From 42759342a6bc4d387c99f929fecddb7e6ce9ca1f Mon Sep 17 00:00:00 2001 From: Tony Date: Wed, 17 Dec 2025 13:35:15 -0500 Subject: [PATCH] update scenario e2e_aws_rdp_base --- enos/enos-scenario-e2e-aws-rdp-base.hcl | 23 ++++++++++++++++++----- enos/modules/aws_vault/variables.tf | 6 ++++++ enos/modules/aws_vault/vault-instances.tf | 14 ++++++++++++++ 3 files changed, 38 insertions(+), 5 deletions(-) diff --git a/enos/enos-scenario-e2e-aws-rdp-base.hcl b/enos/enos-scenario-e2e-aws-rdp-base.hcl index 470586b491..3f06444bc5 100644 --- a/enos/enos-scenario-e2e-aws-rdp-base.hcl +++ b/enos/enos-scenario-e2e-aws-rdp-base.hcl @@ -24,7 +24,6 @@ scenario "e2e_aws_rdp_base" { } locals { - aws_ssh_private_key_path = abspath(var.aws_ssh_private_key_path) boundary_install_dir = abspath(var.boundary_install_dir) local_boundary_dir = var.local_boundary_dir != null ? abspath(var.local_boundary_dir) : null local_boundary_src_dir = var.local_boundary_src_dir != null ? abspath(var.local_boundary_src_dir) : null @@ -74,6 +73,14 @@ scenario "e2e_aws_rdp_base" { } } + step "generate_ssh_key" { + module = module.aws_ssh_keypair + + variables { + enos_user = var.enos_user + } + } + step "build_boundary_linux" { module = matrix.builder == "crt" ? module.build_crt : module.build_local @@ -131,6 +138,7 @@ scenario "e2e_aws_rdp_base" { module = module.vault depends_on = [ step.create_base_infra, + step.generate_ssh_key ] variables { @@ -142,11 +150,13 @@ scenario "e2e_aws_rdp_base" { storage_backend = "raft" unseal_method = "shamir" ip_version = local.ip_version - vault_release = { + vault_release = { version = var.vault_version edition = "oss" } - vpc_id = step.create_base_infra.vpc_id + vpc_id = step.create_base_infra.vpc_id + ssh_aws_keypair = step.generate_ssh_key.key_pair_name + ssh_private_key = step.generate_ssh_key.private_key_pem } } @@ -175,7 +185,8 @@ scenario "e2e_aws_rdp_base" { step.build_boundary_linux, step.create_windows_client, step.create_vault_cluster, - step.read_boundary_license + step.read_boundary_license, + step.generate_ssh_key ] variables { @@ -200,6 +211,8 @@ scenario "e2e_aws_rdp_base" { ip_version = local.ip_version recording_storage_path = "/recording" alb_sg_additional_ips = step.create_windows_client.public_ip_list + ssh_aws_keypair = step.generate_ssh_key.key_pair_name + ssh_private_key = step.generate_ssh_key.private_key_pem } } @@ -302,7 +315,7 @@ scenario "e2e_aws_rdp_base" { auth_login_name = step.create_boundary_cluster.auth_login_name auth_password = step.create_boundary_cluster.auth_password local_boundary_dir = local.local_boundary_dir - aws_ssh_private_key_path = local.aws_ssh_private_key_path + aws_ssh_private_key_path = step.generate_ssh_key.private_key_path target_user = "ubuntu" target_port = "22" aws_bucket_name = step.create_bucket.bucket_name diff --git a/enos/modules/aws_vault/variables.tf b/enos/modules/aws_vault/variables.tf index 4b236e9b0e..1444164c59 100644 --- a/enos/modules/aws_vault/variables.tf +++ b/enos/modules/aws_vault/variables.tf @@ -123,6 +123,12 @@ variable "ssh_aws_keypair" { type = string } +variable "ssh_private_key" { + description = "SSH private key content for connecting to instances" + type = string + sensitive = true +} + variable "storage_backend" { type = string description = "The type of Vault storage backend which will be used" diff --git a/enos/modules/aws_vault/vault-instances.tf b/enos/modules/aws_vault/vault-instances.tf index dcaf683409..7e28f7e245 100644 --- a/enos/modules/aws_vault/vault-instances.tf +++ b/enos/modules/aws_vault/vault-instances.tf @@ -42,6 +42,7 @@ resource "enos_remote_exec" "install_dependencies" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[each.value].ipv6_addresses[0] : aws_instance.vault_instance[each.value].public_ip + private_key = var.ssh_private_key } } } @@ -58,6 +59,7 @@ resource "enos_bundle_install" "consul" { transport = { ssh = { host = var.ip_version == "6" ? each.value.ipv6_addresses[0] : each.value.public_ip + private_key = var.ssh_private_key } } } @@ -73,6 +75,7 @@ resource "enos_bundle_install" "vault" { transport = { ssh = { host = var.ip_version == "6" ? each.value.ipv6_addresses[0] : each.value.public_ip + private_key = var.ssh_private_key } } } @@ -99,6 +102,7 @@ resource "enos_consul_start" "consul" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip + private_key = var.ssh_private_key } } } @@ -141,6 +145,7 @@ resource "enos_vault_start" "leader" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip + private_key = var.ssh_private_key } } } @@ -182,6 +187,7 @@ resource "enos_vault_start" "followers" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip + private_key = var.ssh_private_key } } } @@ -205,6 +211,7 @@ resource "enos_vault_init" "leader" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip + private_key = var.ssh_private_key } } } @@ -223,6 +230,7 @@ resource "enos_vault_unseal" "leader" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip + private_key = var.ssh_private_key } } } @@ -248,6 +256,7 @@ resource "enos_remote_exec" "create_audit_log_dir" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[each.value].ipv6_addresses[0] : aws_instance.vault_instance[each.value].public_ip + private_key = var.ssh_private_key } } } @@ -277,6 +286,7 @@ resource "enos_remote_exec" "init_audit_device" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip + private_key = var.ssh_private_key } } } @@ -300,6 +310,7 @@ resource "enos_vault_unseal" "followers" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip + private_key = var.ssh_private_key } } } @@ -326,6 +337,7 @@ resource "enos_vault_unseal" "when_vault_unseal_when_no_init_is_set" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip + private_key = var.ssh_private_key } } } @@ -346,6 +358,7 @@ resource "enos_remote_exec" "vault_write_license" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip + private_key = var.ssh_private_key } } } @@ -365,6 +378,7 @@ resource "enos_remote_exec" "vault_kms_policy" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip + private_key = var.ssh_private_key } } }