Merge pull request #4698 from hashicorp/t-vault-matrix

Vault test matrix
hashicorp · Sep 25, 2018 · 8a0f092 · 8a0f092
1 parent e294b37
commit 8a0f092
Show file tree

Hide file tree

Showing 8 changed files with 422 additions and 6 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -27,6 +27,10 @@ matrix:
       env: RUN_STATIC_CHECKS=1 SKIP_NOMAD_TESTS=1
     - os: osx
       osx_image: xcode9.1
+    - os: linux
+      dist: trusty
+      sudo: required
+      env: RUN_E2E_TESTS=1 SKIP_NOMAD_TESTS=1
   allow_failures:
     - os: osx
   fast_finish: true

diff --git a/GNUmakefile b/GNUmakefile
@@ -239,6 +239,9 @@ test: ## Run the Nomad test suite and/or the Nomad UI test suite
 	@if [ $(RUN_UI_TESTS) ]; then \
 		make test-ui; \
 		fi
+	@if [ $(RUN_E2E_TESTS) ]; then \
+		make e2e-test; \
+		fi
 
 .PHONY: test-nomad
 test-nomad: dev ## Run Nomad test suites
@@ -251,6 +254,15 @@ test-nomad: dev ## Run Nomad test suites
 		bash -C "$(PROJECT_ROOT)/scripts/test_check.sh" ; \
 	fi
 
+.PHONY: e2e-test
+e2e-test: dev ## Run the Nomad e2e test suite
+	@echo "==> Running Nomad E2E test suites:"
+	go test \
+		$(if $(ENABLE_RACE),-race) $(if $(VERBOSE),-v) \
+		-cover \
+		-timeout=900s \
+		github.com/hashicorp/nomad/e2e/vault/
+
 .PHONY: clean
 clean: GOPATH=$(shell go env GOPATH)
 clean: ## Remove build artifacts

diff --git a/e2e/vault/consts_test.go b/e2e/vault/consts_test.go
@@ -0,0 +1,74 @@
+package vault
+
+import (
+	"github.com/hashicorp/nomad/api"
+	"github.com/hashicorp/nomad/helper"
+)
+
+const (
+	// policy is the recommended Nomad Vault policy
+	policy = `path "auth/token/create/nomad-cluster" {
+  capabilities = ["update"]
+}
+path "auth/token/roles/nomad-cluster" {
+  capabilities = ["read"]
+}
+path "auth/token/lookup-self" {
+  capabilities = ["read"]
+}
+
+path "auth/token/lookup" {
+  capabilities = ["update"]
+}
+path "auth/token/revoke-accessor" {
+  capabilities = ["update"]
+}
+path "sys/capabilities-self" {
+  capabilities = ["update"]
+}
+path "auth/token/renew-self" {
+  capabilities = ["update"]
+}`
+)
+
+var (
+	// role is the recommended nomad cluster role
+	role = map[string]interface{}{
+		"disallowed_policies": "nomad-server",
+		"explicit_max_ttl":    0,
+		"name":                "nomad-cluster",
+		"orphan":              false,
+		"period":              259200,
+		"renewable":           true,
+	}
+
+	// job is a test job that is used to request a Vault token and cat the token
+	// out before exiting.
+	job = &api.Job{
+		ID:          helper.StringToPtr("test"),
+		Type:        helper.StringToPtr("batch"),
+		Datacenters: []string{"dc1"},
+		TaskGroups: []*api.TaskGroup{
+			{
+				Name: helper.StringToPtr("test"),
+				Tasks: []*api.Task{
+					{
+						Name:   "test",
+						Driver: "raw_exec",
+						Config: map[string]interface{}{
+							"command": "cat",
+							"args":    []string{"${NOMAD_SECRETS_DIR}/vault_token"},
+						},
+						Vault: &api.Vault{
+							Policies: []string{"default"},
+						},
+					},
+				},
+				RestartPolicy: &api.RestartPolicy{
+					Attempts: helper.IntToPtr(0),
+					Mode:     helper.StringToPtr("fail"),
+				},
+			},
+		},
+	}
+)
diff --git a/e2e/vault/matrix_test.go b/e2e/vault/matrix_test.go
@@ -0,0 +1,33 @@
+package vault
+
+var (
+	// versions is the set of Vault versions we test for backwards compatibility
+	versions = []string{
+		"0.11.1",
+		"0.11.0",
+		"0.10.4",
+		"0.10.3",
+		"0.10.2",
+		"0.10.1",
+		"0.10.0",
+		"0.9.6",
+		"0.9.5",
+		"0.9.4",
+		"0.9.3",
+		"0.9.2",
+		"0.9.1",
+		"0.9.0",
+		"0.8.3",
+		"0.8.2",
+		"0.8.1",
+		"0.8.0",
+		"0.7.3",
+		"0.7.2",
+		"0.7.1",
+		"0.7.0",
+		"0.6.5",
+		"0.6.4",
+		"0.6.3",
+		"0.6.2",
+	}
+)