CI: move to GHA, test against vault-enterprise 1.10.3-ent (#1461)

Move from CircleCI to GitHub Actions. Run all acceptance tests against Vault Enterprise. Additional fixes: - Fix up broken enterprise tests - Add support for testing against Postgres - Fix a regression introduced in v3.5.0 which inadvertently removed the the `disable_escaping` feature from some db engines - Fix bogus quota test that caused the tests to fail
hashicorp · May 21, 2022 · 301c7ca · 301c7ca
1 parent 50f9a0b
commit 301c7ca
Show file tree

Hide file tree

Showing 21 changed files with 349 additions and 195 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -1,69 +1,13 @@
 version: 2.1
 
-workflows:
-  build:
-    jobs:
-      - build:
-          context:
-            - vault-plugin-secrets-terraform
-
 jobs:
   build:
     docker:
-      - image: docker.mirror.hashicorp.services/cimg/go:1.17.5
-      - image: circleci/mongo:latest
-        environment:
-          - MONGO_INITDB_ROOT_USERNAME: root
-          - MONGO_INITDB_ROOT_PASSWORD: mongodb
-          - MONGO_INITDB_DATABASE: admin
-      - image: circleci/mysql:latest
-        environment:
-          - MYSQL_ROOT_PASSWORD=mysql
-      - image: hashicorp/vault:latest
-        environment:
-          - VAULT_DEV_ROOT_TOKEN_ID=root
-      - image: mcr.microsoft.com/mssql/server:2017-latest-ubuntu
-        environment:
-          - ACCEPT_EULA=Y
-          - SA_PASSWORD=yourStrong1000Password
-    working_directory: /tmp/go/src/github.com/hashicorp/terraform-provider-vault
+      - image: cimg/base:2022.03
     steps:
-      - checkout
-      - run:
-          name: Wait for containers to starts
-          command: dockerize -wait http://127.0.0.1:8200 -wait tcp://127.0.0.1:3306  -wait tcp://127.0.0.1:1433 -timeout 30s
-      - run:
-          name: "Set Environment Variables"
-          command: |
-            echo 'GO111MODULE=on' >> $BASH_ENV
-            echo 'export GOBIN=$GOPATH/bin' >> $BASH_ENV
-      - run:
-          name: "Run Tests"
-          no_output_timeout: 30m
-          command: |
-            make test TESTARGS='-v'
-      - run:
-          name: "Run Acceptance Tests"
-          no_output_timeout: 35m
-          command: |
-            export VAULT_TOKEN="root"
-            export VAULT_ADDR="http://127.0.0.1:8200"
-            export TF_ACC_TERRAFORM_VERSION="1.0.7"
-            export MYSQL_URL="root:mysql@tcp(127.0.0.1:3306)/"
-            export MYSQL_CONNECTION_URL="{{username}}:{{password}}@tcp(127.0.0.1:3306)/"
-            export MYSQL_CONNECTION_USERNAME="root"
-            export MYSQL_CONNECTION_PASSWORD="mysql"
-            export MONGODB_URL="mongodb://root:[email protected]:27017/admin?ssl=false"
-            export MSSQL_URL="sqlserver://sa:[email protected]:1433"
-            # This will be removed after VAULT-4324 is fixed
-            make testacc TESTARGS='-v' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true
-      - run:
-          name: "Run Build"
-          command: |
-            go build
       - run:
-          name: "Generate Coverage Report"
+          name: "Moved to GitHub Actions"
           command: |
-            cd cmd/coverage/
-            go build
-            ./coverage -openapi-doc=/tmp/go/src/github.com/hashicorp/terraform-provider-vault/testdata/openapi.json
+            sudo apt-get update && sudo apt-get install -y figlet
+            figlet 'Moved to GitHub Actions'
+            echo 'See https://github.com/hashicorp/terraform-provider-vault/actions'
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,79 @@
+name: Build
+
+on: push
+
+jobs:
+  go-version:
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.go-version.outputs.version }}
+    steps:
+      - uses: actions/checkout@v3
+      - id: go-version
+        run: echo "::set-output name=version::$(cat ./.go-version)"
+  build:
+    needs: [go-version]
+    runs-on: ubuntu-latest
+    container:
+      image: "docker.mirror.hashicorp.services/golang:${{ needs.go-version.outputs.version }}"
+    steps:
+      - uses: actions/checkout@v3
+      - name: Build
+        run: |
+          make build
+  acceptance:
+    needs: [go-version, build]
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        # TODO: enable 1.9 job once the provider is Vault version aware
+        #image: ["vault-enterprise:1.9-ent", "vault-enterprise:1.10-ent"]
+        image: ["vault-enterprise:1.10-ent"]
+    container:
+      image: "docker.mirror.hashicorp.services/golang:${{ needs.go-version.outputs.version }}"
+    services:
+      vault:
+        image: hashicorp/${{ matrix.image }}
+        env:
+          VAULT_DEV_ROOT_TOKEN_ID: root
+          VAULT_LICENSE: ${{ secrets.VAULT_LICENSE }}
+      mysql:
+        image: docker.mirror.hashicorp.services/mysql:latest
+        env:
+          MYSQL_ROOT_PASSWORD: mysql
+      mssql:
+        image: mcr.microsoft.com/mssql/server:2017-latest-ubuntu
+        env:
+          ACCEPT_EULA: Y
+          SA_PASSWORD: ${{ secrets.MSSQL_SA_PASSWORD }}
+      mongo:
+        image: docker.mirror.hashicorp.services/mongo:latest
+        env:
+          MONGO_INITDB_ROOT_USERNAME: root
+          MONGO_INITDB_ROOT_PASSWORD: mongodb
+          MONGO_INITDB_DATABASE: admin
+      postgres:
+        image: docker.mirror.hashicorp.services/postgres:latest
+        env:
+          POSTGRES_PASSWORD: secret
+          POSTGRES_DB: database
+    steps:
+      - uses: actions/checkout@v3
+      - name: Acceptance Tests
+        env:
+          VAULT_TOKEN: "root"
+          VAULT_ADDR: "http://vault:8200"
+          TF_ACC_TERRAFORM_VERSION: "1.0.7"
+          MYSQL_URL: "root:mysql@tcp(mysql:3306)/"
+          MYSQL_CONNECTION_URL: "{{username}}:{{password}}@tcp(mysql:3306)/"
+          MYSQL_CONNECTION_USERNAME: "root"
+          MYSQL_CONNECTION_PASSWORD: "mysql"
+          MONGODB_URL: "mongodb://root:mongodb@mongo:27017/admin?ssl=false"
+          MSSQL_URL: "sqlserver://sa:${{ secrets.MSSQL_SA_PASSWORD }}@mssql:1433"
+          POSTGRES_URL: "postgres://postgres:secret@postgres:5432/database?sslmode=disable"
+        run: |
+          make testacc-ent TESTARGS='-v' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true
+      - name: "Generate Vault API Path Coverage Report"
+        run: |
+          go run cmd/coverage/main.go -openapi-doc=./testdata/openapi.json
diff --git a/.go-version b/.go-version
@@ -1 +1 @@
-1.17.5
+1.17.10
diff --git a/GNUmakefile → Makefile b/GNUmakefile → Makefile
diff --git a/codegen/generate.go b/codegen/generate.go
@@ -2,9 +2,11 @@ package codegen
 
 import (
 	"bufio"
+	"bytes"
 	"errors"
 	"fmt"
 	"os"
+	"os/exec"
 	"path/filepath"
 	"strings"
 
@@ -14,7 +16,7 @@ import (
 
 // generatedDirPerms uses 0775 because it is the same as for
 // the "vault" directory, which is at "drwxrwxr-x".
-const generatedDirPerms os.FileMode = 0775
+const generatedDirPerms os.FileMode = 0o775
 
 var errUnsupported = errors.New("code and doc generation for this item is unsupported")
 
@@ -172,11 +174,11 @@ we eventually cover all >500 of them and add tests.
 */
 func codeFilePath(tfTp tfType, endpoint string) (string, error) {
 	filename := fmt.Sprintf("%ss%s.go", tfTp.String(), endpoint)
-	homeDirPath, err := pathToHomeDir()
+	repoRoot, err := getRepoRoot()
 	if err != nil {
 		return "", err
 	}
-	path := filepath.Join(homeDirPath, "generated", filename)
+	path := filepath.Join(repoRoot, "generated", filename)
 	return stripCurlyBraces(path), nil
 }
 
@@ -211,11 +213,11 @@ we eventually cover all >500 of them and add tests.
 func docFilePath(tfTp tfType, endpoint string) (string, error) {
 	endpoint = normalizeDocEndpoint(endpoint)
 	filename := fmt.Sprintf("%s/%s.html.md", tfTp.DocType(), endpoint)
-	homeDirPath, err := pathToHomeDir()
+	repoRoot, err := getRepoRoot()
 	if err != nil {
 		return "", err
 	}
-	return filepath.Join(homeDirPath, "website", "docs", filename), nil
+	return filepath.Join(repoRoot, "website", "docs", filename), nil
 }
 
 // normalizeDocEndpoint changes the raw endpoint into the format we expect for
@@ -248,15 +250,12 @@ func stripCurlyBraces(path string) string {
 	return path
 }
 
-// pathToHomeDir yields the path to the terraform-vault-provider
-// home directory on the machine on which it's running.
-// ex. /home/your-name/go/src/github.com/hashicorp/terraform-provider-vault
-func pathToHomeDir() (string, error) {
-	repoName := "terraform-provider-vault"
-	wd, err := os.Getwd()
+// getRepoRoot relative to CWD.
+func getRepoRoot() (string, error) {
+	out, err := exec.Command("git", "rev-parse", "--show-toplevel").Output()
 	if err != nil {
 		return "", err
 	}
-	pathParts := strings.Split(wd, repoName)
-	return pathParts[0] + repoName, nil
+
+	return string(bytes.TrimRight(out, "\n")), nil
 }
diff --git a/codegen/generate_test.go b/codegen/generate_test.go
@@ -5,7 +5,7 @@ import (
 )
 
 func TestCodeFilePath(t *testing.T) {
-	homeDirPath, err := pathToHomeDir()
+	repoRoot, err := getRepoRoot()
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -45,21 +45,21 @@ func TestCodeFilePath(t *testing.T) {
 		if err != nil {
 			t.Fatal(err)
 		}
-		if actualDataSourceFilePath != homeDirPath+testCase.expectedDataSourceFilePath {
-			t.Fatalf("expected %q but received %q", homeDirPath+testCase.expectedDataSourceFilePath, actualDataSourceFilePath)
+		if actualDataSourceFilePath != repoRoot+testCase.expectedDataSourceFilePath {
+			t.Fatalf("expected %q but received %q", repoRoot+testCase.expectedDataSourceFilePath, actualDataSourceFilePath)
 		}
 		actualResourceFilePath, err := codeFilePath(tfTypeResource, testCase.input)
 		if err != nil {
 			t.Fatal(err)
 		}
-		if actualResourceFilePath != homeDirPath+testCase.expectedResourceFilePath {
-			t.Fatalf("expected %q but received %q", homeDirPath+testCase.expectedResourceFilePath, actualResourceFilePath)
+		if actualResourceFilePath != repoRoot+testCase.expectedResourceFilePath {
+			t.Fatalf("expected %q but received %q", repoRoot+testCase.expectedResourceFilePath, actualResourceFilePath)
 		}
 	}
 }
 
 func TestDocFilePath(t *testing.T) {
-	homeDirPath, err := pathToHomeDir()
+	repoRoot, err := getRepoRoot()
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -95,15 +95,15 @@ func TestDocFilePath(t *testing.T) {
 		if err != nil {
 			t.Fatal(err)
 		}
-		if actualDataSourceDocPath != homeDirPath+testCase.expectedDataSourceFilePath {
-			t.Fatalf("expected %q but received %q", homeDirPath+testCase.expectedDataSourceFilePath, actualDataSourceDocPath)
+		if actualDataSourceDocPath != repoRoot+testCase.expectedDataSourceFilePath {
+			t.Fatalf("expected %q but received %q", repoRoot+testCase.expectedDataSourceFilePath, actualDataSourceDocPath)
 		}
 		actualResourceDocPath, err := docFilePath(tfTypeResource, testCase.input)
 		if err != nil {
 			t.Fatal(err)
 		}
-		if actualResourceDocPath != homeDirPath+testCase.expectedResourceFilePath {
-			t.Fatalf("expected %q but received %q", homeDirPath+testCase.expectedResourceFilePath, actualResourceDocPath)
+		if actualResourceDocPath != repoRoot+testCase.expectedResourceFilePath {
+			t.Fatalf("expected %q but received %q", repoRoot+testCase.expectedResourceFilePath, actualResourceDocPath)
 		}
 	}
 }

diff --git a/codegen/templates.go b/codegen/templates.go
@@ -35,7 +35,7 @@ var (
 )
 
 func newTemplateHandler(logger hclog.Logger) (*templateHandler, error) {
-	homeDirPath, err := pathToHomeDir()
+	repoRoot, err := getRepoRoot()
 	if err != nil {
 		return nil, err
 	}
@@ -44,7 +44,7 @@ func newTemplateHandler(logger hclog.Logger) (*templateHandler, error) {
 	// cache them to be used repeatedly.
 	templates := make(map[templateType]*template.Template, len(templateRegistry))
 	for tmplType, pathFromHomeDir := range templateRegistry {
-		pathToFile := filepath.Join(homeDirPath, pathFromHomeDir)
+		pathToFile := filepath.Join(repoRoot, pathFromHomeDir)
 		templateBytes, err := ioutil.ReadFile(pathToFile)
 		if err != nil {
 			return nil, errwrap.Wrapf("error reading "+pathToFile+": {{err}}", err)

diff --git a/generated/resources/transform/template/name_test.go b/generated/resources/transform/template/name_test.go
@@ -65,7 +65,7 @@ func TestTemplateName(t *testing.T) {
 					resource.TestCheckResourceAttr("vault_transform_template_name.test", "pattern", `(\d{9})`),
 					resource.TestCheckResourceAttr("vault_transform_template_name.test", "alphabet", "builtin/numeric"),
 					resource.TestCheckResourceAttr("vault_transform_template_name.test", "encode_format", ""),
-					resource.TestCheckNoResourceAttr("vault_transform_template_name.test", "decode_formats"),
+					resource.TestCheckResourceAttr("vault_transform_template_name.test", "decode_formats.#", "0"),
 				),
 			},
 			{

diff --git a/go.mod b/go.mod
@@ -10,6 +10,7 @@ require (
 	github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 // indirect
 	github.com/aws/aws-sdk-go v1.41.8
 	github.com/containerd/containerd v1.6.2 // indirect
+	github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f
 	github.com/denisenkom/go-mssqldb v0.11.0
 	github.com/docker/distribution v2.8.1+incompatible // indirect
 	github.com/go-sql-driver/mysql v1.6.0

diff --git a/go.sum b/go.sum
@@ -454,6 +454,7 @@ github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+
 github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
 github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
+github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f h1:lBNOc5arjvs8E5mO2tbpBpLoyyu8B6e44T7hJy6potg=
 github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
 github.com/couchbase/gocb/v2 v2.3.3/go.mod h1:h4b3UYDnGI89hMW9VypVjAr+EE0Ki4jjlXJrVdmSZhQ=
 github.com/couchbase/gocbcore/v10 v10.0.4/go.mod h1:s6dwBFs4c3+cAzZbo1q0VW+QasudhHJuehE8b8U2YNg=

diff --git a/testutil/testutil.go b/testutil/testutil.go
@@ -11,6 +11,7 @@ import (
 	"reflect"
 	"testing"
 
+	"github.com/coreos/pkg/multierror"
 	"github.com/hashicorp/go-retryablehttp"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
@@ -289,3 +290,42 @@ func TestHTTPServer(t *testing.T, handler http.Handler) (*api.Config, net.Listen
 
 	return config, ln
 }
+
+func GetDynamicTCPListeners(host string, count int) ([]net.Listener, func() error, error) {
+	_, p, err := net.SplitHostPort(host)
+	if err != nil {
+		pErr := err.(*net.AddrError)
+		if pErr.Err != "missing port in address" {
+			return nil, nil, err
+		}
+	}
+	if p != "" {
+		return nil, nil, fmt.Errorf("host %q contains a port", host)
+	}
+
+	addr := host + ":0"
+	listeners := make([]net.Listener, count)
+	for i := 0; i < count; i++ {
+		ln, err := net.Listen("tcp", addr)
+		if err != nil {
+			return nil, nil, err
+		}
+		listeners[i] = ln
+	}
+
+	closer := func() error {
+		errs := multierror.Error{}
+		for _, ln := range listeners {
+			if err := ln.Close(); err != nil {
+				errs = append(errs, err)
+			}
+		}
+
+		if len(errs) > 0 {
+			return errs
+		}
+		return nil
+	}
+
+	return listeners, closer, nil
+}