VAULT-31185 & 31186/use identity token auth for Artifactory in Vault CE & Ent (#31255)

* removed artifactory_username

* updated artifactory token

* ran enos fmt

* ran terraform fmt

* debugging/ testing - pinned enos version, added null username

* byyyyy

.github/workflows/test-run-enos-scenario-matrix.yml

@@ -131,8 +131,7 @@ jobs:
           caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
           token: ${{ steps.vault-auth.outputs.token }}
           secrets: |
-            kv/data/github/${{ github.repository }}/artifactory token | ARTIFACTORY_TOKEN;
+            kv/data/github/${{ github.repository }}/artifactory bearer-token | ARTIFACTORY_BEARER_TOKEN;
-            kv/data/github/${{ github.repository }}/artifactory username | ARTIFACTORY_USER;
             kv/data/github/${{ github.repository }}/aws access-key-id | AWS_ACCESS_KEY_ID_CI;
             kv/data/github/${{ github.repository }}/aws secret-access-key | AWS_SECRET_ACCESS_KEY_CI;
             kv/data/github/${{ github.repository }}/aws role-arn | AWS_ROLE_ARN_CI;
@@ -146,8 +145,7 @@ jobs:
         run: |
           if [[ "${{ needs.metadata.outputs.is-enterprise }}" != 'true' ]]; then
             {
-              echo "artifactory-user=${{ secrets.ARTIFACTORY_USER }}"
+              echo "artifactory-token=${{ secrets.ARTIFACTORY_BEARER_TOKEN }}"
-              echo "artifactory-token=${{ secrets.ARTIFACTORY_TOKEN }}"
               echo "aws-access-key-id=${{ secrets.AWS_ACCESS_KEY_ID_CI }}"
               echo "aws-secret-access-key=${{ secrets.AWS_SECRET_ACCESS_KEY_CI }}"
               echo "aws-role-arn=${{ secrets.AWS_ROLE_ARN_CI }}"
@@ -162,8 +160,7 @@ jobs:
            } | tee -a "$GITHUB_OUTPUT"
           else
             {
-              echo "artifactory-user=${{ steps.vault-secrets.outputs.ARTIFACTORY_USER }}"
+              echo "artifactory-token=${{ steps.vault-secrets.outputs.ARTIFACTORY_BEARER_TOKEN }}"
-              echo "artifactory-token=${{ steps.vault-secrets.outputs.ARTIFACTORY_TOKEN }}"
               echo "aws-access-key-id=${{ steps.vault-secrets.outputs.AWS_ACCESS_KEY_ID_CI }}"
               echo "aws-secret-access-key=${{ steps.vault-secrets.outputs.AWS_SECRET_ACCESS_KEY_CI }}"
               echo "aws-role-arn=${{ steps.vault-secrets.outputs.AWS_ROLE_ARN_CI }}"
@@ -183,7 +180,6 @@ jobs:
           {
             echo "GITHUB_TOKEN=${{ steps.secrets.outputs.github-token }}"
             echo "ENOS_DEBUG_DATA_ROOT_DIR=/tmp/enos-debug-data"
-            echo "ENOS_VAR_artifactory_username=${{ steps.secrets.outputs.artifactory-user }}"
             echo "ENOS_VAR_artifactory_token=${{ steps.secrets.outputs.artifactory-token }}"
             echo "ENOS_VAR_aws_region=${{ matrix.attributes.aws_region }}"
             echo "ENOS_VAR_aws_ssh_keypair_name=${{ inputs.ssh-key-name }}"

enos/README.md

@@ -184,7 +184,6 @@ unzipped Vault binary at the `vault_local_binary_path`.
 
 ## `artifact_source:artifactory`
 This variant is for running the Enos scenario to test an artifact from Artifactory. It requires following Enos variables to be set:
-* `artifactory_username`
 * `artifactory_token`
 * `aws_ssh_keypair_name`
 * `aws_ssh_private_key_path`

enos/enos-dev-scenario-pr-replication.hcl

@@ -113,12 +113,10 @@ scenario "dev_pr_replication" {
         artifactory_repo:
           The artifactory host to search. It's very unlikely that you'll want to change this. The
           default value is where CRT will publish packages.
-        artifactory_username:
-          The artifactory username associated with your token. You'll need this if you wish to use
-          deb or rpm artifacts! You can request access via Okta.
         artifactory_token:
-          The artifactory token associated with your username. You'll need this if you wish to use
+          The artifactory identity token to use for authentication. You'll need this if you wish
-          deb or rpm artifacts! You can create a token by logging into Artifactory via Okta.
+          to use deb or rpm artifacts! You can get a token by joining the 'artifactory-users' Doormat
+          group and using 'doormat artifactory create-token'.
         dev_build_local_ui:
           If you are not testing any changes in the UI, set to false. This will save time by not
           building the entire UI. If you need to test the UI, set to true.
@@ -149,11 +147,10 @@ scenario "dev_pr_replication" {
       // Required when using a RPM or Deb package
       // Some of these variables don't have default values so we'll only set them if they are
       // required.
-      artifactory_host     = local.use_artifactory ? var.artifactory_host : null
+      artifactory_host  = local.use_artifactory ? var.artifactory_host : null
-      artifactory_repo     = local.use_artifactory ? var.artifactory_repo : null
+      artifactory_repo  = local.use_artifactory ? var.artifactory_repo : null
-      artifactory_username = local.use_artifactory ? var.artifactory_username : null
+      artifactory_token = local.use_artifactory ? var.artifactory_token : null
-      artifactory_token    = local.use_artifactory ? var.artifactory_token : null
+      distro            = matrix.distro
-      distro               = matrix.distro
     }
   }
 

enos/enos-dev-scenario-single-cluster.hcl

@@ -107,12 +107,10 @@ scenario "dev_single_cluster" {
         artifactory_repo:
           The artifactory host to search. It's very unlikely that you'll want to change this. The
           default value is where CRT will publish packages.
-        artifactory_username:
-          The artifactory username associated with your token. You'll need this if you wish to use
-          deb or rpm artifacts! You can request access via Okta.
         artifactory_token:
-          The artifactory token associated with your username. You'll need this if you wish to use
+          The artifactory identity token to use for authentication. You'll need this if you wish
-          deb or rpm artifacts! You can create a token by logging into Artifactory via Okta.
+          to use deb or rpm artifacts! You can get a token by joining the 'artifactory-users' Doormat
+          group and using 'doormat artifactory create-token'.
         dev_build_local_ui:
           If you are not testing any changes in the UI, set to false. This will save time by not
           building the entire UI. If you need to test the UI, set to true.
@@ -143,12 +141,11 @@ scenario "dev_single_cluster" {
       // Required when using a RPM or Deb package
       // Some of these variables don't have default values so we'll only set them if they are
       // required.
-      artifactory_host     = local.use_artifactory ? var.artifactory_host : null
+      artifactory_host  = local.use_artifactory ? var.artifactory_host : null
-      artifactory_repo     = local.use_artifactory ? var.artifactory_repo : null
+      artifactory_repo  = local.use_artifactory ? var.artifactory_repo : null
-      artifactory_username = local.use_artifactory ? var.artifactory_username : null
+      artifactory_token = local.use_artifactory ? var.artifactory_token : null
-      artifactory_token    = local.use_artifactory ? var.artifactory_token : null
+      distro            = matrix.distro
-      distro               = matrix.distro
+      distro_version    = global.distro_version[matrix.distro]
-      distro_version       = global.distro_version[matrix.distro]
     }
   }
 

enos/enos-scenario-agent.hcl

@@ -27,7 +27,6 @@ scenario "agent" {
     https://eng-handbook.hashicorp.services/internal-tools/enos/troubleshooting/#execution-error-expected-vs-got-for-vault-versioneditionrevisionbuild-date.
 
     Variables required for some scenario variants:
-      - artifactory_username (if using `artifact_source:artifactory` in your filter)
       - artifactory_token (if using `artifact_source:artifactory` in your filter)
       - aws_region (if different from the default value in enos-variables.hcl)
       - consul_license_path (if using an ENT edition of Consul)
@@ -102,20 +101,19 @@ scenario "agent" {
     module      = "build_${matrix.artifact_source}"
 
     variables {
-      build_tags           = var.vault_local_build_tags != null ? var.vault_local_build_tags : global.build_tags[matrix.edition]
+      build_tags        = var.vault_local_build_tags != null ? var.vault_local_build_tags : global.build_tags[matrix.edition]
-      artifact_path        = local.artifact_path
+      artifact_path     = local.artifact_path
-      goarch               = matrix.arch
+      goarch            = matrix.arch
-      goos                 = "linux"
+      goos              = "linux"
-      artifactory_host     = matrix.artifact_source == "artifactory" ? var.artifactory_host : null
+      artifactory_host  = matrix.artifact_source == "artifactory" ? var.artifactory_host : null
-      artifactory_repo     = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null
+      artifactory_repo  = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null
-      artifactory_username = matrix.artifact_source == "artifactory" ? var.artifactory_username : null
+      artifactory_token = matrix.artifact_source == "artifactory" ? var.artifactory_token : null
-      artifactory_token    = matrix.artifact_source == "artifactory" ? var.artifactory_token : null
+      arch              = matrix.artifact_source == "artifactory" ? matrix.arch : null
-      arch                 = matrix.artifact_source == "artifactory" ? matrix.arch : null
+      product_version   = var.vault_product_version
-      product_version      = var.vault_product_version
+      artifact_type     = matrix.artifact_type
-      artifact_type        = matrix.artifact_type
+      distro            = matrix.artifact_source == "artifactory" ? matrix.distro : null
-      distro               = matrix.artifact_source == "artifactory" ? matrix.distro : null
+      edition           = matrix.artifact_source == "artifactory" ? matrix.edition : null
-      edition              = matrix.artifact_source == "artifactory" ? matrix.edition : null
+      revision          = var.vault_revision
-      revision             = var.vault_revision
     }
   }
 

enos/enos-scenario-autopilot.hcl

@@ -29,7 +29,6 @@ scenario "autopilot" {
     https://eng-handbook.hashicorp.services/internal-tools/enos/troubleshooting/#execution-error-expected-vs-got-for-vault-versioneditionrevisionbuild-date.
 
     Variables required for some scenario variants:
-      - artifactory_username (if using `artifact_source:artifactory` in your filter)
       - artifactory_token (if using `artifact_source:artifactory` in your filter)
       - aws_region (if different from the default value defined in enos-variables.hcl)
       - consul_license_path (if using an ENT edition of Consul)
@@ -112,20 +111,19 @@ scenario "autopilot" {
     module      = "build_${matrix.artifact_source}"
 
     variables {
-      build_tags           = var.vault_local_build_tags != null ? var.vault_local_build_tags : global.build_tags[matrix.edition]
+      build_tags        = var.vault_local_build_tags != null ? var.vault_local_build_tags : global.build_tags[matrix.edition]
-      artifact_path        = local.artifact_path
+      artifact_path     = local.artifact_path
-      goarch               = matrix.arch
+      goarch            = matrix.arch
-      goos                 = "linux"
+      goos              = "linux"
-      artifactory_host     = matrix.artifact_source == "artifactory" ? var.artifactory_host : null
+      artifactory_host  = matrix.artifact_source == "artifactory" ? var.artifactory_host : null
-      artifactory_repo     = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null
+      artifactory_repo  = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null
-      artifactory_username = matrix.artifact_source == "artifactory" ? var.artifactory_username : null
+      artifactory_token = matrix.artifact_source == "artifactory" ? var.artifactory_token : null
-      artifactory_token    = matrix.artifact_source == "artifactory" ? var.artifactory_token : null
+      arch              = matrix.artifact_source == "artifactory" ? matrix.arch : null
-      arch                 = matrix.artifact_source == "artifactory" ? matrix.arch : null
+      product_version   = var.vault_product_version
-      product_version      = var.vault_product_version
+      artifact_type     = matrix.artifact_type
-      artifact_type        = matrix.artifact_type
+      distro            = matrix.artifact_source == "artifactory" ? matrix.distro : null
-      distro               = matrix.artifact_source == "artifactory" ? matrix.distro : null
+      edition           = matrix.artifact_source == "artifactory" ? matrix.edition : null
-      edition              = matrix.artifact_source == "artifactory" ? matrix.edition : null
+      revision          = var.vault_revision
-      revision             = var.vault_revision
     }
   }
 

enos/enos-scenario-benchmark.hcl

@@ -128,20 +128,19 @@ scenario "benchmark" {
     module      = "build_${matrix.artifact_source}"
 
     variables {
-      build_tags           = var.vault_local_build_tags != null ? var.vault_local_build_tags : global.build_tags[matrix.edition]
+      build_tags        = var.vault_local_build_tags != null ? var.vault_local_build_tags : global.build_tags[matrix.edition]
-      artifact_path        = local.artifact_path
+      artifact_path     = local.artifact_path
-      goarch               = matrix.arch
+      goarch            = matrix.arch
-      goos                 = "linux"
+      goos              = "linux"
-      artifactory_host     = matrix.artifact_source == "artifactory" ? var.artifactory_host : null
+      artifactory_host  = matrix.artifact_source == "artifactory" ? var.artifactory_host : null
-      artifactory_repo     = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null
+      artifactory_repo  = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null
-      artifactory_username = matrix.artifact_source == "artifactory" ? var.artifactory_username : null
+      artifactory_token = matrix.artifact_source == "artifactory" ? var.artifactory_token : null
-      artifactory_token    = matrix.artifact_source == "artifactory" ? var.artifactory_token : null
+      arch              = matrix.artifact_source == "artifactory" ? matrix.arch : null
-      arch                 = matrix.artifact_source == "artifactory" ? matrix.arch : null
+      product_version   = var.vault_product_version
-      product_version      = var.vault_product_version
+      artifact_type     = matrix.artifact_type
-      artifact_type        = matrix.artifact_type
+      distro            = matrix.artifact_source == "artifactory" ? matrix.distro : null
-      distro               = matrix.artifact_source == "artifactory" ? matrix.distro : null
+      edition           = matrix.artifact_source == "artifactory" ? matrix.edition : null
-      edition              = matrix.artifact_source == "artifactory" ? matrix.edition : null
+      revision          = var.vault_revision
-      revision             = var.vault_revision
     }
   }
 

enos/enos-scenario-dr-replication.hcl

@@ -32,7 +32,6 @@ scenario "dr_replication" {
     https://eng-handbook.hashicorp.services/internal-tools/enos/troubleshooting/#execution-error-expected-vs-got-for-vault-versioneditionrevisionbuild-date.
 
     Variables required for some scenario variants:
-      - artifactory_username (if using `artifact_source:artifactory` in your filter)
       - artifactory_token (if using `artifact_source:artifactory` in your filter)
       - aws_region (if different from the default value in enos-variables.hcl)
       - consul_license_path (if using an ENT edition of Consul)
@@ -125,20 +124,19 @@ scenario "dr_replication" {
     module      = "build_${matrix.artifact_source}"
 
     variables {
-      build_tags           = var.vault_local_build_tags != null ? var.vault_local_build_tags : global.build_tags[matrix.edition]
+      build_tags        = var.vault_local_build_tags != null ? var.vault_local_build_tags : global.build_tags[matrix.edition]
-      artifact_path        = local.artifact_path
+      artifact_path     = local.artifact_path
-      goarch               = matrix.arch
+      goarch            = matrix.arch
-      goos                 = "linux"
+      goos              = "linux"
-      artifactory_host     = matrix.artifact_source == "artifactory" ? var.artifactory_host : null
+      artifactory_host  = matrix.artifact_source == "artifactory" ? var.artifactory_host : null
-      artifactory_repo     = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null
+      artifactory_repo  = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null
-      artifactory_username = matrix.artifact_source == "artifactory" ? var.artifactory_username : null
+      artifactory_token = matrix.artifact_source == "artifactory" ? var.artifactory_token : null
-      artifactory_token    = matrix.artifact_source == "artifactory" ? var.artifactory_token : null
+      arch              = matrix.artifact_source == "artifactory" ? matrix.arch : null
-      arch                 = matrix.artifact_source == "artifactory" ? matrix.arch : null
+      product_version   = var.vault_product_version
-      product_version      = var.vault_product_version
+      artifact_type     = matrix.artifact_type
-      artifact_type        = matrix.artifact_type
+      distro            = matrix.artifact_source == "artifactory" ? matrix.distro : null
-      distro               = matrix.artifact_source == "artifactory" ? matrix.distro : null
+      edition           = matrix.artifact_source == "artifactory" ? matrix.edition : null
-      edition              = matrix.artifact_source == "artifactory" ? matrix.edition : null
+      revision          = var.vault_revision
-      revision             = var.vault_revision
     }
   }
 

enos/enos-scenario-pr-replication.hcl

@@ -32,7 +32,6 @@ scenario "pr_replication" {
     https://eng-handbook.hashicorp.services/internal-tools/enos/troubleshooting/#execution-error-expected-vs-got-for-vault-versioneditionrevisionbuild-date.
 
     Variables required for some scenario variants:
-      - artifactory_username (if using `artifact_source:artifactory` in your filter)
       - artifactory_token (if using `artifact_source:artifactory` in your filter)
       - aws_region (if different from the default value in enos-variables.hcl)
       - consul_license_path (if using an ENT edition of Consul)
@@ -125,20 +124,19 @@ scenario "pr_replication" {
     module      = "build_${matrix.artifact_source}"
 
     variables {
-      build_tags           = var.vault_local_build_tags != null ? var.vault_local_build_tags : global.build_tags[matrix.edition]
+      build_tags        = var.vault_local_build_tags != null ? var.vault_local_build_tags : global.build_tags[matrix.edition]
-      artifact_path        = local.artifact_path
+      artifact_path     = local.artifact_path
-      goarch               = matrix.arch
+      goarch            = matrix.arch
-      goos                 = "linux"
+      goos              = "linux"
-      artifactory_host     = matrix.artifact_source == "artifactory" ? var.artifactory_host : null
+      artifactory_host  = matrix.artifact_source == "artifactory" ? var.artifactory_host : null
-      artifactory_repo     = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null
+      artifactory_repo  = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null
-      artifactory_username = matrix.artifact_source == "artifactory" ? var.artifactory_username : null
+      artifactory_token = matrix.artifact_source == "artifactory" ? var.artifactory_token : null
-      artifactory_token    = matrix.artifact_source == "artifactory" ? var.artifactory_token : null
+      arch              = matrix.artifact_source == "artifactory" ? matrix.arch : null
-      arch                 = matrix.artifact_source == "artifactory" ? matrix.arch : null
+      product_version   = var.vault_product_version
-      product_version      = var.vault_product_version
+      artifact_type     = matrix.artifact_type
-      artifact_type        = matrix.artifact_type
+      distro            = matrix.artifact_source == "artifactory" ? matrix.distro : null
-      distro               = matrix.artifact_source == "artifactory" ? matrix.distro : null
+      edition           = matrix.artifact_source == "artifactory" ? matrix.edition : null
-      edition              = matrix.artifact_source == "artifactory" ? matrix.edition : null
+      revision          = var.vault_revision
-      revision             = var.vault_revision
     }
   }
 

enos/enos-scenario-proxy.hcl

@@ -27,7 +27,6 @@ scenario "proxy" {
   https://eng-handbook.hashicorp.services/internal-tools/enos/troubleshooting/#execution-error-expected-vs-got-for-vault-versioneditionrevisionbuild-date.
 
   Variables required for some scenario variants:
-    - artifactory_username (if using `artifact_source:artifactory` in your filter)
     - artifactory_token (if using `artifact_source:artifactory` in your filter)
     - aws_region (if different from the default value in enos-variables.hcl)
     - consul_license_path (if using an ENT edition of Consul)
@@ -109,20 +108,19 @@ scenario "proxy" {
     module      = "build_${matrix.artifact_source}"
 
     variables {
-      build_tags           = var.vault_local_build_tags != null ? var.vault_local_build_tags : global.build_tags[matrix.edition]
+      build_tags        = var.vault_local_build_tags != null ? var.vault_local_build_tags : global.build_tags[matrix.edition]
-      artifact_path        = local.artifact_path
+      artifact_path     = local.artifact_path
-      goarch               = matrix.arch
+      goarch            = matrix.arch
-      goos                 = "linux"
+      goos              = "linux"
-      artifactory_host     = matrix.artifact_source == "artifactory" ? var.artifactory_host : null
+      artifactory_host  = matrix.artifact_source == "artifactory" ? var.artifactory_host : null
-      artifactory_repo     = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null
+      artifactory_repo  = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null
-      artifactory_username = matrix.artifact_source == "artifactory" ? var.artifactory_username : null
+      artifactory_token = matrix.artifact_source == "artifactory" ? var.artifactory_token : null
-      artifactory_token    = matrix.artifact_source == "artifactory" ? var.artifactory_token : null
+      arch              = matrix.artifact_source == "artifactory" ? matrix.arch : null
-      arch                 = matrix.artifact_source == "artifactory" ? matrix.arch : null
+      product_version   = var.vault_product_version
-      product_version      = var.vault_product_version
+      artifact_type     = matrix.artifact_type
-      artifact_type        = matrix.artifact_type
+      distro            = matrix.artifact_source == "artifactory" ? matrix.distro : null
-      distro               = matrix.artifact_source == "artifactory" ? matrix.distro : null
+      edition           = matrix.artifact_source == "artifactory" ? matrix.edition : null
-      edition              = matrix.artifact_source == "artifactory" ? matrix.edition : null
+      revision          = var.vault_revision
-      revision             = var.vault_revision
     }
   }
 

enos/enos-scenario-seal-ha.hcl

@@ -30,7 +30,6 @@ scenario "seal_ha" {
     https://eng-handbook.hashicorp.services/internal-tools/enos/troubleshooting/#execution-error-expected-vs-got-for-vault-versioneditionrevisionbuild-date.
 
     Variables required for some scenario variants:
-      - artifactory_username (if using `artifact_source:artifactory` in your filter)
       - artifactory_token (if using `artifact_source:artifactory` in your filter)
       - aws_region (if different from the default value in enos-variables.hcl)
       - consul_license_path (if using an ENT edition of Consul)
@@ -123,20 +122,19 @@ scenario "seal_ha" {
     module      = "build_${matrix.artifact_source}"
 
     variables {
-      build_tags           = var.vault_local_build_tags != null ? var.vault_local_build_tags : global.build_tags[matrix.edition]
+      build_tags        = var.vault_local_build_tags != null ? var.vault_local_build_tags : global.build_tags[matrix.edition]
-      artifact_path        = local.artifact_path
+      artifact_path     = local.artifact_path
-      goarch               = matrix.arch
+      goarch            = matrix.arch
-      goos                 = "linux"
+      goos              = "linux"
-      artifactory_host     = matrix.artifact_source == "artifactory" ? var.artifactory_host : null
+      artifactory_host  = matrix.artifact_source == "artifactory" ? var.artifactory_host : null
-      artifactory_repo     = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null
+      artifactory_repo  = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null
-      artifactory_username = matrix.artifact_source == "artifactory" ? var.artifactory_username : null
+      artifactory_token = matrix.artifact_source == "artifactory" ? var.artifactory_token : null
-      artifactory_token    = matrix.artifact_source == "artifactory" ? var.artifactory_token : null
+      arch              = matrix.artifact_source == "artifactory" ? matrix.arch : null
-      arch                 = matrix.artifact_source == "artifactory" ? matrix.arch : null
+      product_version   = var.vault_product_version
-      product_version      = var.vault_product_version
+      artifact_type     = matrix.artifact_type
-      artifact_type        = matrix.artifact_type
+      distro            = matrix.artifact_source == "artifactory" ? matrix.distro : null
-      distro               = matrix.artifact_source == "artifactory" ? matrix.distro : null
+      edition           = matrix.artifact_source == "artifactory" ? matrix.edition : null
-      edition              = matrix.artifact_source == "artifactory" ? matrix.edition : null
+      revision          = var.vault_revision
-      revision             = var.vault_revision
     }
   }
 

enos/enos-scenario-smoke.hcl

@@ -26,7 +26,6 @@ scenario "smoke" {
     https://eng-handbook.hashicorp.services/internal-tools/enos/troubleshooting/#execution-error-expected-vs-got-for-vault-versioneditionrevisionbuild-date.
 
     Variables required for some scenario variants:
-      - artifactory_username (if using `artifact_source:artifactory` in your filter)
       - artifactory_token (if using `artifact_source:artifactory` in your filter)
       - aws_region (if different from the default value in enos-variables.hcl)
       - consul_license_path (if using an ENT edition of Consul)
@@ -101,20 +100,19 @@ scenario "smoke" {
     module      = "build_${matrix.artifact_source}"
 
     variables {
-      build_tags           = var.vault_local_build_tags != null ? var.vault_local_build_tags : global.build_tags[matrix.edition]
+      build_tags        = var.vault_local_build_tags != null ? var.vault_local_build_tags : global.build_tags[matrix.edition]
-      artifact_path        = local.artifact_path
+      artifact_path     = local.artifact_path
-      goarch               = matrix.arch
+      goarch            = matrix.arch
-      goos                 = "linux"
+      goos              = "linux"
-      artifactory_host     = matrix.artifact_source == "artifactory" ? var.artifactory_host : null
+      artifactory_host  = matrix.artifact_source == "artifactory" ? var.artifactory_host : null
-      artifactory_repo     = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null
+      artifactory_repo  = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null
-      artifactory_username = matrix.artifact_source == "artifactory" ? var.artifactory_username : null
+      artifactory_token = matrix.artifact_source == "artifactory" ? var.artifactory_token : null
-      artifactory_token    = matrix.artifact_source == "artifactory" ? var.artifactory_token : null
+      arch              = matrix.artifact_source == "artifactory" ? matrix.arch : null
-      arch                 = matrix.artifact_source == "artifactory" ? matrix.arch : null
+      product_version   = var.vault_product_version
-      product_version      = var.vault_product_version
+      artifact_type     = matrix.artifact_type
-      artifact_type        = matrix.artifact_type
+      distro            = matrix.artifact_source == "artifactory" ? matrix.distro : null
-      distro               = matrix.artifact_source == "artifactory" ? matrix.distro : null
+      edition           = matrix.artifact_source == "artifactory" ? matrix.edition : null
-      edition              = matrix.artifact_source == "artifactory" ? matrix.edition : null
+      revision          = var.vault_revision
-      revision             = var.vault_revision
     }
   }
 

enos/enos-scenario-upgrade.hcl

@@ -27,7 +27,6 @@ scenario "upgrade" {
     https://eng-handbook.hashicorp.services/internal-tools/enos/troubleshooting/#execution-error-expected-vs-got-for-vault-versioneditionrevisionbuild-date.
 
     Variables required for some scenario variants:
-      - artifactory_username (if using `artifact_source:artifactory` in your filter)
       - artifactory_token (if using `artifact_source:artifactory` in your filter)
       - aws_region (if different from the default value in enos-variables.hcl)
       - consul_license_path (if using an ENT edition of Consul)
@@ -111,20 +110,19 @@ scenario "upgrade" {
     module      = "build_${matrix.artifact_source}"
 
     variables {
-      build_tags           = var.vault_local_build_tags != null ? var.vault_local_build_tags : global.build_tags[matrix.edition]
+      build_tags        = var.vault_local_build_tags != null ? var.vault_local_build_tags : global.build_tags[matrix.edition]
-      artifact_path        = local.artifact_path
+      artifact_path     = local.artifact_path
-      goarch               = matrix.arch
+      goarch            = matrix.arch
-      goos                 = "linux"
+      goos              = "linux"
-      artifactory_host     = matrix.artifact_source == "artifactory" ? var.artifactory_host : null
+      artifactory_host  = matrix.artifact_source == "artifactory" ? var.artifactory_host : null
-      artifactory_repo     = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null
+      artifactory_repo  = matrix.artifact_source == "artifactory" ? var.artifactory_repo : null
-      artifactory_username = matrix.artifact_source == "artifactory" ? var.artifactory_username : null
+      artifactory_token = matrix.artifact_source == "artifactory" ? var.artifactory_token : null
-      artifactory_token    = matrix.artifact_source == "artifactory" ? var.artifactory_token : null
+      arch              = matrix.artifact_source == "artifactory" ? matrix.arch : null
-      arch                 = matrix.artifact_source == "artifactory" ? matrix.arch : null
+      product_version   = var.vault_product_version
-      product_version      = var.vault_product_version
+      artifact_type     = matrix.artifact_type
-      artifact_type        = matrix.artifact_type
+      distro            = matrix.artifact_source == "artifactory" ? matrix.distro : null
-      distro               = matrix.artifact_source == "artifactory" ? matrix.distro : null
+      edition           = matrix.artifact_source == "artifactory" ? matrix.edition : null
-      edition              = matrix.artifact_source == "artifactory" ? matrix.edition : null
+      revision          = var.vault_revision
-      revision             = var.vault_revision
     }
   }
 

enos/enos-variables.hcl

@@ -1,13 +1,6 @@
 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: BUSL-1.1
 
-variable "artifactory_username" {
-  type        = string
-  description = "The username to use when testing an artifact from artifactory"
-  default     = null
-  sensitive   = true
-}
-
 variable "artifactory_token" {
   type        = string
   description = "The token to use when authenticating to artifactory"

enos/enos.vars.hcl

@@ -1,9 +1,6 @@
 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: BUSL-1.1
 
-// artifactory_username is the username to use when testing an artifact stored in artfactory.
-// artifactory_username = "yourname@hashicorp.com"
-
 // artifactory_token is the token to use when authenticating to artifactory.
 // artifactory_token = "yourtoken"
 

enos/modules/build_artifactory_artifact/main.tf

@@ -10,12 +10,6 @@ terraform {
   }
 }
 
-variable "artifactory_username" {
-  type        = string
-  description = "The username to use when connecting to artifactory"
-  default     = null
-}
-
 variable "artifactory_token" {
   type        = string
   description = "The token to use when connecting to artifactory"
@@ -58,12 +52,11 @@ module "artifact_metadata" {
 }
 
 data "enos_artifactory_item" "vault" {
-  username = var.artifactory_username
+  token = var.artifactory_token
-  token    = var.artifactory_token
+  name  = module.artifact_metadata.artifact_name
-  name     = module.artifact_metadata.artifact_name
+  host  = var.artifactory_host
-  host     = var.artifactory_host
+  repo  = var.artifactory_repo
-  repo     = var.artifactory_repo
+  path  = "${module.artifact_metadata.product_name}/*"
-  path     = "${module.artifact_metadata.product_name}/*"
   properties = tomap({
     "commit"          = var.revision,
     "product-name"    = module.artifact_metadata.product_name,
@@ -95,7 +88,7 @@ output "vault_artifactory_release" {
   value = {
     url      = data.enos_artifactory_item.vault.results[0].url
     sha256   = data.enos_artifactory_item.vault.results[0].sha256
-    username = var.artifactory_username
     token    = var.artifactory_token
+    username = null # username is not an optional value yet
   }
 }

enos/modules/build_artifactory_package/main.tf

@@ -4,7 +4,8 @@
 terraform {
   required_providers {
     enos = {
-      source = "registry.terraform.io/hashicorp-forge/enos"
+      source  = "registry.terraform.io/hashicorp-forge/enos"
+      version = ">= 0.6.1"
     }
   }
 }
@@ -14,11 +15,6 @@ variable "arch" {
   description = "The architecture for the desired artifact"
 }
 
-variable "artifactory_username" {
-  type        = string
-  description = "The username to use when connecting to Artifactory"
-}
-
 variable "artifactory_token" {
   type        = string
   description = "The token to use when connecting to Artifactory"
@@ -73,12 +69,11 @@ module "artifact_metadata" {
 }
 
 data "enos_artifactory_item" "vault" {
-  username = var.artifactory_username
+  token = var.artifactory_token
-  token    = var.artifactory_token
+  name  = module.artifact_metadata.artifact_name
-  name     = module.artifact_metadata.artifact_name
+  host  = var.artifactory_host
-  host     = var.artifactory_host
+  repo  = module.artifact_metadata.release_repo
-  repo     = module.artifact_metadata.release_repo
+  path  = module.artifact_metadata.release_paths[var.distro_version]
-  path     = module.artifact_metadata.release_paths[var.distro_version]
 }
 
 output "results" {
@@ -109,7 +104,7 @@ output "release" {
   value = {
     url      = data.enos_artifactory_item.vault.results[0].url
     sha256   = data.enos_artifactory_item.vault.results[0].sha256
-    username = var.artifactory_username
     token    = var.artifactory_token
+    username = null # username is not optional yet
   }
 }

enos/modules/build_crt/main.tf

@@ -24,7 +24,6 @@ variable "goos" {
 
 variable "artifactory_host" { default = null }
 variable "artifactory_repo" { default = null }
-variable "artifactory_username" { default = null }
 variable "artifactory_token" { default = null }
 variable "arch" { default = null }
 variable "artifact_path" { default = null }

enos/modules/build_local/main.tf

@@ -38,7 +38,6 @@ variable "goos" {
 
 variable "artifactory_host" { default = null }
 variable "artifactory_repo" { default = null }
-variable "artifactory_username" { default = null }
 variable "artifactory_token" { default = null }
 variable "arch" { default = null }
 variable "artifact_type" { default = null }