* Reorganize vault blackbox tests into isolated/scenario/system structure (#14919)
* Reorganize vault blackbox tests into isolated/scenario/system structure
- Move 38 test files from flat structure to organized directories:
* isolated/: namespace-scoped, concurrent-safe tests (auth, secrets, plugins, verify)
* scenario/: state-changing tests (raft, ha)
* system/: system-level config tests (billing, license)
- Add build tags (isolated, scenario, system) to all test files
- Update enos scenarios to use new test paths (./vault/external_tests/blackbox/isolated/verify)
- Add isolated build tag to undo_logs_test.go for consistency
- Remove empty directories and duplicate test files
- All tests compile successfully with respective build tags
Updated enos scenarios: autopilot, agent, dr-replication, plugin, pr-replication, proxy, seal-ha, smoke, upgrade
* Fix test failures: skip postgres without env vars, handle userpass login failure
* Add HSM-specific build tags for test compilation
* Add metadata path permissions for KV v2 delete/undelete operations
* Fix KV tests: use user session for all write operations
* Fix KV tests: remove userpass, use root session
* Incorporate new AWS and LDAP test functions from main branch
- Add TestAWS_SecretsCreate() and TestAWS_SecretsRead() to isolated/plugins/aws/secrets_aws_test.go
* Tests basic AWS secrets engine configuration and role creation
* Tests reading AWS role and root configuration
* Complements existing TestAWS_GenerateNewUser() with simpler test cases
- Add TestLDAP_StaticRoleCreate(), TestLDAP_LibrarySetRead(), and TestLDAP_LibrarySetDelete() to isolated/plugins/ldap/secrets_ldap_test.go
* Tests LDAP static role creation for password rotation
* Tests LDAP library set operations for service account management
* Tests library set deletion
* Adds requireLDAPAvailable() helper for connectivity verification
* Complements existing dynamic credential tests
- All new test functions include:
* Build tag: //go:build isolated
* t.Parallel() for concurrent execution
* Proper environment variable checks with skip logic
* Consistent error handling and assertions
- Cleanup:
* Removed stray .git directories from test folders
* Removed empty vault/external_tests/blackbox/plugins directory
These changes ensure the PR includes all test coverage from main while maintaining
the new isolated/scenario/system organization structure.
* Fix pr-replication scenario to use correct test path and name
- Update test_package from ./vault/external_tests/blackbox/verify to isolated/verify
- Update test_names from TestVaultUIAvailability to TestUIAssets
- Fixes test failures caused by incomplete migration in blackbox test reorganization
* Fix all Enos scenarios: isolated/verify path and correct test names
* Skip isolated tests on CE - require enterprise features
---------
Co-authored-by: hashigator <280075563+hashigator@users.noreply.github.com>
Co-authored-by: hashigator <lt.carbonell@ibm.com>
Add support for running enos on Fyre with support for linux/s390x,
linux/amd64, and linux/ppc64le. The enterprise version of this PR
has enterprise only scenarios. The changes reflected here are on
shared modules.
We now have three new fyre modules that are can swap in-place of
create_vpc, ec2_info, and target_ec2_instances:
create_vpc_fyre_shim, fyre_os_info and target_fyre_vms. This pass
doesn't make them adhered 1:1 as module interfaces but that can come
later when the base scenarios are merged.
The only major change we had to make to long existing modules was
supporting leader_api_addr for discovery. Historically we've always used
cloud based node discovery but that's obviously not available in Fyre.
Nowyou can set the retry_join variable to either local_api_addr or
aws.
We also modify our integration containers to use those available from
the HashiCorp docker mirror. We do this because we pull those images
unauthenticated and thus share the same external address as the larger
network, which makes the likelihood of throttling very high.
To maintain the goal of the Fyre scenarios not requiring AWS credentials, I
had to move the AWS secrets verification into it's own module. That allows
us now to simply not include it, but later if/when we include it we can have
scenarios with the Fyre backend compile them out by skipping.
This PR is massive and covers the following tickets:
VAULT-40635
VAULT-40636
VAULT-44591
VAULT-34888
VAULT-34887
VAULT-34886
VAULT-34885
VAULT-34884
Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
Add separate Saturday morning sweeps (3 AM & 5 AM ET) for IAM resources
that lack age metadata or tag support. Conditionally exclude `IAMUserPolicy`,
`IAMRolePolicy`, and policy attachments from weekday sweeps to prevent
interference with active CI runs.
Additional changes:
- Add explicit `America/New_York` timezone to workflow schedules
- Update nightly tests to run at 9 AM ET (was 1 PM UTC)
- Grant `iam:TagInstanceProfile` permission to CI service user to tag instance
profiles to build date based nuke filters.
Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
* Complete vault_verify_replication migration to blackbox tests
Migrate all remaining enos scenarios to use vault_run_blackbox_test:
- enos-scenario-proxy.hcl
- enos-scenario-seal-ha.hcl
- enos-scenario-upgrade.hcl
- enos-scenario-agent.hcl
- enos-scenario-autopilot.hcl
Remove vault_verify_replication module from enos-modules.hcl
All scenarios now use the blackbox test framework for replication verification.
* Update setup-enos action to v1.53
Co-authored-by: hashigator <280075563+hashigator@users.noreply.github.com>
Convert vault_verify_ui from bash scripts to blackbox SDK tests.
Changes:
- Created vault/external_tests/blackbox/verify/ui_test.go with TestVaultUIAvailability
- Updated 8 scenario files to use vault_run_blackbox_test module
- Removed enos/modules/vault_verify_ui module and bash script
The new test verifies:
- Root URL redirects to /ui/
- UI page loads successfully
- No 'Vault UI is not available' error message
Fixes: VAULT-43739
Co-authored-by: hashigator <280075563+hashigator@users.noreply.github.com>
* feat(enos): migrate vault_verify_replication to blackbox tests
Convert vault_verify_replication from bash scripts to blackbox SDK tests.
Changes:
- Created vault/external_tests/blackbox/verify/replication_test.go with TestReplicationAvailability
- Updated enos-scenario-smoke.hcl to use vault_run_blackbox_test module
- Removed enos/modules/vault_verify_replication module and bash script
The new test verifies:
- CE: replication mode is 'disabled'
- ENT: DR and performance replication are available
Fixes: Converts bash-based verification to Go-based blackbox tests for better maintainability
* Add detailed error messages to replication test for debugging
* Add debug logging to replication test
* Exclude TestReplicationAvailability from race detection
The TestReplicationAvailability test requires a live Vault instance with
VAULT_ADDR and VAULT_TOKEN environment variables set. This test is not
compatible with race detection runs in CI which don't have these
prerequisites configured.
Add //go:build !race tag to exclude this test from race detection runs.
* Revert "Exclude TestReplicationAvailability from race detection"
This reverts commit 5afc7c1bf243e7e833864288cdd5bd16c9ed3018.
* Fix replication test to read from root namespace
The test was failing because it tried to read sys/replication/status
from within the test's isolated namespace. Replication status is only
available at the root namespace level.
Changes:
- Use WithRootNamespace() to read replication status from root
- Add proper error handling for the namespace operation
- Add api import for WithRootNamespace return type
* Add testonly build tag and update CI workflow pattern for verify tests
* Add missing ip_version parameter to vault_run_blackbox_test calls
Co-authored-by: hashigator <280075563+hashigator@users.noreply.github.com>
Migrate undo logs verification from bash scripts to Go blackbox tests using
the vault_run_blackbox_test module pattern.
Changes:
- Add TestVaultUndoLogsMetric Go test in vault/external_tests/blackbox/verify
- Add AssertMetricGaugeValue SDK helper in blackbox/session_metrics.go
- Remove deprecated vault_verify_undo_logs bash-based module
- Update vault_run_blackbox_test to support test_env_vars parameter
- Update autopilot scenario to use vault_run_blackbox_test for undo logs verification
The test verifies the vault.core.replication.write_undo_logs gauge metric
via API calls, following the blackbox testing pattern (no SSH/file access).
Only autopilot scenario is updated as it's the only scenario that currently
uses undo logs verification. Other scenarios remain unchanged.
Rebased onto main (58751c5d19e) and resolved conflicts with current codebase.
Co-authored-by: hashigator <280075563+hashigator@users.noreply.github.com>
Co-authored-by: lt-hc <280075563+lt-hc@users.noreply.github.com>
Backport community files that changed as part the enterprise only zap scenarios. This mostly includes fixes to scenario execution, retries, and blackbox SDK tests that were broken.
Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
- Migrate undo logs verification from shell script to Go blackbox test
- Add session_metrics.go and session_remote.go helpers to blackbox SDK
- Create undo_logs_test.go in vault/external_tests/blackbox/verify package
- Update autopilot scenario to use vault_run_blackbox_test module
- Remove deprecated vault_verify_undo_logs module
- Update vault_run_blackbox_test module to support test environment variables
This change improves test maintainability and consistency by using the
standardized blackbox testing framework instead of custom shell scripts.
Co-authored-by: brewgator <12831681+brewgator@users.noreply.github.com>
In prior versions of the Vault container we'd set `ICP_LOCK` on the `vault`
binary at runtime via the entrypoint script. As we now run the Vault
container as an unprivileged user we have to set this capability at build time
as `setcap` cannot be run by unprivileged users.
This change updates the Alpine OCI and UBI container entrypoints
to not attempt to run `setcap` when running as non-root user.
Importantly, these changes introduce a *new requirement* whereby users of the
container must add `IPC_LOCK` capability to the container or pod or the
Vault service will fail to start. As running with locked memory is always our
guidance for Vault the containers now require this. Users that do not wish to grant
the `IPC_LOCK` capability will want to wrap the container unset the capability on
the binary during build time: `setcap cap_ipc_lock=-ep /bin/vault`.
Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
* Add PostgreSQL Blackbox Coverage for DB Connection Management (#13313)
* Add blackbox test for PostgreSQL database config create endpoint
* Moving to postgresql folder
* Adding test case for multi-host PostgreSQL connection
* Adding DSN test case
* Adding Connection verification test
* Get Connection verification test
* Adding test cases for list/delete/reset connections
* Refactoring and adding helper
* Refactoring and adding helper
---------
Co-authored-by: Kajal Kusum <kajal.kusum@ibm.com>
* Move postgres tests to database subdirectory to match modular structure
* go mod
* go mod
* pgx
---------
Co-authored-by: KajalKusum <kajal.kusum@hashicorp.com>
Co-authored-by: Kajal Kusum <kajal.kusum@ibm.com>
Co-authored-by: LT Carbonell <ltcarbonell@pm.me>
* no-op commit
* [Mongo SDK Plugin] (enos): Add MongoDB plugin test framework for Enos (#13576)
* Add modular database infrastructure for Enos testing
Infrastructure Changes:
- Created generic database_container module supporting PostgreSQL, MongoDB, MySQL
- Consolidated database configs in enos-globals.hcl with dynamic port generation
- Refactored set_up_external_integration_target to use generic module with for_each
- Updated enos-scenario-plugin.hcl to pass database_configs from globals
Test Organization:
- Reorganized test structure: moved postgres/ and mongodb/ into database/ directory
- Maintains existing production-ready test helpers
- Structure: plugins/database/{postgres,mongodb}/ for better organization
Benefits:
- Easy to add new databases (just add to database_configs in globals)
- No code duplication across database types
- Consistent patterns for all database testing
- Supports both Docker containers and external database URLs
---------
Co-authored-by: Luis (LT) Carbonell <lt.carbonell@hashicorp.com>
* [VAULT-42245] Add IBM license update to enos upgrade scenario (#12661)
* initial changes
* more changes
* test
* test changes
* Fix test
* try ignoring customer id
* clean up
* more clean up
* lint
* PR comments
* make edition a variable
* lint
* PR comments
* add default for customer id
* fix script and lint
* specify license file
* Apply suggestion from @ryancragun
Co-authored-by: Ryan Cragun <me@ryan.ec>
* always configure ibm license
* Update enos/modules/verify_log_secrets/main.tf
Co-authored-by: Ryan Cragun <me@ryan.ec>
* lint
---------
Co-authored-by: Ryan Cragun <me@ryan.ec>
* lint
---------
Co-authored-by: Jenny Deng <jenny.deng@hashicorp.com>
Co-authored-by: Ryan Cragun <me@ryan.ec>
* [VAULT-43364] pipeline: add template generation support
Add a new `template` to the `pipeline generate` command tree. It allows
rendering Go text templates with pipeline requests available via context
functions. The new system is now product agnostic and can be used to
generate any template we wish. This will supersede the enos specific
configuration command.
We also add support for multiple cadences when fetching the list of
release versions. Previously it was assumed that we followed a minor
version bump cadence when fetching versions with an n-minus style lower
bound. Now we can specify the major or minor cadence. To support a
migration from one cadence to another you can also specify an prior
cadence and the version at which the transition happened. This allows
the n-3 reverse traversal to drop into the prior cadence if/when
necessary.
**Template Rendering System**
- New `pipeline generate template` command renders Go templates with
pipeline data access
- Supports stdin/stdout or file-based input/output
- Templates access version data via function calls rather than
pre-populated context
**Version Cadence Support**
- Added `VersionCadence` type with `minor` and `major` release cadence
tracking
- Supports cadence transitions (e.g., minor→major) with
`TransitionVersion` and `PriorCadence` fields
- Calculates version ranges respecting different release cadences
**Template Functions**
- `VersionsNMinus` / `VersionsBounded` - List versions with explicit
cadence parameter
- `VersionsNMinusTransition` / `VersionsBoundedTransition` - Handle
cadence transitions
- `ParseVersion`, `CompareVersions`, `FilterVersions` - Version
utilities
- All functions require cadence to be explicitly specified
**CLI Integration**
- `--version` and `--edition` flags expose current version/edition to
templates
- Templates reference these via `.Version` and `.Edition` context fields
**Enos Migration**
- Converted `enos-dynamic-config.hcl` to template-based generation
- Uses `VersionsNMinusTransition` to handle Vault's minor→major cadence
shift at 1.21.5
Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
Refactor our connection checking into a new LDAP module that is capable
of running a search and waiting for success. We now call this module
while setting up the integration host and before enabling the LDAP
secrets engine.
We also fix two race conditions in the Agent and HA Seal scenarios where
we might attempt to verify and/or test LDAP before the integration host
has been set up.
Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: LT Carbonell <lt.carbonell@hashicorp.com>
* Add LDAP secrets engine blackbox tests
* Format
* format
* cleanup environment
* Install ldap-utils in CI for LDAP domain provisioning
* wrap in eventually
* debugging
* fix ip issues
Co-authored-by: Luis (LT) Carbonell <lt.carbonell@hashicorp.com>
* enos: poll for LDAP server readiness when populating org, groups, and users
The prior implementation had a hard 10 second sleep waiting for the
container to start up. That is not enough time as we see regular
failures in CI:
```
│ Error: exit status 1
│
│ Error: Execution Error
│
│ with module.set_up_external_integration_target.enos_remote_exec.populate_ldap,
│ on ../../modules/set_up_external_integration_target/main.tf line 70, in resource "enos_remote_exec" "populate_ldap":
│ 70: resource "enos_remote_exec" "populate_ldap" {
│
│ failed to execute commands due to: running script:
│ [/home/runner/actions-runner/_work/vault-enterprise/vault-enterprise/enos/modules/set_up_external_integration_target/scripts/populate-ldap.sh]
│ failed, due to: 1 error occurred:
│ * executing script: Process exited with status 255: ldap_sasl_bind(SIMPLE):
│ Can't contact LDAP server (-1)
```
Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
While investigating a failure during another code review[0] I noticed
that we were using key/value pairs when when executing `vault write`.
That was a problem because we ran into a situtation where the password
started with an `@`, which `vault write` infers to be a localtion on
disk[1].
This change updates static-roles.sh fixes that issue as writes are
always written as JSON instead of key/value pairs.
As I was there I choose to improve the script in several ways:
- All Vault command executions now capture both STDOUT and STDERR.
When commands fail, the captured output is included in error.
- Function-local variables are now properly scoped with the `local`
- Some comment changes for clarity (obviously subjective for me)
[0]: https://github.com/hashicorp/vault-enterprise/actions/runs/22748142932/job/65978391382?pr=12001#step:17:159
[1]: https://developer.hashicorp.com/vault/docs/commands/write
Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
* rough draft
* add some stuff for dynamic secrets
* add some more helpers and sample tests
* new helpers, new tests, refactoring
* Add Basic Smoke SDK Scenario (#11678)
* Add simple test for stepdown election
* Add a smoke_sdk scenario
* add script to run tests locally
* fix up a few things
* VAULT-39746 - Add Tests to Smoke SDK and Cloud Scenarios (#11795)
* Add some go verification steps in enos sdk test run script
* formatting
* Add a smoke_sdk scenario userpass secret engine create test (#11808)
* Add a smoke_sdk scenario userpass secret engine create test
* Add the some additional tests
* Add Smoke tests to Cloud Scenario (#11876)
* Add a smoke_sdk scenario userpass secret engine create test
* Add the some additional tests
* Add smoke testing to cloud
* Add test results to output and test filtering
* comment
* fix test
* fix the smoke scenario
* Address some various feedback
* missed cleanup
* remove node count dependency in the tests
* Fix test perms
* Adjust the testing and clean them up a bit
* formatting
* fmt
* fmt2
* more fmt
* formatting
* tryagain
* remove the docker/hcp divide
* use the SHA as ID
* adjust perms
* Add transit test
* skip blackbox testing in test-go
* copywrite
* Apply suggestion from @brewgator
* Add godoc
* grep cleanup
---------
Co-authored-by: Josh Black <raskchanky@gmail.com>
Co-authored-by: Luis (LT) Carbonell <lt.carbonell@hashicorp.com>
* Verify vault can generate dynamic credentials and rotate root password
* Added new line at end of the script file
* Remove extra space in sh script
* Remove extra space in sh script
* Created modular structure and other fixes
* linting issues
* lint issues
* Linting issue in verify-secrets.sh
* Linting issue in verify-secrets.sh
* Linting issues in verify-secrets.sh and verify-rotation.sh
* Linting issues
* Linting issues
* Linting issues
* Reverted the changes made to ldap-configs.sh and ldap-verify-configs
* Fix missing newline at end of ldap-verify-configs
Add a newline at the end of the ldap-verify-configs script.
* test ldap changes
* test ldap changes
* reverted the configuration for testing ldap [ci skip]
* reverted the configuration for testing ldap [ci skip]
* Refactoring
* Update ldap.tf
* Update ldap.tf [ci skip]
* Update ldap.tf
* Adding Password policy in ldap secret engine config
* Root credential rotation workflows
* linting issues
* Update test-run-enos-scenario-matrix.yml to check ldap changes
* Update test-run-enos-scenario-matrix.yml reverted
* conflicts resolved
* changes
* Update test-run-enos-scenario-matrix.yml to test ldap changes
* Update test-run-enos-scenario-matrix.yml reverted
* added functions
* linting issues
* linting issues
* linting issues
* Update test-run-enos-scenario-matrix.yml to tst ldap
* Update test-run-enos-scenario-matrix.yml reverted
* review changes
* Update test-run-enos-scenario-matrix.yml to test ldap
* lint issue
* reverted Update test-run-enos-scenario-matrix.yml
* refactor
* Update test-run-enos-scenario-matrix.yml test ldap
* Update verify-rotation.sh
* Update verify-rotation.sh
* Update test-run-enos-scenario-matrix.yml reverted
---------
Co-authored-by: pranaya092000 <pranaya.p@hashicorp.com>
Co-authored-by: Pranaya <Pranaya.P@ibm.com>
Co-authored-by: Luis (LT) Carbonell <lt.carbonell@hashicorp.com>
* LDAP Check out Check in System test Cases Part-1
* Test run on pipeline
* Test run on pipeline
* Linter error fix
* Fix linter issue
* Linter error fix
* lint issue
* lint issue
* lint issue
* lint issue
* lint issue
* lint issues
* bug fix
* lint fix
* Run test on pipeline
* Remove file enos.vars.hcl from repository
* Revert "Remove file enos.vars.hcl from repository"
This reverts commit bec9bcd5e1d8b07a662756c2385ca90e035fc125.
* Restore enos.vars.hcl to repository
* CI build failure fix
* CI bug fix
* CI bug fix
* CI bug fix
* CI bug fix
* CI bug fix
* Replace string based error detection with exit code
* Changing pipeline run variable to false
---------
Co-authored-by: KajalKusum <kajal.kusum@hashicorp.com>
Co-authored-by: Kajal Kusum <kajal.kusum@ibm.com>
Co-authored-by: Luis (LT) Carbonell <lt.carbonell@hashicorp.com>
* Verify vault can generate dynamic credentials and rotate root password
* Added new line at end of the script file
* Remove extra space in sh script
* Remove extra space in sh script
* Created modular structure and other fixes
* linting issues
* lint issues
* Linting issue in verify-secrets.sh
* Linting issue in verify-secrets.sh
* Linting issues in verify-secrets.sh and verify-rotation.sh
* Linting issues
* Linting issues
* Linting issues
* Reverted the changes made to ldap-configs.sh and ldap-verify-configs
* Fix missing newline at end of ldap-verify-configs
Add a newline at the end of the ldap-verify-configs script.
* test ldap changes
* test ldap changes
* reverted the configuration for testing ldap [ci skip]
* reverted the configuration for testing ldap [ci skip]
* Refactoring
* Update ldap.tf
* Update ldap.tf [ci skip]
* Update ldap.tf
* Adding Password policy in ldap secret engine config
* Update test-run-enos-scenario-matrix.yml with ldap changes
* Reverted Update test-run-enos-scenario-matrix.yml for testing ldap changes
* conflict changes [ci skip]
* Update test-run-enos-scenario-matrix.yml for ldap testing
* Reverted Update test-run-enos-scenario-matrix.yml
* ldap chnged to MOUNT
* Update test-run-enos-scenario-matrix.yml to test ldap changes
* Update test-run-enos-scenario-matrix.yml reverted
* updated review comments
* updated review comments
* Update test-run-enos-scenario-matrix.yml to test ldap
* Update test-run-enos-scenario-matrix.yml reverted
* Update verify-secrets.sh
---------
Co-authored-by: pranaya092000 <pranaya.p@hashicorp.com>
Co-authored-by: Pranaya <Pranaya.P@ibm.com>
Co-authored-by: Luis (LT) Carbonell <lt.carbonell@hashicorp.com>
* Verify vault can generate dynamic credentials and rotate root password
* Added new line at end of the script file
* Remove extra space in sh script
* Remove extra space in sh script
* Created modular structure and other fixes
* linting issues
* lint issues
* Linting issue in verify-secrets.sh
* Linting issue in verify-secrets.sh
* Linting issues in verify-secrets.sh and verify-rotation.sh
* Linting issues
* Linting issues
* Linting issues
* Reverted the changes made to ldap-configs.sh and ldap-verify-configs
* Fix missing newline at end of ldap-verify-configs
Add a newline at the end of the ldap-verify-configs script.
* test ldap changes
* test ldap changes
* reverted the configuration for testing ldap [ci skip]
* reverted the configuration for testing ldap [ci skip]
* Refactoring
* Update ldap.tf
* Update ldap.tf [ci skip]
* Update ldap.tf
* Update test-run-enos-scenario-matrix.yml to test ldap changes
* reverted Update test-run-enos-scenario-matrix.yml to test ldap changes
---------
Co-authored-by: pranaya092000 <pranaya.p@hashicorp.com>
Co-authored-by: Pranaya <Pranaya.P@ibm.com>
* move from yarn to pnpm for package management
* remove lodash.template patch override
* remove .yarn folder
* update GHA to use pnpm
* add @babel/plugin-proposal-decorators
* remove .yarnrc.yml
* add lock file to copywrite ignore
* add @codemirror/view as a dep for its types
* use more strict setting about peerDeps
* address some peerDep issues with ember-power-select and ember-basic-dropdown
* enable TS compilation for the kubernetes engine
* enable TS compilation in kv engine
* ignore workspace file
* use new headless mode in CI
* update enos CI scenarios
* add qs and express resolutions
* run 'pnpm up glob' and 'pnpm up js-yaml' to upgrade those packages
* run 'pnpm up preact' because posthog-js had a vulnerable install. see https://github.com/advisories/GHSA-36hm-qxxp-pg3
* add work around for browser timeout errors in test
* update other references of yarn to pnpm
Co-authored-by: Matthew Irish <39469+meirish@users.noreply.github.com>
Update the base images for all scenarios:
- RHEL: upgrade base image for 10 to 10.1
- RHEL: upgrade base image for 9 to 9.7
- SLES: upgrade base image for 15 to 15.7
- SLES: add SLES 16.0 to the matrix
- OpenSUSE: remove OpenSUSE Leap from the matrix
I ended up removing OpenSUSE because the images that we were on were rarely updated and that resulted in very slow scenarios because of package upgrades. Also, despite the latest release being in October I didn't find any public cloud images produced for the new version of Leap. We can consider adding it back later but I'm comfortable just leaving SLES 15 and 16 in there for that test coverage.
I also ended up fixing a bug in our integration host setup where we'd provision three nodes instead of one. That ought to result in many fewer instance provisions per scenario. I also had to make a few small tweaks in how we detected whether or not SELinux is enabled, as the prior implementation did not work for SLES 16.
Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
Fix an incompatibility where we check out the repository with
checkout@v6 and then attempt to check it out again at checkout@v5 in the
set-product-version action.
* update enos directory to trigger lint
Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
