From 76a49a57007c463232809556237ea674e2a4bf73 Mon Sep 17 00:00:00 2001 From: akshya96 <87045294+akshya96@users.noreply.github.com> Date: Tue, 20 Aug 2024 13:47:20 -0700 Subject: [PATCH] Auto-roll billing start enos test (#27981) * auto-roll billing start enos test * enos: don't expect curl available in docker image (#27984) Signed-off-by: Ryan Cragun * Update interoperability-matrix.mdx (#27977) Updating the existing Vault/YubiHSM integration with a newer version of Vault as well as now supporting Managed Keys. * Update hana db pkg (#27950) * database/hana: use go-hdb v1.10.1 * docs/hana: quotes around password so dashes don't break it * Clarify audit log failure telemetry docs. (#27969) * Clarify audit log failure telemetry docs. * Add the note about the misleading counts * Auto-rolling billing start docs PR (#27926) * auto-roll docs changes * addressing comments * address comments * Update website/content/api-docs/system/internal-counters.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> * addressing some changes * update docs * update docs with common explanation file * updated note info * fix 1.18 upgrade doc * fix content-check error * Update website/content/partials/auto-roll-billing-start-example.mdx Co-authored-by: miagilepner --------- Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> Co-authored-by: miagilepner * docker: add upgrade notes for curl removal (#27995) Signed-off-by: Ryan Cragun * Update vault-plugin-auth-jwt to v0.21.1 (#27992) * docs: fix upgrade 1.16.x (#27999) Signed-off-by: Ryan Cragun * UI: Add unsupportedCriticalCertExtensions to jwt config expected payload (#27996) * Client Count Docs Updates/Cleanup (#27862) * Docs changes * More condensation of docs * Added some clarity on date ranges * Edited wording' * Added estimation client count info * Update website/content/api-docs/system/internal-counters.mdx Co-authored-by: miagilepner --------- Co-authored-by: miagilepner * update(kubernetes.mdx): k8s-tokenreview URL (#27993) Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com> * Update programmatic-management.mdx to clarify Terraform prereqs (#27548) * UI: Replace getNewModel with hydrateModel when model exists (#27978) * Replace getNewModel with hydrateModel when model exists * Update getNewModel to only handle nonexistant model types * Update test * clarify test * Fix auth-config models which need hydration not generation * rename file to match service name * cleanup + tests * Add comment about helpUrl method * Changelog for 1.17.3, 1.16.7 enterprise, 1.15.13 enterprise (#28018) * changelog for 1.17.3, 1.16.7 enterprise, 1.15.13 enterprise * Add spacing to match older changelogs * Fix typo in variables.tf (#27693) intialize -> initialize Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com> * Update 1_15-auto-upgrade.mdx (#27675) * Update 1_15-auto-upgrade.mdx * Update known issue version numbers for AP issue --------- Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> * Update 1_16-default-policy-needs-to-be-updated.mdx (#27157) Made a few grammar changes plus updating term from Vault IU to Vault UI * change instances variable to hosts * for each hosts * add cluster addr port * Add ENVs using NewTestDockerCluster (#27457) * Add ENVs using NewTestDockerCluster Currently NewTestDockerCluster had no means for setting any environment variables. This makes it tricky to create test for functionality that require thems, like having to set AWS environment variables. DockerClusterOptions now exposes an option to pass extra enviroment variables to the containers, which are appended to the existing ones. * adding changelog * added test case for setting env variables to containers * fix changelog typo; env name * Update changelog/27457.txt Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com> * adding the missing copyright --------- Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com> * UI: Build KV v2 overview page (#28106) * move date-from-now helper to addon * make overview cards consistent across engines * make kv-paths-card component * remove overview margin all together * small styling changes for paths card * small selector additions * add overview card test * add overview page and test * add default timestamp format * cleanup paths test * fix dateFromNow import * fix selectors, cleanup pki selectors * and more selector cleanup * make deactivated state single arg * fix template and remove @isDeleted and @isDestroyed * add test and hide badge unless deactivated * address failings from changing selectors * oops, not ready to show overview tab just yet! * add deletionTime to currentSecret metadata getter * Bump actions/download-artifact from 4.1.7 to 4.1.8 (#27704) Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.1.7 to 4.1.8. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/65a9edc5881444af0b9093a5e628f2fe47ea3b2e...fa0a91b85d4f404e444e00e005971372dc801d16) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com> * Bump actions/setup-node from 4.0.2 to 4.0.3 (#27738) Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4.0.2 to 4.0.3. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/60edb5dd545a775178f52524783378180af0d1f8...1e60f620b9541d16bece96c5465dc8ee9832be0b) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com> * Add valid IP callout (#28112) Co-authored-by: Yoko Hyakuna * Refactor SSH Configuration workflow (#28122) * initial copy from other #28004 * pr feedback * grr * Bump browser-actions/setup-chrome from 1.7.1 to 1.7.2 (#28101) Bumps [browser-actions/setup-chrome](https://github.com/browser-actions/setup-chrome) from 1.7.1 to 1.7.2. - [Release notes](https://github.com/browser-actions/setup-chrome/releases) - [Changelog](https://github.com/browser-actions/setup-chrome/blob/master/CHANGELOG.md) - [Commits](https://github.com/browser-actions/setup-chrome/compare/db1b524c26f20a8d1a10f7fc385c92387e2d0477...facf10a55b9caf92e0cc749b4f82bf8220989148) --- updated-dependencies: - dependency-name: browser-actions/setup-chrome dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: divyaac * Bump vault-gcp-secrets-plugin (#28089) Co-authored-by: divyaac * docs: correct list syntax (#28119) Co-authored-by: divyaac * add semgrepconstraint check in skip step --------- Signed-off-by: Ryan Cragun Signed-off-by: dependabot[bot] Co-authored-by: Ryan Cragun Co-authored-by: Adam Rowan <92474478+bear359@users.noreply.github.com> Co-authored-by: Theron Voran Co-authored-by: Paul Banks Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> Co-authored-by: miagilepner Co-authored-by: Scott Miller Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com> Co-authored-by: divyaac Co-authored-by: Roman O'Brien <58272664+romanobrien@users.noreply.github.com> Co-authored-by: Adrian Todorov Co-authored-by: VAL Co-authored-by: Ikko Eltociear Ashimine Co-authored-by: Owen Zhang <86668876+owenzorrin@users.noreply.github.com> Co-authored-by: gkoutsou Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jonathan Frappier <92055993+jonathanfrappier@users.noreply.github.com> Co-authored-by: Yoko Hyakuna Co-authored-by: Angel Garbarino Co-authored-by: Max Levine Co-authored-by: Steffy Fort --- enos/enos-descriptions.hcl | 5 ++ enos/enos-modules.hcl | 8 ++ enos/enos-qualities.hcl | 4 + enos/enos-scenario-upgrade.hcl | 25 ++++++ .../vault_verify_billing_start_date/main.tf | 58 ++++++++++++++ .../scripts/verify-billing-start.sh | 78 +++++++++++++++++++ 6 files changed, 178 insertions(+) create mode 100644 enos/modules/vault_verify_billing_start_date/main.tf create mode 100644 enos/modules/vault_verify_billing_start_date/scripts/verify-billing-start.sh diff --git a/enos/enos-descriptions.hcl b/enos/enos-descriptions.hcl index c78dbeacf78b..f0d5880fe458 100644 --- a/enos/enos-descriptions.hcl +++ b/enos/enos-descriptions.hcl @@ -192,5 +192,10 @@ globals { wait_for_seal_rewrap = <<-EOF Wait for the Vault cluster seal rewrap process to complete. EOF + + verify_billing_start_date = <<-EOF + Verify that the billing start date has successfully rolled over to the latest billing year if needed. + EOF + } } diff --git a/enos/enos-modules.hcl b/enos/enos-modules.hcl index 973d87c33246..a503cc783b06 100644 --- a/enos/enos-modules.hcl +++ b/enos/enos-modules.hcl @@ -307,3 +307,11 @@ module "verify_seal_type" { vault_install_dir = var.vault_install_dir } + +module "vault_verify_billing_start_date" { + source = "./modules/vault_verify_billing_start_date" + + vault_install_dir = var.vault_install_dir + vault_instance_count = var.vault_instance_count + vault_cluster_addr_port = global.ports["vault_cluster"]["port"] +} \ No newline at end of file diff --git a/enos/enos-qualities.hcl b/enos/enos-qualities.hcl index 639cf027cd10..7a19759ac889 100644 --- a/enos/enos-qualities.hcl +++ b/enos/enos-qualities.hcl @@ -499,3 +499,7 @@ quality "vault_version_edition" { quality "vault_version_release" { description = "Vault's reported release version matches our expectations" } + +quality "vault_billing_start_date" { + description = "Vault's billing start date has adjusted to the latest billing year" +} diff --git a/enos/enos-scenario-upgrade.hcl b/enos/enos-scenario-upgrade.hcl index 0dc244fa6394..6a38f525ef43 100644 --- a/enos/enos-scenario-upgrade.hcl +++ b/enos/enos-scenario-upgrade.hcl @@ -691,6 +691,31 @@ scenario "upgrade" { } } + step "verify_billing_start_date" { + description = global.description.verify_billing_start_date + skip_step = semverconstraint(var.vault_product_version, "<=1.16.6-0 || >=1.17.0-0 <=1.17.2-0") + module = module.vault_verify_billing_start_date + depends_on = [ + step.get_updated_vault_cluster_ips, + step.verify_vault_unsealed, + step.verify_read_test_data, + ] + + providers = { + enos = local.enos_provider[matrix.distro] + } + + verifies = [ + quality.vault_billing_start_date, + ] + + variables { + vault_install_dir = global.vault_install_dir[matrix.artifact_type] + hosts = step.create_vault_cluster_targets.hosts + vault_root_token = step.create_vault_cluster.root_token + } + } + step "verify_ui" { description = global.description.verify_ui module = module.vault_verify_ui diff --git a/enos/modules/vault_verify_billing_start_date/main.tf b/enos/modules/vault_verify_billing_start_date/main.tf new file mode 100644 index 000000000000..648f30cddc27 --- /dev/null +++ b/enos/modules/vault_verify_billing_start_date/main.tf @@ -0,0 +1,58 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: BUSL-1.1 + +terraform { + required_providers { + enos = { + source = "registry.terraform.io/hashicorp-forge/enos" + } + } +} + +variable "vault_cluster_addr_port" { + description = "The Raft cluster address port" + type = string + default = "8201" +} + +variable "vault_install_dir" { + type = string + description = "The directory where the Vault binary will be installed" +} + +variable "vault_instance_count" { + type = number + description = "How many vault instances are in the cluster" +} + +variable "hosts" { + type = map(object({ + private_ip = string + public_ip = string + })) + description = "The vault cluster instances that were created" +} + +variable "vault_root_token" { + type = string + description = "The vault root token" +} + +resource "enos_remote_exec" "vault_verify_billing_start_date" { + for_each = var.hosts + + environment = { + VAULT_CLUSTER_ADDR = "${each.value.private_ip}:${var.vault_cluster_addr_port}" + VAULT_INSTALL_DIR = var.vault_install_dir + VAULT_LOCAL_BINARY_PATH = "${var.vault_install_dir}/vault" + VAULT_TOKEN = var.vault_root_token + } + + scripts = [abspath("${path.module}/scripts/verify-billing-start.sh")] + + transport = { + ssh = { + host = each.value.public_ip + } + } +} diff --git a/enos/modules/vault_verify_billing_start_date/scripts/verify-billing-start.sh b/enos/modules/vault_verify_billing_start_date/scripts/verify-billing-start.sh new file mode 100644 index 000000000000..ce34cfb1cb7b --- /dev/null +++ b/enos/modules/vault_verify_billing_start_date/scripts/verify-billing-start.sh @@ -0,0 +1,78 @@ +#!/usr/bin/env bash +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: BUSL-1.1 + + +set -e + +retry() { + local retries=$1 + shift + local count=0 + + until "$@"; do + exit=$? + count=$((count + 1)) + if [ "$count" -lt "$retries" ]; then + sleep 30 + else + return "$exit" + fi + done + + return 0 +} + +fail() { + echo "$1" 1>&2 + exit 1 +} + +export VAULT_ADDR=http://localhost:8200 +[[ -z "$VAULT_TOKEN" ]] && fail "VAULT_TOKEN env variable has not been set" + +binpath=${VAULT_INSTALL_DIR}/vault + +test -x "$binpath" || fail "unable to locate vault binary at $binpath" + +function enable_debugging() { + echo "Turning debugging on.." + export PS4='+(${BASH_SOURCE}:${LINENO})> ${FUNCNAME[0]:+${FUNCNAME[0]}(): }' + set -x +} + +enable_debugging + +verify_billing_start_date() { + # get the version of vault + version=$("$binpath" status -format=json | jq .version) + + # Get the billing start date + billing_start_time=$(retry 5 "$binpath" read -format=json sys/internal/counters/config | jq -r ".data.billing_start_timestamp") + + # Verify if the billing start date is in the latest billing year + + # macOS + if date -v -1y > /dev/null 2>&1; then + oneYearAgoUnix=$(TZ=UTC date -v -1y +'%s') + billingStartUnix=$(TZ=UTC date -j -f "%Y-%m-%dT%H:%M:%SZ" "${billing_start_time}" +'%s' ) + else + # linux and unix systems + timeago='1 year ago' + billingStartUnix=$(TZ=UTC date -d "$billing_start_time" +'%s') # For "now", use $(date +'%s') + oneYearAgoUnix=$(TZ=UTC date -d "$timeago" +'%s') + fi + + version=$("$binpath" status -format=json | jq .version) + vault_ps=$(pgrep vault | xargs) + #fail "Vault ADDR: $VAULT_ADDR, Vault version: $version, Vault process: $vault_ps, Billing start date: $billing_start_time" + + if [ "$billingStartUnix" -gt "$oneYearAgoUnix" ]; then + echo "Billing start date $billing_start_time has successfully rolled over to current year." + exit 0 + else + fail "On version $version, pid $vault_ps, addr $VAULT_ADDR, Billing start date $billing_start_time did not roll over to current year" + fi +} + +retry 10 verify_billing_start_date