diff --git a/enos/modules/set_up_external_integration_target/main.tf b/enos/modules/set_up_external_integration_target/main.tf index e33ac44be3..21d697afe8 100755 --- a/enos/modules/set_up_external_integration_target/main.tf +++ b/enos/modules/set_up_external_integration_target/main.tf @@ -46,21 +46,18 @@ module "install_packages" { packages = var.packages } -# Creating OpenLDAP Server +# Creating OpenLDAP Server using generic container script resource "enos_remote_exec" "setup_openldap" { depends_on = [module.install_packages] - environment = { - LDAP_CONTAINER_VERSION = local.ldap_server.version - LDAP_DOMAIN = local.ldap_server.domain - LDAP_ORG = local.ldap_server.org - LDAP_ADMIN_PW = local.ldap_server.admin_pw - LDAP_IP_ADDRESS = local.test_server_address - LDAP_PORT = local.ldap_server.port - LDAPS_PORT = local.ldap_server.secure_port - } + scripts = [abspath("${path.module}/scripts/start-container.sh")] - scripts = [abspath("${path.module}/scripts/set-up-openldap.sh")] + environment = { + CONTAINER_IMAGE = "docker.io/osixia/openldap:${local.ldap_server.version}" + CONTAINER_NAME = "openldap" + CONTAINER_PORTS = "${local.ldap_server.port},${local.ldap_server.secure_port}" + CONTAINER_ENVS = "LDAP_ORGANISATION=${local.ldap_server.org},LDAP_DOMAIN=${local.ldap_server.domain},LDAP_ADMIN_PASSWORD=${local.ldap_server.admin_pw}" + } transport = { ssh = { @@ -69,16 +66,23 @@ resource "enos_remote_exec" "setup_openldap" { } } -# Creating KMIP Server +# Creating KMIP Server using generic container script resource "enos_remote_exec" "create_kmip" { depends_on = [module.install_packages] - environment = { - VAULT_ADDR = var.ip_version == "6" ? var.hosts[0].ipv6 : var.hosts[0].public_ip - KMIP_PORT = var.ports.kmip.port - } + inline = [ + "mkdir -p /tmp/kmip_temp" + ] - scripts = [abspath("${path.module}/scripts/setup_kmip.sh")] + scripts = [abspath("${path.module}/scripts/start-container.sh")] + + environment = { + CONTAINER_IMAGE = "docker.io/percona/percona-server:8.0" + CONTAINER_NAME = "kmip" + CONTAINER_VOLUMES = "/tmp/kmip_temp:/TEMP_DIR" + CONTAINER_ENVS = "KMIP_ADDR=${local.test_server_address},MYSQL_ROOT_PASSWORD=testpassword" + CONTAINER_ARGS = "--port ${var.ports.kmip.port}" + } transport = { ssh = { diff --git a/enos/modules/set_up_external_integration_target/scripts/set-up-openldap.sh b/enos/modules/set_up_external_integration_target/scripts/set-up-openldap.sh deleted file mode 100755 index bc037a5d4b..0000000000 --- a/enos/modules/set_up_external_integration_target/scripts/set-up-openldap.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/env bash -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: BUSL-1.1 - -set -e - -fail() { - echo "$1" 1>&2 - exit 1 -} - -[[ -z "${LDAP_DOMAIN}" ]] && fail "LDAP_DOMAIN env variable has not been set" -[[ -z "${LDAP_ORG}" ]] && fail "LDAP_ORG env variable has not been set" -[[ -z "${LDAP_ADMIN_PW}" ]] && fail "LDAP_ADMIN_PW env variable has not been set" -[[ -z "${LDAP_CONTAINER_VERSION}" ]] && fail "LDAP_CONTAINER_VERSION env variable has not been set" -[[ -z "${LDAP_PORT}" ]] && fail "LDAP_PORT env variable has not been set" -[[ -z "${LDAPS_PORT}" ]] && fail "LDAPS_PORT env variable has not been set" - -# Pulling image -CONTAINER_CMD="sudo podman" -LDAP_DOCKER_NAME="docker.io/osixia/openldap:${LDAP_CONTAINER_VERSION}" -echo "Pulling image: ${LDAP_DOCKER_NAME}" -${CONTAINER_CMD} pull "${LDAP_DOCKER_NAME}" - -# Run OpenLDAP container -echo "Starting OpenLDAP container..." -${CONTAINER_CMD} run -d \ - --name openldap \ - -p "${LDAP_PORT}:${LDAP_PORT}" \ - -p "${LDAPS_PORT}:${LDAPS_PORT}" \ - -e LDAP_ORGANISATION="${LDAP_ORG}" \ - -e LDAP_DOMAIN="${LDAP_DOMAIN}" \ - -e LDAP_ADMIN_PASSWORD="${LDAP_ADMIN_PW}" \ - "${LDAP_DOCKER_NAME}" - -echo "OpenLDAP server is now running in Docker!" diff --git a/enos/modules/set_up_external_integration_target/scripts/setup_kmip.sh b/enos/modules/set_up_external_integration_target/scripts/setup_kmip.sh deleted file mode 100644 index 2b5fdbad64..0000000000 --- a/enos/modules/set_up_external_integration_target/scripts/setup_kmip.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env bash -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: BUSL-1.1 - -set -e - -fail() { - echo "$1" 1>&2 - exit 1 -} - -[[ -z "${VAULT_ADDR}" ]] && fail "VAULT_ADDR env variable has not been set" -[[ -z "${KMIP_PORT}" ]] && fail "KMIP_PORT env variable has not been set" - -# Pull KMIP Docker image -CONTAINER_CMD="sudo podman" -KMIP_DOCKER_NAME="docker.io/percona/percona-server:8.0" -${CONTAINER_CMD} pull "${KMIP_DOCKER_NAME}" - -mkdir TEMP_DIR -cd TEMP_DIR -TEMP_DIR=$(pwd) - -# Run KMIP container -echo "Starting KMIP container..." -${CONTAINER_CMD} run -d \ - --name kmip \ - --volume "${TEMP_DIR}":/TEMP_DIR \ - -e KMIP_ADDR="${VAULT_ADDR}" \ - -e MYSQL_ROOT_PASSWORD=testpassword \ - "${KMIP_DOCKER_NAME}" \ - --port "${KMIP_PORT}" - -echo "KMIP server is now running in Docker!" diff --git a/enos/modules/set_up_external_integration_target/scripts/start-container.sh b/enos/modules/set_up_external_integration_target/scripts/start-container.sh new file mode 100755 index 0000000000..c2b3c0da64 --- /dev/null +++ b/enos/modules/set_up_external_integration_target/scripts/start-container.sh @@ -0,0 +1,171 @@ +#!/usr/bin/env bash +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: BUSL-1.1 + +set -e + +fail() { + echo "$1" 1>&2 + exit 1 +} + +show_help() { + cat << EOF +Usage: $0 --image IMAGE [OPTIONS] + +Required: + --image IMAGE Docker image to run (e.g., osixia/openldap:latest) + +Optional: + --name NAME Container name (default: auto-generated) + --port PORT[:HOST_PORT] Port mapping (can be used multiple times) + --env KEY=VALUE Environment variable (can be used multiple times) + --volume SRC:DEST Volume mount (can be used multiple times) + --container-cmd CMD Container command (default: sudo podman) + --args ARGS Additional arguments to pass to container run command + --help Show this help message + +Examples: + # Basic LDAP setup + $0 --image osixia/openldap:latest --port 389 --port 636 --name openldap \\ + --env LDAP_ORGANISATION="My Org" --env LDAP_DOMAIN="example.com" + + # KMIP/Percona setup + $0 --image percona/percona-server:8.0 --name kmip \\ + --volume "\$(pwd)":/TEMP_DIR --env MYSQL_ROOT_PASSWORD=testpassword \\ + --args "--port 3306" + +EOF +} + +# Default values +CONTAINER_CMD="sudo podman" +NAME="" +DOCKER_IMAGE="" +PORTS=() +ENVS=() +VOLUMES=() +ADDITIONAL_ARGS="" + +# Check for environment variable configuration (Terraform style) +if [[ -n "${CONTAINER_IMAGE}" ]]; then + DOCKER_IMAGE="${CONTAINER_IMAGE}" +fi + +if [[ -n "${CONTAINER_NAME}" ]]; then + NAME="${CONTAINER_NAME}" +fi + +if [[ -n "${CONTAINER_PORTS}" ]]; then + IFS=',' read -ra PORT_ARRAY <<< "${CONTAINER_PORTS}" + PORTS=("${PORT_ARRAY[@]}") +fi + +if [[ -n "${CONTAINER_ENVS}" ]]; then + IFS=',' read -ra ENV_ARRAY <<< "${CONTAINER_ENVS}" + ENVS=("${ENV_ARRAY[@]}") +fi + +if [[ -n "${CONTAINER_VOLUMES}" ]]; then + IFS=',' read -ra VOL_ARRAY <<< "${CONTAINER_VOLUMES}" + VOLUMES=("${VOL_ARRAY[@]}") +fi + +if [[ -n "${CONTAINER_ARGS}" ]]; then + ADDITIONAL_ARGS="${CONTAINER_ARGS}" +fi + +# Parse command line arguments (these will override environment variables) +while [[ $# -gt 0 ]]; do + case $1 in + --image) + DOCKER_IMAGE="$2" + shift 2 + ;; + --name) + NAME="$2" + shift 2 + ;; + --port) + PORTS+=("$2") + shift 2 + ;; + --env) + ENVS+=("$2") + shift 2 + ;; + --volume) + VOLUMES+=("$2") + shift 2 + ;; + --container-cmd) + CONTAINER_CMD="$2" + shift 2 + ;; + --args) + ADDITIONAL_ARGS="$2" + shift 2 + ;; + --help | -h) + show_help + exit 0 + ;; + *) + fail "Unknown option: $1. Use --help for usage information." + ;; + esac +done + +# Validate required parameters +[[ -z "${DOCKER_IMAGE}" ]] && fail "Docker image is required. Use --image to specify." + +# Generate container name if not provided +if [[ -z "${NAME}" ]]; then + NAME=$(echo "${DOCKER_IMAGE}" | sed 's/.*\///' | sed 's/:.*$//') + echo "Using auto-generated container name: ${NAME}" +fi + +# Pull the Docker image +echo "Pulling image: ${DOCKER_IMAGE}" +${CONTAINER_CMD} pull "${DOCKER_IMAGE}" + +# Build the run command +RUN_CMD="${CONTAINER_CMD} run -d --name ${NAME}" + +# Add port mappings +for port in "${PORTS[@]}"; do + if [[ "${port}" == *":"* ]]; then + # Port mapping format: host_port:container_port + RUN_CMD="${RUN_CMD} -p ${port}" + else + # Same port for host and container + RUN_CMD="${RUN_CMD} -p ${port}:${port}" + fi +done + +# Add environment variables +for env in "${ENVS[@]}"; do + RUN_CMD="${RUN_CMD} -e ${env}" +done + +# Add volume mounts +for volume in "${VOLUMES[@]}"; do + RUN_CMD="${RUN_CMD} --volume ${volume}" +done + +# Add the image +RUN_CMD="${RUN_CMD} ${DOCKER_IMAGE}" + +# Add any additional arguments +if [[ -n "${ADDITIONAL_ARGS}" ]]; then + RUN_CMD="${RUN_CMD} ${ADDITIONAL_ARGS}" +fi + +# Execute the run command +echo "Starting container with command:" +echo "${RUN_CMD}" +echo "" + +eval "${RUN_CMD}" + +echo "${NAME} container is now running!" diff --git a/enos/modules/verify_secrets_engines/scripts/kmip/kmip-client-configure.sh b/enos/modules/verify_secrets_engines/scripts/kmip/kmip-client-configure.sh index 3d33ec6713..9d43743c03 100644 --- a/enos/modules/verify_secrets_engines/scripts/kmip/kmip-client-configure.sh +++ b/enos/modules/verify_secrets_engines/scripts/kmip/kmip-client-configure.sh @@ -15,18 +15,22 @@ fail() { [[ -z "${KMIP_PORT}" ]] && fail "KMIP_PORT env variable has not been set" cd ~ || fail "Failed to change directory to home" -echo "${SERVER_CA}" > TEMP_DIR/vault-ca.pem -echo "${CLIENT_CA}" > TEMP_DIR/client.pem +TEMP_DIR=/tmp/kmip_temp +mkdir -p "${TEMP_DIR}" || fail "Failed to create temporary directory" + +echo "${SERVER_CA}" > "${TEMP_DIR}"/vault-ca.pem +echo "${CLIENT_CA}" > "${TEMP_DIR}"/client.pem # Extract certificate and key from client bundle -cd TEMP_DIR +cd "${TEMP_DIR}" || fail "Failed to change directory to ${TEMP_DIR}" + # Assuming CLIENT_CA contains both cert and key, split them csplit -f client- client.pem '/-----BEGIN.*PRIVATE KEY-----/' '{*}' mv client-00 cert.pem mv client-01 key.pem -# Connect to the Percona Docker container -CONTAINER_CMD="sudo docker" +# Connect to the Percona KMIP Docker container and configure it +CONTAINER_CMD="sudo podman" KMIP_DOCKER_NAME="kmip" # Create MySQL data directory @@ -38,6 +42,6 @@ ${CONTAINER_CMD} exec -d "${KMIP_DOCKER_NAME}" mysqld \ --early-plugin-load=keyring_kmip.so \ --keyring_kmip_server_name="${VAULT_ADDR}" \ --keyring_kmip_server_port="${KMIP_PORT}" \ - --keyring_kmip_client_ca=/TEMP_DIR/vault-ca.pem \ - --keyring_kmip_client_key=/TEMP_DIR/key.pem \ - --keyring_kmip_client_cert=/TEMP_DIR/cert.pem + --keyring_kmip_client_ca="${TEMP_DIR}/vault-ca.pem" \ + --keyring_kmip_client_key="${TEMP_DIR}/key.pem" \ + --keyring_kmip_client_cert="${TEMP_DIR}/cert.pem"