From 82a6ac7fe577d22fe6732f8e9bbac5ab4b09f881 Mon Sep 17 00:00:00 2001 From: Tony Date: Wed, 17 Dec 2025 15:13:50 -0500 Subject: [PATCH] rename module variables to aws_ssh_... --- enos/enos-modules.hcl | 5 ---- enos/enos-scenario-e2e-aws-base.hcl | 6 ++-- enos/enos-scenario-e2e-aws-rdp-base.hcl | 10 +++---- .../aws_boundary/boundary-instances.tf | 30 +++++++++---------- enos/modules/aws_boundary/variables.tf | 4 +-- enos/modules/aws_target/main.tf | 4 +-- enos/modules/aws_vault/variables.tf | 4 +-- enos/modules/aws_vault/vault-instances.tf | 30 +++++++++---------- enos/modules/test_e2e/main.tf | 14 ++++----- 9 files changed, 51 insertions(+), 56 deletions(-) diff --git a/enos/enos-modules.hcl b/enos/enos-modules.hcl index 5f78929619..91718f0232 100644 --- a/enos/enos-modules.hcl +++ b/enos/enos-modules.hcl @@ -23,7 +23,6 @@ module "aws_boundary" { alb_listener_api_port = var.alb_listener_api_port boundary_binary_name = var.boundary_binary_name - ssh_aws_keypair = var.aws_ssh_keypair_name } module "aws_worker" { @@ -35,8 +34,6 @@ module "aws_worker" { "Enos User" : var.enos_user, "Environment" : var.environment } - - ssh_aws_keypair = var.aws_ssh_keypair_name } module "aws_bucket" { @@ -146,8 +143,6 @@ module "vault" { "Enos User" : var.enos_user, "Environment" : var.environment } - - ssh_aws_keypair = var.aws_ssh_keypair_name } module "test_e2e" { diff --git a/enos/enos-scenario-e2e-aws-base.hcl b/enos/enos-scenario-e2e-aws-base.hcl index ed00505c53..b977d9e2cd 100644 --- a/enos/enos-scenario-e2e-aws-base.hcl +++ b/enos/enos-scenario-e2e-aws-base.hcl @@ -108,8 +108,8 @@ scenario "e2e_aws_base" { worker_count = var.worker_count worker_instance_type = var.worker_instance_type aws_region = var.aws_region - ssh_aws_keypair = step.generate_ssh_key.key_pair_name - ssh_private_key = step.generate_ssh_key.private_key_pem + aws_ssh_keypair_name = step.generate_ssh_key.key_pair_name + aws_ssh_private_key = step.generate_ssh_key.private_key_pem } } @@ -123,7 +123,7 @@ scenario "e2e_aws_base" { variables { ami_id = step.create_base_infra.ami_ids["ubuntu"]["amd64"] aws_ssh_keypair_name = step.generate_ssh_key.key_pair_name - ssh_private_key = step.generate_ssh_key.private_key_pem + aws_ssh_private_key = step.generate_ssh_key.private_key_pem enos_user = var.enos_user instance_type = var.target_instance_type vpc_id = step.create_base_infra.vpc_id diff --git a/enos/enos-scenario-e2e-aws-rdp-base.hcl b/enos/enos-scenario-e2e-aws-rdp-base.hcl index d9ce69e5e3..7a3a37da7d 100644 --- a/enos/enos-scenario-e2e-aws-rdp-base.hcl +++ b/enos/enos-scenario-e2e-aws-rdp-base.hcl @@ -154,9 +154,9 @@ scenario "e2e_aws_rdp_base" { version = var.vault_version edition = "oss" } - vpc_id = step.create_base_infra.vpc_id - ssh_aws_keypair = step.generate_ssh_key.key_pair_name - ssh_private_key = step.generate_ssh_key.private_key_pem + vpc_id = step.create_base_infra.vpc_id + aws_ssh_keypair_name = step.generate_ssh_key.key_pair_name + aws_ssh_private_key = step.generate_ssh_key.private_key_pem } } @@ -211,8 +211,8 @@ scenario "e2e_aws_rdp_base" { ip_version = local.ip_version recording_storage_path = "/recording" alb_sg_additional_ips = step.create_windows_client.public_ip_list - ssh_aws_keypair = step.generate_ssh_key.key_pair_name - ssh_private_key = step.generate_ssh_key.private_key_pem + aws_ssh_keypair_name = step.generate_ssh_key.key_pair_name + aws_ssh_private_key = step.generate_ssh_key.private_key_pem } } diff --git a/enos/modules/aws_boundary/boundary-instances.tf b/enos/modules/aws_boundary/boundary-instances.tf index e6530a0c11..12a6e6088d 100644 --- a/enos/modules/aws_boundary/boundary-instances.tf +++ b/enos/modules/aws_boundary/boundary-instances.tf @@ -12,7 +12,7 @@ resource "aws_instance" "controller" { aws_security_group.boundary_aux_sg.id, ] subnet_id = tolist(data.aws_subnets.infra.ids)[count.index % length(data.aws_subnets.infra.ids)] - key_name = var.ssh_aws_keypair + key_name = var.aws_ssh_keypair_name iam_instance_profile = aws_iam_instance_profile.boundary_profile.name monitoring = var.controller_monitoring ipv6_address_count = local.network_stack[var.ip_version].ipv6_address_count @@ -45,7 +45,7 @@ resource "aws_instance" "worker" { instance_type = var.worker_instance_type vpc_security_group_ids = [aws_security_group.boundary_sg.id] subnet_id = tolist(data.aws_subnets.infra.ids)[count.index % length(data.aws_subnets.infra.ids)] - key_name = var.ssh_aws_keypair + key_name = var.aws_ssh_keypair_name iam_instance_profile = aws_iam_instance_profile.boundary_profile.name monitoring = var.worker_monitoring ipv6_address_count = local.network_stack[var.ip_version].ipv6_address_count @@ -84,7 +84,7 @@ resource "enos_bundle_install" "controller" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -102,7 +102,7 @@ resource "enos_remote_exec" "update_path_controller" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -141,7 +141,7 @@ resource "enos_file" "controller_config" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -157,7 +157,7 @@ resource "enos_boundary_init" "controller" { transport = { ssh = { host = try(var.ip_version == "6" ? aws_instance.controller[0].ipv6_addresses[0] : aws_instance.controller[0].public_ip, null) - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } @@ -175,7 +175,7 @@ resource "enos_boundary_start" "controller_start" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } @@ -201,7 +201,7 @@ resource "enos_remote_exec" "create_controller_audit_log_dir" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -219,7 +219,7 @@ resource "enos_bundle_install" "worker" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -237,7 +237,7 @@ resource "enos_remote_exec" "update_path_worker" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -266,7 +266,7 @@ resource "enos_file" "worker_config" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -284,7 +284,7 @@ resource "enos_boundary_start" "worker_start" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -305,7 +305,7 @@ resource "enos_remote_exec" "create_worker_audit_log_dir" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -326,7 +326,7 @@ resource "enos_remote_exec" "create_worker_auth_storage_dir" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -339,7 +339,7 @@ resource "enos_remote_exec" "get_worker_token" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } diff --git a/enos/modules/aws_boundary/variables.tf b/enos/modules/aws_boundary/variables.tf index b0a955ad0a..bc1c9f89d3 100644 --- a/enos/modules/aws_boundary/variables.tf +++ b/enos/modules/aws_boundary/variables.tf @@ -110,12 +110,12 @@ variable "ssh_user" { default = "ubuntu" } -variable "ssh_aws_keypair" { +variable "aws_ssh_keypair_name" { description = "SSH keypair used to connect to EC2 instances" type = string } -variable "ssh_private_key" { +variable "aws_ssh_private_key" { description = "SSH private key content for connecting to instances" type = string sensitive = true diff --git a/enos/modules/aws_target/main.tf b/enos/modules/aws_target/main.tf index 3d2f92d404..5cbd9f0cfc 100644 --- a/enos/modules/aws_target/main.tf +++ b/enos/modules/aws_target/main.tf @@ -17,7 +17,7 @@ variable "environment" {} variable "project_name" {} variable "instance_type" {} variable "aws_ssh_keypair_name" {} -variable "ssh_private_key" {} +variable "aws_ssh_private_key" {} variable "enos_user" {} variable "additional_tags" { default = {} @@ -151,7 +151,7 @@ resource "enos_remote_exec" "wait" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.target[each.key].ipv6_addresses[0] : aws_instance.target[each.key].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } diff --git a/enos/modules/aws_vault/variables.tf b/enos/modules/aws_vault/variables.tf index 1444164c59..a686c4d3ab 100644 --- a/enos/modules/aws_vault/variables.tf +++ b/enos/modules/aws_vault/variables.tf @@ -118,12 +118,12 @@ variable "sg_additional_ipv6_ips" { default = [] } -variable "ssh_aws_keypair" { +variable "aws_ssh_keypair_name" { description = "SSH keypair used to connect to EC2 instances" type = string } -variable "ssh_private_key" { +variable "aws_ssh_private_key" { description = "SSH private key content for connecting to instances" type = string sensitive = true diff --git a/enos/modules/aws_vault/vault-instances.tf b/enos/modules/aws_vault/vault-instances.tf index 39d5938122..3376c0ca36 100644 --- a/enos/modules/aws_vault/vault-instances.tf +++ b/enos/modules/aws_vault/vault-instances.tf @@ -7,7 +7,7 @@ resource "aws_instance" "vault_instance" { instance_type = var.instance_type vpc_security_group_ids = [aws_security_group.enos_vault_sg[0].id] subnet_id = tolist(data.aws_subnets.infra.ids)[each.key % length(data.aws_subnets.infra.ids)] - key_name = var.ssh_aws_keypair + key_name = var.aws_ssh_keypair_name iam_instance_profile = aws_iam_instance_profile.vault_profile[0].name ipv6_address_count = local.network_stack[var.ip_version].ipv6_address_count tags = merge( @@ -42,7 +42,7 @@ resource "enos_remote_exec" "install_dependencies" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[each.value].ipv6_addresses[0] : aws_instance.vault_instance[each.value].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -59,7 +59,7 @@ resource "enos_bundle_install" "consul" { transport = { ssh = { host = var.ip_version == "6" ? each.value.ipv6_addresses[0] : each.value.public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -75,7 +75,7 @@ resource "enos_bundle_install" "vault" { transport = { ssh = { host = var.ip_version == "6" ? each.value.ipv6_addresses[0] : each.value.public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -102,7 +102,7 @@ resource "enos_consul_start" "consul" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -145,7 +145,7 @@ resource "enos_vault_start" "leader" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -187,7 +187,7 @@ resource "enos_vault_start" "followers" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -211,7 +211,7 @@ resource "enos_vault_init" "leader" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -230,7 +230,7 @@ resource "enos_vault_unseal" "leader" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -256,7 +256,7 @@ resource "enos_remote_exec" "create_audit_log_dir" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[each.value].ipv6_addresses[0] : aws_instance.vault_instance[each.value].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -286,7 +286,7 @@ resource "enos_remote_exec" "init_audit_device" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -310,7 +310,7 @@ resource "enos_vault_unseal" "followers" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -337,7 +337,7 @@ resource "enos_vault_unseal" "when_vault_unseal_when_no_init_is_set" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -358,7 +358,7 @@ resource "enos_remote_exec" "vault_write_license" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -378,7 +378,7 @@ resource "enos_remote_exec" "vault_kms_policy" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } diff --git a/enos/modules/test_e2e/main.tf b/enos/modules/test_e2e/main.tf index afa9636749..18b1fcd8f5 100644 --- a/enos/modules/test_e2e/main.tf +++ b/enos/modules/test_e2e/main.tf @@ -51,11 +51,12 @@ variable "target_user" { type = string default = "" } + variable "aws_ssh_private_key_path" { - description = "Local Path to key used to SSH onto created hosts" + description = "Path to the private key used to SSH into AWS instances" type = string - default = "" } + variable "target_address" { description = "Address of target" type = string @@ -258,10 +259,9 @@ variable "ip_version" { } locals { - aws_ssh_private_key_path = abspath(var.aws_ssh_private_key_path) - aws_host_set_ips1 = jsonencode(var.aws_host_set_ips1) - aws_host_set_ips2 = jsonencode(var.aws_host_set_ips2) - package_name = reverse(split("/", var.test_package))[0] + aws_host_set_ips1 = jsonencode(var.aws_host_set_ips1) + aws_host_set_ips2 = jsonencode(var.aws_host_set_ips2) + package_name = reverse(split("/", var.test_package))[0] } resource "enos_local_exec" "run_e2e_test" { @@ -275,7 +275,7 @@ resource "enos_local_exec" "run_e2e_test" { E2E_TARGET_ADDRESS = var.target_address E2E_TARGET_PORT = var.target_port E2E_SSH_USER = var.target_user - E2E_SSH_KEY_PATH = local.aws_ssh_private_key_path + E2E_SSH_KEY_PATH = var.aws_ssh_private_key_path E2E_SSH_CA_KEY = "" VAULT_ADDR = var.vault_addr_public VAULT_TOKEN = var.vault_root_token