From 89e9e0f2cd46431ed212e7f63ec0ea2e23a639e7 Mon Sep 17 00:00:00 2001
From: Ryan Cragun <me@ryan.ec>
Date: Fri, 21 Jun 2024 15:24:46 -0600
Subject: [PATCH] VAULT-28307 enos: allow arm64 fips1402 and hsm editions
 (#27571)

In preperation for arm64 builds of hsm, fips1402, and hsm.fips1402
editions of Vault Enterprise we'll allow them in our test scenarios.

Signed-off-by: Ryan Cragun <me@ryan.ec>
---
 enos/enos-scenario-agent.hcl       | 10 ++--------
 enos/enos-scenario-autopilot.hcl   |  7 ++++---
 enos/enos-scenario-proxy.hcl       | 10 ++--------
 enos/enos-scenario-replication.hcl | 10 ++--------
 enos/enos-scenario-seal-ha.hcl     | 12 ++----------
 enos/enos-scenario-smoke.hcl       | 10 ++--------
 enos/enos-scenario-upgrade.hcl     |  7 ++++---
 7 files changed, 18 insertions(+), 48 deletions(-)

diff --git a/enos/enos-scenario-agent.hcl b/enos/enos-scenario-agent.hcl
index 9d609e3289..7f39df4823 100644
--- a/enos/enos-scenario-agent.hcl
+++ b/enos/enos-scenario-agent.hcl
@@ -36,12 +36,6 @@ scenario "agent" {
       artifact_type   = ["package"]
     }
 
-    # HSM and FIPS 140-2 are only supported on amd64
-    exclude {
-      arch    = ["arm64"]
-      edition = ["ent.fips1402", "ent.hsm", "ent.hsm.fips1402"]
-    }
-
     # PKCS#11 can only be used on ent.hsm and ent.hsm.fips1402.
     exclude {
       seal    = ["pkcs11"]
@@ -54,8 +48,8 @@ scenario "agent" {
       arch   = ["arm64"]
     }
 
-    # softhsm packages not available for leap/sles; Enos support for softhsm
-    # on amzn2 to be added later.
+    # softhsm packages not available for leap/sles. Enos support for softhsm on amzn2 is
+    # not implemented yet.
     exclude {
       seal   = ["pkcs11"]
       distro = ["amzn2", "leap", "sles"]
diff --git a/enos/enos-scenario-autopilot.hcl b/enos/enos-scenario-autopilot.hcl
index 35d3531966..902a2bedad 100644
--- a/enos/enos-scenario-autopilot.hcl
+++ b/enos/enos-scenario-autopilot.hcl
@@ -41,7 +41,8 @@ scenario "autopilot" {
       artifact_type   = ["package"]
     }
 
-    # HSM and FIPS 140-2 are only supported on amd64
+    # There are no published versions of these artifacts yet. We'll update this to exclude older
+    # versions after our initial publication of these editions for arm64.
     exclude {
       arch    = ["arm64"]
       edition = ["ent.fips1402", "ent.hsm", "ent.hsm.fips1402"]
@@ -59,8 +60,8 @@ scenario "autopilot" {
       arch   = ["arm64"]
     }
 
-    # softhsm packages not available for leap/sles; Enos support for softhsm
-    # on amzn2 to be added later.
+    # softhsm packages not available for leap/sles. Enos support for softhsm on amzn2 is
+    # not implemented yet.
     exclude {
       seal   = ["pkcs11"]
       distro = ["amzn2", "leap", "sles"]
diff --git a/enos/enos-scenario-proxy.hcl b/enos/enos-scenario-proxy.hcl
index 5e363d5537..825226e3cd 100644
--- a/enos/enos-scenario-proxy.hcl
+++ b/enos/enos-scenario-proxy.hcl
@@ -36,12 +36,6 @@ scenario "proxy" {
       artifact_type   = ["package"]
     }
 
-    # HSM and FIPS 140-2 are only supported on amd64
-    exclude {
-      arch    = ["arm64"]
-      edition = ["ent.fips1402", "ent.hsm", "ent.hsm.fips1402"]
-    }
-
     # PKCS#11 can only be used on ent.hsm and ent.hsm.fips1402.
     exclude {
       seal    = ["pkcs11"]
@@ -54,8 +48,8 @@ scenario "proxy" {
       arch   = ["arm64"]
     }
 
-    # softhsm packages not available for leap/sles; Enos support for softhsm
-    # on amzn2 to be added later.
+    # softhsm packages not available for leap/sles. Enos support for softhsm on amzn2 is
+    # not implemented yet.
     exclude {
       seal   = ["pkcs11"]
       distro = ["amzn2", "leap", "sles"]
diff --git a/enos/enos-scenario-replication.hcl b/enos/enos-scenario-replication.hcl
index 79063e955d..7e700bb8ae 100644
--- a/enos/enos-scenario-replication.hcl
+++ b/enos/enos-scenario-replication.hcl
@@ -43,12 +43,6 @@ scenario "replication" {
       artifact_type   = ["package"]
     }
 
-    # HSM and FIPS 140-2 are only supported on amd64
-    exclude {
-      arch    = ["arm64"]
-      edition = ["ent.fips1402", "ent.hsm", "ent.hsm.fips1402"]
-    }
-
     # PKCS#11 can only be used on ent.hsm and ent.hsm.fips1402.
     exclude {
       primary_seal = ["pkcs11"]
@@ -66,8 +60,8 @@ scenario "replication" {
       arch   = ["arm64"]
     }
 
-    # softhsm packages not available for leap/sles; Enos support for softhsm
-    # on amzn2 to be added later.
+    # softhsm packages not available for leap/sles. Enos support for softhsm on amzn2 is
+    # not implemented yet.
     exclude {
       primary_seal = ["pkcs11"]
       distro       = ["amzn2", "leap", "sles"]
diff --git a/enos/enos-scenario-seal-ha.hcl b/enos/enos-scenario-seal-ha.hcl
index cf1c518367..76de63d760 100644
--- a/enos/enos-scenario-seal-ha.hcl
+++ b/enos/enos-scenario-seal-ha.hcl
@@ -41,12 +41,6 @@ scenario "seal_ha" {
       artifact_type   = ["package"]
     }
 
-    # HSM and FIPS 140-2 are only supported on amd64
-    exclude {
-      arch    = ["arm64"]
-      edition = ["ent.fips1402", "ent.hsm", "ent.hsm.fips1402"]
-    }
-
     # PKCS#11 can only be used on ent.hsm and ent.hsm.fips1402.
     exclude {
       primary_seal = ["pkcs11"]
@@ -64,15 +58,13 @@ scenario "seal_ha" {
       arch   = ["arm64"]
     }
 
-    # softhsm packages not available for leap/sles; Enos support for softhsm
-    # on amzn2 to be added later.
+    # softhsm packages not available for leap/sles. Enos support for softhsm on amzn2 is
+    # not implemented yet.
     exclude {
       primary_seal = ["pkcs11"]
       distro       = ["amzn2", "leap", "sles"]
     }
 
-    # softhsm packages not available for leap/sles; Enos support for softhsm
-    # on amzn2 to be added later.
     exclude {
       secondary_seal = ["pkcs11"]
       distro         = ["amzn2", "leap", "sles"]
diff --git a/enos/enos-scenario-smoke.hcl b/enos/enos-scenario-smoke.hcl
index c98e02941c..edbe123ea4 100644
--- a/enos/enos-scenario-smoke.hcl
+++ b/enos/enos-scenario-smoke.hcl
@@ -35,12 +35,6 @@ scenario "smoke" {
       artifact_type   = ["package"]
     }
 
-    # HSM and FIPS 140-2 are only supported on amd64
-    exclude {
-      arch    = ["arm64"]
-      edition = ["ent.fips1402", "ent.hsm", "ent.hsm.fips1402"]
-    }
-
     # PKCS#11 can only be used on ent.hsm and ent.hsm.fips1402.
     exclude {
       seal    = ["pkcs11"]
@@ -53,8 +47,8 @@ scenario "smoke" {
       arch   = ["arm64"]
     }
 
-    # softhsm packages not available for leap/sles; Enos support for softhsm
-    # on amzn2 to be added later.
+    # softhsm packages not available for leap/sles. Enos support for softhsm on amzn2 is
+    # not implemented yet.
     exclude {
       seal   = ["pkcs11"]
       distro = ["amzn2", "leap", "sles"]
diff --git a/enos/enos-scenario-upgrade.hcl b/enos/enos-scenario-upgrade.hcl
index 1b3c10f899..b15b38159b 100644
--- a/enos/enos-scenario-upgrade.hcl
+++ b/enos/enos-scenario-upgrade.hcl
@@ -52,7 +52,8 @@ scenario "upgrade" {
       initial_version = [for e in matrix.initial_version : e if semverconstraint(e, "<1.11.0-0")]
     }
 
-    # HSM and FIPS 140-2 are only supported on amd64
+    # There are no published versions of these artifacts yet. We'll update this to exclude older
+    # versions after our initial publication of these editions for arm64.
     exclude {
       arch    = ["arm64"]
       edition = ["ent.fips1402", "ent.hsm", "ent.hsm.fips1402"]
@@ -70,8 +71,8 @@ scenario "upgrade" {
       arch   = ["arm64"]
     }
 
-    # softhsm packages not available for leap/sles; Enos support for softhsm
-    # on amzn2 to be added later.
+    # softhsm packages not available for leap/sles. Enos support for softhsm on amzn2 is
+    # not implemented yet.
     exclude {
       seal   = ["pkcs11"]
       distro = ["amzn2", "leap", "sles"]