diff --git a/enos/enos-modules.hcl b/enos/enos-modules.hcl index 5670e1ed47..f43140774b 100644 --- a/enos/enos-modules.hcl +++ b/enos/enos-modules.hcl @@ -174,3 +174,7 @@ module "docker_check_health" { module "docker_ldap" { source = "./modules/docker_ldap" } + +module "docker_minio" { + source = "./modules/docker_minio" +} diff --git a/enos/modules/docker_minio/init.sh b/enos/modules/docker_minio/init.sh new file mode 100644 index 0000000000..985067f254 --- /dev/null +++ b/enos/modules/docker_minio/init.sh @@ -0,0 +1,36 @@ +#!/usr/bin/env bash +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: BUSL-1.1 + +# This script initializes a minio server to contain the necessary resources to test +SOURCE=$(realpath $(dirname ${BASH_SOURCE[0]})) # get directory of this script + +docker pull $MINIO_CLIENT_IMAGE + +docker run \ + --name minio-client \ + --rm \ + -e "MINIO_SERVER_CONTAINER_NAME=$MINIO_SERVER_CONTAINER_NAME" \ + -e "MINIO_ROOT_USER=$MINIO_ROOT_USER" \ + -e "MINIO_ROOT_PASSWORD=$MINIO_ROOT_PASSWORD" \ + -e "MINIO_REGION=$MINIO_REGION" \ + -e "MINIO_BUCKET_NAME=$MINIO_BUCKET_NAME" \ + -e "MINIO_USER_ID=$MINIO_USER_ID" \ + -e "MINIO_USER_PASSWORD=$MINIO_USER_PASSWORD" \ + -e "MINIO_USER_ACCESS_KEY_ID=$MINIO_USER_ACCESS_KEY_ID" \ + -e "MINIO_USER_SECRET_ACCESS_KEY=$MINIO_USER_SECRET_ACCESS_KEY" \ + --mount type=bind,src=$SOURCE,dst=/test \ + --network $TEST_NETWORK_NAME \ + --entrypoint bash \ + $MINIO_CLIENT_IMAGE \ + -c ' + mc alias set miniotest http://$MINIO_SERVER_CONTAINER_NAME:9000 ${MINIO_ROOT_USER} ${MINIO_ROOT_PASSWORD}; + mc admin config set miniotest region name=${MINIO_REGION}; + mc admin service restart miniotest; + mc mb miniotest/${MINIO_BUCKET_NAME} + mc admin user add miniotest ${MINIO_USER_ID} ${MINIO_USER_PASSWORD}; + mc admin policy create miniotest testpolicy /test/policy.json; + mc admin policy attach miniotest testpolicy --user ${MINIO_USER_ID}; + echo "mc admin user svcacct add miniotest ${MINIO_USER_ID} --access-key ${MINIO_USER_ACCESS_KEY_ID} --secret-key ${MINIO_USER_SECRET_ACCESS_KEY}"; + mc admin user svcacct add miniotest ${MINIO_USER_ID} --access-key ${MINIO_USER_ACCESS_KEY_ID} --secret-key ${MINIO_USER_SECRET_ACCESS_KEY}; + ' diff --git a/enos/modules/docker_minio/main.tf b/enos/modules/docker_minio/main.tf new file mode 100644 index 0000000000..fbb2fb4d6a --- /dev/null +++ b/enos/modules/docker_minio/main.tf @@ -0,0 +1,160 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: BUSL-1.1 + +terraform { + required_providers { + docker = { + source = "kreuzwerker/docker" + version = "3.0.1" + } + + enos = { + source = "app.terraform.io/hashicorp-qti/enos" + } + } +} + +variable "image_name_server" { + description = "Name of Docker Image for minio server" + type = string + default = "docker.mirror.hashicorp.services/minio/minio:latest" +} +variable "image_name_client" { + description = "Name of Docker Image for minio client" + type = string + default = "docker.mirror.hashicorp.services/minio/mc:latest" +} +variable "network_name" { + description = "Name of Docker Networks to join" + type = list(string) +} +variable "container_name" { + description = "Name of Docker Container" + type = string + default = "minio" +} +variable "region" { + description = "AWS Region" + type = string + default = "us-east-1" +} +variable "bucket_name" { + description = "Name of storage bucket" + type = string + default = "testbucket" # this needs to match the bucket in policy.json +} +variable "root_user" { + description = "Username for minio root user" + type = string + default = "minio" +} +variable "root_password" { + description = "Password for minio root user" + type = string + default = "minioadmin" +} +variable "user_id" { + description = "Username/Access Key Id for user that can access bucket" + type = string + default = "testuser" +} +variable "user_password" { + description = "Password/Secret Access Key for user that can access bucket" + type = string + default = "password" +} +variable "user_access_key_id" { + description = "Access Key Id for user that can access bucket" + type = string + default = "useraccesskeyid" +} +variable "user_secret_access_key" { + description = "Secret Access Key for user that can access bucket" + type = string + default = "secretaccesskey" +} + +data "docker_registry_image" "minio_server" { + name = var.image_name_server +} + +resource "docker_image" "minio_server" { + name = data.docker_registry_image.minio_server.name + pull_triggers = [data.docker_registry_image.minio_server.sha256_digest] + keep_locally = true +} + +resource "docker_container" "minio_server" { + depends_on = [ + docker_image.minio_server + ] + image = docker_image.minio_server.image_id + name = var.container_name + command = ["minio", "server", "/data", "--console-address", ":9090"] + env = [ + "MINIO_ROOT_USER=minio", + "MINIO_ROOT_PASSWORD=minioadmin", + "MINIO_REGION=${var.region}", + ] + ports { + internal = 9000 + external = 9000 + } + ports { + internal = 9090 + external = 9090 + } + healthcheck { + test = ["CMD", "mc", "ready", "local"] + interval = "3s" + timeout = "5s" + retries = 5 + } + wait = true + dynamic "networks_advanced" { + for_each = var.network_name + content { + name = networks_advanced.value + } + } +} + +resource "enos_local_exec" "init_minio" { + depends_on = [ + docker_container.minio_server, + ] + environment = { + MINIO_SERVER_CONTAINER_NAME = var.container_name, + MINIO_CLIENT_IMAGE = var.image_name_client, + MINIO_BUCKET_NAME = var.bucket_name, + MINIO_ROOT_USER = var.root_user, + MINIO_ROOT_PASSWORD = var.root_password, + MINIO_USER_ID = var.user_id, + MINIO_USER_PASSWORD = var.user_password, + MINIO_USER_ACCESS_KEY_ID = var.user_access_key_id, + MINIO_USER_SECRET_ACCESS_KEY = var.user_secret_access_key, + TEST_NETWORK_NAME = var.network_name[0], + + } + inline = ["bash ./${path.module}/init.sh \"${var.image_name_client}\""] +} + +output "bucket_name" { + value = var.bucket_name +} + +output "access_key_id" { + value = var.user_access_key_id +} + +output "secret_access_key" { + value = var.user_secret_access_key +} + +output "bucket_region" { + value = var.region +} + +output "endpoint_url" { + value = "http://${var.container_name}:9000" +} diff --git a/enos/modules/docker_minio/policy.json b/enos/modules/docker_minio/policy.json new file mode 100644 index 0000000000..eb7c16241b --- /dev/null +++ b/enos/modules/docker_minio/policy.json @@ -0,0 +1,19 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "s3:ListBucket", + "s3:PutObject", + "s3:GetObject", + "s3:DeleteObject", + "s3:GetObjectAttributes" + ], + "Resource": [ + "arn:aws:s3:::testbucket", + "arn:aws:s3:::testbucket/*" + ] + } + ] +} diff --git a/enos/modules/test_e2e_docker/main.tf b/enos/modules/test_e2e_docker/main.tf index 59d3b62303..08fb4f10fa 100644 --- a/enos/modules/test_e2e_docker/main.tf +++ b/enos/modules/test_e2e_docker/main.tf @@ -114,48 +114,28 @@ variable "vault_port" { type = string default = "8200" } -variable "aws_access_key_id" { +variable "access_key_id" { description = "Access Key Id for AWS IAM user used in dynamic host catalogs" type = string default = "" } -variable "aws_secret_access_key" { +variable "secret_access_key" { description = "Secret Access Key for AWS IAM user used in dynamic host catalogs" type = string default = "" } -variable "aws_host_set_filter1" { - description = "Filter tag for host set used in dynamic host catalogs" - type = string - default = "" -} -variable "aws_host_set_count1" { - description = "Number of hosts in aws_host_set_filter1" - type = number - default = 0 -} -variable "aws_host_set_ips1" { - description = "List of IP addresses in aws_host_set_filter1" - type = list(string) - default = [""] -} -variable "aws_host_set_filter2" { - description = "Filter tag for host set used in dynamic host catalogs" +variable "region" { + description = "AWS region where the resources will be created" type = string default = "" } -variable "aws_host_set_ips2" { - description = "List of IP addresses in aws_host_set_filter2" - type = list(string) - default = [""] -} -variable "aws_region" { - description = "AWS region where the resources will be created" +variable "bucket_name" { + description = "Storage bucket name" type = string default = "" } -variable "aws_bucket_name" { - description = "AWS S3 bucket name" +variable "bucket_endpoint_url" { + description = "Endpoint URL for the storage bucket" type = string default = "" } @@ -245,8 +225,6 @@ locals { aws_ssh_private_key_path = abspath(var.aws_ssh_private_key_path) vault_addr = var.vault_addr != "" ? "http://${var.vault_addr}:${var.vault_port}" : "" vault_addr_internal = var.vault_addr_internal != "" ? "http://${var.vault_addr_internal}:8200" : local.vault_addr - aws_host_set_ips1 = jsonencode(var.aws_host_set_ips1) - aws_host_set_ips2 = jsonencode(var.aws_host_set_ips2) package_name = reverse(split("/", var.test_package))[0] } @@ -276,14 +254,11 @@ resource "enos_local_exec" "run_e2e_test" { VAULT_ADDR_INTERNAL = local.vault_addr_internal VAULT_TOKEN = var.vault_root_token E2E_VAULT_ADDR = local.vault_addr_internal - E2E_AWS_ACCESS_KEY_ID = var.aws_access_key_id - E2E_AWS_SECRET_ACCESS_KEY = var.aws_secret_access_key - E2E_AWS_HOST_SET_FILTER = var.aws_host_set_filter1 - E2E_AWS_HOST_SET_IPS = local.aws_host_set_ips1 - E2E_AWS_HOST_SET_FILTER2 = var.aws_host_set_filter2 - E2E_AWS_HOST_SET_IPS2 = local.aws_host_set_ips2 - E2E_AWS_REGION = var.aws_region - E2E_AWS_BUCKET_NAME = var.aws_bucket_name + E2E_BUCKET_NAME = var.bucket_name + E2E_BUCKET_ENDPOINT_URL = var.bucket_endpoint_url + E2E_BUCKET_ACCESS_KEY_ID = var.access_key_id + E2E_BUCKET_SECRET_ACCESS_KEY = var.secret_access_key + E2E_REGION = var.region E2E_POSTGRES_USER = var.postgres_user E2E_POSTGRES_PASSWORD = var.postgres_password E2E_POSTGRES_DB_NAME = var.postgres_database_name diff --git a/enos/modules/test_e2e_docker/test_runner.sh b/enos/modules/test_e2e_docker/test_runner.sh index e82d5b5236..cccc9d2d69 100644 --- a/enos/modules/test_e2e_docker/test_runner.sh +++ b/enos/modules/test_e2e_docker/test_runner.sh @@ -22,17 +22,14 @@ docker run \ -e "E2E_SSH_USER=$E2E_SSH_USER" \ -e "E2E_SSH_CA_KEY=$E2E_SSH_CA_KEY" \ -e "E2E_SSH_KEY_PATH=/keys/target.pem" \ + -e "E2E_REGION=$E2E_REGION" \ + -e "E2E_BUCKET_NAME=$E2E_BUCKET_NAME" \ + -e "E2E_BUCKET_ENDPOINT_URL=$E2E_BUCKET_ENDPOINT_URL" \ + -e "E2E_BUCKET_ACCESS_KEY_ID=$E2E_BUCKET_ACCESS_KEY_ID" \ + -e "E2E_BUCKET_SECRET_ACCESS_KEY=$E2E_BUCKET_SECRET_ACCESS_KEY" \ -e "VAULT_ADDR=$VAULT_ADDR_INTERNAL" \ -e "VAULT_TOKEN=$VAULT_TOKEN" \ -e "E2E_VAULT_ADDR=$E2E_VAULT_ADDR" \ - -e "E2E_AWS_ACCESS_KEY_ID=$E2E_AWS_ACCESS_KEY_ID" \ - -e "E2E_AWS_SECRET_ACCESS_KEY=$E2E_AWS_SECRET_ACCESS_KEY" \ - -e "E2E_AWS_HOST_SET_FILTER=$E2E_AWS_HOST_SET_FILTER" \ - -e "E2E_AWS_HOST_SET_IPS=$E2E_AWS_HOST_SET_IPS" \ - -e "E2E_AWS_HOST_SET_FILTER2=$E2E_AWS_HOST_SET_FILTER2" \ - -e "E2E_AWS_HOST_SET_IPS2=$E2E_AWS_HOST_SET_IPS2" \ - -e "E2E_AWS_REGION=$E2E_AWS_REGION" \ - -e "E2E_AWS_BUCKET_NAME=$E2E_AWS_BUCKET_NAME" \ -e "E2E_POSTGRES_USER=$E2E_POSTGRES_USER" \ -e "E2E_POSTGRES_PASSWORD=$E2E_POSTGRES_PASSWORD" \ -e "E2E_POSTGRES_DB_NAME=$E2E_POSTGRES_DB_NAME" \