diff --git a/.github/workflows/ansible-test.yml b/.github/workflows/ansible-test.yml index 69a9405ea..9e5e35a92 100644 --- a/.github/workflows/ansible-test.yml +++ b/.github/workflows/ansible-test.yml @@ -293,7 +293,7 @@ jobs: local_test_invocation: runs-on: ${{ matrix.runner }} - name: LI - ${{ matrix.runner }} [${{ matrix.docker && '+' || '-' }}d4r] (Ⓐ${{ matrix.ansible }}+py${{ matrix.python }}) + name: LI - ${{ matrix.runner }} (Ⓐ${{ matrix.ansible }}+py${{ matrix.python }}) env: # needed to prevent Ansible crashing on MacOS OBJC_DISABLE_INITIALIZE_FORK_SAFETY: 'YES' @@ -303,18 +303,18 @@ jobs: ansible: - stable-2.12 python: - - 3.8 + - 3.9 runner: - ubuntu-latest - - macos-latest + - macos-10.15 + # macos-11 will not support virtualbox, so we can't run docker + # when macos-10.15 support is dropped we will have to stop testing on it + # unless a solution for docker/virtualbox is found. + # See also: + # - https://github.com/actions/virtual-environments/issues/4060 + # - https://github.com/actions/virtual-environments/pull/4010 test_container: - default - docker: - - true - - false - exclude: - - runner: ubuntu-latest - docker: false steps: - name: Initialize env vars @@ -352,31 +352,13 @@ jobs: with: collection: community.docker - - name: Install community.general - uses: ./.github/actions/collection-via-git - if: ${{ matrix.runner == 'macos-latest' }} # we need community.general.homebrew - with: - collection: community.general - - - name: legacy integration - use sample integration_config - working-directory: ${{ env.COLLECTION_INTEGRATION_PATH }} - run: | - cp "integration_config.yml.sample" "integration_config.yml" - echo -e "\n\ngithub_token: ${{ secrets.GITHUB_TOKEN }}" >> "integration_config.yml" - - - name: legacy integration - venv - if: ${{ matrix.runner != 'macos-latest' || !matrix.docker }} - run: ansible-test integration -v --color --retry-on-error --continue-on-error --python ${{ matrix.python }} --venv --requirements --allow-destructive #--coverage - working-directory: ${{ env.COLLECTION_PATH }} - - name: Install Docker on MacOS - if: ${{ matrix.runner == 'macos-latest' && matrix.docker }} + if: ${{ startsWith(matrix.runner, 'macos') }} timeout-minutes: 6 # sometimes this hangs forever waiting for an IP uses: ./.github/actions/macos-docker - name: Pull Ansible test images - if: ${{ matrix.docker }} timeout-minutes: 5 continue-on-error: true uses: ./.github/actions/pull-ansible-test-images @@ -384,19 +366,7 @@ jobs: working-directory: ${{ env.COLLECTION_PATH }} ansible-test-invocation: ${{ env.DOCKER_TEST_INVOCATION }} - - name: legacy integration - docker - if: ${{ matrix.docker }} - run: | - ansible-test ${{ env.DOCKER_TEST_INVOCATION }} - working-directory: ${{ env.COLLECTION_PATH }} - - - name: legacy integration - remove integration_config - if: ${{ matrix.docker }} - working-directory: ${{ env.COLLECTION_INTEGRATION_PATH }} - run: rm -f "integration_config.yml" - - name: localenv_docker - setup - if: ${{ matrix.docker }} run: | pwd pip install -r files/requirements/requirements.txt -c files/requirements/constraints.txt @@ -404,7 +374,6 @@ jobs: working-directory: ${{ env.COLLECTION_INTEGRATION_TARGETS }}/setup_localenv_docker - name: localenv_docker - Run integration test (in docker) - if: ${{ matrix.docker }} run: | ansible-test ${{ env.DOCKER_TEST_INVOCATION }} --docker-network hashi_vault_default working-directory: ${{ env.COLLECTION_PATH }} diff --git a/changelogs/fragments/191-remove-legacy-integration.yml b/changelogs/fragments/191-remove-legacy-integration.yml new file mode 100644 index 000000000..bfad301ac --- /dev/null +++ b/changelogs/fragments/191-remove-legacy-integration.yml @@ -0,0 +1,3 @@ +--- +removed_features: + - the "legacy" integration test setup has been removed; this does not affect end users and is only relevant to contributors (https://github.com/ansible-collections/community.hashi_vault/pull/191). diff --git a/docs/docsite/rst/contributor_guide.rst b/docs/docsite/rst/contributor_guide.rst index e24d1c7d1..ba39a91cd 100644 --- a/docs/docsite/rst/contributor_guide.rst +++ b/docs/docsite/rst/contributor_guide.rst @@ -83,64 +83,17 @@ First, :ref:`review the guidance on testing collections `, Integration Tests ----------------- -Unlike other collections, we now require an `integration_config.yml `_ file for properly running integration tests, as the tests require external dependencies (like a Vault server) and they need to know where to find those dependencies. +Unlike other collections, we require an `integration_config.yml `_ file for properly running integration tests, as the tests require external dependencies (like a Vault server) and they need to know where to find those dependencies. -If you have contributed to this collection or to the ``hashi_vault`` lookup plugin in the past, you might remember that the integration tests used to download, extract, and run a Vault server during the course of the tests, by default. This **legacy mode** is not recommended but is still available (for now) via opt-in. +If you have contributed to this collection or to the ``hashi_vault`` lookup plugin in the past, you might remember that the integration tests used to download, extract, and run a Vault server during the course of the tests, by default. This *legacy mode* is **no longer available**. -.. note:: - - Legacy mode is not recommended because a new Vault server and proxy server will be downloaded, set up, configured, and/or uninstalled, for every *target*. Historically, we only had one target, and so it was a good way to go, but that's no longer true. This will make it slower and slower as more targets are added because you will incur the overhead on every target, in every run. - - Skip to :ref:`ansible_collections.community.hashi_vault.docsite.contributor_guide.localenv_docker` for a method that is nearly as easy as legacy mode, and far more efficient (docker-compose). - -Legacy mode -^^^^^^^^^^^ - -To get started quickly without having to set anything else, you can use legacy mode by copying the included integration config sample: - -.. code-block:: shell-session - - $ cp tests/integration/integration_config.yml.sample tests/integration/integration_config.yml - -That file has everything configured to be able to run the integration tests and have them set up the dependencies for you. - -.. warning:: - - Legacy mode uses the GitHub API to figure out the latest version of HashiCorp Vault. This API has a `strict rate limit `_ on anonymous requests and it's easy to hit that limit. You may set ``github_token`` within ``integration_config.yml`` to provide a token to use, which will give a much higher limit, however if you find yourself hitting the limit, it's probably easier to instead set ``vault_version`` to a specific version, which avoids the API call altogether. - -You will also need the following additional Ansible collections: - -* `community.crypto `_ -* `community.general `_ (MacOS local/venv only) - -Running legacy mode tests in docker (**recommended**): - -.. code-block:: shell-session - - $ ansible-test integration --docker default -v - -Running legacy mode tests in a controlled python virtual environment (**not recommended**): - -.. code-block:: shell-session - - $ ansible-test integration --venv --requirements --allow-destructive -v - -.. warning:: - - In legacy mode, your system packages may be manipulated by running locally or in a venv (not in docker). - -If you must use legacy mode testing, you can make it more efficient by limiting your test run to the specific target needed, to avoid the overhead of creating and destroying the dependencies for each target. For example: - -.. code-block:: shell-session - - $ ansible-test integration --docker default -v lookup_hashi_vault .. _ansible_collections.community.hashi_vault.docsite.contributor_guide.localenv_docker: Docker Compose localenv ^^^^^^^^^^^^^^^^^^^^^^^ -The recommended way to run the tests has Vault and tinyproxy running in their own containers, set up via docker-compose, and the integration tests run in their own container separately. +The recommended way to run the tests has Vault and other dependencies running in their own containers, set up via docker-compose, and the integration tests run in their own container separately. We have a pre-defined "localenv" setup role for this purpose. diff --git a/docs/docsite/rst/localenv_developer_guide.rst b/docs/docsite/rst/localenv_developer_guide.rst index 0d022705b..902872c5f 100644 --- a/docs/docsite/rst/localenv_developer_guide.rst +++ b/docs/docsite/rst/localenv_developer_guide.rst @@ -40,8 +40,7 @@ Relevant ``integration_config.yml`` variables "``vault_test_server_http``", "``http://myvault:8200``", "The full HTTP URL of your Vault test server." "``vault_test_server_https``", "``https://myvault:8300``", "The full HTTPS URL of your Vault test server." "``vault_dev_root_token_id``", "``3ee9a1f7-f115-4f7c-90a3-d3c73361bcb5``", "The root token used to authenticate to Vault." - "``vault_version``", "``1.7.3``", "The desired version of Vault to download (only used by legacy setup). Can use the value ``latest``." - "``vault_integration_legacy``", "``false``", "When ``true`` legacy integration will be used (see legacy section)." + "``vault_version``", "``1.7.3``", "The version of Vault in use (usually this is written by a localenv, so a value set manually is not used anywhere)." "``vault_cert_content``", "``-----BEGIN CERTIFICATE-----``", "The public cert of the CA that signed the cert used for Vault's TLS listener (or the cert itself if self-signed)." @@ -69,4 +68,4 @@ localenv role conventions * Consider providing a ``setup.sh`` to avoid having to manually run ``ansible-`` commands. It should ideally operate correctly regardless of the current working directory. * Generate a usable ``integration_config.yml`` that allows for using the result of the localenv. Generate it within the role output, not outside the role. Copy it to the right location, but do not overwrite an existing one. * If the role has external dependencies, try to codify those in file(s) that can be used by the right tool, like ``requirements.yml`` for ``ansible-galaxy``, etc. -* localenv roles are meant to run **outside** of the ``ansible-test`` environment, but they can make (re)use of other roles; for example a localenv that seeks to run Vault directly on the local machine could reuse the setup roles for downloading and launching Vault that are used (within the test environment) by the legacy integration. +* localenv roles are meant to run **outside** of the ``ansible-test`` environment, but they can make (re)use of other roles. diff --git a/tests/integration/.ansible-lint b/tests/integration/.ansible-lint index 6bb37b7fc..274a44617 100644 --- a/tests/integration/.ansible-lint +++ b/tests/integration/.ansible-lint @@ -5,3 +5,6 @@ skip_list: - truthy - var-naming - meta-no-info + - ignore-errors + - risky-file-permissions + - command-instead-of-shell diff --git a/tests/integration/integration_config.yml.sample b/tests/integration/integration_config.yml.sample index 17ece2674..489b41e0e 100644 --- a/tests/integration/integration_config.yml.sample +++ b/tests/integration/integration_config.yml.sample @@ -1,10 +1,12 @@ -# copy this file to integration_config.yml to use the legacy style all-in-one setup -# for best results, consider a different localenv setup. -# See the additional documentation at https://docs.ansible.com/ansible/devel/collections/community/hashi_vault/ +# Running integration tests requires you set up an integration_config.yml that +# tells the tests where to find Vault and other dependencies. +# See the contributor guide at: +# https://docs.ansible.com/ansible/devel/collections/community/hashi_vault/docsite/contributor_guide.html#integration-tests --- -# With legacy integration mode, vault_version should be a specific version, or the special value "latest". +# this is just a small sample of what the file looks like, +# this file is not valid on its own. See the guide for details. + vault_version: latest -vault_integration_legacy: true vault_dev_root_token_id: 47542cbc-6bf8-4fba-8eda-02e0a0d29a0a diff --git a/tests/integration/targets/auth_approle/aliases b/tests/integration/targets/auth_approle/aliases index f9a5e5042..637b4fbf9 100644 --- a/tests/integration/targets/auth_approle/aliases +++ b/tests/integration/targets/auth_approle/aliases @@ -1,6 +1,2 @@ vault/auth/approle context/target -needs/target/setup_vault_legacy -needs/target/setup_vault_test_plugins -needs/target/setup_vault_configure -skip/python2.6 # Python 2.6 is not supported by the collection diff --git a/tests/integration/targets/auth_approle/meta/main.yml b/tests/integration/targets/auth_approle/meta/main.yml index b45081e29..d3acb69e9 100644 --- a/tests/integration/targets/auth_approle/meta/main.yml +++ b/tests/integration/targets/auth_approle/meta/main.yml @@ -1,4 +1,4 @@ --- dependencies: - - setup_vault_legacy + - setup_vault_test_plugins - setup_vault_configure diff --git a/tests/integration/targets/auth_cert/aliases b/tests/integration/targets/auth_cert/aliases index 2e8a37b72..13ba3a468 100644 --- a/tests/integration/targets/auth_cert/aliases +++ b/tests/integration/targets/auth_cert/aliases @@ -1,6 +1,2 @@ vault/auth/cert context/target -needs/target/setup_vault_legacy -needs/target/setup_vault_test_plugins -needs/target/setup_vault_configure -skip/python2.6 # Python 2.6 is not supported by the collection diff --git a/tests/integration/targets/auth_cert/meta/main.yml b/tests/integration/targets/auth_cert/meta/main.yml index 4e8f92b53..151b31e18 100644 --- a/tests/integration/targets/auth_cert/meta/main.yml +++ b/tests/integration/targets/auth_cert/meta/main.yml @@ -1,5 +1,5 @@ --- dependencies: + - setup_vault_test_plugins - setup_cert_content - - setup_vault_legacy - setup_vault_configure diff --git a/tests/integration/targets/auth_jwt/aliases b/tests/integration/targets/auth_jwt/aliases index e827ea2f3..eb10b1469 100644 --- a/tests/integration/targets/auth_jwt/aliases +++ b/tests/integration/targets/auth_jwt/aliases @@ -1,6 +1,2 @@ vault/auth/jwt context/target -needs/target/setup_vault_legacy -needs/target/setup_vault_test_plugins -needs/target/setup_vault_configure -skip/python2.6 # Python 2.6 is not supported by the collection diff --git a/tests/integration/targets/auth_jwt/meta/main.yml b/tests/integration/targets/auth_jwt/meta/main.yml index b45081e29..d3acb69e9 100644 --- a/tests/integration/targets/auth_jwt/meta/main.yml +++ b/tests/integration/targets/auth_jwt/meta/main.yml @@ -1,4 +1,4 @@ --- dependencies: - - setup_vault_legacy + - setup_vault_test_plugins - setup_vault_configure diff --git a/tests/integration/targets/auth_none/aliases b/tests/integration/targets/auth_none/aliases index 6c50bb475..b6f32f9d7 100644 --- a/tests/integration/targets/auth_none/aliases +++ b/tests/integration/targets/auth_none/aliases @@ -1,6 +1,2 @@ vault/auth/none context/target -needs/target/setup_vault_legacy -needs/target/setup_vault_test_plugins -needs/target/setup_vault_configure -skip/python2.6 # Python 2.6 is not supported by the collection diff --git a/tests/integration/targets/auth_none/meta/main.yml b/tests/integration/targets/auth_none/meta/main.yml index c2148068f..290705e5e 100644 --- a/tests/integration/targets/auth_none/meta/main.yml +++ b/tests/integration/targets/auth_none/meta/main.yml @@ -1,4 +1,3 @@ --- dependencies: - - setup_vault_legacy - setup_vault_test_plugins diff --git a/tests/integration/targets/auth_token/aliases b/tests/integration/targets/auth_token/aliases index 83deffe41..7595fd1d1 100644 --- a/tests/integration/targets/auth_token/aliases +++ b/tests/integration/targets/auth_token/aliases @@ -1,6 +1,2 @@ vault/auth/token context/target -needs/target/setup_vault_legacy -needs/target/setup_vault_test_plugins -needs/target/setup_vault_configure -skip/python2.6 # Python 2.6 is not supported by the collection diff --git a/tests/integration/targets/auth_token/meta/main.yml b/tests/integration/targets/auth_token/meta/main.yml index b45081e29..d3acb69e9 100644 --- a/tests/integration/targets/auth_token/meta/main.yml +++ b/tests/integration/targets/auth_token/meta/main.yml @@ -1,4 +1,4 @@ --- dependencies: - - setup_vault_legacy + - setup_vault_test_plugins - setup_vault_configure diff --git a/tests/integration/targets/connection_options/meta/main.yml b/tests/integration/targets/connection_options/meta/main.yml index eb4a205b6..2cc0486bd 100644 --- a/tests/integration/targets/connection_options/meta/main.yml +++ b/tests/integration/targets/connection_options/meta/main.yml @@ -2,4 +2,3 @@ dependencies: - setup_vault_test_plugins - setup_cert_content - - setup_vault_legacy diff --git a/tests/integration/targets/lookup_hashi_vault/aliases b/tests/integration/targets/lookup_hashi_vault/aliases index a09e5cc2b..1bb8bf6d7 100644 --- a/tests/integration/targets/lookup_hashi_vault/aliases +++ b/tests/integration/targets/lookup_hashi_vault/aliases @@ -1,4 +1 @@ -skip/python2.6 # Python 2.6 is not supported by the collection -needs/target/setup_vault_legacy -needs/target/setup_vault_test_plugins -needs/target/setup_vault_configure +# empty diff --git a/tests/integration/targets/lookup_hashi_vault/meta/main.yml b/tests/integration/targets/lookup_hashi_vault/meta/main.yml index 6bc6dca84..d3acb69e9 100644 --- a/tests/integration/targets/lookup_hashi_vault/meta/main.yml +++ b/tests/integration/targets/lookup_hashi_vault/meta/main.yml @@ -1,6 +1,4 @@ --- dependencies: - setup_vault_test_plugins - - setup_cert_content - - setup_vault_legacy - setup_vault_configure diff --git a/tests/integration/targets/lookup_vault_read/aliases b/tests/integration/targets/lookup_vault_read/aliases index a09e5cc2b..1bb8bf6d7 100644 --- a/tests/integration/targets/lookup_vault_read/aliases +++ b/tests/integration/targets/lookup_vault_read/aliases @@ -1,4 +1 @@ -skip/python2.6 # Python 2.6 is not supported by the collection -needs/target/setup_vault_legacy -needs/target/setup_vault_test_plugins -needs/target/setup_vault_configure +# empty diff --git a/tests/integration/targets/lookup_vault_read/meta/main.yml b/tests/integration/targets/lookup_vault_read/meta/main.yml index 6bc6dca84..d3acb69e9 100644 --- a/tests/integration/targets/lookup_vault_read/meta/main.yml +++ b/tests/integration/targets/lookup_vault_read/meta/main.yml @@ -1,6 +1,4 @@ --- dependencies: - setup_vault_test_plugins - - setup_cert_content - - setup_vault_legacy - setup_vault_configure diff --git a/tests/integration/targets/module_vault_read/aliases b/tests/integration/targets/module_vault_read/aliases index c2904ae66..7636a9a65 100644 --- a/tests/integration/targets/module_vault_read/aliases +++ b/tests/integration/targets/module_vault_read/aliases @@ -1,5 +1 @@ context/target -skip/python2.6 # Python 2.6 is not supported by the collection -needs/target/setup_vault_legacy -needs/target/setup_vault_test_plugins -needs/target/setup_vault_configure diff --git a/tests/integration/targets/module_vault_read/meta/main.yml b/tests/integration/targets/module_vault_read/meta/main.yml index 6bc6dca84..d3acb69e9 100644 --- a/tests/integration/targets/module_vault_read/meta/main.yml +++ b/tests/integration/targets/module_vault_read/meta/main.yml @@ -1,6 +1,4 @@ --- dependencies: - setup_vault_test_plugins - - setup_cert_content - - setup_vault_legacy - setup_vault_configure diff --git a/tests/integration/targets/setup_tinyproxy_server/README.md b/tests/integration/targets/setup_tinyproxy_server/README.md deleted file mode 100644 index dc1fb2a58..000000000 --- a/tests/integration/targets/setup_tinyproxy_server/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# `setup_tinyproxy_server` -Responsible for installing and running a `tinyproxy` server. - -## Notes -* Installs `tinyproxy` via the `ansible.builtin.package` module, which will in turn require the correct packaging module and its required libraries to be available. On MacOS that means the [`community.general` collection](https://galaxy.ansible.com/community/general) is required for homebrew support. diff --git a/tests/integration/targets/setup_tinyproxy_server/aliases b/tests/integration/targets/setup_tinyproxy_server/aliases deleted file mode 100644 index cdf2936ca..000000000 --- a/tests/integration/targets/setup_tinyproxy_server/aliases +++ /dev/null @@ -1,2 +0,0 @@ -hidden -destructive diff --git a/tests/integration/targets/setup_tinyproxy_server/defaults/main.yml b/tests/integration/targets/setup_tinyproxy_server/defaults/main.yml deleted file mode 100644 index 4f65590fc..000000000 --- a/tests/integration/targets/setup_tinyproxy_server/defaults/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -vault_proxy_server: 'http://127.0.0.1:8001' - -vault_proxy_tmp: /tmp -vault_proxy_pid: '{{ vault_proxy_tmp }}/tinyproxy.pid' -vault_proxy_conf: '{{ vault_proxy_tmp }}/tinyproxy.conf' diff --git a/tests/integration/targets/setup_tinyproxy_server/handlers/main.yml b/tests/integration/targets/setup_tinyproxy_server/handlers/main.yml deleted file mode 100644 index c517c4b5e..000000000 --- a/tests/integration/targets/setup_tinyproxy_server/handlers/main.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -- name: Stop tinyproxy - shell: - cmd: | - kill $(cat "{{ vault_proxy_pid }}") - rm -f "{{ vault_proxy_pid }}" - removes: "{{ vault_proxy_pid }}" - listen: proxy_cleanup - -- name: Uninstall tinyproxy - become: '{{ ansible_distribution != "MacOSX" }}' - vars: - ansible_python_interpreter: "{{ - '/usr/bin/python3' if ansible_distribution in ['Ubuntu', 'Debian'] else ansible_python.executable - }}" - package: - name: tinyproxy - state: absent - ignore_errors: yes - listen: proxy_cleanup diff --git a/tests/integration/targets/setup_tinyproxy_server/tasks/main.yml b/tests/integration/targets/setup_tinyproxy_server/tasks/main.yml deleted file mode 100644 index c897ed2b1..000000000 --- a/tests/integration/targets/setup_tinyproxy_server/tasks/main.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -- name: Install tinyproxy - become: '{{ ansible_distribution != "MacOSX" }}' - vars: - # check 'Install unzip' task in setup_vault_server_download to know why we set ansible_python_interpreter - ansible_python_interpreter: "{{ - '/usr/bin/python3' if ansible_distribution in ['Ubuntu', 'Debian'] else ansible_python.executable - }}" - package: - name: tinyproxy - notify: proxy_cleanup - -- name: Configure tinyproxy - copy: - content: | - Port 8001 - MaxClients 100 - StartServers 10 - PidFile "{{ vault_proxy_pid }}" - dest: "{{ vault_proxy_conf }}" - -- name: Start tinyproxy - shell: - cmd: tinyproxy -c "{{ vault_proxy_conf }}" - creates: "{{ vault_proxy_pid }}" - notify: proxy_cleanup diff --git a/tests/integration/targets/setup_vault_legacy/README.md b/tests/integration/targets/setup_vault_legacy/README.md deleted file mode 100644 index 4b71a87ce..000000000 --- a/tests/integration/targets/setup_vault_legacy/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# `setup_vault_legacy` -Single role to use for a particular target to support legacy dependency setup. - -## Notes -* Uses the other setup roles for setting up Vault, proxy, etc. so will require any dependencies that those do. diff --git a/tests/integration/targets/setup_vault_legacy/aliases b/tests/integration/targets/setup_vault_legacy/aliases deleted file mode 100644 index fef2b0646..000000000 --- a/tests/integration/targets/setup_vault_legacy/aliases +++ /dev/null @@ -1,4 +0,0 @@ -hidden -destructive -needs/target/setup_vault_server -needs/target/setup_tinyproxy_server diff --git a/tests/integration/targets/setup_vault_legacy/defaults/main.yml b/tests/integration/targets/setup_vault_legacy/defaults/main.yml deleted file mode 100644 index ea0a3e9a7..000000000 --- a/tests/integration/targets/setup_vault_legacy/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -vault_integration_legacy: False diff --git a/tests/integration/targets/setup_vault_legacy/tasks/main.yml b/tests/integration/targets/setup_vault_legacy/tasks/main.yml deleted file mode 100644 index c460e8069..000000000 --- a/tests/integration/targets/setup_vault_legacy/tasks/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- include_role: - name: setup_vault_server - when: vault_integration_legacy | bool - -- include_role: - name: setup_tinyproxy_server - when: vault_integration_legacy | bool diff --git a/tests/integration/targets/setup_vault_server/README.md b/tests/integration/targets/setup_vault_server/README.md deleted file mode 100644 index e3402be83..000000000 --- a/tests/integration/targets/setup_vault_server/README.md +++ /dev/null @@ -1,6 +0,0 @@ -# `setup_vault_server` -Responsible for ensuring a Vault server is running locally, with or without TLS. - -## Notes -* Uses `setup_vault_server_download`. -* Uses `setup_vault_server_cert`. diff --git a/tests/integration/targets/setup_vault_server/aliases b/tests/integration/targets/setup_vault_server/aliases deleted file mode 100644 index a93ae517d..000000000 --- a/tests/integration/targets/setup_vault_server/aliases +++ /dev/null @@ -1,4 +0,0 @@ -hidden -needs/target/setup_vault_server_cert -needs/target/setup_vault_server_download -destructive diff --git a/tests/integration/targets/setup_vault_server/defaults/main.yml b/tests/integration/targets/setup_vault_server/defaults/main.yml deleted file mode 100644 index 0688b6009..000000000 --- a/tests/integration/targets/setup_vault_server/defaults/main.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -vault_dev_root_token_id: '47542cbc-6bf8-4fba-8eda-02e0a0d29a0a' -vault_test_server_https: 'https://localhost:8201' -vault_test_server_http: 'http://localhost:8200' - -# WIP -vault_test_server_configure: True - -# when False the tests requiring a valid SSL connection to Vault will be skipped -vault_run_https_tests: True - -vault_server_temp_dir: /tmp -vault_cert_file: '{{ vault_server_temp_dir }}/cert.pem' -vault_key_file: '{{ vault_server_temp_dir }}/privatekey.pem' -vault_config_file: '{{ vault_server_temp_dir }}/vault_config.hcl' -vault_pid_file: '{{ vault_server_temp_dir }}/vault.pid' - -vault_launch_cmd: 'nohup {{ vault_cmd }} server -dev -config {{ vault_config_file }}' diff --git a/tests/integration/targets/setup_vault_server/handlers/main.yml b/tests/integration/targets/setup_vault_server/handlers/main.yml deleted file mode 100644 index eaab6a803..000000000 --- a/tests/integration/targets/setup_vault_server/handlers/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: 'Kill vault process' - shell: "kill $(cat {{ vault_pid_file }})" - ignore_errors: true - listen: test_managed_vault_cleanup - when: vault_integration_legacy | bool diff --git a/tests/integration/targets/setup_vault_server/tasks/main.yml b/tests/integration/targets/setup_vault_server/tasks/main.yml deleted file mode 100644 index 832a3701a..000000000 --- a/tests/integration/targets/setup_vault_server/tasks/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- import_tasks: vault_server.yml - -- set_fact: - vault_test_server_http: "{{ vault_test_server_http }}" - vault_test_server_https: "{{ vault_test_server_https }}" - vault_cert_file: "{{ vault_cert_file }}" - vault_key_file: "{{ vault_key_file }}" diff --git a/tests/integration/targets/setup_vault_server/tasks/vault_server.yml b/tests/integration/targets/setup_vault_server/tasks/vault_server.yml deleted file mode 100644 index 7d6f2edce..000000000 --- a/tests/integration/targets/setup_vault_server/tasks/vault_server.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -- name: Install HashiCorp Vault locally - block: - - - when: vault_run_https_tests | bool - vars: - vault_hostname: localhost - include_role: - name: setup_vault_server_cert - - import_role: - name: setup_vault_server_download - - - environment: - # used by vault command - VAULT_DEV_ROOT_TOKEN_ID: '{{ vault_dev_root_token_id }}' - block: - - name: 'Create configuration file' - template: - src: vault_config.hcl.j2 - dest: '{{ vault_config_file }}' - - - debug: - msg: '{{ vault_launch_cmd }} /dev/null 2>&1 &' - - - name: 'Start vault server (dev mode enabled)' - shell: '{{ vault_launch_cmd }} /dev/null 2>&1 &' - notify: test_managed_vault_cleanup - - - name: 'Ensure it succeeded' - block: - - name: 'Check Vault status' - environment: - VAULT_ADDR: '{{ vault_test_server_http }}' - shell: '{{ vault_cmd }} status' - register: vault_status - retries: 10 - delay: 1 - until: vault_status is succeeded - - - rescue: - - name: 'dump the config' - debug: - msg: "{{ lookup('file', vault_config_file) }}" - - # vault wasn't up, let's run the launch command with output, which we expect to fail - - name: 'Re-launch Vault' - shell: '{{ vault_launch_cmd }}' - notify: test_managed_vault_cleanup - # timeout: 10 # when we drop 2.9 support we can enable this just in case diff --git a/tests/integration/targets/setup_vault_server/templates/vault_config.hcl.j2 b/tests/integration/targets/setup_vault_server/templates/vault_config.hcl.j2 deleted file mode 100644 index 55f6ef49f..000000000 --- a/tests/integration/targets/setup_vault_server/templates/vault_config.hcl.j2 +++ /dev/null @@ -1,10 +0,0 @@ -# {{ ansible_managed }} -pid_file = "{{ vault_pid_file }}" -{% if vault_run_https_tests | bool %} -listener "tcp" { - tls_key_file = "{{ vault_key_file }}" - tls_cert_file = "{{ vault_cert_file }}" - tls_disable = false - address = "{{ vault_test_server_https | regex_replace('^https://([^:]+):(\\d+).*?$', '\\1:\\2') }}" -} -{% endif %} diff --git a/tests/integration/targets/setup_vault_server_download/README.md b/tests/integration/targets/setup_vault_server_download/README.md deleted file mode 100644 index 4a73ad379..000000000 --- a/tests/integration/targets/setup_vault_server_download/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# `setup_vault_server_download` -This role downloads a specified version of Vault and sets `vault_cmd` to the full path of the binary. - -## Notes -* Installs `unzip` via the `ansible.builtin.package` module, which will in turn require the correct packaging module and its required libraries to be available. MacOS is assumed to have `unzip` already. diff --git a/tests/integration/targets/setup_vault_server_download/aliases b/tests/integration/targets/setup_vault_server_download/aliases deleted file mode 100644 index b305f06e7..000000000 --- a/tests/integration/targets/setup_vault_server_download/aliases +++ /dev/null @@ -1,2 +0,0 @@ -hidden -destructive # installls unzip diff --git a/tests/integration/targets/setup_vault_server_download/defaults/main.yml b/tests/integration/targets/setup_vault_server_download/defaults/main.yml deleted file mode 100644 index 9b016a993..000000000 --- a/tests/integration/targets/setup_vault_server_download/defaults/main.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -vault_ansible_arch_table: - 'x86_64': 'amd64' # Linux - 'amd64': 'amd64' # FreeBSD - 'i386': '386' - -vault_arch: "{{ vault_ansible_arch_table[ansible_architecture] }}" - -vault_bin: '{{ role_path }}/files/bin/{{ vault_slug }}' -vault_slug: 'vault_{{ vault_version }}_{{ ansible_system | lower }}_{{ vault_arch }}' -vault_zip: '{{ vault_bin }}/{{ vault_slug }}.zip' -vault_uri: 'https://releases.hashicorp.com/vault/{{ vault_version }}/{{ vault_slug }}.zip' -vault_cmd: '{{ vault_bin }}/vault' - -vault_server_download_force: False - -vault_releases_url: https://api.github.com/repos/hashicorp/vault/releases diff --git a/tests/integration/targets/setup_vault_server_download/files/.gitignore b/tests/integration/targets/setup_vault_server_download/files/.gitignore deleted file mode 100644 index e660fd93d..000000000 --- a/tests/integration/targets/setup_vault_server_download/files/.gitignore +++ /dev/null @@ -1 +0,0 @@ -bin/ diff --git a/tests/integration/targets/setup_vault_server_download/tasks/latest.yml b/tests/integration/targets/setup_vault_server_download/tasks/latest.yml deleted file mode 100644 index 03a3c21cd..000000000 --- a/tests/integration/targets/setup_vault_server_download/tasks/latest.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -- block: - - name: Get the list of Vault releases - uri: - url: '{{ vault_releases_url }}' - headers: "{{ - {'authorization': 'Bearer ' ~ github_token} if github_token is defined else omit - }}" - register: vault_releases - until: >- - vault_releases is success - or vault_releases.status != 403 - or (vault_releases.json is defined and vault_releases.json.message | default('')) is not search('^API rate limit exceeded') - retries: 10 - delay: 3 - no_log: true - # this is no_log because of the possible GitHub token, and because the output is large - rescue: - # but if it fails, let's do it again without no_log (and with no token) so we can see what happened. - # without the token we might not hit the same problem, but it's worth a try. - - name: Get the list of Vault releases - uri: - url: '{{ vault_releases_url }}' - register: vault_releases - - # this is a little bit naive; we're using the latest published_at as a - # proxy for latest version; it's possible for that not to be correct. -- name: Get the latest non-pre-release version - set_fact: - vault_version: "{{ - vault_releases.json - | selectattr('draft', 'equalto', False) - | selectattr('prerelease', 'equalto', False) - | sort(attribute='published_at', reverse=True) - | map(attribute='name') - | first - | replace('v', '') - }}" diff --git a/tests/integration/targets/setup_vault_server_download/tasks/main.yml b/tests/integration/targets/setup_vault_server_download/tasks/main.yml deleted file mode 100644 index 45dc835a2..000000000 --- a/tests/integration/targets/setup_vault_server_download/tasks/main.yml +++ /dev/null @@ -1,70 +0,0 @@ ---- -- name: Determine latest Vault version if not specified - when: >- - vault_version is not defined - or vault_version == 'latest' - include_tasks: latest.yml - -- name: "Check if vault binary exists" - stat: - path: '{{ vault_cmd }}' - follow: yes - get_attributes: no - get_checksum: no - get_mime: no - register: bin_status - -- name: "Download vault if not local" - when: not bin_status.stat.exists or vault_server_download_force | bool - block: - - name: "Create bin directory" - file: - path: '{{ vault_bin }}' - state: directory - mode: u+rwx - - - name: 'Download vault binary' - get_url: - url: '{{ vault_uri }}' - dest: '{{ vault_zip }}' - - - block: - # because installing unzip is so slow, even when it already exists, we're going to ask for - # forgiveness rather than permission, and try to unzip first. If it fails, then we'll try to - # install it and extract again. - - name: 'Extract vault binary' - unarchive: - src: '{{ vault_zip }}' - dest: '{{ vault_bin }}' - remote_src: yes - creates: '{{ vault_cmd }}' - rescue: - # NOTE: 'package' does not work properly with Ubuntu/Debian (like the 'default' docker image), - # if you're running in a version of Python other than the "system" Python, due to system libraries - # needed for the python 'apt' package. See https://stackoverflow.com/q/13708180/3905079 - # So for those OSes, we'll set the Python interpreter to the symlink in /usr/bin which should - # always be the correct one that corresponds to the system libraries. - # - # All this just for unzip, which is only needed to unzip the vault binary to set up for testing. - - name: 'Install unzip' - become: yes - vars: - # by assuming python3 here we're probably condeming this to not work on older Ubuntu/Debian (from like 2014?) - # but the alternative is probably reimplementing parts of interpreter_discovery.py - ansible_python_interpreter: "{{ - '/usr/bin/python3' if ansible_distribution in ['Ubuntu', 'Debian'] else ansible_python.executable - }}" - package: - name: unzip - when: ansible_distribution != "MacOSX" # unzip already installed - - - name: 'Extract vault binary' - unarchive: - src: '{{ vault_zip }}' - dest: '{{ vault_bin }}' - remote_src: yes - creates: '{{ vault_cmd }}' - -- name: 'Export Vault command' - set_fact: - vault_cmd: '{{ vault_cmd }}'