Skip to content

Commit

Permalink
Merge branch 'release/1.17.x' into backport/ui/VAULT-30458/fix-enabli…
Browse files Browse the repository at this point in the history 
…ng-replication-capabilities-bug/quickly-improved-amoeba
  • Loading branch information
@hellobontempo
hellobontempo authored Sep 20, 2024
2 parents 99187a1 + cf22044 commit 7c14772
Show file tree
Hide file tree
Showing 54 changed files with 1,516 additions and 419 deletions.
29 changes: 28 additions & 1 deletion .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -164,7 +164,7 @@ jobs:
node-version-file: './ui/package.json'
cache: yarn
cache-dependency-path: ui/yarn.lock
- uses: browser-actions/setup-chrome@db1b524c26f20a8d1a10f7fc385c92387e2d0477 # v1.7.1
- uses: browser-actions/setup-chrome@facf10a55b9caf92e0cc749b4f82bf8220989148 # v1.7.2
with:
# Temporarily pin our Chrome version while we sort out a broken test on latest
chrome-version: 1314712
Expand Down Expand Up @@ -194,6 +194,7 @@ jobs:
secrets: |
kv/data/github/hashicorp/vault-enterprise/github-token username-and-token | PRIVATE_REPO_GITHUB_TOKEN;
kv/data/github/hashicorp/vault-enterprise/license license_1 | VAULT_LICENSE;
kv/data/github/${{ github.repository }}/datadog-ci DATADOG_API_KEY;
- if: needs.setup.outputs.is-enterprise == 'true'
name: Set up Git
run: git config --global url."https://${{ steps.secrets.outputs.PRIVATE_REPO_GITHUB_TOKEN }}@github.com".insteadOf https://github.com
Expand All @@ -217,6 +218,32 @@ jobs:
with:
name: test-results-ui
path: ui/test-results
- name: Prepare datadog-ci
if: (github.repository == 'hashicorp/vault' || github.repository == 'hashicorp/vault-enterprise') && (success() || failure())
continue-on-error: true
run: |
if type datadog-ci > /dev/null 2>&1; then
exit 0
fi
# Curl does not always exit 1 if things go wrong. To determine if this is successful
# we'll silence all non-error output and check the results to determine success.
if ! out="$(curl -sSL --fail https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64 --output /usr/local/bin/datadog-ci 2>&1)"; then
printf "failed to download datadog-ci: %s" "$out"
fi
if [[ -n "$out" ]]; then
printf "failed to download datadog-ci: %s" "$out"
fi
chmod +x /usr/local/bin/datadog-ci
- name: Upload test results to DataDog
if: success() || failure()
continue-on-error: true
env:
DD_ENV: ci
run: |
if [[ ${{ github.repository }} == 'hashicorp/vault' ]]; then
export DATADOG_API_KEY=${{ secrets.DATADOG_API_KEY }}
fi
datadog-ci junit upload --service "$GITHUB_REPOSITORY" 'ui/test-results/qunit/results.xml'
- if: always()
uses: test-summary/action@31493c76ec9e7aa675f1585d3ed6f1da69269a86 # v2.4
with:
Expand Down
3 changes: 3 additions & 0 deletions changelog/27559.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:improvement
ui: Remove deprecated `current_billing_period` from dashboard activity log request
```
6 changes: 3 additions & 3 deletions enos/enos-dev-scenario-pr-replication.hcl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -638,7 +638,7 @@ scenario "dev_pr_replication" {
description = <<-EOF
Wait for the for the primary cluster to unseal and reach a healthy state.
EOF
module = module.vault_verify_unsealed
module = module.vault_wait_for_cluster_unsealed
depends_on = [
step.create_primary_cluster
]
Expand All @@ -658,7 +658,7 @@ scenario "dev_pr_replication" {
description = <<-EOF
Wait for the for the secondary cluster to unseal and reach a healthy state.
EOF
module = module.vault_verify_unsealed
module = module.vault_wait_for_cluster_unsealed
depends_on = [
step.create_secondary_cluster
]
Expand Down Expand Up @@ -840,7 +840,7 @@ scenario "dev_pr_replication" {
description = <<-EOF
Verify that the secondary cluster is unsealed after we enable PR replication.
EOF
module = module.vault_verify_unsealed
module = module.vault_wait_for_cluster_unsealed
depends_on = [
step.unseal_secondary_followers
]
Expand Down
4 changes: 2 additions & 2 deletions enos/enos-modules.hcl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -326,8 +326,8 @@ module "vault_verify_undo_logs" {
vault_install_dir = var.vault_install_dir
}

module "vault_verify_unsealed" {
source = "./modules/vault_verify_unsealed"
module "vault_wait_for_cluster_unsealed" {
source = "./modules/vault_wait_for_cluster_unsealed"

vault_install_dir = var.vault_install_dir
}
Expand Down
2 changes: 1 addition & 1 deletion enos/enos-scenario-agent.hcl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -406,7 +406,7 @@ scenario "agent" {

step "verify_vault_unsealed" {
description = global.description.verify_vault_unsealed
module = module.vault_verify_unsealed
module = module.vault_wait_for_cluster_unsealed
depends_on = [step.wait_for_leader]

providers = {
Expand Down
2 changes: 1 addition & 1 deletion enos/enos-scenario-autopilot.hcl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -412,7 +412,7 @@ scenario "autopilot" {

step "verify_vault_unsealed" {
description = global.description.verify_vault_unsealed
module = module.vault_verify_unsealed
module = module.vault_wait_for_cluster_unsealed
depends_on = [
step.create_vault_cluster,
step.create_vault_cluster_upgrade_targets,
Expand Down
121 changes: 81 additions & 40 deletions enos/enos-scenario-dr-replication.hcl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -511,7 +511,7 @@ scenario "dr_replication" {

step "verify_that_vault_primary_cluster_is_unsealed" {
description = global.description.verify_vault_unsealed
module = module.vault_verify_unsealed
module = module.vault_wait_for_cluster_unsealed
depends_on = [
step.create_primary_cluster,
step.wait_for_primary_cluster_leader,
Expand All @@ -537,7 +537,7 @@ scenario "dr_replication" {

step "verify_that_vault_secondary_cluster_is_unsealed" {
description = global.description.verify_vault_unsealed
module = module.vault_verify_unsealed
module = module.vault_wait_for_cluster_unsealed
depends_on = [
step.create_secondary_cluster,
step.wait_for_secondary_cluster_leader,
Expand Down Expand Up @@ -695,12 +695,15 @@ scenario "dr_replication" {
# ================================================
# DISASTER RECOVERY (DR) REPLICATION SETUP
# ================================================
# 1. Configure DR primary replication on cluster A.
# 2. Generate secondary token on cluster A.
# 3. Configure DR secondary replication on cluster B.
# 4. Confirm replication status on both clusters.
# - Wait for seal rewrap to complete on both clusters.
# - Configure DR primary replication on cluster A.
# - Generate secondary token on cluster A.
# - Configure DR secondary replication on cluster B.
# - Confirm replication status on both clusters.


// Wait for our seals to finish any inflight rewraps before we enable DR replication as we don't
// want to accidentally swap seal info on the secondary before it has finished.
step "configure_dr_replication_primary" {
description = <<-EOF
Create the necessary superuser auth policy necessary for DR replication, assign it
Expand All @@ -711,7 +714,7 @@ scenario "dr_replication" {
depends_on = [
step.get_primary_cluster_ips,
step.get_secondary_cluster_ips,
step.verify_secrets_engines_on_primary
step.verify_secrets_engines_on_primary,
]

providers = {
Expand Down Expand Up @@ -759,13 +762,53 @@ scenario "dr_replication" {
}
}

step "wait_for_primary_seal_rewrap" {
module = module.vault_wait_for_seal_rewrap
depends_on = [
step.generate_secondary_token,
]

providers = {
enos = local.enos_provider[matrix.distro]
}

variables {
hosts = step.create_primary_cluster.hosts
vault_addr = step.create_primary_cluster.api_addr_localhost
vault_install_dir = global.vault_install_dir[matrix.artifact_type]
vault_root_token = step.create_primary_cluster.root_token
}
}

step "wait_for_secondary_seal_rewrap" {
module = module.vault_wait_for_seal_rewrap
depends_on = [
step.wait_for_primary_seal_rewrap,

]

providers = {
enos = local.enos_provider[matrix.distro]
}

variables {
hosts = step.create_secondary_cluster.hosts
vault_addr = step.create_secondary_cluster.api_addr_localhost
vault_install_dir = global.vault_install_dir[matrix.artifact_type]
vault_root_token = step.create_secondary_cluster.root_token
}
}

step "configure_dr_replication_secondary" {
description = <<-EOF
Enable dr replication on the secondary cluster with the wrapping token created by
the primary cluster.
EOF
module = module.vault_setup_replication_secondary
depends_on = [step.generate_secondary_token]
depends_on = [
step.wait_for_secondary_seal_rewrap,
step.generate_secondary_token,
]

providers = {
enos = local.enos_provider[matrix.distro]
Expand All @@ -786,16 +829,13 @@ scenario "dr_replication" {

step "unseal_secondary_followers" {
description = <<-EOF
After replication is enabled the secondary cluster followers need to be unsealed.
Secondary unseal keys are passed differently depending primary and secondary seal
type combinations. See the guide for more information:
https://developer.hashicorp.com/vault/docs/enterprise/replication#seals
EOF
After replication is enabled the secondary cluster followers need to be unsealed.
Secondary unseal keys are passed differently depending primary and secondary seal
type combinations. See the guide for more information:
https://developer.hashicorp.com/vault/docs/enterprise/replication#seals
EOF
module = module.vault_unseal_nodes
depends_on = [
step.create_primary_cluster,
step.create_secondary_cluster,
step.get_secondary_cluster_ips,
step.configure_dr_replication_secondary
]

Expand All @@ -814,7 +854,7 @@ scenario "dr_replication" {

step "verify_secondary_cluster_is_unsealed_after_enabling_replication" {
description = global.description.verify_vault_unsealed
module = module.vault_verify_unsealed
module = module.vault_wait_for_cluster_unsealed
depends_on = [
step.unseal_secondary_followers
]
Expand Down Expand Up @@ -899,10 +939,10 @@ scenario "dr_replication" {

step "vault_failover_promote_dr_secondary_cluster" {
description = <<-EOF
Promote the secondary cluster to be the primary cluster. This step will also
generate a new DR operation token for the secondary cluster to connect to the new
primary cluster.
EOF
Promote the secondary cluster to be the primary cluster. This step will also
generate a new DR operation token for the secondary cluster to connect to the new
primary cluster.
EOF
module = module.vault_failover_promote_dr_secondary
depends_on = [step.generate_batch_dr_operation_token]

Expand Down Expand Up @@ -946,10 +986,10 @@ scenario "dr_replication" {

step "vault_failover_demote_dr_primary_cluster" {
description = <<-EOF
Demote the primary cluster to be the secondary cluster. This step will also
generate a new DR operation token for the secondary cluster to connect to the new
primary cluster.
EOF
Demote the primary cluster to be the secondary cluster. This step will also
generate a new DR operation token for the secondary cluster to connect to the new
primary cluster.
EOF
module = module.vault_failover_demote_dr_primary
depends_on = [step.wait_for_promoted_cluster_leader]

Expand Down Expand Up @@ -992,7 +1032,7 @@ scenario "dr_replication" {

step "verify_new_primary_cluster_unsealed" {
description = global.description.verify_vault_unsealed
module = module.vault_verify_unsealed
module = module.vault_wait_for_cluster_unsealed
depends_on = [
step.wait_for_demoted_cluster_leader,
]
Expand All @@ -1009,7 +1049,8 @@ scenario "dr_replication" {
]

variables {
hosts = step.get_secondary_cluster_ips.follower_hosts
hosts = step.create_secondary_cluster_targets.hosts
timeout = 120 // seconds
vault_addr = step.create_secondary_cluster.api_addr_localhost
vault_install_dir = global.vault_install_dir[matrix.artifact_type]
}
Expand Down Expand Up @@ -1046,10 +1087,10 @@ scenario "dr_replication" {

step "generate_demoted_secondary_public_key" {
description = <<-EOF
Generate a random token and configure the DR replication primary secondary-token and
configure the Vault cluster primary replication with the token. Export the wrapping token
so that secondary clusters can utilize it.
EOF
Generate a random token and configure the DR replication primary secondary-token and
configure the Vault cluster primary replication with the token. Export the wrapping token
so that secondary clusters can utilize it.
EOF
module = module.generate_secondary_public_key
depends_on = [
step.verify_replicated_data_during_failover,
Expand All @@ -1072,10 +1113,10 @@ scenario "dr_replication" {

step "generate_demoted_secondary_token" {
description = <<-EOF
Generate a random token and configure the DR replication primary secondary-token and
configure the Vault cluster primary replication with the token. Export the wrapping token
so that secondary clusters can utilize it.
EOF
Generate a random token and configure the DR replication primary secondary-token and
configure the Vault cluster primary replication with the token. Export the wrapping token
so that secondary clusters can utilize it.
EOF
module = module.generate_failover_secondary_token
depends_on = [step.generate_demoted_secondary_public_key]

Expand All @@ -1097,8 +1138,8 @@ scenario "dr_replication" {

step "vault_failover_update_dr_primary_cluster" {
description = <<-EOF
Update the secondary cluster to connect to the new primary cluster.
EOF
Update the secondary cluster to connect to the new primary cluster.
EOF
module = module.vault_failover_update_dr_primary
depends_on = [
step.generate_demoted_secondary_token,
Expand All @@ -1122,9 +1163,9 @@ scenario "dr_replication" {

step "verify_failover_dr_replication" {
description = <<-EOF
Verify that the DR replication status meets our expectations after enabling replication
and ensuring that all secondary nodes are unsealed.
EOF
Verify that the DR replication status meets our expectations after enabling replication
and ensuring that all secondary nodes are unsealed.
EOF
module = module.vault_verify_dr_replication
depends_on = [step.vault_failover_update_dr_primary_cluster]

Expand Down
8 changes: 4 additions & 4 deletions enos/enos-scenario-pr-replication.hcl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -533,7 +533,7 @@ scenario "pr_replication" {

step "verify_that_vault_primary_cluster_is_unsealed" {
description = global.description.verify_vault_unsealed
module = module.vault_verify_unsealed
module = module.vault_wait_for_cluster_unsealed
depends_on = [
step.create_primary_cluster,
step.wait_for_primary_cluster_leader,
Expand All @@ -559,7 +559,7 @@ scenario "pr_replication" {

step "verify_that_vault_secondary_cluster_is_unsealed" {
description = global.description.verify_vault_unsealed
module = module.vault_verify_unsealed
module = module.vault_wait_for_cluster_unsealed
depends_on = [
step.create_secondary_cluster,
step.wait_for_secondary_cluster_leader,
Expand Down Expand Up @@ -843,7 +843,7 @@ scenario "pr_replication" {

step "verify_secondary_cluster_is_unsealed_after_enabling_replication" {
description = global.description.verify_vault_unsealed
module = module.vault_verify_unsealed
module = module.vault_wait_for_cluster_unsealed
depends_on = [
step.unseal_secondary_followers
]
Expand Down Expand Up @@ -1012,7 +1012,7 @@ scenario "pr_replication" {

step "verify_additional_primary_nodes_are_unsealed" {
description = global.description.verify_vault_unsealed
module = module.vault_verify_unsealed
module = module.vault_wait_for_cluster_unsealed
depends_on = [step.add_additional_nodes_to_primary_cluster]

providers = {
Expand Down
2 changes: 1 addition & 1 deletion enos/enos-scenario-proxy.hcl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -383,7 +383,7 @@ scenario "proxy" {

step "verify_vault_unsealed" {
description = global.description.verify_vault_unsealed
module = module.vault_verify_unsealed
module = module.vault_wait_for_cluster_unsealed
depends_on = [step.create_vault_cluster]

providers = {
Expand Down
Loading

0 comments on commit 7c14772

Please sign in to comment.