Auto-roll billing start enos test (#27981)

* auto-roll billing start enos test * enos: don't expect curl available in docker image (#27984) Signed-off-by: Ryan Cragun <me@ryan.ec> * Update interoperability-matrix.mdx (#27977) Updating the existing Vault/YubiHSM integration with a newer version of Vault as well as now supporting Managed Keys. * Update hana db pkg (#27950) * database/hana: use go-hdb v1.10.1 * docs/hana: quotes around password so dashes don't break it * Clarify audit log failure telemetry docs. (#27969) * Clarify audit log failure telemetry docs. * Add the note about the misleading counts * Auto-rolling billing start docs PR (#27926) * auto-roll docs changes * addressing comments * address comments * Update website/content/api-docs/system/internal-counters.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> * addressing some changes * update docs * update docs with common explanation file * updated note info * fix 1.18 upgrade doc * fix content-check error * Update website/content/partials/auto-roll-billing-start-example.mdx Co-authored-by: miagilepner <mia.epner@hashicorp.com> --------- Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> Co-authored-by: miagilepner <mia.epner@hashicorp.com> * docker: add upgrade notes for curl removal (#27995) Signed-off-by: Ryan Cragun <me@ryan.ec> * Update vault-plugin-auth-jwt to v0.21.1 (#27992) * docs: fix upgrade 1.16.x (#27999) Signed-off-by: Ryan Cragun <me@ryan.ec> * UI: Add unsupportedCriticalCertExtensions to jwt config expected payload (#27996) * Client Count Docs Updates/Cleanup (#27862) * Docs changes * More condensation of docs * Added some clarity on date ranges * Edited wording' * Added estimation client count info * Update website/content/api-docs/system/internal-counters.mdx Co-authored-by: miagilepner <mia.epner@hashicorp.com> --------- Co-authored-by: miagilepner <mia.epner@hashicorp.com> * update(kubernetes.mdx): k8s-tokenreview URL (#27993) Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com> * Update programmatic-management.mdx to clarify Terraform prereqs (#27548) * UI: Replace getNewModel with hydrateModel when model exists (#27978) * Replace getNewModel with hydrateModel when model exists * Update getNewModel to only handle nonexistant model types * Update test * clarify test * Fix auth-config models which need hydration not generation * rename file to match service name * cleanup + tests * Add comment about helpUrl method * Changelog for 1.17.3, 1.16.7 enterprise, 1.15.13 enterprise (#28018) * changelog for 1.17.3, 1.16.7 enterprise, 1.15.13 enterprise * Add spacing to match older changelogs * Fix typo in variables.tf (#27693) intialize -> initialize Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com> * Update 1_15-auto-upgrade.mdx (#27675) * Update 1_15-auto-upgrade.mdx * Update known issue version numbers for AP issue --------- Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> * Update 1_16-default-policy-needs-to-be-updated.mdx (#27157) Made a few grammar changes plus updating term from Vault IU to Vault UI * change instances variable to hosts * for each hosts * add cluster addr port * Add ENVs using NewTestDockerCluster (#27457) * Add ENVs using NewTestDockerCluster Currently NewTestDockerCluster had no means for setting any environment variables. This makes it tricky to create test for functionality that require thems, like having to set AWS environment variables. DockerClusterOptions now exposes an option to pass extra enviroment variables to the containers, which are appended to the existing ones. * adding changelog * added test case for setting env variables to containers * fix changelog typo; env name * Update changelog/27457.txt Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com> * adding the missing copyright --------- Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com> * UI: Build KV v2 overview page (#28106) * move date-from-now helper to addon * make overview cards consistent across engines * make kv-paths-card component * remove overview margin all together * small styling changes for paths card * small selector additions * add overview card test * add overview page and test * add default timestamp format * cleanup paths test * fix dateFromNow import * fix selectors, cleanup pki selectors * and more selector cleanup * make deactivated state single arg * fix template and remove @isDeleted and @isDestroyed * add test and hide badge unless deactivated * address failings from changing selectors * oops, not ready to show overview tab just yet! * add deletionTime to currentSecret metadata getter * Bump actions/download-artifact from 4.1.7 to 4.1.8 (#27704) Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.1.7 to 4.1.8. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@65a9edc...fa0a91b) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com> * Bump actions/setup-node from 4.0.2 to 4.0.3 (#27738) Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4.0.2 to 4.0.3. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@60edb5d...1e60f62) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com> * Add valid IP callout (#28112) Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com> * Refactor SSH Configuration workflow (#28122) * initial copy from other #28004 * pr feedback * grr * Bump browser-actions/setup-chrome from 1.7.1 to 1.7.2 (#28101) Bumps [browser-actions/setup-chrome](https://github.com/browser-actions/setup-chrome) from 1.7.1 to 1.7.2. - [Release notes](https://github.com/browser-actions/setup-chrome/releases) - [Changelog](https://github.com/browser-actions/setup-chrome/blob/master/CHANGELOG.md) - [Commits](browser-actions/setup-chrome@db1b524...facf10a) --- updated-dependencies: - dependency-name: browser-actions/setup-chrome dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: divyaac <divya.chandrasekaran@hashicorp.com> * Bump vault-gcp-secrets-plugin (#28089) Co-authored-by: divyaac <divya.chandrasekaran@hashicorp.com> * docs: correct list syntax (#28119) Co-authored-by: divyaac <divya.chandrasekaran@hashicorp.com> * add semgrepconstraint check in skip step --------- Signed-off-by: Ryan Cragun <me@ryan.ec> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Ryan Cragun <me@ryan.ec> Co-authored-by: Adam Rowan <92474478+bear359@users.noreply.github.com> Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> Co-authored-by: Paul Banks <pbanks@hashicorp.com> Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> Co-authored-by: miagilepner <mia.epner@hashicorp.com> Co-authored-by: Scott Miller <smiller@hashicorp.com> Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com> Co-authored-by: divyaac <divya.chandrasekaran@hashicorp.com> Co-authored-by: Roman O'Brien <58272664+romanobrien@users.noreply.github.com> Co-authored-by: Adrian Todorov <adrian.todorov@hashicorp.com> Co-authored-by: VAL <val@hashicorp.com> Co-authored-by: Ikko Eltociear Ashimine <eltociear@gmail.com> Co-authored-by: Owen Zhang <86668876+owenzorrin@users.noreply.github.com> Co-authored-by: gkoutsou <gkoutsou@users.noreply.github.com> Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jonathan Frappier <92055993+jonathanfrappier@users.noreply.github.com> Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com> Co-authored-by: Angel Garbarino <Monkeychip@users.noreply.github.com> Co-authored-by: Max Levine <max@maxlevine.co.uk> Co-authored-by: Steffy Fort <steffyfort@gmail.com>
hashicorp · Aug 20, 2024 · 76a49a5 · 76a49a5
1 parent c956d0a
commit 76a49a5
Show file tree

Hide file tree

Showing 6 changed files with 178 additions and 0 deletions.
diff --git a/enos/enos-descriptions.hcl b/enos/enos-descriptions.hcl
@@ -192,5 +192,10 @@ globals {
     wait_for_seal_rewrap = <<-EOF
       Wait for the Vault cluster seal rewrap process to complete.
     EOF
+
+    verify_billing_start_date = <<-EOF
+      Verify that the billing start date has successfully rolled over to the latest billing year if needed.  
+    EOF
+
   }
 }
diff --git a/enos/enos-modules.hcl b/enos/enos-modules.hcl
@@ -307,3 +307,11 @@ module "verify_seal_type" {
 
   vault_install_dir = var.vault_install_dir
 }
+
+module "vault_verify_billing_start_date" {
+  source = "./modules/vault_verify_billing_start_date"
+
+  vault_install_dir       = var.vault_install_dir
+  vault_instance_count    = var.vault_instance_count
+  vault_cluster_addr_port = global.ports["vault_cluster"]["port"]
+}
diff --git a/enos/enos-qualities.hcl b/enos/enos-qualities.hcl
@@ -499,3 +499,7 @@ quality "vault_version_edition" {
 quality "vault_version_release" {
   description = "Vault's reported release version matches our expectations"
 }
+
+quality "vault_billing_start_date" {
+  description = "Vault's billing start date has adjusted to the latest billing year"
+}
diff --git a/enos/enos-scenario-upgrade.hcl b/enos/enos-scenario-upgrade.hcl
@@ -691,6 +691,31 @@ scenario "upgrade" {
     }
   }
 
+  step "verify_billing_start_date" {
+    description = global.description.verify_billing_start_date
+    skip_step   = semverconstraint(var.vault_product_version, "<=1.16.6-0 || >=1.17.0-0 <=1.17.2-0")
+    module      = module.vault_verify_billing_start_date
+    depends_on = [
+      step.get_updated_vault_cluster_ips,
+      step.verify_vault_unsealed,
+      step.verify_read_test_data,
+    ]
+
+    providers = {
+      enos = local.enos_provider[matrix.distro]
+    }
+
+    verifies = [
+      quality.vault_billing_start_date,
+    ]
+
+    variables {
+      vault_install_dir = global.vault_install_dir[matrix.artifact_type]
+      hosts             = step.create_vault_cluster_targets.hosts
+      vault_root_token  = step.create_vault_cluster.root_token
+    }
+  }
+
   step "verify_ui" {
     description = global.description.verify_ui
     module      = module.vault_verify_ui

diff --git a/enos/modules/vault_verify_billing_start_date/main.tf b/enos/modules/vault_verify_billing_start_date/main.tf
@@ -0,0 +1,58 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+terraform {
+  required_providers {
+    enos = {
+      source = "registry.terraform.io/hashicorp-forge/enos"
+    }
+  }
+}
+
+variable "vault_cluster_addr_port" {
+  description = "The Raft cluster address port"
+  type        = string
+  default     = "8201"
+}
+
+variable "vault_install_dir" {
+  type        = string
+  description = "The directory where the Vault binary will be installed"
+}
+
+variable "vault_instance_count" {
+  type        = number
+  description = "How many vault instances are in the cluster"
+}
+
+variable "hosts" {
+  type = map(object({
+    private_ip = string
+    public_ip  = string
+  }))
+  description = "The vault cluster instances that were created"
+}
+
+variable "vault_root_token" {
+  type        = string
+  description = "The vault root token"
+}
+
+resource "enos_remote_exec" "vault_verify_billing_start_date" {
+  for_each = var.hosts
+
+  environment = {
+    VAULT_CLUSTER_ADDR      = "${each.value.private_ip}:${var.vault_cluster_addr_port}"
+    VAULT_INSTALL_DIR       = var.vault_install_dir
+    VAULT_LOCAL_BINARY_PATH = "${var.vault_install_dir}/vault"
+    VAULT_TOKEN             = var.vault_root_token
+  }
+
+  scripts = [abspath("${path.module}/scripts/verify-billing-start.sh")]
+
+  transport = {
+    ssh = {
+      host = each.value.public_ip
+    }
+  }
+}
diff --git a/enos/modules/vault_verify_billing_start_date/scripts/verify-billing-start.sh b/enos/modules/vault_verify_billing_start_date/scripts/verify-billing-start.sh
@@ -0,0 +1,78 @@
+#!/usr/bin/env bash
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+
+set -e
+
+retry() {
+  local retries=$1
+  shift
+  local count=0
+
+  until "$@"; do
+    exit=$?
+    count=$((count + 1))
+    if [ "$count" -lt "$retries" ]; then
+      sleep 30
+    else
+      return "$exit"
+    fi
+  done
+
+  return 0
+}
+
+fail() {
+  echo "$1" 1>&2
+  exit 1
+}
+
+export VAULT_ADDR=http://localhost:8200
+[[ -z "$VAULT_TOKEN" ]] && fail "VAULT_TOKEN env variable has not been set"
+
+binpath=${VAULT_INSTALL_DIR}/vault
+
+test -x "$binpath" || fail "unable to locate vault binary at $binpath"
+
+function enable_debugging() {
+        echo "Turning debugging on.."
+        export PS4='+(${BASH_SOURCE}:${LINENO})> ${FUNCNAME[0]:+${FUNCNAME[0]}(): }'
+        set -x
+}
+
+enable_debugging
+
+verify_billing_start_date() {
+  # get the version of vault
+  version=$("$binpath" status -format=json | jq .version)
+
+  # Get the billing start date 
+  billing_start_time=$(retry 5 "$binpath" read -format=json sys/internal/counters/config  | jq -r ".data.billing_start_timestamp")
+
+  # Verify if the billing start date is in the latest billing year
+
+  # macOS
+  if date -v -1y > /dev/null 2>&1; then
+    oneYearAgoUnix=$(TZ=UTC date -v -1y +'%s')
+    billingStartUnix=$(TZ=UTC date -j -f "%Y-%m-%dT%H:%M:%SZ" "${billing_start_time}" +'%s' )
+  else
+  # linux and unix systems
+    timeago='1 year ago'
+    billingStartUnix=$(TZ=UTC date -d "$billing_start_time" +'%s')    # For "now", use $(date +'%s')
+    oneYearAgoUnix=$(TZ=UTC date -d "$timeago" +'%s')
+  fi
+
+  version=$("$binpath" status -format=json | jq .version)
+  vault_ps=$(pgrep vault | xargs)
+  #fail "Vault ADDR: $VAULT_ADDR, Vault version: $version, Vault process: $vault_ps, Billing start date: $billing_start_time"
+
+  if [ "$billingStartUnix" -gt "$oneYearAgoUnix" ]; then
+      echo "Billing start date $billing_start_time has successfully rolled over to current year."
+      exit 0
+  else
+        fail "On version $version, pid $vault_ps, addr $VAULT_ADDR, Billing start date $billing_start_time did not roll over to current year"
+  fi
+}
+
+retry 10 verify_billing_start_date