aws_ssh_keypair module; update e2e_aws_base

2 months ago · 606b53785a
parent 1ba5748bf0
commit 606b53785a
8 changed files with 93 additions and 8 deletions
--- a/enos/enos-modules.hcl
+++ b/enos/enos-modules.hcl
@ -114,6 +114,10 @@ module "map2list" {
  source = "./modules/map2list"
 }

+module "aws_ssh_keypair" {
+  source = "./modules/aws_ssh_keypair"
+}
+
 module "aws_target" {
  source       = "./modules/aws_target"
  target_count = var.target_count
--- a/enos/enos-scenario-e2e-aws-base.hcl
+++ b/enos/enos-scenario-e2e-aws-base.hcl
@ -14,7 +14,6 @@ scenario "e2e_aws_base" {
  }

  locals {
-    aws_ssh_private_key_path = abspath(var.aws_ssh_private_key_path)
    boundary_install_dir     = abspath(var.boundary_install_dir)
    license_path             = abspath(var.boundary_license_path != null ? var.boundary_license_path : joinpath(path.root, "./support/boundary.hclic"))
    local_boundary_dir       = var.local_boundary_dir != null ? abspath(var.local_boundary_dir) : null
@ -76,12 +75,21 @@ scenario "e2e_aws_base" {
    }
  }

+  step "generate_ssh_key" {
+    module = module.aws_ssh_keypair
+
+    variables {
+      enos_user = var.enos_user
+    }
+  }
+
  step "create_boundary_cluster" {
    module = module.aws_boundary
    depends_on = [
      step.create_base_infra,
      step.create_db_password,
-      step.build_boundary
+      step.build_boundary,
+      step.generate_ssh_key
    ]

    variables {
@ -100,16 +108,22 @@ scenario "e2e_aws_base" {
      worker_count             = var.worker_count
      worker_instance_type     = var.worker_instance_type
      aws_region               = var.aws_region
+      ssh_aws_keypair          = step.generate_ssh_key.key_pair_name
+      ssh_private_key          = step.generate_ssh_key.private_key_pem
    }
  }

  step "create_target" {
    module     = module.aws_target
-    depends_on = [step.create_base_infra]
+    depends_on = [
+      step.create_base_infra,
+      step.generate_ssh_key
+    ]

    variables {
      ami_id               = step.create_base_infra.ami_ids["ubuntu"]["amd64"]
-      aws_ssh_keypair_name = var.aws_ssh_keypair_name
+      aws_ssh_keypair_name = step.generate_ssh_key.key_pair_name
+      ssh_private_key      = step.generate_ssh_key.private_key_pem
      enos_user            = var.enos_user
      instance_type        = var.target_instance_type
      vpc_id               = step.create_base_infra.vpc_id
@ -122,7 +136,8 @@ scenario "e2e_aws_base" {
    module = module.test_e2e
    depends_on = [
      step.create_boundary_cluster,
-      step.create_target
+      step.create_target,
+      step.generate_ssh_key
    ]

    variables {
@ -133,7 +148,7 @@ scenario "e2e_aws_base" {
      auth_login_name          = step.create_boundary_cluster.auth_login_name
      auth_password            = step.create_boundary_cluster.auth_password
      local_boundary_dir       = local.local_boundary_dir
-      aws_ssh_private_key_path = local.aws_ssh_private_key_path
+      aws_ssh_private_key_path = step.generate_ssh_key.private_key_path
      target_address           = step.create_target.target_private_ips[0]
      target_user              = "ubuntu"
      target_port              = "22"
--- a/enos/enos.hcl
+++ b/enos/enos.hcl
@ -32,8 +32,7 @@ provider "aws" "default" {
 provider "enos" "default" {
  transport = {
    ssh = {
-      user             = "ubuntu"
-      private_key_path = abspath(var.aws_ssh_private_key_path)
+      user = "ubuntu"
    }
  }
 }
--- a/enos/modules/aws_boundary/boundary-instances.tf
+++ b/enos/modules/aws_boundary/boundary-instances.tf
@ -84,6 +84,7 @@ resource "enos_bundle_install" "controller" {
  transport = {
    ssh = {
      host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip
+      private_key = var.ssh_private_key
    }
  }
 }
@ -101,6 +102,7 @@ resource "enos_remote_exec" "update_path_controller" {
  transport = {
    ssh = {
      host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip
+       private_key = var.ssh_private_key
    }
  }
 }
@ -139,6 +141,7 @@ resource "enos_file" "controller_config" {
  transport = {
    ssh = {
      host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip
+       private_key = var.ssh_private_key
    }
  }
 }
@ -154,6 +157,7 @@ resource "enos_boundary_init" "controller" {
  transport = {
    ssh = {
      host = try(var.ip_version == "6" ? aws_instance.controller[0].ipv6_addresses[0] : aws_instance.controller[0].public_ip, null)
+       private_key = var.ssh_private_key
    }
  }

@ -171,6 +175,7 @@ resource "enos_boundary_start" "controller_start" {
  transport = {
    ssh = {
      host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip
+       private_key = var.ssh_private_key
    }
  }

@ -196,6 +201,7 @@ resource "enos_remote_exec" "create_controller_audit_log_dir" {
  transport = {
    ssh = {
      host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip
+       private_key = var.ssh_private_key
    }
  }
 }
@ -213,6 +219,7 @@ resource "enos_bundle_install" "worker" {
  transport = {
    ssh = {
      host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip
+      private_key = var.ssh_private_key
    }
  }
 }
@ -230,6 +237,7 @@ resource "enos_remote_exec" "update_path_worker" {
  transport = {
    ssh = {
      host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip
+      private_key = var.ssh_private_key
    }
  }
 }
@ -257,6 +265,7 @@ resource "enos_file" "worker_config" {
  transport = {
    ssh = {
      host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip
+       private_key = var.ssh_private_key
    }
  }
 }
@ -274,6 +283,7 @@ resource "enos_boundary_start" "worker_start" {
  transport = {
    ssh = {
      host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip
+       private_key = var.ssh_private_key
    }
  }
 }
@ -294,6 +304,7 @@ resource "enos_remote_exec" "create_worker_audit_log_dir" {
  transport = {
    ssh = {
      host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip
+       private_key = var.ssh_private_key
    }
  }
 }
@ -314,6 +325,7 @@ resource "enos_remote_exec" "create_worker_auth_storage_dir" {
  transport = {
    ssh = {
      host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip
+       private_key = var.ssh_private_key
    }
  }
 }
@ -326,6 +338,7 @@ resource "enos_remote_exec" "get_worker_token" {
  transport = {
    ssh = {
      host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip
+       private_key = var.ssh_private_key
    }
  }
 }
--- a/enos/modules/aws_boundary/variables.tf
+++ b/enos/modules/aws_boundary/variables.tf
@ -115,6 +115,12 @@ variable "ssh_aws_keypair" {
  type        = string
 }

+variable "ssh_private_key" {
+  description = "SSH private key content for connecting to instances"
+  type        = string
+  sensitive   = true
+}
+
 variable "ubuntu_ami_id" {
  description = "Ubuntu LTS AMI from enos-infra"
  type        = string
--- a/enos/modules/aws_ssh_keypair/main.tf
+++ b/enos/modules/aws_ssh_keypair/main.tf
@ -0,0 +1,42 @@
+terraform {
+  required_providers {
+    aws = {
+      source = "hashicorp/aws"
+    }
+    tls = {
+      source = "hashicorp/tls"
+    }
+    local = {
+      source = "hashicorp/local"
+    }
+  }
+}
+
+resource "tls_private_key" "ssh" {
+  algorithm = "RSA"
+  rsa_bits  = 4096
+}
+
+resource "aws_key_pair" "generated" {
+  key_name   = "enos-${var.enos_user}-${formatdate("YYYYMMDD-hhmmss", timestamp())}"
+  public_key = tls_private_key.ssh.public_key_openssh
+}
+
+resource "local_sensitive_file" "private_key" {
+  content         = tls_private_key.ssh.private_key_pem
+  filename        = "${path.root}/.terraform/tmp/ssh-key-${aws_key_pair.generated.key_name}"
+  file_permission = "0400"
+}
+
+output "key_pair_name" {
+  value = aws_key_pair.generated.key_name
+}
+
+output "private_key_path" {
+  value = abspath(local_sensitive_file.private_key.filename)
+}
+
+output "private_key_pem" {
+  value     = tls_private_key.ssh.private_key_pem
+  sensitive = true
+}
--- a/enos/modules/aws_ssh_keypair/variables.tf
+++ b/enos/modules/aws_ssh_keypair/variables.tf
@ -0,0 +1,4 @@
+variable "enos_user" {
+  description = "The user running the tests, this is by default your OS user or Github User"
+  type        = string
+}
--- a/enos/modules/aws_target/main.tf
+++ b/enos/modules/aws_target/main.tf
@ -17,6 +17,7 @@ variable "environment" {}
 variable "project_name" {}
 variable "instance_type" {}
 variable "aws_ssh_keypair_name" {}
+variable "ssh_private_key" {}
 variable "enos_user" {}
 variable "additional_tags" {
  default = {}
@ -150,6 +151,7 @@ resource "enos_remote_exec" "wait" {
  transport = {
    ssh = {
      host = var.ip_version == "6" ? aws_instance.target[each.key].ipv6_addresses[0] : aws_instance.target[each.key].public_ip
+      private_key = var.ssh_private_key
    }
  }
 }