update scenario e2e_aws_rdp_base

5 months ago · 42759342a6
parent 96ba0e40e9
commit 42759342a6
3 changed files with 38 additions and 5 deletions
--- a/enos/enos-scenario-e2e-aws-rdp-base.hcl
+++ b/enos/enos-scenario-e2e-aws-rdp-base.hcl
@ -24,7 +24,6 @@ scenario "e2e_aws_rdp_base" {
  }

  locals {
-    aws_ssh_private_key_path = abspath(var.aws_ssh_private_key_path)
    boundary_install_dir     = abspath(var.boundary_install_dir)
    local_boundary_dir       = var.local_boundary_dir != null ? abspath(var.local_boundary_dir) : null
    local_boundary_src_dir   = var.local_boundary_src_dir != null ? abspath(var.local_boundary_src_dir) : null
@ -74,6 +73,14 @@ scenario "e2e_aws_rdp_base" {
    }
  }

+  step "generate_ssh_key" {
+    module = module.aws_ssh_keypair
+
+    variables {
+      enos_user = var.enos_user
+    }
+  }
+
  step "build_boundary_linux" {
    module = matrix.builder == "crt" ? module.build_crt : module.build_local

@ -131,6 +138,7 @@ scenario "e2e_aws_rdp_base" {
    module = module.vault
    depends_on = [
      step.create_base_infra,
+      step.generate_ssh_key
    ]

    variables {
@ -142,11 +150,13 @@ scenario "e2e_aws_rdp_base" {
      storage_backend = "raft"
      unseal_method   = "shamir"
      ip_version      = local.ip_version
-      vault_release = {
+      vault_release   = {
        version = var.vault_version
        edition = "oss"
      }
-      vpc_id = step.create_base_infra.vpc_id
+      vpc_id          = step.create_base_infra.vpc_id
+      ssh_aws_keypair = step.generate_ssh_key.key_pair_name
+      ssh_private_key = step.generate_ssh_key.private_key_pem
    }
  }

@ -175,7 +185,8 @@ scenario "e2e_aws_rdp_base" {
      step.build_boundary_linux,
      step.create_windows_client,
      step.create_vault_cluster,
-      step.read_boundary_license
+      step.read_boundary_license,
+      step.generate_ssh_key
    ]

    variables {
@ -200,6 +211,8 @@ scenario "e2e_aws_rdp_base" {
      ip_version                  = local.ip_version
      recording_storage_path      = "/recording"
      alb_sg_additional_ips       = step.create_windows_client.public_ip_list
+      ssh_aws_keypair             = step.generate_ssh_key.key_pair_name
+      ssh_private_key             = step.generate_ssh_key.private_key_pem
    }
  }

@ -302,7 +315,7 @@ scenario "e2e_aws_rdp_base" {
      auth_login_name                          = step.create_boundary_cluster.auth_login_name
      auth_password                            = step.create_boundary_cluster.auth_password
      local_boundary_dir                       = local.local_boundary_dir
-      aws_ssh_private_key_path                 = local.aws_ssh_private_key_path
+      aws_ssh_private_key_path                 = step.generate_ssh_key.private_key_path
      target_user                              = "ubuntu"
      target_port                              = "22"
      aws_bucket_name                          = step.create_bucket.bucket_name
--- a/enos/modules/aws_vault/variables.tf
+++ b/enos/modules/aws_vault/variables.tf
@ -123,6 +123,12 @@ variable "ssh_aws_keypair" {
  type        = string
 }

+variable "ssh_private_key" {
+  description = "SSH private key content for connecting to instances"
+  type        = string
+  sensitive   = true
+}
+
 variable "storage_backend" {
  type        = string
  description = "The type of Vault storage backend which will be used"
--- a/enos/modules/aws_vault/vault-instances.tf
+++ b/enos/modules/aws_vault/vault-instances.tf
@ -42,6 +42,7 @@ resource "enos_remote_exec" "install_dependencies" {
  transport = {
    ssh = {
      host = var.ip_version == "6" ? aws_instance.vault_instance[each.value].ipv6_addresses[0] : aws_instance.vault_instance[each.value].public_ip
+      private_key = var.ssh_private_key
    }
  }
 }
@ -58,6 +59,7 @@ resource "enos_bundle_install" "consul" {
  transport = {
    ssh = {
      host = var.ip_version == "6" ? each.value.ipv6_addresses[0] : each.value.public_ip
+      private_key = var.ssh_private_key
    }
  }
 }
@ -73,6 +75,7 @@ resource "enos_bundle_install" "vault" {
  transport = {
    ssh = {
      host = var.ip_version == "6" ? each.value.ipv6_addresses[0] : each.value.public_ip
+      private_key = var.ssh_private_key
    }
  }
 }
@ -99,6 +102,7 @@ resource "enos_consul_start" "consul" {
  transport = {
    ssh = {
      host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip
+      private_key = var.ssh_private_key
    }
  }
 }
@ -141,6 +145,7 @@ resource "enos_vault_start" "leader" {
  transport = {
    ssh = {
      host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip
+      private_key = var.ssh_private_key
    }
  }
 }
@ -182,6 +187,7 @@ resource "enos_vault_start" "followers" {
  transport = {
    ssh = {
      host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip
+      private_key = var.ssh_private_key
    }
  }
 }
@ -205,6 +211,7 @@ resource "enos_vault_init" "leader" {
  transport = {
    ssh = {
      host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip
+      private_key = var.ssh_private_key
    }
  }
 }
@ -223,6 +230,7 @@ resource "enos_vault_unseal" "leader" {
  transport = {
    ssh = {
      host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip
+      private_key = var.ssh_private_key
    }
  }
 }
@ -248,6 +256,7 @@ resource "enos_remote_exec" "create_audit_log_dir" {
  transport = {
    ssh = {
      host = var.ip_version == "6" ? aws_instance.vault_instance[each.value].ipv6_addresses[0] : aws_instance.vault_instance[each.value].public_ip
+      private_key = var.ssh_private_key
    }
  }
 }
@ -277,6 +286,7 @@ resource "enos_remote_exec" "init_audit_device" {
  transport = {
    ssh = {
      host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip
+      private_key = var.ssh_private_key
    }
  }
 }
@ -300,6 +310,7 @@ resource "enos_vault_unseal" "followers" {
  transport = {
    ssh = {
      host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip
+      private_key = var.ssh_private_key
    }
  }
 }
@ -326,6 +337,7 @@ resource "enos_vault_unseal" "when_vault_unseal_when_no_init_is_set" {
  transport = {
    ssh = {
      host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip
+      private_key = var.ssh_private_key
    }
  }
 }
@ -346,6 +358,7 @@ resource "enos_remote_exec" "vault_write_license" {
  transport = {
    ssh = {
      host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip
+      private_key = var.ssh_private_key
    }
  }
 }
@ -365,6 +378,7 @@ resource "enos_remote_exec" "vault_kms_policy" {
  transport = {
    ssh = {
      host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip
+      private_key = var.ssh_private_key
    }
  }
 }