mirror of
https://github.com/hashicorp/vault.git
synced 2026-02-03 20:40:45 -05:00
7b470708ac
Update the base images for all scenarios: - RHEL: upgrade base image for 10 to 10.1 - RHEL: upgrade base image for 9 to 9.7 - SLES: upgrade base image for 15 to 15.7 - SLES: add SLES 16.0 to the matrix - OpenSUSE: remove OpenSUSE Leap from the matrix I ended up removing OpenSUSE because the images that we were on were rarely updated and that resulted in very slow scenarios because of package upgrades. Also, despite the latest release being in October I didn't find any public cloud images produced for the new version of Leap. We can consider adding it back later but I'm comfortable just leaving SLES 15 and 16 in there for that test coverage. I also ended up fixing a bug in our integration host setup where we'd provision three nodes instead of one. That ought to result in many fewer instance provisions per scenario. I also had to make a few small tweaks in how we detected whether or not SELinux is enabled, as the prior implementation did not work for SLES 16. Signed-off-by: Ryan Cragun <me@ryan.ec> Co-authored-by: Ryan Cragun <me@ryan.ec>
218 lines
6.2 KiB
HCL
218 lines
6.2 KiB
HCL
// Copyright IBM Corp. 2016, 2025
|
|
// SPDX-License-Identifier: BUSL-1.1
|
|
|
|
variable "artifactory_token" {
|
|
type = string
|
|
description = "The token to use when authenticating to artifactory"
|
|
default = null
|
|
sensitive = true
|
|
}
|
|
|
|
variable "artifactory_host" {
|
|
type = string
|
|
description = "The artifactory host to search for vault artifacts"
|
|
default = "https://artifactory.hashicorp.engineering/artifactory"
|
|
}
|
|
|
|
variable "artifactory_repo" {
|
|
type = string
|
|
description = "The artifactory repo to search for vault artifacts"
|
|
default = "hashicorp-crt-stable-local*"
|
|
}
|
|
|
|
variable "aws_region" {
|
|
description = "The AWS region where we'll create infrastructure"
|
|
type = string
|
|
default = "us-east-1"
|
|
}
|
|
|
|
variable "aws_ssh_keypair_name" {
|
|
description = "The AWS keypair to use for SSH"
|
|
type = string
|
|
default = "enos-ci-ssh-key"
|
|
}
|
|
|
|
variable "aws_ssh_private_key_path" {
|
|
description = "The path to the AWS keypair private key"
|
|
type = string
|
|
default = "./support/private_key.pem"
|
|
}
|
|
|
|
variable "backend_edition" {
|
|
description = "The backend release edition if applicable"
|
|
type = string
|
|
default = "ce" // or "ent"
|
|
}
|
|
|
|
variable "backend_instance_type" {
|
|
description = "The instance type to use for the Vault backend. Must be arm64/nitro compatible"
|
|
type = string
|
|
default = "t4g.small"
|
|
}
|
|
|
|
variable "backend_license_path" {
|
|
description = "The license for the backend if applicable (Consul Enterprise)"
|
|
type = string
|
|
default = null
|
|
}
|
|
|
|
variable "backend_log_level" {
|
|
description = "The server log level for the backend. Supported values include 'trace', 'debug', 'info', 'warn', 'error'"
|
|
type = string
|
|
default = "trace"
|
|
}
|
|
|
|
variable "distro_version_amzn" {
|
|
description = "The version of Amazon Linux 2 to use"
|
|
type = string
|
|
default = "2023" // or "2", though pkcs11 has not been tested with 2
|
|
}
|
|
|
|
variable "distro_version_rhel" {
|
|
description = "The version of RedHat Enterprise Linux to use"
|
|
type = string
|
|
default = "10.1" // or "8.10", "9.7"
|
|
}
|
|
|
|
variable "distro_version_sles" {
|
|
description = "The version of SUSE Enterprise Linux to use"
|
|
type = string
|
|
default = "16.0" // or "15.7"
|
|
}
|
|
|
|
variable "distro_version_ubuntu" {
|
|
description = "The version of Ubuntu Linux to use"
|
|
type = string
|
|
default = "24.04" // or "22.04"
|
|
}
|
|
|
|
variable "project_name" {
|
|
description = "The description of the project"
|
|
type = string
|
|
default = "vault-enos-integration"
|
|
}
|
|
|
|
variable "tags" {
|
|
description = "Tags that will be applied to infrastructure resources that support tagging"
|
|
type = map(string)
|
|
default = null
|
|
}
|
|
|
|
variable "terraform_plugin_cache_dir" {
|
|
description = "The directory to cache Terraform modules and providers"
|
|
type = string
|
|
default = null
|
|
}
|
|
|
|
variable "ui_test_filter" {
|
|
type = string
|
|
description = "A test filter to limit the ui tests to execute. Will be appended to the ember test command as '-f=\"<filter>\"'"
|
|
default = null
|
|
}
|
|
|
|
variable "ui_run_tests" {
|
|
type = bool
|
|
description = "Whether to run the UI tests or not. If set to false a cluster will be created but no tests will be run"
|
|
default = true
|
|
}
|
|
|
|
variable "vault_artifact_type" {
|
|
description = "The type of Vault artifact to use when installing Vault from artifactory. It should be 'package' for .deb or .rpm package and 'bundle' for .zip bundles"
|
|
default = "bundle"
|
|
}
|
|
|
|
variable "vault_artifact_path" {
|
|
description = "Path to CRT generated or local vault.zip bundle"
|
|
type = string
|
|
default = "/tmp/vault.zip"
|
|
}
|
|
|
|
variable "vault_build_date" {
|
|
description = "The build date for Vault artifact"
|
|
type = string
|
|
default = ""
|
|
}
|
|
|
|
variable "vault_enable_audit_devices" {
|
|
description = "If true every audit device will be enabled"
|
|
type = bool
|
|
default = true
|
|
}
|
|
|
|
variable "vault_install_dir" {
|
|
type = string
|
|
description = "The directory where the Vault binary will be installed"
|
|
default = "/opt/vault/bin"
|
|
}
|
|
|
|
variable "vault_instance_count" {
|
|
description = "How many instances to create for the Vault cluster"
|
|
type = number
|
|
default = 3
|
|
}
|
|
|
|
variable "vault_license_path" {
|
|
description = "The path to a valid Vault enterprise edition license. This is only required for non-ce editions"
|
|
type = string
|
|
default = null
|
|
}
|
|
|
|
variable "vault_local_build_tags" {
|
|
description = "The build tags to pass to the Go compiler for builder:local variants"
|
|
type = list(string)
|
|
default = null
|
|
}
|
|
|
|
variable "vault_log_level" {
|
|
description = "The server log level for Vault logs. Supported values (in order of detail) are trace, debug, info, warn, and err."
|
|
type = string
|
|
default = "trace"
|
|
}
|
|
|
|
variable "vault_product_version" {
|
|
description = "The version of Vault we are testing"
|
|
type = string
|
|
default = null
|
|
}
|
|
|
|
variable "vault_radar_license_path" {
|
|
description = "The license for vault-radar which is used to verify the audit log"
|
|
type = string
|
|
default = null
|
|
}
|
|
|
|
variable "vault_revision" {
|
|
description = "The git sha of Vault artifact we are testing"
|
|
type = string
|
|
default = null
|
|
}
|
|
|
|
variable "vault_upgrade_initial_version" {
|
|
description = "The Vault release to deploy before upgrading"
|
|
type = string
|
|
default = "1.13.13"
|
|
}
|
|
|
|
variable "verify_aws_secrets_engine" {
|
|
description = "If true we'll verify AWS secrets engines behavior. Because of user creation restrictions in Doormat AWS accounts, only turn this on for CI, as it depends on resources that exist only in those accounts"
|
|
type = bool
|
|
default = false
|
|
}
|
|
|
|
variable "verify_kmip_secrets_engine" {
|
|
description = "If true we'll verify KMIP secrets engines behavior"
|
|
type = bool
|
|
default = false
|
|
}
|
|
|
|
variable "verify_ldap_secrets_engine" {
|
|
description = "If true we'll verify LDAP secrets engines behavior"
|
|
type = bool
|
|
default = false
|
|
}
|
|
|
|
variable "verify_log_secrets" {
|
|
description = "If true and var.vault_enable_audit_devices is true we'll verify that the audit log does not contain unencrypted secrets. Requires var.vault_radar_license_path to be set to a valid license file."
|
|
type = bool
|
|
default = false
|
|
}
|