test(e2e): add GCP dynamic host catalog e2e tests (#5294)

* test(e2e): add GCP infra resources and tests for enos testing - add 1 new `gcp_target` module that creates a GCP VM instance with labels for filtering - add GCP dynamic host catalog e2e tests
hashicorp · Dec 17, 2024 · a4f2a70 · a4f2a70
1 parent 862a30c
commit a4f2a70
Show file tree

Hide file tree

Showing 16 changed files with 992 additions and 6 deletions.
diff --git a/.github/workflows/enos-run.yml b/.github/workflows/enos-run.yml
@@ -80,6 +80,7 @@ jobs:
           - filter: 'e2e_database'
           - filter: 'e2e_docker_base builder:crt'
           - filter: 'e2e_docker_base_plus builder:crt'
+          - filter: 'e2e_docker_base_with_gcp builder:crt'
           - filter: 'e2e_docker_base_with_vault builder:crt'
           - filter: 'e2e_docker_base_with_worker builder:crt'
           - filter: 'e2e_docker_worker_registration_controller_led builder:crt'
@@ -101,6 +102,10 @@ jobs:
       ENOS_VAR_boundary_docker_image_name: ${{ inputs.docker-image-name }}
       ENOS_VAR_boundary_docker_image_file: ./support/boundary_docker_image.tar
       ENOS_VAR_go_version: ${{ inputs.go-version }}
+      ENOS_VAR_gcp_project_id: ${{ secrets.GCP_PROJECT_ID_CI }}
+      ENOS_VAR_gcp_client_email: ${{ secrets.GCP_CLIENT_EMAIL_CI }}
+      ENOS_VAR_gcp_private_key_id: ${{ secrets.GCP_PRIVATE_KEY_ID_CI }}
+      ENOS_VAR_gcp_private_key: ${{ secrets.GCP_PRIVATE_KEY_CI }}
     steps:
       - name: Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -147,6 +152,17 @@ jobs:
           role-to-assume: ${{ secrets.AWS_ROLE_ARN_CI }}
           role-skip-session-tagging: true
           role-duration-seconds: 3600
+      - name: Configure GCP credentials
+        if: contains(matrix.filter, 'gcp')
+        id: gcp_auth
+        uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
+        with:
+          credentials_json: ${{ secrets.GCP_CREDENTIALS }}
+          access_token_lifetime: '3600s'
+          project_id: ${{ secrets.GCP_PROJECT_ID_CI }}
+      - name: 'Set up GCP Cloud SDK'
+        if: contains(matrix.filter, 'gcp')
+        uses: google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200 # v2.1.0
       - name: Set up Enos
         uses: hashicorp/action-setup-enos@v1    # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed
         with:

diff --git a/enos/enos-modules.hcl b/enos/enos-modules.hcl
@@ -178,3 +178,15 @@ module "docker_ldap" {
 module "docker_minio" {
   source = "./modules/docker_minio"
 }
+
+module "gcp_iam_setup" {
+  source         = "./modules/gcp_iam_setup"
+  gcp_project_id = var.gcp_project_id
+}
+
+module "gcp_target" {
+  source       = "./modules/gcp_target"
+  target_count = var.target_count
+  environment  = var.environment
+  enos_user    = var.enos_user
+}
diff --git a/enos/enos-scenario-e2e-docker-base-with-gcp.hcl b/enos/enos-scenario-e2e-docker-base-with-gcp.hcl
@@ -0,0 +1,143 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+# For this scenario to work, add the following line to /etc/hosts
+# 127.0.0.1 localhost boundary
+
+scenario "e2e_docker_base_with_gcp" {
+  terraform_cli = terraform_cli.default
+  terraform     = terraform.default
+  providers = [
+    provider.enos.default,
+    provider.google.default
+  ]
+
+  matrix {
+    builder = ["local", "crt"]
+  }
+
+  locals {
+    local_boundary_dir         = var.local_boundary_dir != null ? abspath(var.local_boundary_dir) : null
+    local_boundary_src_dir     = var.local_boundary_src_dir != null ? abspath(var.local_boundary_src_dir) : null
+    boundary_docker_image_file = abspath(var.boundary_docker_image_file)
+    license_path               = abspath(var.boundary_license_path != null ? var.boundary_license_path : joinpath(path.root, "./support/boundary.hclic"))
+    gcp_private_key            = var.gcp_private_key_path != null ? file(var.gcp_private_key_path) : var.gcp_private_key
+
+    network_cluster = "e2e_gcp"
+
+    build_path = {
+      "local" = "/tmp",
+      "crt"   = var.crt_bundle_path == null ? null : abspath(var.crt_bundle_path)
+    }
+    tags = merge({
+      "Project Name" : var.project_name
+      "Project" : "Enos",
+      "Environment" : "ci"
+    }, var.tags)
+  }
+
+  step "build_boundary_docker_image" {
+    module = matrix.builder == "crt" ? module.build_boundary_docker_crt : module.build_boundary_docker_local
+
+    variables {
+      path           = matrix.builder == "crt" ? local.boundary_docker_image_file : ""
+      cli_build_path = local.build_path[matrix.builder]
+      edition        = var.boundary_edition
+    }
+  }
+
+  step "create_docker_network" {
+    module = module.docker_network
+    variables {
+      network_name = local.network_cluster
+    }
+  }
+
+  step "create_boundary_database" {
+    depends_on = [
+      step.create_docker_network
+    ]
+    variables {
+      image_name   = "${var.docker_mirror}/library/postgres:latest"
+      network_name = [local.network_cluster]
+    }
+    module = module.docker_postgres
+  }
+
+  step "read_license" {
+    skip_step = var.boundary_edition == "oss"
+    module    = module.read_license
+
+    variables {
+      file_name = local.license_path
+    }
+  }
+
+  step "create_boundary" {
+    module = module.docker_boundary
+    depends_on = [
+      step.create_docker_network,
+      step.create_boundary_database,
+      step.build_boundary_docker_image
+    ]
+    variables {
+      image_name       = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name
+      network_name     = [local.network_cluster]
+      database_network = local.network_cluster
+      postgres_address = step.create_boundary_database.address
+      boundary_license = var.boundary_edition != "oss" ? step.read_license.license : ""
+    }
+  }
+
+  step "create_test_id" {
+    module = module.random_stringifier
+    variables {
+      length = 5
+    }
+  }
+
+  step "create_gcp_target" {
+    module = module.gcp_target
+
+    variables {
+      enos_user     = var.enos_user
+      instance_type = var.gcp_target_instance_type
+      gcp_zone      = var.gcp_zone
+      target_count  = 1
+    }
+  }
+
+  step "run_e2e_test" {
+    module = module.test_e2e_docker
+    depends_on = [
+      step.create_boundary,
+      step.create_gcp_target
+    ]
+    variables {
+      test_package           = "github.com/hashicorp/boundary/testing/internal/e2e/tests/gcp"
+      docker_mirror          = var.docker_mirror
+      network_name           = step.create_docker_network.network_name
+      go_version             = var.go_version
+      debug_no_run           = var.e2e_debug_no_run
+      alb_boundary_api_addr  = step.create_boundary.address
+      auth_method_id         = step.create_boundary.auth_method_id
+      auth_login_name        = step.create_boundary.login_name
+      auth_password          = step.create_boundary.password
+      local_boundary_dir     = step.build_boundary_docker_image.cli_zip_path
+      local_boundary_src_dir = local.local_boundary_src_dir
+      gcp_host_set_filter1   = step.create_gcp_target.filter_label1
+      gcp_host_set_filter2   = step.create_gcp_target.filter_label2
+      gcp_private_key_id     = var.gcp_private_key_id
+      gcp_private_key        = local.gcp_private_key
+      gcp_zone               = var.gcp_zone
+      gcp_project_id         = var.gcp_project_id
+      gcp_client_email       = var.gcp_client_email
+      gcp_target_ssh_key     = step.create_gcp_target.target_ssh_key
+      gcp_host_set_ips       = step.create_gcp_target.target_ips
+      target_address         = step.create_gcp_target.target_public_ips[0]
+      target_port            = "22"
+      target_user            = "ubuntu"
+      max_page_size          = step.create_boundary.max_page_size
+    }
+  }
+}
diff --git a/enos/enos-variables.hcl b/enos/enos-variables.hcl
@@ -200,3 +200,56 @@ variable "hcp_boundary_cluster_id" {
   // If using HCP int, ensure that the cluster id starts with "int-"
   // Example: "int-19283a-123123-..."
 }
+
+variable "gcp_target_instance_type" {
+  description = "Instance type for test target nodes"
+  type        = string
+  default     = "e2-micro"
+}
+
+variable "gcp_region" {
+  description = "GCP region where the resources will be created"
+  type        = string
+  default     = "us-central1"
+}
+
+variable "gcp_zone" {
+  description = "GCP zone where the resources will be created"
+  type        = string
+  default     = "us-central1-a"
+}
+
+variable "gcp_project_id" {
+  description = "GCP project where the resources will be created"
+  type        = string
+  sensitive   = true
+  default     = ""
+}
+
+variable "gcp_private_key_path" {
+  description = "Path to the GCP private key"
+  type        = string
+  sensitive   = true
+  default     = null
+}
+
+variable "gcp_private_key" {
+  description = "GCP private key"
+  type        = string
+  sensitive   = true
+  default     = null
+}
+
+variable "gcp_private_key_id" {
+  description = "GCP private key ID"
+  type        = string
+  sensitive   = true
+  default     = null
+}
+
+variable "gcp_client_email" {
+  description = "GCP client email"
+  type        = string
+  sensitive   = true
+  default     = null
+}
diff --git a/enos/enos.hcl b/enos/enos.hcl
@@ -17,6 +17,11 @@ terraform "default" {
       source  = "hashicorp/aws"
       version = "5.72.1"
     }
+
+    google = {
+      source  = "hashicorp/google"
+      version = "5.22.0"
+    }
   }
 }
 
@@ -32,3 +37,8 @@ provider "enos" "default" {
     }
   }
 }
+
+provider "google" "default" {
+  region  = var.gcp_region
+  project = var.gcp_project_id
+}
diff --git a/enos/enos.vars.hcl b/enos/enos.vars.hcl
@@ -60,6 +60,23 @@
 // Number of target instances to create. Applies to AWS scenarios only.
 // target_count = 1
 
+// The GCP project ID to use for the tests. Only needed if running GCP scenarios.
+// gcp_project_id = "my-gcp-project-id"
+
+// The GCP private_key_path. This is used to authenticate with GCP. Only needed
+// if running GCP scenarios. This should not be used in combination with gcp_private_key.
+// gcp_private_key_path = ""
+
+// The GCP private_key. This is used to authenticate with GCP. Only needed
+// if running GCP scenarios. This should not be used in combination with gcp_private_key_path.
+// gcp_private_key = ""
+
+// The GCP private_key_id. Only needed if running GCP scenarios. 
+// gcp_private_key_id = ""
+
+// The GCP client_email used to authenticate with GCP
+// gcp_client_email = "my-gcp-client-email"
+
 // The directory that contains the copy of the boundary cli that the e2e tests
 // will use in CI. Only needed if e2e_debug_no_run = false.
 // local_boundary_dir = "/Users/<user>/.go/bin"