Merge pull request #48 from Cray-HPE/scsd-integration-tests-real-vault

CASMHMS-5458 Coordination for HMS CT Helm tests

.version

@@ -1 +1 @@
-1.12.0
+1.13.0

CHANGELOG.md

@@ -5,6 +5,13 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).\
 
+## [1.13.0] - 2022-06-23
+
+### Changed
+
+- Updated CT and integration tests to hms-test:3.1.0 image as part of Helm test coordination.
+- Replaced fake Vault with real Vault in the integration test environment.
+
 ## [1.12.0] - 2022-06-03
 
 ### Changed

Dockerfile.test.integration

@@ -1,6 +1,6 @@
 # MIT License
 #
-# (C) Copyright [2020-2021] Hewlett Packard Enterprise Development LP
+# (C) Copyright [2020-2022] Hewlett Packard Enterprise Development LP
 #
 # Permission is hereby granted, free of charge, to any person obtaining a
 # copy of this software and associated documentation files (the "Software"),
@@ -60,22 +60,6 @@ RUN set -ex \
 # Setup environment variables.
 ENV VAULT_SKIP_VERIFY="true"
 
-ARG IN_CRAY_VAULT_JWT_FILE
-ARG IN_CRAY_VAULT_ROLE_FILE
-ARG IN_SCSD_TEST_K8S_AUTH_URL
-ARG IN_SCSD_TEST_VAULT_PKI_URL
-ARG IN_SCSD_TEST_VAULT_CA_URL
-
-ENV CRAY_VAULT_JWT_FILE=${IN_CRAY_VAULT_JWT_FILE}
-ENV CRAY_VAULT_ROLE_FILE=${IN_CRAY_VAULT_ROLE_FILE}
-ENV SCSD_TEST_K8S_AUTH_URL=${IN_SCSD_TEST_K8S_AUTH_URL}
-ENV SCSD_TEST_VAULT_PKI_URL=${IN_SCSD_TEST_VAULT_PKI_URL}
-ENV SCSD_TEST_VAULT_CA_URL=${IN_SCSD_TEST_VAULT_CA_URL}
-
-RUN if [ ! -z ${IN_CRAY_VAULT_JWT_FILE} ]; then mkdir -p `dirname ${IN_CRAY_VAULT_JWT_FILE}` ; echo jwt_xyzzy > ${IN_CRAY_VAULT_JWT_FILE} ;  fi
-
-RUN if [ ! -z $CRAY_VAULT_ROLE_FILE ]; then mkdir -p `dirname ${CRAY_VAULT_ROLE_FILE}` ; echo role_xyzzy > ${CRAY_VAULT_ROLE_FILE} ; fi
-
 RUN set -ex \
     && apk -U upgrade \
     && apk add --no-cache curl

cmd/scsd/scsd.go

@@ -83,18 +83,10 @@ var VaultKeypath string
 var Running = true
 var dfltHTTP = false // for testing
 var caURI string
-var vaultCAURL string
-var vaultPKIURL string
 var dfltProtocol = "https"
 var serviceName = "scsd"
 var logger *logrus.Logger
 
-//Test stuff
-var test_k8sAuthUrl string
-var test_vaultJWTFile string
-var test_vaultPKIUrl string
-var test_vaultCAUrl string
-
 var compCredStore *compcreds.CompCredStore
 
 var rfClientLock sync.Mutex
@@ -181,8 +173,6 @@ func parseEnvVars() {
 	__env_parse_string("SCSD_SMD_URL", &appParams.SmdURL)
 	__env_parse_bool("SCSD_DEFAULT_HTTP", &dfltHTTP)
 	__env_parse_string("SCSD_CA_URI", &caURI)
-	__env_parse_string("SCSD_VAULT_CA_URL", &vaultCAURL)
-	__env_parse_string("SCSD_VAULT_PKI_URL", &vaultPKIURL)
 
 	//These env vars are for vault and need to be named without SCSD_
 	//since libraries use them too.
@@ -198,12 +188,6 @@ func parseEnvVars() {
 	//  CRAY_VAULT_JWT_FILE    # e.g. /tmp/k8stoken
 	//  CRAY_VAULT_ROLE_FILE   # e.g. also /tmp/k8stoken
 
-	//The following are used only for testing
-
-	__env_parse_string("SCSD_TEST_K8S_AUTH_URL", &test_k8sAuthUrl)
-	__env_parse_string("SCSD_TEST_VAULT_JWT_FILE", &test_vaultJWTFile)
-	__env_parse_string("SCSD_TEST_VAULT_PKI_URL", &test_vaultPKIUrl)
-	__env_parse_string("SCSD_TEST_VAULT_CA_URL", &test_vaultCAUrl)
 }
 
 func setupVault() {
@@ -328,47 +312,12 @@ func main() {
 	}
 
 	// For testing.  ENV VARS relevant:
-	//   SCSD_TEST_K8S_AUTH_URL
-	//   SCSD_TEST_VAULT_PKI_URL
-	//   SCSD_TEST_VAULT_CA_URL
-	//   SCSD_TEST_VAULT_JWT_FILE
-	//   See also: CRAY_VAULT_JWT_FILE and CRAY_VAULT_ROLE_FILE
-
-	if test_k8sAuthUrl != "" {
-		logger.Infof("Overriding k8s auth url with: '%s'", test_k8sAuthUrl)
-		hms_certs.ConfigParams.K8SAuthUrl = test_k8sAuthUrl
-	}
-	if test_vaultPKIUrl != "" {
-		logger.Infof("Overriding PKI url with: '%s'", test_vaultPKIUrl)
-		hms_certs.ConfigParams.VaultPKIUrl = test_vaultPKIUrl
-	}
-	if test_vaultCAUrl != "" {
-		logger.Infof("Overriding CA url with: '%s'", test_vaultCAUrl)
-		hms_certs.ConfigParams.VaultCAUrl = test_vaultCAUrl
-	}
-	if test_vaultJWTFile != "" {
-		logger.Infof("Overriding Vault JWT file with: '%s'", test_vaultJWTFile)
-		hms_certs.ConfigParams.VaultJWTFile = test_vaultJWTFile
-	}
-	estr := os.Getenv("CRAY_VAULT_JWT_FILE")
-	if estr != "" {
-		logger.Infof("Overriding JWT file with: '%s'", estr)
-	}
-	estr = os.Getenv("CRAY_VAULT_ROLE_FILE")
-	if estr != "" {
-		logger.Infof("Overriding ROLE file with: '%s'", estr)
-	}
+	// CRAY_VAULT_JWT_FILE
+	// CRAY_VAULT_ROLE_FILE
+
 	hms_certs.InitInstance(logger, serviceName)
 
 	if appParams.LocalMode && (caURI != "") {
-		if vaultCAURL != "" {
-			logger.Infof("Setting Vault CA URL to: '%s'", vaultCAURL)
-			hms_certs.ConfigParams.VaultCAUrl = vaultCAURL
-		}
-		if vaultPKIURL != "" {
-			logger.Infof("Setting Vault PKI URL to: '%s'", vaultPKIURL)
-			hms_certs.ConfigParams.VaultPKIUrl = vaultPKIURL
-		}
 
 		//Set up TRS cert security stuff and register CA chain update callback
 

docker-compose.test.integration.yaml

@@ -26,7 +26,6 @@ services:
       - X_S5_HOST=x0c0s5b0
       - X_S5_PORT=80
     depends_on:
-      - cray-scsd
       - x0c0s0b0
       - x0c0s1b0
       - x0c0s2b0
@@ -138,37 +137,26 @@ services:
     build:
       context: .
       dockerfile: Dockerfile.test.integration
-      args:
-        IN_SCSD_TEST_K8S_AUTH_URL: ${SCSD_TEST_K8S_AUTH_URL}
-        IN_SCSD_TEST_VAULT_PKI_URL: ${SCSD_TEST_VAULT_PKI_URL}
-        IN_SCSD_TEST_VAULT_CA_URL: ${SCSD_TEST_VAULT_CA_URL}
-        IN_CRAY_VAULT_JWT_FILE: ${CRAY_VAULT_JWT_FILE}
-        IN_CRAY_VAULT_ROLE_FILE: ${CRAY_VAULT_ROLE_FILE}
     environment:
       - SCSD_SMD_URL=http://cray-smd:27779/hsm/v2
       - SCSD_HTTP_LISTEN_PORT=25309
       - SCSD_LOCAL_MODE=true
       - SCSD_DEFAULT_HTTP=true
       - SCSD_LOG_LEVEL=TRACE
-      - VAULT_ENABLE=0
-      - IN_SCSD_TEST_K8S_AUTH_URL=:${SCSD_TEST_K8S_AUTH_URL}
-      - IN_SCSD_TEST_VAULT_PKI_URL=:${SCSD_TEST_VAULT_PKI_URL}
-      - IN_SCSD_TEST_VAULT_CA_URL=:${SCSD_TEST_VAULT_CA_URL}
-      - IN_CRAY_VAULT_JWT_FILE=:${CRAY_VAULT_JWT_FILE}
-      - IN_CRAY_VAULT_ROLE_FILE=:${CRAY_VAULT_ROLE_FILE}
+      - VAULT_ENABLE=1
+      - VAULT_ADDR=http://vault:8200
+      - VAULT_TOKEN=hms
+      - VAULT_KEYPATH=hms-creds
+      # CRAY_VAULT_* used by hms-securestorage and hms-certs
+      - CRAY_VAULT_AUTH_PATH=auth/token/create
+      - CRAY_VAULT_ROLE_FILE=configs/namespace
+      - CRAY_VAULT_JWT_FILE=configs/token
     networks:
       - scsd
     depends_on:
       - cray-smd
-      - fake-vault
-
-  fake-vault:
-    build:
-      context: test/integration
-      dockerfile: Dockerfile.fake-vault
-    hostname: fake-vault
-    networks:
-      - scsd
+      - vault
+      - vault-kv-enabler
 
   vault:
     hostname: vault
@@ -183,11 +171,12 @@ services:
       - scsd
 
   vault-kv-enabler:
-    image: artifactory.algol60.net/csm-docker/stable/vault-kv-enabler:1.13.4
+    image: artifactory.algol60.net/csm-docker/stable/vault-kv-enabler:1.18.0
     environment:
-      - VAULT_ADDR=http://${COMPOSE_PROJECT_NAME}_vault_1:8200
+      - VAULT_ADDR=http://vault:8200
       - VAULT_TOKEN=hms
-      - KV_STORES=hms-creds
+      - VAULT_PKI_ENABLE=true
+      - KV_STORES=hms-creds,secret/certs
     depends_on:
       - vault
     networks:
@@ -202,7 +191,7 @@ services:
       - CRAY_VAULT_AUTH_PATH=auth/token/create
       - CRAY_VAULT_ROLE_FILE=configs/namespace
       - CRAY_VAULT_JWT_FILE=configs/token
-      - VAULT_ADDR=http://${COMPOSE_PROJECT_NAME}_vault_1:8200
+      - VAULT_ADDR=http://vault:8200
       - VAULT_TOKEN=hms
       - VAULT_KEYPATH=hms-creds
       - SMD_WVAULT=true

go.mod

@@ -4,9 +4,9 @@ go 1.16
 
 require (
 	github.com/Cray-HPE/hms-base v1.15.1
-	github.com/Cray-HPE/hms-certs v1.3.2
-	github.com/Cray-HPE/hms-compcredentials v1.11.2
-	github.com/Cray-HPE/hms-securestorage v1.12.2
+	github.com/Cray-HPE/hms-certs v1.4.0
+	github.com/Cray-HPE/hms-compcredentials v1.11.3
+	github.com/Cray-HPE/hms-securestorage v1.13.0
 	github.com/Cray-HPE/hms-trs-app-api v1.6.2
 	github.com/gorilla/mux v1.8.0
 	github.com/sirupsen/logrus v1.8.1

go.sum

@@ -5,10 +5,16 @@ github.com/Cray-HPE/hms-base v1.15.1 h1:+f9cl9BsDWvewvGBPzinmBSU//I7yhwaSUTaNUwx
 github.com/Cray-HPE/hms-base v1.15.1/go.mod h1:+G8KFLPtanLC5lQ602hrf3MDfLTmIXedTavVCOdz5XA=
 github.com/Cray-HPE/hms-certs v1.3.2 h1:Prd7PTwiSMULYuL8bhsvw7LSICx+pSvpWlA9fQKvW9s=
 github.com/Cray-HPE/hms-certs v1.3.2/go.mod h1:6DymilWScLtbQkaQRMuf55K1MzEi0kYCoXfT212yLjY=
+github.com/Cray-HPE/hms-certs v1.4.0 h1:ZyQ50B1e2P81Y7PCbfSFW6O1F0Behi0spScwR6GAM04=
+github.com/Cray-HPE/hms-certs v1.4.0/go.mod h1:4/NBEi9SWhWxWkZwhk2WDFxQDyXU6PCN5BAr7ejuWLE=
 github.com/Cray-HPE/hms-compcredentials v1.11.2 h1:Ug7e7vMSx1STHKkniWY27ddD1X49pQAEljQmTcVkng4=
 github.com/Cray-HPE/hms-compcredentials v1.11.2/go.mod h1:tmurR+zsOtB61n6j3GlEfsl7wmNIAGJqErFymOUb0Hw=
+github.com/Cray-HPE/hms-compcredentials v1.11.3 h1:y3VwLBby2b+pVUxVjiZUpsvPK5pspXr3w4pxeh/D35s=
+github.com/Cray-HPE/hms-compcredentials v1.11.3/go.mod h1:tmurR+zsOtB61n6j3GlEfsl7wmNIAGJqErFymOUb0Hw=
 github.com/Cray-HPE/hms-securestorage v1.12.2 h1:H5n0i6ldzewd5p7PI2Hktr/+9cYfSCui+0367p2L6n8=
 github.com/Cray-HPE/hms-securestorage v1.12.2/go.mod h1:P4CMKqQVlx/lv+AdyEjNQubZw2FKNyo/IAtFNgQ3VuI=
+github.com/Cray-HPE/hms-securestorage v1.13.0 h1:ut6z9TMtCzL902f9NPxcbtkkDuk9zbX6E30pP8j3k6Q=
+github.com/Cray-HPE/hms-securestorage v1.13.0/go.mod h1:P4CMKqQVlx/lv+AdyEjNQubZw2FKNyo/IAtFNgQ3VuI=
 github.com/Cray-HPE/hms-trs-app-api v1.6.2 h1:yzf2E+8QM0+S7AFc47JIyu4yTLM/HKvY1BHtdGSEXFY=
 github.com/Cray-HPE/hms-trs-app-api v1.6.2/go.mod h1:RbB2pYCrZ5N3d0ho4nzTAz9ifI2GYpAdf4Qeco748KQ=
 github.com/Cray-HPE/hms-trs-kafkalib v1.5.2 h1:MhV6SE0HmEcMnuAb/dVclfXd+49udbVCYr2ze0CDXoI=

runCT.sh

@@ -25,6 +25,11 @@
 #
 set -x
 
+# Add .exe if running in a WSL environment
+if $(uname -r | grep -q "Microsoft"); then
+    shopt -s expand_aliases
+    alias docker-compose=docker-compose.exe
+fi
 
 # Configure docker compose
 export COMPOSE_PROJECT_NAME=$RANDOM
@@ -33,9 +38,10 @@ export COMPOSE_FILE=docker-compose.test.ct.yaml
 echo "COMPOSE_PROJECT_NAME: ${COMPOSE_PROJECT_NAME}"
 echo "COMPOSE_FILE: $COMPOSE_FILE"
 
+args="-f $COMPOSE_FILE -p $COMPOSE_PROJECT_NAME"
 
 function cleanup() {
-  docker-compose down
+  docker-compose $args down
   if ! [[ $? -eq 0 ]]; then
     echo "Failed to decompose environment!"
     exit 1
@@ -46,12 +52,12 @@ function cleanup() {
 
 # Get the base containers running
 echo "Starting containers..."
-docker-compose build --no-cache
-docker-compose up -d cray-scsd
-docker-compose up -d ct-tests-functional-wait-for-smd
+docker-compose $args build --no-cache
+docker-compose $args up -d cray-scsd
+docker-compose $args up -d ct-tests-functional-wait-for-smd
 docker wait ${COMPOSE_PROJECT_NAME}_ct-tests-functional-wait-for-smd_1
 docker logs ${COMPOSE_PROJECT_NAME}_ct-tests-functional-wait-for-smd_1
-docker-compose up --exit-code-from ct-tests-smoke ct-tests-smoke
+docker-compose $args up --exit-code-from ct-tests-smoke ct-tests-smoke
 test_result=$?
 echo "Cleaning up containers..."
 if [[ $test_result -ne 0 ]]; then

runIntegration.sh

@@ -24,6 +24,12 @@
 
 set -x
 
+# Add .exe if running in a WSL environment
+if $(uname -r | grep -q "Microsoft"); then
+    shopt -s expand_aliases
+    alias docker-compose=docker-compose.exe
+fi
+
 # Configure docker compose
 export COMPOSE_PROJECT_NAME=${RANDOM}
 export COMPOSE_FILE="docker-compose.test.integration.yaml"
@@ -33,16 +39,10 @@ export LOG_FILE="scsd-integration-test-${COMPOSE_PROJECT_NAME}.logs"
 echo "COMPOSE_PROJECT_NAME: ${COMPOSE_PROJECT_NAME}"
 echo "COMPOSE_FILE: ${COMPOSE_FILE}"
 
-# Configure SCSD for docker compose test environment
-export SCSD_TEST_K8S_AUTH_URL="http://${COMPOSE_PROJECT_NAME}_fake-vault_1:8200/v1/auth/kubernetes/login"
-export SCSD_TEST_VAULT_PKI_URL="http://${COMPOSE_PROJECT_NAME}_fake-vault_1:8200/v1/pki_common/issue/pki-common"
-export SCSD_TEST_VAULT_CA_URL="http://${COMPOSE_PROJECT_NAME}_fake-vault_1:8200/v1/pki_common/ca_chain"
-export CRAY_VAULT_JWT_FILE="/tmp/k8stoken"
-export CRAY_VAULT_ROLE_FILE="/tmp/k8stoken"
-
+args="-f $COMPOSE_FILE -p $COMPOSE_PROJECT_NAME"
 
 function cleanup() {
-    docker-compose down
+    docker-compose $args down
     if [[ $? -ne 0 ]]; then
         echo "Failed to decompose environment!"
         exit 1
@@ -53,16 +53,16 @@ function cleanup() {
 
 # Get the base containers running
 echo "Starting containers..."
-docker-compose build --build-arg SCSD_VERSION=${SCSD_VERSION}
-docker-compose up -d cray-scsd
-docker-compose up --exit-code-from integration-tests integration-tests
+docker-compose $args build --build-arg SCSD_VERSION=${SCSD_VERSION}
+docker-compose $args up -d cray-scsd
+docker-compose $args up --exit-code-from integration-tests integration-tests
 
 test_result=$?
 
 # Clean up
 echo "Cleaning up containers..."
 if [[ $test_result -ne 0 ]]; then
-    docker-compose logs > ${LOG_FILE} 2>&1
+    docker-compose $args logs > ${LOG_FILE} 2>&1
     echo "================================================="
     echo "LOGS:"
     cat ${LOG_FILE}

test/ct/Dockerfile

@@ -20,7 +20,7 @@
 # ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
 # OTHER DEALINGS IN THE SOFTWARE.
 
-FROM artifactory.algol60.net/csm-docker/stable/hms-test:3.0.0
+FROM artifactory.algol60.net/csm-docker/stable/hms-test:3.1.0
 
 COPY smoke/ /src/app
 #COPY functional/ /src/app

test/integration/Dockerfile

@@ -64,4 +64,6 @@ ENV X_S3_PORT=${IN_X_S3_PORT}
 ENV X_S4_PORT=${IN_X_S4_PORT}
 ENV X_S5_PORT=${IN_X_S5_PORT}
 
+WORKDIR /usr/local/bin
+
 CMD ["sh", "-c", "runit.sh"]