aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore(e2e): Change RDP scenario to use ipv4 only (#6218)

Browse Source 
* chore(e2e): go mod download

* chore(e2e): Change RDP scenario to use ipv4 only

(cherry picked from commit e65cc563e94523ba454acb1afa2b4b2306f985df)
pull/6221/head
Michael Li 6 months ago committed by GitHub
parent 18f469105c
commit 31277e0b23
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
12 changed files with 66 additions and 28 deletions
Show Stats Download Patch File Download Diff File

13
enos/enos-scenario-e2e-aws-rdp-base.hcl
Unescape View File

@ -29,6 +29,7 @@ scenario "e2e_aws_rdp_base" {
local_boundary_dir = var.local_boundary_dir != null ? abspath(var.local_boundary_dir) : null
local_boundary_src_dir = var.local_boundary_src_dir != null ? abspath(var.local_boundary_src_dir) : null
boundary_license_path = abspath(var.boundary_license_path != null ? var.boundary_license_path : joinpath(path.root, "./support/boundary.hclic"))
ip_version = "4"
build_path_linux = {
"local" = "/tmp",
@ -61,7 +62,7 @@ scenario "e2e_aws_rdp_base" {
}
step "create_base_infra" {
module = module.aws_vpc_ipv6
module = local.ip_version == "4" ? module.aws_vpc : module.aws_vpc_ipv6
depends_on = [
step.find_azs,
@ -113,6 +114,7 @@ scenario "e2e_aws_rdp_base" {
boundary_cli_zip_path = step.build_boundary_windows.artifact_path
boundary_src_path = local.local_boundary_src_dir
github_token = var.github_token
ip_version = local.ip_version
}
}
@ -138,7 +140,7 @@ scenario "e2e_aws_rdp_base" {
kms_key_arn = step.create_base_infra.kms_key_arn
storage_backend = "raft"
unseal_method = "shamir"
ip_version = "dual"
ip_version = local.ip_version
vault_release = {
version = var.vault_version
edition = "oss"
@ -160,6 +162,7 @@ scenario "e2e_aws_rdp_base" {
variables {
vpc_id = step.create_base_infra.vpc_id
server_version = matrix.rdp_server == "2016" ? "2019" : matrix.rdp_server
ip_version = local.ip_version
}
}
@ -193,7 +196,7 @@ scenario "e2e_aws_rdp_base" {
vault_address = step.create_vault_cluster.instance_public_ips[0]
vault_transit_token = step.create_vault_cluster.vault_transit_token
aws_region = var.aws_region
ip_version = "dual"
ip_version = local.ip_version
recording_storage_path = "/recording"
alb_sg_additional_ips = step.create_windows_client.public_ip_list
}
@ -245,7 +248,7 @@ scenario "e2e_aws_rdp_base" {
server_version = matrix.rdp_server == "2016" ? "2019" : matrix.rdp_server
boundary_cli_zip_path = step.build_boundary_windows.artifact_path
kms_key_arn = step.create_base_infra.kms_key_arn
controller_ip = step.create_boundary_cluster.public_controller_addresses[0]
controller_ip = step.create_boundary_cluster.controller_ips_private
iam_name = step.create_boundary_cluster.iam_instance_profile_name
boundary_security_group = step.create_boundary_cluster.boundary_sg_id
active_directory_domain = step.create_rdp_domain_controller.domain_name
@ -255,6 +258,7 @@ scenario "e2e_aws_rdp_base" {
domain_controller_private_key = step.create_rdp_domain_controller.ssh_private_key
domain_controller_sec_group_id_list = step.create_rdp_domain_controller.security_group_id_list
aws_region = var.aws_region
ip_version = local.ip_version
}
}
@ -275,6 +279,7 @@ scenario "e2e_aws_rdp_base" {
domain_admin_password = step.create_rdp_domain_controller.password
domain_controller_private_key = step.create_rdp_domain_controller.ssh_private_key
domain_controller_sec_group_id_list = step.create_rdp_domain_controller.security_group_id_list
ip_version = local.ip_version
}
}

5
enos/modules/aws_boundary/outputs.tf
Unescape View File

@ -6,6 +6,11 @@ output "controller_ips" {
value = var.ip_version == "6" ? flatten(aws_instance.controller.*.ipv6_addresses) : aws_instance.controller.*.public_ip
}
output "controller_ips_private" {
description = "Private IPs of boundary controllers"
value = var.ip_version == "6" || var.ip_version == "dual" ? flatten(aws_instance.controller.*.ipv6_addresses) : aws_instance.controller.*.private_ip
}
output "worker_ips" {
description = "Public IPs of boundary workers"
value = var.ip_version == "6" ? flatten(aws_instance.worker.*.ipv6_addresses) : aws_instance.worker.*.public_ip

30
enos/modules/aws_rdp_domain_controller/main.tf
Unescape View File

@ -78,7 +78,7 @@ resource "aws_security_group" "rdp_ingress" {
formatlist("%s/32", data.enos_environment.current.public_ipv4_addresses),
join(",", data.aws_vpc.infra.cidr_block_associations.*.cidr_block),
])
ipv6_cidr_blocks = flatten([
ipv6_cidr_blocks = var.ip_version == "4" ? [] : flatten([
[for ip in coalesce(data.enos_environment.current.public_ipv6_addresses, []) : cidrsubnet("${ip}/64", 0, 0)],
data.aws_vpc.infra.ipv6_cidr_block
])
@ -92,7 +92,7 @@ resource "aws_security_group" "rdp_ingress" {
formatlist("%s/32", data.enos_environment.current.public_ipv4_addresses),
join(",", data.aws_vpc.infra.cidr_block_associations.*.cidr_block),
])
ipv6_cidr_blocks = flatten([
ipv6_cidr_blocks = var.ip_version == "4" ? [] : flatten([
[for ip in coalesce(data.enos_environment.current.public_ipv6_addresses, []) : cidrsubnet("${ip}/64", 0, 0)],
data.aws_vpc.infra.ipv6_cidr_block
])
@ -107,7 +107,7 @@ resource "aws_security_group" "rdp_ingress" {
formatlist("%s/32", data.enos_environment.current.public_ipv4_addresses),
join(",", data.aws_vpc.infra.cidr_block_associations.*.cidr_block),
])
ipv6_cidr_blocks = flatten([
ipv6_cidr_blocks = var.ip_version == "4" ? [] : flatten([
[for ip in coalesce(data.enos_environment.current.public_ipv6_addresses, []) : cidrsubnet("${ip}/64", 0, 0)],
data.aws_vpc.infra.ipv6_cidr_block
])
@ -121,7 +121,7 @@ resource "aws_security_group" "rdp_ingress" {
formatlist("%s/32", data.enos_environment.current.public_ipv4_addresses),
join(",", data.aws_vpc.infra.cidr_block_associations.*.cidr_block),
])
ipv6_cidr_blocks = flatten([
ipv6_cidr_blocks = var.ip_version == "4" ? [] : flatten([
[for ip in coalesce(data.enos_environment.current.public_ipv6_addresses, []) : cidrsubnet("${ip}/64", 0, 0)],
data.aws_vpc.infra.ipv6_cidr_block
])
@ -136,7 +136,7 @@ resource "aws_security_group" "rdp_ingress" {
formatlist("%s/32", data.enos_environment.current.public_ipv4_addresses),
join(",", data.aws_vpc.infra.cidr_block_associations.*.cidr_block),
])
ipv6_cidr_blocks = flatten([
ipv6_cidr_blocks = var.ip_version == "4" ? [] : flatten([
[for ip in coalesce(data.enos_environment.current.public_ipv6_addresses, []) : cidrsubnet("${ip}/64", 0, 0)],
data.aws_vpc.infra.ipv6_cidr_block
])
@ -150,7 +150,7 @@ resource "aws_security_group" "rdp_ingress" {
formatlist("%s/32", data.enos_environment.current.public_ipv4_addresses),
join(",", data.aws_vpc.infra.cidr_block_associations.*.cidr_block),
])
ipv6_cidr_blocks = flatten([
ipv6_cidr_blocks = var.ip_version == "4" ? [] : flatten([
[for ip in coalesce(data.enos_environment.current.public_ipv6_addresses, []) : cidrsubnet("${ip}/64", 0, 0)],
data.aws_vpc.infra.ipv6_cidr_block
])
@ -165,7 +165,7 @@ resource "aws_security_group" "rdp_ingress" {
formatlist("%s/32", data.enos_environment.current.public_ipv4_addresses),
join(",", data.aws_vpc.infra.cidr_block_associations.*.cidr_block),
])
ipv6_cidr_blocks = flatten([
ipv6_cidr_blocks = var.ip_version == "4" ? [] : flatten([
[for ip in coalesce(data.enos_environment.current.public_ipv6_addresses, []) : cidrsubnet("${ip}/64", 0, 0)],
data.aws_vpc.infra.ipv6_cidr_block
])
@ -179,7 +179,7 @@ resource "aws_security_group" "rdp_ingress" {
formatlist("%s/32", data.enos_environment.current.public_ipv4_addresses),
join(",", data.aws_vpc.infra.cidr_block_associations.*.cidr_block),
])
ipv6_cidr_blocks = flatten([
ipv6_cidr_blocks = var.ip_version == "4" ? [] : flatten([
[for ip in coalesce(data.enos_environment.current.public_ipv6_addresses, []) : cidrsubnet("${ip}/64", 0, 0)],
data.aws_vpc.infra.ipv6_cidr_block
])
@ -194,7 +194,7 @@ resource "aws_security_group" "rdp_ingress" {
formatlist("%s/32", data.enos_environment.current.public_ipv4_addresses),
join(",", data.aws_vpc.infra.cidr_block_associations.*.cidr_block),
])
ipv6_cidr_blocks = flatten([
ipv6_cidr_blocks = var.ip_version == "4" ? [] : flatten([
[for ip in coalesce(data.enos_environment.current.public_ipv6_addresses, []) : cidrsubnet("${ip}/64", 0, 0)],
data.aws_vpc.infra.ipv6_cidr_block
])
@ -209,7 +209,7 @@ resource "aws_security_group" "rdp_ingress" {
formatlist("%s/32", data.enos_environment.current.public_ipv4_addresses),
join(",", data.aws_vpc.infra.cidr_block_associations.*.cidr_block),
])
ipv6_cidr_blocks = flatten([
ipv6_cidr_blocks = var.ip_version == "4" ? [] : flatten([
[for ip in coalesce(data.enos_environment.current.public_ipv6_addresses, []) : cidrsubnet("${ip}/64", 0, 0)],
data.aws_vpc.infra.ipv6_cidr_block
])
@ -223,7 +223,7 @@ resource "aws_security_group" "rdp_ingress" {
formatlist("%s/32", data.enos_environment.current.public_ipv4_addresses),
join(",", data.aws_vpc.infra.cidr_block_associations.*.cidr_block),
])
ipv6_cidr_blocks = flatten([
ipv6_cidr_blocks = var.ip_version == "4" ? [] : flatten([
[for ip in coalesce(data.enos_environment.current.public_ipv6_addresses, []) : cidrsubnet("${ip}/64", 0, 0)],
data.aws_vpc.infra.ipv6_cidr_block
])
@ -238,7 +238,7 @@ resource "aws_security_group" "rdp_ingress" {
formatlist("%s/32", data.enos_environment.current.public_ipv4_addresses),
join(",", data.aws_vpc.infra.cidr_block_associations.*.cidr_block),
])
ipv6_cidr_blocks = flatten([
ipv6_cidr_blocks = var.ip_version == "4" ? [] : flatten([
[for ip in coalesce(data.enos_environment.current.public_ipv6_addresses, []) : cidrsubnet("${ip}/64", 0, 0)],
])
}
@ -251,7 +251,7 @@ resource "aws_security_group" "rdp_ingress" {
formatlist("%s/32", data.enos_environment.current.public_ipv4_addresses),
join(",", data.aws_vpc.infra.cidr_block_associations.*.cidr_block),
])
ipv6_cidr_blocks = flatten([
ipv6_cidr_blocks = var.ip_version == "4" ? [] : flatten([
[for ip in coalesce(data.enos_environment.current.public_ipv6_addresses, []) : cidrsubnet("${ip}/64", 0, 0)],
])
}
@ -268,7 +268,7 @@ resource "aws_security_group" "allow_all_internal" {
protocol = "-1"
self = true
cidr_blocks = [data.aws_vpc.infra.cidr_block]
ipv6_cidr_blocks = [data.aws_vpc.infra.ipv6_cidr_block]
ipv6_cidr_blocks = var.ip_version == "4" ? [] : [data.aws_vpc.infra.ipv6_cidr_block]
}
egress {
@ -297,7 +297,7 @@ resource "aws_instance" "domain_controller" {
vpc_security_group_ids = [aws_security_group.rdp_ingress.id, aws_security_group.allow_all_internal.id]
key_name = aws_key_pair.rdp-key.key_name
subnet_id = data.aws_subnets.infra.ids[0]
ipv6_address_count = 1
ipv6_address_count = var.ip_version == "6" || var.ip_version == "dual" ? 1 : 0
root_block_device {
volume_type = "gp2"

8
enos/modules/aws_rdp_domain_controller/variables.tf
Unescape View File

@ -39,6 +39,12 @@ variable "aws_key_pair_name" {
default = "RDPKey"
}
variable "ip_version" {
type = string
description = "IP version to use for security group rules. Valid values are '4', '6', or 'dual'."
default = "4"
}
# =================================================================
# domain information
# =================================================================
@ -46,4 +52,4 @@ variable "active_directory_domain" {
type = string
description = "The name of the Active Directory domain to be created on the Windows Domain Controller."
default = "mydomain.com"
}
}

2
enos/modules/aws_rdp_member_server/main.tf
Unescape View File

@ -48,7 +48,7 @@ resource "aws_instance" "member_server" {
vpc_security_group_ids = var.domain_controller_sec_group_id_list
key_name = var.domain_controller_aws_keypair_name
subnet_id = data.aws_subnets.infra.ids[0]
ipv6_address_count = 1
ipv6_address_count = var.ip_version == "6" || var.ip_version == "dual" ? 1 : 0
root_block_device {
volume_type = "gp2"

8
enos/modules/aws_rdp_member_server/variables.tf
Unescape View File

@ -44,6 +44,12 @@ variable "active_directory_domain" {
description = "The name of the Active Directory domain to be created on the Windows Domain Controller."
}
variable "ip_version" {
type = string
description = "IP version to use for security group rules. Valid values are '4', '6', or 'dual'."
default = "4"
}
# =================================================================
# domain controller information
# =================================================================
@ -76,4 +82,4 @@ variable "kerberos_only" {
type = bool
description = "Only allow kerberos auth"
default = false
}
}

4
enos/modules/aws_rdp_member_server_with_worker/main.tf
Unescape View File

@ -75,7 +75,7 @@ resource "aws_instance" "worker" {
key_name = var.domain_controller_aws_keypair_name
subnet_id = data.aws_subnets.infra.ids[0]
iam_instance_profile = var.iam_name
ipv6_address_count = 1
ipv6_address_count = var.ip_version == "6" || var.ip_version == "dual" ? 1 : 0
root_block_device {
volume_type = "gp2"
@ -312,7 +312,7 @@ resource "local_file" "worker_config" {
enos_local_exec.add_boundary_cli,
]
content = templatefile("${path.module}/${var.worker_config_file_path}", {
controller_ip = var.controller_ip
controller_ip = var.ip_version == "4" ? jsonencode(var.controller_ip) : jsonencode(formatlist("[%s]:9201", flatten(var.controller_ip)))
aws_kms_key = data.aws_kms_key.kms_key.id
aws_region = var.aws_region
worker_public_ip = aws_instance.worker.public_ip

2
enos/modules/aws_rdp_member_server_with_worker/scripts/worker.hcl
Unescape View File

@ -18,7 +18,7 @@ listener "tcp" {
worker {
public_addr = "${worker_public_ip}"
name = "win-worker-0"
initial_upstreams = ["[${controller_ip}]:9201"]
initial_upstreams = ${controller_ip}
tags {
type = ["worker", "rdp", "windows"]
}

10
enos/modules/aws_rdp_member_server_with_worker/variables.tf
Unescape View File

@ -33,6 +33,12 @@ variable "prefix" {
default = "enos"
}
variable "ip_version" {
type = string
description = "IP version to use for security group rules. Valid values are '4', '6', or 'dual'."
default = "4"
}
# =================================================================
# aws configuration variables
# =================================================================
@ -50,8 +56,8 @@ variable "aws_region" {
variable "controller_ip" {
description = "IP address of the controller instance"
type = string
default = ""
type = list(string)
default = []
}
variable "iam_name" {

2
enos/modules/aws_windows_client/main.tf
Unescape View File

@ -142,7 +142,7 @@ resource "aws_instance" "client" {
vpc_security_group_ids = [aws_security_group.windows_client.id]
key_name = aws_key_pair.rdp-key.key_name
subnet_id = data.aws_subnets.infra.ids[0]
ipv6_address_count = 1
ipv6_address_count = var.ip_version == "6" || var.ip_version == "dual" ? 1 : 0
root_block_device {
volume_type = "gp2"

4
enos/modules/aws_windows_client/scripts/setup.ps1
Unescape View File

@ -87,4 +87,8 @@ if ("${github_token}" -ne "") {
$newPath,
[EnvironmentVariableTarget]::Machine
)
# go mod download
cd $src_destination
go mod download
}

6
enos/modules/aws_windows_client/variables.tf
Unescape View File

@ -33,6 +33,12 @@ variable "prefix" {
default = "enos"
}
variable "ip_version" {
type = string
description = "IP version to use for security group rules. Valid values are '4', '6', or 'dual'."
default = "4"
}
# =================================================================
# additional resources
# =================================================================

Write Preview
Loading…
Cancel
Save