Vault 29181 plugin testing poc with enos #175
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
fairclothjm
reviewed
Jul 3, 2025
There was a problem hiding this comment.
Thanks @HamzaShili65! I know we plan to refactor/reuse some of this but I left a few comments. Looking great so far!
fairclothjm
reviewed
Jul 3, 2025
fairclothjm
previously approved these changes
Aug 1, 2025
enos/README.md
Outdated
| > enos scenario ui run edition:oss | ||
| ``` | ||
| #### Manually | ||
| The UI tests can be run manually as follows: |
There was a problem hiding this comment.
Let's remove anything in this README that doesn't apply to LDAP. You can do that in a follow-up PR if you prefer.
…LDAP server setup, and plugin configuration (#174) * add environment setup and teardown srcipts and make targets for ldap server * add terraform module for ldap server setup * add terraform module for building, registering, enabling, and configuring the plugin * add terraform module for bootstrapping vault cluster * add enos modules * add enos descriptions * add ingress for ldap server and machine os and arch outputs * add smoke scenario for openldap * ignore the .enos dir * fix formatting error * removed copied modules from vault repo * add remote references to tf modules borrowed from vault * add variables for ldap ports and reference to remote module * clean configure plugin module * replace hardcoded variables with tf vars * change name for LDAP_VERSION to IMAGE_TAG and remove PLUGIN_DEST_DIR * remove unnecessary sudos * remove PLUGIN_DEST_DIR * renmae LDAP_VERSION to IMAGE TAG * refactor out plugin setup module from plugin configure * fmt * remove consul storage backend related setup * add cluster tag for ldap server target * add module that builds plugin binary and bundles it from local branch * wip: build_ldap step currently only supports local builds * replace file copying logic with enos_bundle_install resource as it supports local build, releases, and artifactory * wip: introduce build_ldap step * change license to MPL-2.0 on scripts * add build_ldap description * fmt * change license to MPL-2.0 on scripts * make the ref configurable for all external tf modules * remove references to unused modules * remove unused qualities * remove consul variable * remove unused descriptions * add suport for building ldap from artifactory and releases * reference target_ec2_instances module from vault * change artifact path in setup_plugin to be nonull only for local builds * use same ldap image tag for mkae targets and enos * update go.sum * remove unused variables and update enos.vars.hcl with template enos vars setup for developer * result of mod tidy * change lease to MPL-2.0 --------- Co-authored-by: Hamza ElMokhtar Shili <[email protected]>
…crud with enos (#179) * add environment setup and teardown srcipts and make targets for ldap server * add terraform module for ldap server setup * add terraform module for building, registering, enabling, and configuring the plugin * add terraform module for bootstrapping vault cluster * add enos modules * add enos descriptions * add ingress for ldap server and machine os and arch outputs * add smoke scenario for openldap * ignore the .enos dir * fix formatting error * install openldap clients to vault targets * add ldap ip and port as outputs * add module for testing static role crud api * update static role crud api module and decription * add step to test static role crud api * fmt and add env vars checks * add make target for static role api test * fmt * fmt * fmt and remove unused modules * use ldap server private ip for plugin configuration and static role api testing * refactor ldap configuration variables * change license to MPL-2.0 * add support for manual static-role rotation and root-rotation * change ldap image tag to 1.3.0 * remove rotate-root check of initial root credential validity * change ldap_tag to 1.3.0 in makefile * move root credentials rotation to the begining of the script --------- Co-authored-by: Hamza ElMokhtar Shili <[email protected]>
… crud with enos (#181) * add environment setup and teardown srcipts and make targets for ldap server * add terraform module for ldap server setup * add terraform module for building, registering, enabling, and configuring the plugin * add terraform module for bootstrapping vault cluster * add enos modules * add enos descriptions * add ingress for ldap server and machine os and arch outputs * add smoke scenario for openldap * ignore the .enos dir * fix formatting error * install openldap clients to vault targets * add ldap ip and port as outputs * add module for testing static role crud api * update static role crud api module and decription * add step to test static role crud api * add module for testing dynamic role api * add dynamic role api test step * add dynamic role api test module and description * add make target for dynamic role api test * change license to MPL-2.0 * removed unused tf modules and scripts * added error handling for requesting dynamic credentials * make input variables to the test_dynamic_role_crud_api step dynamic --------- Co-authored-by: Hamza ElMokhtar Shili <[email protected]>
ryancragun
reviewed
Aug 6, 2025
…t with enos (#188) * add module to verify that vault is sealed * move plugin dir clean up and copying plugin binary out of plugin registration logic * add module references and descriptions for sealing and unsealing vault * make plugin_dir in vault dynamic * rename enos-scenario-openldap.hcl to enos-scenario-openldap-smoke.hcl * add restart scenario
… with enos (#189) * add module to verify that vault is sealed * move plugin dir clean up and copying plugin binary out of plugin registration logic * add module references and descriptions for sealing and unsealing vault * make plugin_dir in vault dynamic * rename enos-scenario-openldap.hcl to enos-scenario-openldap-smoke.hcl * add restart scenario * add module for testing library endpoint api * add module refs and description for testing library crud api * add steps to test library endpoint api for both smoke and restart scenarios * add variables for the library endpoint test step * fmt
…nge with enos (#191) * add scenario for leader change case * add modules refs, descriptions, and qualities for leader change case
…oint root rotation (#193) * add scenario for leader change case * add modules refs, descriptions, and qualities for leader change case * add tf module for testing ldap secrets engine manual root_rotation * add tf module for testing ldap secrets engine periodic root_rotation * add tf module for testing ldap secrets engine scheduled root_rotation * add setup for integrating root rotation modules * fmt * takeout root rotation from scripts * integrate root rotation modules with smoke scenario
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
Feature branch to add enos tests for OpenLDAP Secrets Engine plugin