Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[QT-616] Add seal_ha enos scenario #23812

Merged
merged 1 commit into from
Oct 26, 2023
Merged

[QT-616] Add seal_ha enos scenario #23812

merged 1 commit into from
Oct 26, 2023

Conversation

ryancragun
Copy link
Collaborator

@ryancragun ryancragun commented Oct 24, 2023
edited by jira bot
Loading

Add support for testing Vault Enterprise with HA seal support by adding a new seal_ha scenario that configures more than one seal type for a Vault cluster. We also extend existing scenarios to support testing with or without the Seal HA code path enabled.

  • Extract starting vault into a separate enos module to allow for better handling of complex clusters that need to be started more than once.
  • Extract seal key creation into a separate module and provide it to target modules. This allows us to create more than one seal key and associate it with instances. This also allows us to forego creating keys when using shamir seals.
  • QT-615 Add support for configuring more that one seal type to vault_cluster module.
  • QT-616 Add seal_ha scenario
  • QT-625 Add seal_ha_beta variant to existing scenarios to test with both code paths.
  • Unpin action-setup-terraform

@ryancragun ryancragun requested a review from a team as a code owner October 24, 2023 22:29
@github-actions github-actions bot added the hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed label Oct 24, 2023
@github-actions
Copy link

github-actions bot commented Oct 24, 2023
edited
Loading

Build Results:
All builds succeeded! ✅

@github-actions
Copy link

CI Results:
All Go tests succeeded! ✅

@ryancragun
[QT-616] Add seal_ha enos scenario
991303e 
Add support for testing Vault Enterprise with HA seal support by adding
a new `seal_ha` scenario that configures more than one seal type for a
Vault cluster. We also extend existing scenarios to support testing
with or without the Seal HA code path enabled.

* Extract starting vault into a separate enos module to allow for better
  handling of complex clusters that need to be started more than once.
* Extract seal key creation into a separate module and provide it to
  target modules. This allows us to create more than one seal key and
  associate it with instances. This also allows us to forego creating
  keys when using shamir seals.
* [QT-615] Add support for configuring more that one seal type to
  `vault_cluster` module.
* [QT-616] Add `seal_ha` scenario
* [QT-625] Add `seal_ha_beta` variant to existing scenarios to test with
  both code paths.
* Unpin action-setup-terraform
* Add `kms:TagResource` to service user IAM profile

Signed-off-by: Ryan Cragun <me@ryan.ec>
@ryancragun ryancragun merged commit a46def2 into main Oct 26, 2023
@ryancragun ryancragun deleted the ryan/qt-616 branch October 26, 2023 21:13
This was referenced Oct 26, 2023
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rebwill rebwill rebwill approved these changes

Assignees
No one assigned
Labels
hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed pr/no-changelog pr/no-milestone
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ryancragun @rebwill