diff --git a/enos/enos-modules.hcl b/enos/enos-modules.hcl index 7bbfb7f9e6..73afdc414f 100644 --- a/enos/enos-modules.hcl +++ b/enos/enos-modules.hcl @@ -114,6 +114,10 @@ module "map2list" { source = "./modules/map2list" } +module "aws_ssh_keypair" { + source = "./modules/aws_ssh_keypair" +} + module "aws_target" { source = "./modules/aws_target" target_count = var.target_count diff --git a/enos/enos-scenario-e2e-aws-base.hcl b/enos/enos-scenario-e2e-aws-base.hcl index 8deaef9fe3..6ab7afc856 100644 --- a/enos/enos-scenario-e2e-aws-base.hcl +++ b/enos/enos-scenario-e2e-aws-base.hcl @@ -14,7 +14,6 @@ scenario "e2e_aws_base" { } locals { - aws_ssh_private_key_path = abspath(var.aws_ssh_private_key_path) boundary_install_dir = abspath(var.boundary_install_dir) license_path = abspath(var.boundary_license_path != null ? var.boundary_license_path : joinpath(path.root, "./support/boundary.hclic")) local_boundary_dir = var.local_boundary_dir != null ? abspath(var.local_boundary_dir) : null @@ -76,12 +75,21 @@ scenario "e2e_aws_base" { } } + step "generate_ssh_key" { + module = module.aws_ssh_keypair + + variables { + enos_user = var.enos_user + } + } + step "create_boundary_cluster" { module = module.aws_boundary depends_on = [ step.create_base_infra, step.create_db_password, - step.build_boundary + step.build_boundary, + step.generate_ssh_key ] variables { @@ -100,16 +108,22 @@ scenario "e2e_aws_base" { worker_count = var.worker_count worker_instance_type = var.worker_instance_type aws_region = var.aws_region + ssh_aws_keypair = step.generate_ssh_key.key_pair_name + ssh_private_key = step.generate_ssh_key.private_key_pem } } step "create_target" { module = module.aws_target - depends_on = [step.create_base_infra] + depends_on = [ + step.create_base_infra, + step.generate_ssh_key + ] variables { ami_id = step.create_base_infra.ami_ids["ubuntu"]["amd64"] - aws_ssh_keypair_name = var.aws_ssh_keypair_name + aws_ssh_keypair_name = step.generate_ssh_key.key_pair_name + ssh_private_key = step.generate_ssh_key.private_key_pem enos_user = var.enos_user instance_type = var.target_instance_type vpc_id = step.create_base_infra.vpc_id @@ -122,7 +136,8 @@ scenario "e2e_aws_base" { module = module.test_e2e depends_on = [ step.create_boundary_cluster, - step.create_target + step.create_target, + step.generate_ssh_key ] variables { @@ -133,7 +148,7 @@ scenario "e2e_aws_base" { auth_login_name = step.create_boundary_cluster.auth_login_name auth_password = step.create_boundary_cluster.auth_password local_boundary_dir = local.local_boundary_dir - aws_ssh_private_key_path = local.aws_ssh_private_key_path + aws_ssh_private_key_path = step.generate_ssh_key.private_key_path target_address = step.create_target.target_private_ips[0] target_user = "ubuntu" target_port = "22" diff --git a/enos/enos.hcl b/enos/enos.hcl index 85c68c6bbd..2089f95467 100644 --- a/enos/enos.hcl +++ b/enos/enos.hcl @@ -32,8 +32,7 @@ provider "aws" "default" { provider "enos" "default" { transport = { ssh = { - user = "ubuntu" - private_key_path = abspath(var.aws_ssh_private_key_path) + user = "ubuntu" } } } diff --git a/enos/modules/aws_boundary/boundary-instances.tf b/enos/modules/aws_boundary/boundary-instances.tf index 3f4bd7a204..222f64f5cf 100644 --- a/enos/modules/aws_boundary/boundary-instances.tf +++ b/enos/modules/aws_boundary/boundary-instances.tf @@ -84,6 +84,7 @@ resource "enos_bundle_install" "controller" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip + private_key = var.ssh_private_key } } } @@ -101,6 +102,7 @@ resource "enos_remote_exec" "update_path_controller" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip + private_key = var.ssh_private_key } } } @@ -139,6 +141,7 @@ resource "enos_file" "controller_config" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip + private_key = var.ssh_private_key } } } @@ -154,6 +157,7 @@ resource "enos_boundary_init" "controller" { transport = { ssh = { host = try(var.ip_version == "6" ? aws_instance.controller[0].ipv6_addresses[0] : aws_instance.controller[0].public_ip, null) + private_key = var.ssh_private_key } } @@ -171,6 +175,7 @@ resource "enos_boundary_start" "controller_start" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip + private_key = var.ssh_private_key } } @@ -196,6 +201,7 @@ resource "enos_remote_exec" "create_controller_audit_log_dir" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip + private_key = var.ssh_private_key } } } @@ -213,6 +219,7 @@ resource "enos_bundle_install" "worker" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip + private_key = var.ssh_private_key } } } @@ -230,6 +237,7 @@ resource "enos_remote_exec" "update_path_worker" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip + private_key = var.ssh_private_key } } } @@ -257,6 +265,7 @@ resource "enos_file" "worker_config" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip + private_key = var.ssh_private_key } } } @@ -274,6 +283,7 @@ resource "enos_boundary_start" "worker_start" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip + private_key = var.ssh_private_key } } } @@ -294,6 +304,7 @@ resource "enos_remote_exec" "create_worker_audit_log_dir" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip + private_key = var.ssh_private_key } } } @@ -314,6 +325,7 @@ resource "enos_remote_exec" "create_worker_auth_storage_dir" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip + private_key = var.ssh_private_key } } } @@ -326,6 +338,7 @@ resource "enos_remote_exec" "get_worker_token" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip + private_key = var.ssh_private_key } } } diff --git a/enos/modules/aws_boundary/variables.tf b/enos/modules/aws_boundary/variables.tf index 5a55a00a6e..3ac58d38f3 100644 --- a/enos/modules/aws_boundary/variables.tf +++ b/enos/modules/aws_boundary/variables.tf @@ -115,6 +115,12 @@ variable "ssh_aws_keypair" { type = string } +variable "ssh_private_key" { + description = "SSH private key content for connecting to instances" + type = string + sensitive = true +} + variable "ubuntu_ami_id" { description = "Ubuntu LTS AMI from enos-infra" type = string diff --git a/enos/modules/aws_ssh_keypair/main.tf b/enos/modules/aws_ssh_keypair/main.tf new file mode 100644 index 0000000000..99cf436f96 --- /dev/null +++ b/enos/modules/aws_ssh_keypair/main.tf @@ -0,0 +1,42 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + } + tls = { + source = "hashicorp/tls" + } + local = { + source = "hashicorp/local" + } + } +} + +resource "tls_private_key" "ssh" { + algorithm = "RSA" + rsa_bits = 4096 +} + +resource "aws_key_pair" "generated" { + key_name = "enos-${var.enos_user}-${formatdate("YYYYMMDD-hhmmss", timestamp())}" + public_key = tls_private_key.ssh.public_key_openssh +} + +resource "local_sensitive_file" "private_key" { + content = tls_private_key.ssh.private_key_pem + filename = "${path.root}/.terraform/tmp/ssh-key-${aws_key_pair.generated.key_name}" + file_permission = "0400" +} + +output "key_pair_name" { + value = aws_key_pair.generated.key_name +} + +output "private_key_path" { + value = abspath(local_sensitive_file.private_key.filename) +} + +output "private_key_pem" { + value = tls_private_key.ssh.private_key_pem + sensitive = true +} \ No newline at end of file diff --git a/enos/modules/aws_ssh_keypair/variables.tf b/enos/modules/aws_ssh_keypair/variables.tf new file mode 100644 index 0000000000..454f626224 --- /dev/null +++ b/enos/modules/aws_ssh_keypair/variables.tf @@ -0,0 +1,4 @@ +variable "enos_user" { + description = "The user running the tests, this is by default your OS user or Github User" + type = string +} \ No newline at end of file diff --git a/enos/modules/aws_target/main.tf b/enos/modules/aws_target/main.tf index e7694cf9b1..e4601b7ada 100644 --- a/enos/modules/aws_target/main.tf +++ b/enos/modules/aws_target/main.tf @@ -17,6 +17,7 @@ variable "environment" {} variable "project_name" {} variable "instance_type" {} variable "aws_ssh_keypair_name" {} +variable "ssh_private_key" {} variable "enos_user" {} variable "additional_tags" { default = {} @@ -150,6 +151,7 @@ resource "enos_remote_exec" "wait" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.target[each.key].ipv6_addresses[0] : aws_instance.target[each.key].public_ip + private_key = var.ssh_private_key } } }