13 Commits

Author SHA1 Message Date
Charles Nwokotubo
0187338dd8
[Enos] VAULT-30196: SSH Secrets Engine (#29534) 2025-08-06 19:22:06 -04:00
Luis (LT) Carbonell
4036485739
(enos) Add KMIP Enos Test Suite (#31378)
* (enos) Add KMIP Enos Test Suite

* skip KMIP for CE runs

* reads...

* cleanup variables

* fix
2025-07-29 14:13:28 -04:00
kelly
f0201408b4
VAULT-31185 & 31186/use identity token auth for Artifactory in Vault CE & Ent (#31255)
* removed artifactory_username

* updated artifactory token

* ran enos fmt

* ran terraform fmt

* debugging/ testing - pinned enos version, added null username

* byyyyy
2025-07-28 12:16:25 -04:00
Tin Vo
857e66b3e2
VAULT-35602: Adding Enos OpenLDAP test (#30801)
* VAULT-35602: adding Enos LDAP Tests

* adding godaddy tests

* updating external integration target module name
2025-07-23 13:11:12 -07:00
Luis (LT) Carbonell
403720c1fd
Add non-leader test for enos (#30657)
* Add non-leader test for enos

* Make clearer comments
2025-05-22 11:25:19 -04:00
Luis (LT) Carbonell
ed52371b10
Upgrade FIPS 1402 -> 1403 (#30576)
* Upgrade FIPS 1402 -> 1403

* Clean up

* changelog
2025-05-12 15:01:30 -05:00
Tin Vo
4c36d90281
VAULT-30187: Create Enos AWS Engine tests (#29566)
* Testing Enos AWS Engine tests

* Testing Enos AWS Engine tests

* Testing Enos AWS Engine tests

* testing enos aws engine test

* testing enos aws engine test

* testing enos aws engine test

* testing enos aws engine test

* testing enos aws engine test

* testing enos aws engine test

* testing enos aws engine test

* testing enos aws engine test

* testing enos aws engine test

* testing enos aws engine test

* testing enos aws engine test

* testing enos aws engine test

* testing enos aws engine test

* testing aws engine test

* testing enos aws engine test

* testing enos aws engine test

* testing enos aws engine test

* testing enos aws engine

* testing enos aws engine

* updating test for enterprise

* updating test for enterprise

* updating test for enterprise

* removing testing output

* removing testing output

* removing testing github action

* fixing lint

* removing sensitive flag

* including sensitive flag due to terraform errors

* removing testing action workflow
2025-04-21 10:30:43 -07:00
Tin Vo
ac3bb7b2d4
VAULT-32188: Enos test for PKI certificates (#29007)
* updating pki test

* updating pki test

* updating pki test

* updating pki script

* resolving conflicts

* adding pki cert verifications

* resolving conflicts

* updating test

* removing comments

* addressing bash formatting

* updating test

* adding description

* fixing lint error

* fixing lint error

* fixing lint issue

* removing unneeded scenario

* resolving conflicts

* debugging pipeline error

* fixing pipeline tests'

* fixing pipeline tests'

* testing smoke test

* fixing pipeline error

* debugging pipeline error

* debugging pipeline error

* debugging pipeline error

* debugging agent test ci failure

* fixing ci errors

* uncomment token

* updating script

* updating hosts

* fixing lint

* fixing lint

* fixing lint

* adding revoked certificate

* undo kv.tf change

* updating cert issuing

* updating issuing certs to include issuer

* updating pki cert verification

* addressing comments

* fixing lint

* fixing lint

* fixing lint

* fixing lint

* updating verify_secrets_engine_read module

* fixing lint

* fixing lint

* fixing lint

* debugging lint

* testing pipeline

* adding verify variables for autopilot

* adding pki read variable for autopilot

* updating vault engine read variables

* addressing comments

* fixing lint

* update test for enterprise

* update pki tests to adapt to enterprise
2025-01-23 11:30:20 -08:00
Rebecca Willett
8cee664204
Add 'how to run' instructions to each Enos scenario (#29299)
* Add 'how to run' instructions for each scenario
2025-01-10 21:17:09 +00:00
Ryan Cragun
c8c51b1b9d
VAULT-30819: verify DR secondary leader before unsealing followers (#28459)
* VAULT-30819: verify DR secondary leader before unsealing followers

After we've enabled DR replication on the secondary leader the existing
cluster followers will be resealed with the primary clusters encryption
keys. We have to unseal the followers to make them available. To ensure
that we absolutely take every precaution before attempting to unseal the
followers we now verify that the secondary leader is the cluster leader,
has a valid merkle tree, and is streaming wals from the primary cluster
before we attempt to unseal the secondary followers.

Signed-off-by: Ryan Cragun <me@ryan.ec>
2024-09-24 09:13:40 -06:00
Ryan Cragun
1082629d1f
VAULT-30819: Fix two potential flakes in DR replication (#28409)
Fix two occasional flakes in the DR replication scenario:
* Always verify that all nodes in the cluster are unsealed before
  verifying test data. Previously we only verified seal status on
  followers.
* Fix an occasional timeout when waiting for the cluster to unseal by
  rewriting the module to retry for a set duration instead of
  exponential backoff.

Signed-off-by: Ryan Cragun <me@ryan.ec>
2024-09-17 12:32:15 -06:00
Ryan Cragun
392412829b
[VAULT-30189] enos: verify identity and OIDC tokens (#28274)
* [VAULT-30189] enos: verify identity and OIDC tokens

Expand our baseline API and data verification by including the identity
and identity OIDC tokens secrets engines. We now create a test entity,
entity-alias, identity group, various policies, and associate them with
the entity. For the OIDC side, we now configure the OIDC issuer, create
and rotate named keys, create and associate roles with the named key,
and issue and introspect tokens.

During a second phase we also verify that the those some entities,
groups, keys, roles, config, etc all exist with the expected values.
This is useful to test durability after upgrades, migrations, etc.

This change also includes new updates our prior `auth/userpass` and `kv`
verification. We had two modules that were loosely coupled and
interdependent. This restructures those both into a singular module with
child modules and fixes the assumed values by requiring the read module
to verify against the created state.

Going forward we can continue to extend this secrets engine verification
module with additional create and read checks for new secrets engines.

Signed-off-by: Ryan Cragun <me@ryan.ec>
2024-09-09 14:29:11 -06:00
Luis (LT) Carbonell
cdf3da4066
Add DR failover scenario to Enos (#28256)
* Add DR failover scenario to Enos

* Update enos/enos-scenario-dr-replication.hcl

Co-authored-by: Ryan Cragun <me@ryan.ec>

* Update enos/enos-qualities.hcl

Co-authored-by: Ryan Cragun <me@ryan.ec>

* Update enos/enos-scenario-dr-replication.hcl

Co-authored-by: Ryan Cragun <me@ryan.ec>

* Update enos/enos-scenario-dr-replication.hcl

Co-authored-by: Ryan Cragun <me@ryan.ec>

* Update enos/enos-qualities.hcl

Co-authored-by: Ryan Cragun <me@ryan.ec>

* Update enos/enos-scenario-dr-replication.hcl

Co-authored-by: Ryan Cragun <me@ryan.ec>

* Update enos/enos-scenario-dr-replication.hcl

Co-authored-by: Ryan Cragun <me@ryan.ec>

* Update enos/enos-scenario-dr-replication.hcl

Co-authored-by: Ryan Cragun <me@ryan.ec>

* Update enos/enos-scenario-pr-replication.hcl

Co-authored-by: Ryan Cragun <me@ryan.ec>

* remove superuser

* Update enos/enos-scenario-dr-replication.hcl

Co-authored-by: Ryan Cragun <me@ryan.ec>

* Update enos/enos-scenario-dr-replication.hcl

Co-authored-by: Ryan Cragun <me@ryan.ec>

* Update enos/enos-scenario-dr-replication.hcl

Co-authored-by: Ryan Cragun <me@ryan.ec>

* Update enos/enos-scenario-dr-replication.hcl

Co-authored-by: Ryan Cragun <me@ryan.ec>

* Update enos/enos-scenario-dr-replication.hcl

Co-authored-by: Ryan Cragun <me@ryan.ec>

---------

Co-authored-by: Ryan Cragun <me@ryan.ec>
2024-09-05 21:33:53 +00:00