "upgrade backend:raft consul_version:1.12.5 distro:rhel seal:shamir arch:amd64 artifact_source:crt edition:oss artifact_type:bundle", "aws_region": "us-west-1" }, { - "scenario": "upgrade backend:consul consul_version:1.12.5 distro:rhel seal:awskms arch:amd64 artifact_source:crt edition:oss", + "scenario": "upgrade backend:consul consul_version:1.12.5 distro:rhel seal:awskms arch:amd64 artifact_source:crt edition:oss artifact_type:bundle", "aws_region": "us-west-2" } ] diff --git a/enos/enos-modules.hcl b/enos/enos-modules.hcl index bc4604be85..d5c758b496 100644 --- a/enos/enos-modules.hcl +++ b/enos/enos-modules.hcl @@ -99,6 +99,20 @@ module "vault_verify_raft_auto_join_voter" { vault_instance_count = var.vault_instance_count } +module "vault_verify_replication" { + source = "./modules/vault-verify-replication" + + vault_install_dir = var.vault_install_dir + vault_instance_count = var.vault_instance_count +} + +module "vault_verify_ui" { + source = "./modules/vault-verify-ui" + + vault_install_dir = var.vault_install_dir + vault_instance_count = var.vault_instance_count +} + module "vault_verify_unsealed" { source = "./modules/vault_verify_unsealed" @@ -112,3 +126,10 @@ module "vault_verify_version" { vault_install_dir = var.vault_install_dir vault_instance_count = var.vault_instance_count } + +module "vault_verify_write_test_data" { + source = "./modules/vault-verify-write-data" + + vault_install_dir = var.vault_install_dir + vault_instance_count = var.vault_instance_count +} diff --git a/enos/enos-scenario-autopilot.hcl b/enos/enos-scenario-autopilot.hcl index 881613759b..815d28cc3b 100644 --- a/enos/enos-scenario-autopilot.hcl +++ b/enos/enos-scenario-autopilot.hcl @@ -2,6 +2,7 @@ scenario "autopilot" { matrix { arch = ["amd64", "arm64"] artifact_source = ["local", "crt", "artifactory"] + artifact_type = ["bundle", "package"] distro = ["ubuntu", "rhel"] edition = ["ent"] seal = ["awskms", "shamir"] @@ -25,7 +26,6 @@ scenario "autopilot" { rhel = provider.enos.rhel ubuntu = provider.enos.ubuntu } - install_artifactory_artifact = local.bundle_path == null tags = merge({ "Project Name" : var.project_name "Project" : "Enos", @@ -37,27 +37,32 @@ scenario "autopilot" { } vault_instance_type = coalesce(var.vault_instance_type, local.vault_instance_types[matrix.arch]) vault_license_path = abspath(var.vault_license_path != null ? var.vault_license_path : joinpath(path.root, "./support/vault.hclic")) + vault_install_dir_packages = { + rhel = "/bin" + ubuntu = "/usr/bin" + } + vault_install_dir = matrix.artifact_type == "bundle" ? var.vault_install_dir : local.vault_install_dir_packages[matrix.distro] } step "build_vault" { module = "build_${matrix.artifact_source}" variables { - build_tags = var.vault_local_build_tags != null ? var.vault_local_build_tags : local.build_tags[matrix.edition] - bundle_path = local.bundle_path - goarch = matrix.arch - goos = "linux" - artifactory_host = matrix.artifact_source == "artifactory" ? var.artifactory_host : null - artifactory_repo = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null - artifactory_username = matrix.artifact_source == "artifactory" ? var.artifactory_username : null - artifactory_token = matrix.artifact_source == "artifactory" ? var.artifactory_token : null - arch = matrix.artifact_source == "artifactory" ? matrix.arch : null - vault_product_version = var.vault_product_version - artifact_type = matrix.artifact_source == "artifactory" ? var.vault_artifact_type : null - distro = matrix.artifact_source == "artifactory" ? matrix.distro : null - edition = matrix.artifact_source == "artifactory" ? matrix.edition : null - instance_type = matrix.artifact_source == "artifactory" ? local.vault_instance_type : null - revision = var.vault_revision + build_tags = var.vault_local_build_tags != null ? var.vault_local_build_tags : local.build_tags[matrix.edition] + bundle_path = local.bundle_path + goarch = matrix.arch + goos = "linux" + artifactory_host = matrix.artifact_source == "artifactory" ? var.artifactory_host : null + artifactory_repo = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null + artifactory_username = matrix.artifact_source == "artifactory" ? var.artifactory_username : null + artifactory_token = matrix.artifact_source == "artifactory" ? var.artifactory_token : null + arch = matrix.artifact_source == "artifactory" ? matrix.arch : null + product_version = var.vault_product_version + artifact_type = matrix.artifact_type + distro = matrix.artifact_source == "artifactory" ? matrix.distro : null + edition = matrix.artifact_source == "artifactory" ? matrix.edition : null + instance_type = matrix.artifact_source == "artifactory" ? local.vault_instance_type : null + revision = var.vault_revision } } @@ -90,6 +95,8 @@ scenario "autopilot" { } } + # This step creates a Vault cluster using a bundle downloaded from + # releases.hashicorp.com, with the version specified in var.vault_autopilot_initial_release step "create_vault_cluster" { module = module.vault_cluster depends_on = [ @@ -110,10 +117,11 @@ scenario "autopilot" { storage_backend_addl_config = { autopilot_upgrade_version = var.vault_autopilot_initial_release.version } - unseal_method = matrix.seal - vault_release = var.vault_autopilot_initial_release - vault_license = step.read_license.license - vpc_id = step.create_vpc.vpc_id + unseal_method = matrix.seal + vault_install_dir = local.vault_install_dir + vault_release = var.vault_autopilot_initial_release + vault_license = step.read_license.license + vpc_id = step.create_vpc.vpc_id } } @@ -130,6 +138,8 @@ scenario "autopilot" { } } + # This step creates a new Vault cluster using a bundle or package + # from the matrix.artifact_source, with the var.vault_product_version step "upgrade_vault_cluster_with_autopilot" { module = module.vault_cluster depends_on = [ @@ -153,9 +163,10 @@ scenario "autopilot" { unseal_method = matrix.seal vault_cluster_tag = step.create_vault_cluster.vault_cluster_tag vault_init = false + vault_install_dir = local.vault_install_dir vault_license = step.read_license.license vault_local_artifact_path = local.bundle_path - vault_artifactory_release = local.install_artifactory_artifact ? step.build_vault.vault_artifactory_release : null + vault_artifactory_release = matrix.artifact_source == "artifactory" ? step.build_vault.vault_artifactory_release : null vault_node_prefix = "upgrade_node" vault_root_token = step.create_vault_cluster.vault_root_token vault_unseal_when_no_init = matrix.seal == "shamir" @@ -174,6 +185,7 @@ scenario "autopilot" { variables { vault_autopilot_upgrade_version = matrix.artifact_source == "local" ? step.get_local_metadata.version : var.vault_product_version + vault_install_dir = local.vault_install_dir vault_instances = step.create_vault_cluster.vault_instances vault_root_token = step.create_vault_cluster.vault_root_token } @@ -191,8 +203,9 @@ scenario "autopilot" { } variables { - vault_instances = step.create_vault_cluster.vault_instances - vault_root_token = step.create_vault_cluster.vault_root_token + vault_install_dir = local.vault_install_dir + vault_instances = step.create_vault_cluster.vault_instances + vault_root_token = step.create_vault_cluster.vault_root_token } } @@ -208,8 +221,9 @@ scenario "autopilot" { } variables { - vault_instances = step.create_vault_cluster.vault_instances - vault_root_token = step.create_vault_cluster.vault_root_token + vault_install_dir = local.vault_install_dir + vault_instances = step.create_vault_cluster.vault_instances + vault_root_token = step.create_vault_cluster.vault_root_token } } diff --git a/enos/enos-scenario-smoke.hcl b/enos/enos-scenario-smoke.hcl index c82795055b..e4aee61560 100644 --- a/enos/enos-scenario-smoke.hcl +++ b/enos/enos-scenario-smoke.hcl @@ -3,10 +3,17 @@ scenario "smoke" { arch = ["amd64", "arm64"] backend = ["consul", "raft"] artifact_source = ["local", "crt", "artifactory"] + artifact_type = ["bundle", "package"] consul_version = ["1.13.2", "1.12.5", "1.11.10"] distro = ["ubuntu", "rhel"] edition = ["oss", "ent"] seal = ["awskms", "shamir"] + + # Packages are not offered for the oss edition + exclude { + edition = ["oss"] + artifact_type = ["package"] + } } terraform_cli = terraform_cli.default @@ -28,7 +35,6 @@ scenario "smoke" { rhel = provider.enos.rhel ubuntu = provider.enos.ubuntu } - install_artifactory_artifact = local.bundle_path == null tags = merge({ "Project Name" : var.project_name "Project" : "Enos", @@ -40,6 +46,11 @@ scenario "smoke" { } vault_instance_type = coalesce(var.vault_instance_type, local.vault_instance_types[matrix.arch]) vault_license_path = abspath(var.vault_license_path != null ? var.vault_license_path : joinpath(path.root, "./support/vault.hclic")) + vault_install_dir_packages = { + rhel = "/bin" + ubuntu = "/usr/bin" + } + vault_install_dir = matrix.artifact_type == "bundle" ? var.vault_install_dir : local.vault_install_dir_packages[matrix.distro] } step "get_local_metadata" { @@ -51,21 +62,21 @@ scenario "smoke" { module = "build_${matrix.artifact_source}" variables { - build_tags = var.vault_local_build_tags != null ? var.vault_local_build_tags : local.build_tags[matrix.edition] - bundle_path = local.bundle_path - goarch = matrix.arch - goos = "linux" - artifactory_host = matrix.artifact_source == "artifactory" ? var.artifactory_host : null - artifactory_repo = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null - artifactory_username = matrix.artifact_source == "artifactory" ? var.artifactory_username : null - artifactory_token = matrix.artifact_source == "artifactory" ? var.artifactory_token : null - arch = matrix.artifact_source == "artifactory" ? matrix.arch : null - vault_product_version = var.vault_product_version - artifact_type = matrix.artifact_source == "artifactory" ? var.vault_artifact_type : null - distro = matrix.artifact_source == "artifactory" ? matrix.distro : null - edition = matrix.artifact_source == "artifactory" ? matrix.edition : null - instance_type = matrix.artifact_source == "artifactory" ? local.vault_instance_type : null - revision = var.vault_revision + build_tags = var.vault_local_build_tags != null ? var.vault_local_build_tags : local.build_tags[matrix.edition] + bundle_path = local.bundle_path + goarch = matrix.arch + goos = "linux" + artifactory_host = matrix.artifact_source == "artifactory" ? var.artifactory_host : null + artifactory_repo = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null + artifactory_username = matrix.artifact_source == "artifactory" ? var.artifactory_username : null + artifactory_token = matrix.artifact_source == "artifactory" ? var.artifactory_token : null + arch = matrix.artifact_source == "artifactory" ? matrix.arch : null + product_version = var.vault_product_version + artifact_type = matrix.artifact_type + distro = matrix.artifact_source == "artifactory" ? matrix.distro : null + edition = matrix.artifact_source == "artifactory" ? matrix.edition : null + instance_type = matrix.artifact_source == "artifactory" ? local.vault_instance_type : null + revision = var.vault_revision } } @@ -104,11 +115,11 @@ scenario "smoke" { depends_on = [step.create_vpc] providers = { - enos = provider.enos.ubuntu + enos = local.enos_provider[matrix.distro] } variables { - ami_id = step.create_vpc.ami_ids["ubuntu"]["amd64"] + ami_id = step.create_vpc.ami_ids[matrix.distro][matrix.arch] common_tags = local.tags consul_release = { edition = var.backend_edition @@ -141,17 +152,16 @@ scenario "smoke" { storage_backend = matrix.backend unseal_method = matrix.seal vault_local_artifact_path = local.bundle_path - vault_artifactory_release = local.install_artifactory_artifact ? step.build_vault.vault_artifactory_release : null + vault_install_dir = local.vault_install_dir + vault_artifactory_release = matrix.artifact_source == "artifactory" ? step.build_vault.vault_artifactory_release : null vault_license = matrix.edition != "oss" ? step.read_license.license : null vpc_id = step.create_vpc.vpc_id } } step "verify_vault_version" { - module = module.vault_verify_version - depends_on = [ - step.create_vault_cluster, - ] + module = module.vault_verify_version + depends_on = [step.create_vault_cluster] providers = { enos = local.enos_provider[matrix.distro] @@ -160,6 +170,7 @@ scenario "smoke" { variables { vault_instances = step.create_vault_cluster.vault_instances vault_edition = matrix.edition + vault_install_dir = local.vault_install_dir vault_product_version = matrix.artifact_source == "local" ? step.get_local_metadata.version : var.vault_product_version vault_revision = matrix.artifact_source == "local" ? step.get_local_metadata.revision : var.vault_revision vault_build_date = matrix.artifact_source == "local" ? step.get_local_metadata.build_date : var.vault_build_date @@ -168,35 +179,77 @@ scenario "smoke" { } step "verify_vault_unsealed" { - module = module.vault_verify_unsealed - depends_on = [ - step.create_vault_cluster, - ] + module = module.vault_verify_unsealed + depends_on = [step.create_vault_cluster] providers = { enos = local.enos_provider[matrix.distro] } variables { - vault_instances = step.create_vault_cluster.vault_instances - vault_root_token = step.create_vault_cluster.vault_root_token + vault_install_dir = local.vault_install_dir + vault_instances = step.create_vault_cluster.vault_instances + vault_root_token = step.create_vault_cluster.vault_root_token } } step "verify_raft_auto_join_voter" { - skip_step = matrix.backend != "raft" - module = module.vault_verify_raft_auto_join_voter - depends_on = [ - step.create_vault_cluster, - ] + skip_step = matrix.backend != "raft" + module = module.vault_verify_raft_auto_join_voter + depends_on = [step.create_vault_cluster] providers = { enos = local.enos_provider[matrix.distro] } variables { - vault_instances = step.create_vault_cluster.vault_instances - vault_root_token = step.create_vault_cluster.vault_root_token + vault_install_dir = local.vault_install_dir + vault_instances = step.create_vault_cluster.vault_instances + vault_root_token = step.create_vault_cluster.vault_root_token + } + } + + step "verify_replication" { + module = module.vault_verify_replication + depends_on = [step.create_vault_cluster] + + providers = { + enos = local.enos_provider[matrix.distro] + } + + variables { + vault_edition = matrix.edition + vault_install_dir = local.vault_install_dir + vault_instances = step.create_vault_cluster.vault_instances + } + } + + step "verify_ui" { + module = module.vault_verify_ui + depends_on = [step.create_vault_cluster] + + providers = { + enos = local.enos_provider[matrix.distro] + } + + variables { + vault_instances = step.create_vault_cluster.vault_instances + vault_install_dir = local.vault_install_dir + } + } + + step "verify_write_test_data" { + module = module.vault_verify_write_test_data + depends_on = [step.create_vault_cluster] + + providers = { + enos = local.enos_provider[matrix.distro] + } + + variables { + vault_instances = step.create_vault_cluster.vault_instances + vault_install_dir = local.vault_install_dir + vault_root_token = step.create_vault_cluster.vault_root_token } } diff --git a/enos/enos-scenario-upgrade.hcl b/enos/enos-scenario-upgrade.hcl index f70148da3b..ab7904fdae 100644 --- a/enos/enos-scenario-upgrade.hcl +++ b/enos/enos-scenario-upgrade.hcl @@ -3,10 +3,18 @@ scenario "upgrade" { arch = ["amd64", "arm64"] backend = ["consul", "raft"] artifact_source = ["local", "crt", "artifactory"] + artifact_type = ["bundle", "package"] consul_version = ["1.13.2", "1.12.5", "1.11.10"] distro = ["ubuntu", "rhel"] edition = ["oss", "ent"] seal = ["awskms", "shamir"] + + # Packages are not offered for the oss edition + exclude { + edition = ["oss"] + artifact_type = ["package"] + } + } terraform_cli = terraform_cli.default @@ -28,7 +36,6 @@ scenario "upgrade" { rhel = provider.enos.rhel ubuntu = provider.enos.ubuntu } - install_artifactory_artifact = local.bundle_path == null tags = merge({ "Project Name" : var.project_name "Project" : "Enos", @@ -40,27 +47,33 @@ scenario "upgrade" { } vault_instance_type = coalesce(var.vault_instance_type, local.vault_instance_types[matrix.arch]) vault_license_path = abspath(var.vault_license_path != null ? var.vault_license_path : joinpath(path.root, "./support/vault.hclic")) + vault_install_dir_packages = { + rhel = "/bin" + ubuntu = "/usr/bin" + } + vault_install_dir = matrix.artifact_type == "bundle" ? var.vault_install_dir : local.vault_install_dir_packages[matrix.distro] } + # This step gets/builds the upgrade artifact that we will upgrade to step "build_vault" { module = "build_${matrix.artifact_source}" variables { - build_tags = var.vault_local_build_tags != null ? var.vault_local_build_tags : local.build_tags[matrix.edition] - bundle_path = local.bundle_path - goarch = matrix.arch - goos = "linux" - artifactory_host = matrix.artifact_source == "artifactory" ? var.artifactory_host : null - artifactory_repo = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null - artifactory_username = matrix.artifact_source == "artifactory" ? var.artifactory_username : null - artifactory_token = matrix.artifact_source == "artifactory" ? var.artifactory_token : null - arch = matrix.artifact_source == "artifactory" ? matrix.arch : null - vault_product_version = var.vault_product_version - artifact_type = matrix.artifact_source == "artifactory" ? var.vault_artifact_type : null - distro = matrix.artifact_source == "artifactory" ? matrix.distro : null - edition = matrix.artifact_source == "artifactory" ? matrix.edition : null - instance_type = matrix.artifact_source == "artifactory" ? local.vault_instance_type : null - revision = var.vault_revision + build_tags = var.vault_local_build_tags != null ? var.vault_local_build_tags : local.build_tags[matrix.edition] + bundle_path = local.bundle_path + goarch = matrix.arch + goos = "linux" + artifactory_host = matrix.artifact_source == "artifactory" ? var.artifactory_host : null + artifactory_repo = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null + artifactory_username = matrix.artifact_source == "artifactory" ? var.artifactory_username : null + artifactory_token = matrix.artifact_source == "artifactory" ? var.artifactory_token : null + arch = matrix.artifact_source == "artifactory" ? matrix.arch : null + product_version = var.vault_product_version + artifact_type = matrix.artifact_type + distro = matrix.artifact_source == "artifactory" ? matrix.distro : null + edition = matrix.artifact_source == "artifactory" ? matrix.edition : null + instance_type = matrix.artifact_source == "artifactory" ? local.vault_instance_type : null + revision = var.vault_revision } } @@ -120,6 +133,8 @@ scenario "upgrade" { } } + # This step creates a Vault cluster using a bundle downloaded from + # releases.hashicorp.com, with the version specified in var.vault_autopilot_initial_release step "create_vault_cluster" { module = module.vault_cluster depends_on = [ @@ -140,12 +155,15 @@ scenario "upgrade" { kms_key_arn = step.create_vpc.kms_key_arn storage_backend = matrix.backend unseal_method = matrix.seal + vault_install_dir = local.vault_install_dir vault_release = var.vault_upgrade_initial_release vault_license = matrix.edition != "oss" ? step.read_license.license : null vpc_id = step.create_vpc.vpc_id } } + # This step upgrades the Vault cluster to the var.vault_product_version + # by getting a bundle or package of that version from the matrix.artifact_source step "upgrade_vault" { module = module.vault_upgrade depends_on = [ @@ -159,9 +177,9 @@ scenario "upgrade" { variables { vault_api_addr = "http://localhost:8200" vault_instances = step.create_vault_cluster.vault_instances - vault_local_bundle_path = local.bundle_path vault_local_artifact_path = local.bundle_path - vault_artifactory_release = local.install_artifactory_artifact ? step.build_vault.vault_artifactory_release : null + vault_artifactory_release = matrix.artifact_source == "artifactory" ? step.build_vault.vault_artifactory_release : null + vault_install_dir = local.vault_install_dir vault_unseal_keys = matrix.seal == "shamir" ? step.create_vault_cluster.vault_unseal_keys_hex : null vault_seal_type = matrix.seal } @@ -181,6 +199,7 @@ scenario "upgrade" { variables { vault_instances = step.create_vault_cluster.vault_instances vault_edition = matrix.edition + vault_install_dir = local.vault_install_dir vault_product_version = matrix.artifact_source == "local" ? step.get_local_metadata.version : var.vault_product_version vault_revision = matrix.artifact_source == "local" ? step.get_local_metadata.revision : var.vault_revision vault_build_date = matrix.artifact_source == "local" ? step.get_local_metadata.build_date : var.vault_build_date @@ -200,8 +219,9 @@ scenario "upgrade" { } variables { - vault_instances = step.create_vault_cluster.vault_instances - vault_root_token = step.create_vault_cluster.vault_root_token + vault_instances = step.create_vault_cluster.vault_instances + vault_install_dir = local.vault_install_dir + vault_root_token = step.create_vault_cluster.vault_root_token } } @@ -218,8 +238,9 @@ scenario "upgrade" { } variables { - vault_instances = step.create_vault_cluster.vault_instances - vault_root_token = step.create_vault_cluster.vault_root_token + vault_install_dir = local.vault_install_dir + vault_instances = step.create_vault_cluster.vault_instances + vault_root_token = step.create_vault_cluster.vault_root_token } } diff --git a/enos/modules/build_crt/main.tf b/enos/modules/build_crt/main.tf index 14a3060045..cffa44b17a 100644 --- a/enos/modules/build_crt/main.tf +++ b/enos/modules/build_crt/main.tf @@ -44,6 +44,6 @@ variable "instance_type" { variable "revision" { default = null } -variable "vault_product_version" { +variable "product_version" { default = null } diff --git a/enos/modules/build_local/main.tf b/enos/modules/build_local/main.tf index f8c12b1a2a..7688c843b0 100644 --- a/enos/modules/build_local/main.tf +++ b/enos/modules/build_local/main.tf @@ -53,7 +53,7 @@ variable "instance_type" { variable "revision" { default = null } -variable "vault_product_version" { +variable "product_version" { default = null } diff --git a/enos/modules/vault-verify-replication/main.tf b/enos/modules/vault-verify-replication/main.tf new file mode 100644 index 0000000000..57a97f9ddd --- /dev/null +++ b/enos/modules/vault-verify-replication/main.tf @@ -0,0 +1,31 @@ + +terraform { + required_providers { + enos = { + source = "app.terraform.io/hashicorp-qti/enos" + } + } +} + +locals { + instances = { + for idx in range(var.vault_instance_count) : idx => { + public_ip = values(var.vault_instances)[idx].public_ip + private_ip = values(var.vault_instances)[idx].private_ip + } + } +} + +resource "enos_remote_exec" "smoke-verify-replication" { + for_each = local.instances + + content = templatefile("${path.module}/templates/smoke-verify-replication.sh", { + vault_edition = var.vault_edition + }) + + transport = { + ssh = { + host = each.value.public_ip + } + } +} diff --git a/enos/modules/vault-verify-replication/templates/smoke-verify-replication.sh b/enos/modules/vault-verify-replication/templates/smoke-verify-replication.sh new file mode 100644 index 0000000000..d7bc72f23c --- /dev/null +++ b/enos/modules/vault-verify-replication/templates/smoke-verify-replication.sh @@ -0,0 +1,28 @@ +#!/usr/bin/env bash + +# The Vault replication smoke test, documented in +# https://docs.google.com/document/d/16sjIk3hzFDPyY5A9ncxTZV_9gnpYSF1_Vx6UA1iiwgI/edit#heading=h.kgrxf0f1et25 + +set -e + +edition=${vault_edition} + +function fail() { + echo "$1" 1>&2 + exit 1 +} + +# Replication status endpoint should have data.mode disabled for OSS release +status=$(curl -s http://localhost:8200/v1/sys/replication/status) +if [ "$edition" == "oss" ]; then + if [ "$(jq -r '.data.mode' <<< "$status")" != "disabled" ]; then + fail "replication data mode is not disabled for OSS release!" + fi +else + if [ "$(jq -r '.data.dr' <<< "$status")" == "" ]; then + fail "DR replication should be available for an ENT release!" + fi + if [ "$(jq -r '.data.performance' <<< "$status")" == "" ]; then + fail "Performance replication should be available for an ENT release!" + fi +fi diff --git a/enos/modules/vault-verify-replication/variables.tf b/enos/modules/vault-verify-replication/variables.tf new file mode 100644 index 0000000000..b335ee45ef --- /dev/null +++ b/enos/modules/vault-verify-replication/variables.tf @@ -0,0 +1,24 @@ + +variable "vault_edition" { + type = string + description = "The vault product edition" + default = null +} + +variable "vault_install_dir" { + type = string + description = "The directory where the Vault binary will be installed" +} + +variable "vault_instance_count" { + type = number + description = "How many vault instances are in the cluster" +} + +variable "vault_instances" { + type = map(object({ + private_ip = string + public_ip = string + })) + description = "The vault cluster instances that were created" +} diff --git a/enos/modules/vault-verify-ui/main.tf b/enos/modules/vault-verify-ui/main.tf new file mode 100644 index 0000000000..5703326d1a --- /dev/null +++ b/enos/modules/vault-verify-ui/main.tf @@ -0,0 +1,31 @@ + +terraform { + required_providers { + enos = { + source = "app.terraform.io/hashicorp-qti/enos" + } + } +} + +locals { + instances = { + for idx in range(var.vault_instance_count) : idx => { + public_ip = values(var.vault_instances)[idx].public_ip + private_ip = values(var.vault_instances)[idx].private_ip + } + } +} + +resource "enos_remote_exec" "smoke-verify-ui" { + for_each = local.instances + + content = templatefile("${path.module}/templates/smoke-verify-ui.sh", { + vault_install_dir = var.vault_install_dir, + }) + + transport = { + ssh = { + host = each.value.public_ip + } + } +} diff --git a/enos/modules/vault-verify-ui/templates/smoke-verify-ui.sh b/enos/modules/vault-verify-ui/templates/smoke-verify-ui.sh new file mode 100644 index 0000000000..bcd7e1cc30 --- /dev/null +++ b/enos/modules/vault-verify-ui/templates/smoke-verify-ui.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env bash + +set -e + +fail() { + echo "$1" 1>&2 + exit 1 +} +if [ "$(curl -s -o /dev/null -w "%%{redirect_url}" http://localhost:8200/)" != "http://localhost:8200/ui/" ]; then + fail "Port 8200 not redirecting to UI" +fi +if curl -s http://localhost:8200/ui/ | grep -q 'Vault UI is not available'; then + fail "Vault UI is not available" +fi diff --git a/enos/modules/vault-verify-ui/variables.tf b/enos/modules/vault-verify-ui/variables.tf new file mode 100644 index 0000000000..7eaf5d1bf7 --- /dev/null +++ b/enos/modules/vault-verify-ui/variables.tf @@ -0,0 +1,19 @@ + +variable "vault_install_dir" { + type = string + description = "The directory where the Vault binary will be installed" + default = null +} + +variable "vault_instance_count" { + type = number + description = "How many vault instances are in the cluster" +} + +variable "vault_instances" { + type = map(object({ + private_ip = string + public_ip = string + })) + description = "The vault cluster instances that were created" +} diff --git a/enos/modules/vault-verify-write-data/main.tf b/enos/modules/vault-verify-write-data/main.tf new file mode 100644 index 0000000000..966e833f74 --- /dev/null +++ b/enos/modules/vault-verify-write-data/main.tf @@ -0,0 +1,50 @@ + +terraform { + required_providers { + enos = { + source = "app.terraform.io/hashicorp-qti/enos" + } + } +} + +locals { + instances = { + for idx in range(var.vault_instance_count) : idx => { + public_ip = values(var.vault_instances)[idx].public_ip + private_ip = values(var.vault_instances)[idx].private_ip + } + } +} + +resource "enos_remote_exec" "smoke-enable-secrets-kv" { + + content = templatefile("${path.module}/templates/smoke-enable-secrets-kv.sh", { + vault_install_dir = var.vault_install_dir, + vault_token = var.vault_root_token, + }) + + transport = { + ssh = { + host = local.instances[0].public_ip + } + } +} + +# Verify that we can enable the k/v secrets engine and write data to it. +resource "enos_remote_exec" "smoke-write-test-data" { + depends_on = [enos_remote_exec.smoke-enable-secrets-kv] + for_each = local.instances + + content = templatefile("${path.module}/templates/smoke-write-test-data.sh", { + test_key = "smoke${each.key}" + test_value = "fire" + vault_install_dir = var.vault_install_dir, + vault_token = var.vault_root_token, + }) + + transport = { + ssh = { + host = each.value.public_ip + } + } +} diff --git a/enos/modules/vault-verify-write-data/templates/smoke-enable-secrets-kv.sh b/enos/modules/vault-verify-write-data/templates/smoke-enable-secrets-kv.sh new file mode 100644 index 0000000000..fb28fd9a82 --- /dev/null +++ b/enos/modules/vault-verify-write-data/templates/smoke-enable-secrets-kv.sh @@ -0,0 +1,37 @@ +#!/usr/bin/env bash + +set -e + +function retry { + local retries=$1 + shift + local count=0 + + until "$@"; do + exit=$? + wait=$((2 ** count)) + count=$((count + 1)) + if [ "$count" -lt "$retries" ]; then + sleep "$wait" + else + return "$exit" + fi + done + + return 0 +} + +function fail { + echo "$1" 1>&2 + exit 1 +} + +binpath=${vault_install_dir}/vault + +test -x "$binpath" || fail "unable to locate vault binary at $binpath" + +export VAULT_ADDR='http://127.0.0.1:8200' +export VAULT_TOKEN='${vault_token}' + +retry 5 "$binpath" status > /dev/null 2>&1 +retry 5 $binpath secrets enable -path="secret" kv diff --git a/enos/modules/vault-verify-write-data/templates/smoke-write-test-data.sh b/enos/modules/vault-verify-write-data/templates/smoke-write-test-data.sh new file mode 100644 index 0000000000..d514881425 --- /dev/null +++ b/enos/modules/vault-verify-write-data/templates/smoke-write-test-data.sh @@ -0,0 +1,39 @@ +#!/usr/bin/env bash + +set -e + +function retry { + local retries=$1 + shift + local count=0 + + until "$@"; do + exit=$? + wait=$((2 ** count)) + count=$((count + 1)) + if [ "$count" -lt "$retries" ]; then + sleep "$wait" + else + return "$exit" + fi + done + + return 0 +} + +function fail { + echo "$1" 1>&2 + exit 1 +} + +binpath=${vault_install_dir}/vault +testkey=${test_key} +testvalue=${test_value} + +test -x "$binpath" || fail "unable to locate vault binary at $binpath" + +export VAULT_ADDR='http://127.0.0.1:8200' +export VAULT_TOKEN='${vault_token}' + +retry 5 "$binpath" status > /dev/null 2>&1 +retry 5 $binpath kv put secret/test $testkey=$testvalue diff --git a/enos/modules/vault-verify-write-data/variables.tf b/enos/modules/vault-verify-write-data/variables.tf new file mode 100644 index 0000000000..ac00f1091f --- /dev/null +++ b/enos/modules/vault-verify-write-data/variables.tf @@ -0,0 +1,25 @@ + +variable "vault_install_dir" { + type = string + description = "The directory where the Vault binary will be installed" + default = null +} + +variable "vault_instance_count" { + type = number + description = "How many vault instances are in the cluster" +} + +variable "vault_instances" { + type = map(object({ + private_ip = string + public_ip = string + })) + description = "The vault cluster instances that were created" +} + +variable "vault_root_token" { + type = string + description = "The vault root token" + default = null +} diff --git a/enos/modules/vault_artifactory_artifact/locals.tf b/enos/modules/vault_artifactory_artifact/locals.tf index 23bfe98315..03854ad223 100644 --- a/enos/modules/vault_artifactory_artifact/locals.tf +++ b/enos/modules/vault_artifactory_artifact/locals.tf @@ -4,24 +4,24 @@ locals { package_extensions = { amd64 = { ubuntu = { - "oss" = "-1_amd64.deb" - "ent" = "+ent-1_amd64.deb" - "ent.hsm" = "+ent-1_amd64.deb" + # "oss" = "-1_amd64.deb" + "ent" = "-1_amd64.deb" + "ent.hsm" = "-1_amd64.deb" } rhel = { - "oss" = "-1.x86_64.rpm" - "ent" = "+ent-1.x86_64.rpm" - "ent.hsm" = "+ent-1.x86_64.rpm" + # "oss" = "-1.x86_64.rpm" + "ent" = "-1.x86_64.rpm" + "ent.hsm" = "-1.x86_64.rpm" } } arm64 = { ubuntu = { - "oss" = "-1_arm64.deb" - "ent" = "+ent-1_arm64.deb" + # "oss" = "-1_arm64.deb" + "ent" = "-1_arm64.deb" } rhel = { - "oss" = "-1.aarch64.rpm" - "ent" = "+ent-1.aarch64.rpm" + # "oss" = "-1.aarch64.rpm" + "ent" = "-1.aarch64.rpm" } } } @@ -46,12 +46,12 @@ locals { artifact_name_edition = { "oss" = "" "ent" = "" - "ent.hsm" = "+ent.hsm" - "ent.fips1402" = "+ent.fips1402" - "ent.hsm.fips1402" = "+ent.hsm.fips1402" + "ent.hsm" = ".hsm" + "ent.fips1402" = ".fips1402" + "ent.hsm.fips1402" = ".hsm.fips1402" } artifact_name_prefix = var.artifact_type == "package" ? local.artifact_package_release_names[var.distro][var.edition] : "vault_" artifact_name_extension = var.artifact_type == "package" ? local.package_extensions[var.arch][var.distro][var.edition] : "${local.artifact_name_edition[var.edition]}_linux_${var.arch}.zip" - artifact_name = var.artifact_type == "package" ? "${local.artifact_name_prefix}${replace(var.vault_product_version, "-", "~")}${local.artifact_name_extension}" : "${local.artifact_name_prefix}${var.vault_product_version}${local.artifact_name_extension}" + artifact_name = var.artifact_type == "package" ? "${local.artifact_name_prefix}${replace(var.product_version, "-", "~")}${local.artifact_name_extension}" : "${local.artifact_name_prefix}${var.product_version}${local.artifact_name_extension}" } diff --git a/enos/modules/vault_artifactory_artifact/main.tf b/enos/modules/vault_artifactory_artifact/main.tf index 3e8140bcc6..1ede476e2e 100644 --- a/enos/modules/vault_artifactory_artifact/main.tf +++ b/enos/modules/vault_artifactory_artifact/main.tf @@ -17,6 +17,6 @@ data "enos_artifactory_item" "vault" { properties = tomap({ "commit" = var.revision "product-name" = var.edition == "oss" ? "vault" : "vault-enterprise" - "product-version" = var.vault_product_version + "product-version" = var.product_version }) } diff --git a/enos/modules/vault_artifactory_artifact/variables.tf b/enos/modules/vault_artifactory_artifact/variables.tf index 3dd20878e0..778354e7de 100644 --- a/enos/modules/vault_artifactory_artifact/variables.tf +++ b/enos/modules/vault_artifactory_artifact/variables.tf @@ -29,7 +29,7 @@ variable "distro" {} variable "edition" {} variable "instance_type" {} variable "revision" {} -variable "vault_product_version" {} +variable "product_version" {} variable "build_tags" { default = null } variable "bundle_path" { default = null } variable "goarch" { default = null } diff --git a/enos/modules/vault_upgrade/main.tf b/enos/modules/vault_upgrade/main.tf index b9a059b344..07e65bf197 100644 --- a/enos/modules/vault_upgrade/main.tf +++ b/enos/modules/vault_upgrade/main.tf @@ -32,11 +32,6 @@ variable "vault_instances" { description = "The vault cluster instances that were created" } -variable "vault_local_bundle_path" { - type = string - description = "The path to the local Vault (vault.zip) bundle" -} - variable "vault_local_artifact_path" { type = string description = "The path to a locally built vault artifact to install" @@ -81,7 +76,8 @@ resource "enos_bundle_install" "upgrade_vault_binary" { for_each = local.instances destination = var.vault_install_dir - path = var.vault_local_bundle_path + artifactory = var.vault_artifactory_release + path = var.vault_local_artifact_path transport = { ssh = {