rebase and fixup DR/PR replication scenarios

Signed-off-by: Ryan Cragun <[email protected]>
hashicorp · Sep 6, 2024 · 7edb9d6 · 7edb9d6
1 parent 7424f97
commit 7edb9d6
Show file tree

Hide file tree

Showing 3 changed files with 94 additions and 13 deletions.
diff --git a/enos/enos-modules.hcl b/enos/enos-modules.hcl
@@ -56,6 +56,24 @@ module "get_local_metadata" {
   source = "./modules/get_local_metadata"
 }
 
+module "generate_dr_operation_token" {
+  source = "./modules/generate_dr_operation_token"
+
+  vault_install_dir = var.vault_install_dir
+}
+
+module "generate_failover_secondary_token" {
+  source = "./modules/generate_failover_secondary_token"
+
+  vault_install_dir = var.vault_install_dir
+}
+
+module "generate_secondary_public_key" {
+  source = "./modules/generate_secondary_public_key"
+
+  vault_install_dir = var.vault_install_dir
+}
+
 module "generate_secondary_token" {
   source = "./modules/generate_secondary_token"
 
@@ -185,6 +203,24 @@ module "vault_get_cluster_ips" {
   vault_install_dir = var.vault_install_dir
 }
 
+module "vault_failover_demote_dr_primary" {
+  source = "./modules/vault_failover_demote_dr_primary"
+
+  vault_install_dir = var.vault_install_dir
+}
+
+module "vault_failover_promote_dr_secondary" {
+  source = "./modules/vault_failover_promote_dr_secondary"
+
+  vault_install_dir = var.vault_install_dir
+}
+
+module "vault_failover_update_dr_primary" {
+  source = "./modules/vault_failover_update_dr_primary"
+
+  vault_install_dir = var.vault_install_dir
+}
+
 module "vault_raft_remove_peer" {
   source            = "./modules/vault_raft_remove_peer"
   vault_install_dir = var.vault_install_dir

diff --git a/enos/enos-scenario-dr-replication.hcl b/enos/enos-scenario-dr-replication.hcl
@@ -655,19 +655,31 @@ scenario "dr_replication" {
     }
   }
 
-  step "write_test_data_on_primary" {
-    description = global.description.verify_write_test_data
-    module      = module.vault_verify_write_data
+  step "verify_secrets_engines_on_primary" {
+    description = global.description.verify_secrets_engines_create
+    module      = module.vault_verify_secrets_engines_create
     depends_on  = [step.get_primary_cluster_ips]
 
     providers = {
       enos = local.enos_provider[matrix.distro]
     }
 
     verifies = [
+      quality.vault_api_auth_userpass_login_write,
+      quality.vault_api_auth_userpass_user_write,
+      quality.vault_api_identity_entity_write,
+      quality.vault_api_identity_entity_alias_write,
+      quality.vault_api_identity_group_write,
+      quality.vault_api_identity_oidc_config_write,
+      quality.vault_api_identity_oidc_introspect_write,
+      quality.vault_api_identity_oidc_key_write,
+      quality.vault_api_identity_oidc_key_rotate_write,
+      quality.vault_api_identity_oidc_role_write,
+      quality.vault_api_identity_oidc_token_read,
+      quality.vault_api_sys_auth_userpass_user_write,
+      quality.vault_api_sys_policy_write,
       quality.vault_mount_auth,
       quality.vault_mount_kv,
-      quality.vault_secrets_auth_user_policy_write,
       quality.vault_secrets_kv_write,
     ]
 
@@ -699,7 +711,7 @@ scenario "dr_replication" {
     depends_on = [
       step.get_primary_cluster_ips,
       step.get_secondary_cluster_ips,
-      step.write_test_data_on_primary
+      step.verify_secrets_engines_on_primary
     ]
 
     providers = {
@@ -979,8 +991,8 @@ scenario "dr_replication" {
   }
 
   step "verify_replicated_data_during_failover" {
-    description = global.description.verify_read_test_data
-    module      = module.vault_verify_read_data
+    description = global.description.verify_secrets_engines_read
+    module      = module.vault_verify_secrets_engines_read
     depends_on = [
       step.wait_for_demoted_cluster_leader
     ]
@@ -989,9 +1001,17 @@ scenario "dr_replication" {
       enos = local.enos_provider[matrix.distro]
     }
 
-    verifies = quality.vault_secrets_kv_read
+    verifies = [
+      quality.vault_api_auth_userpass_login_write,
+      quality.vault_api_identity_entity_read,
+      quality.vault_api_identity_oidc_config_read,
+      quality.vault_api_identity_oidc_key_read,
+      quality.vault_api_identity_oidc_role_read,
+      quality.vault_secrets_kv_read
+    ]
 
     variables {
+      create_state      = step.verify_secrets_engines_on_primary.state
       hosts             = step.get_secondary_cluster_ips.follower_hosts
       vault_addr        = step.create_secondary_cluster.api_addr_localhost
       vault_install_dir = global.vault_install_dir[matrix.artifact_type]
@@ -1102,22 +1122,30 @@ scenario "dr_replication" {
   }
 
   step "verify_failover_replicated_data" {
-    description = global.description.verify_read_test_data
-    module      = module.vault_verify_read_data
+    description = global.description.verify_secrets_engines_read
+    module      = module.vault_verify_secrets_engines_read
     depends_on = [
       step.verify_dr_replication,
       step.get_secondary_cluster_ips,
-      step.write_test_data_on_primary,
+      step.verify_secrets_engines_on_primary,
       step.verify_failover_dr_replication
     ]
 
     providers = {
       enos = local.enos_provider[matrix.distro]
     }
 
-    verifies = quality.vault_secrets_kv_read
+    verifies = [
+      quality.vault_api_auth_userpass_login_write,
+      quality.vault_api_identity_entity_read,
+      quality.vault_api_identity_oidc_config_read,
+      quality.vault_api_identity_oidc_key_read,
+      quality.vault_api_identity_oidc_role_read,
+      quality.vault_secrets_kv_read
+    ]
 
     variables {
+      create_state      = step.verify_secrets_engines_on_primary.state
       hosts             = step.get_secondary_cluster_ips.follower_hosts
       vault_addr        = step.create_secondary_cluster.api_addr_localhost
       vault_install_dir = global.vault_install_dir[matrix.artifact_type]
@@ -1176,6 +1204,11 @@ scenario "dr_replication" {
     value       = step.create_secondary_cluster.root_token
   }
 
+  output "secrets_engines_state" {
+    description = "The state of configured secrets engines"
+    value       = step.verify_secrets_engines_on_primary.state
+  }
+
   output "dr_secondary_token" {
     description = "The dr secondary replication token"
     value       = step.generate_secondary_token.secondary_token

diff --git a/enos/enos-scenario-pr-replication.hcl b/enos/enos-scenario-pr-replication.hcl
@@ -687,9 +687,21 @@ scenario "pr_replication" {
     }
 
     verifies = [
+      quality.vault_api_auth_userpass_login_write,
+      quality.vault_api_auth_userpass_user_write,
+      quality.vault_api_identity_entity_write,
+      quality.vault_api_identity_entity_alias_write,
+      quality.vault_api_identity_group_write,
+      quality.vault_api_identity_oidc_config_write,
+      quality.vault_api_identity_oidc_introspect_write,
+      quality.vault_api_identity_oidc_key_write,
+      quality.vault_api_identity_oidc_key_rotate_write,
+      quality.vault_api_identity_oidc_role_write,
+      quality.vault_api_identity_oidc_token_read,
+      quality.vault_api_sys_auth_userpass_user_write,
+      quality.vault_api_sys_policy_write,
       quality.vault_mount_auth,
       quality.vault_mount_kv,
-      quality.vault_api_sys_policy_write,
       quality.vault_secrets_kv_write,
     ]