chore(e2e): Add session recording resources for UI tests

enos/modules/aws_boundary/boundary-instances.tf

@@ -158,11 +158,14 @@ resource "enos_file" "worker_config" {
   depends_on  = [enos_bundle_install.worker]
   destination = "/etc/boundary/boundary.hcl"
   content = templatefile("${path.module}/${var.worker_config_file_path}", {
-    id             = each.value
-    kms_key_id     = data.aws_kms_key.kms_key.id,
-    controller_ips = jsonencode(aws_instance.controller.*.private_ip),
-    public_addr    = aws_instance.worker.0.public_ip
-    region         = var.aws_region
+    id                     = each.value
+    kms_key_id             = data.aws_kms_key.kms_key.id,
+    controller_ips         = jsonencode(aws_instance.controller.*.private_ip),
+    public_addr            = aws_instance.worker.0.public_ip
+    region                 = var.aws_region
+    type                   = jsonencode(var.worker_type_tags)
+    recording_storage_path = var.recording_storage_path
+
   })
   for_each = toset([for idx in range(var.worker_count) : tostring(idx)])
 
@@ -177,10 +180,12 @@ resource "enos_boundary_start" "worker_start" {
   depends_on = [enos_boundary_start.controller_start, enos_file.worker_config]
   for_each   = toset([for idx in range(var.worker_count) : tostring(idx)])
 
-  bin_name    = var.boundary_binary_name
-  bin_path    = var.boundary_install_dir
-  config_path = "/etc/boundary"
-  license     = var.boundary_license
+  bin_name               = var.boundary_binary_name
+  bin_path               = var.boundary_install_dir
+  config_path            = "/etc/boundary"
+  license                = var.boundary_license
+  recording_storage_path = var.recording_storage_path != "" ? var.recording_storage_path : null
+
   transport = {
     ssh = {
       host = aws_instance.worker[tonumber(each.value)].public_ip

enos/modules/aws_boundary/templates/worker.hcl

@@ -18,7 +18,7 @@ worker {
   public_addr = "${public_addr}"
 
   tags {
-    type   = ["prod", "webservers"]
+    type   = ${type}
     region = ["${region}"]
   }
 }

enos/modules/aws_boundary/templates/worker_bsr.hcl

@@ -0,0 +1,33 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+listener "tcp" {
+  purpose = "proxy"
+  tls_disable = true
+  address = "0.0.0.0"
+}
+
+worker {
+  # Name attr must be unique across workers
+  name = "demo-worker-${id}"
+  description = "Enos Boundary worker ${id}"
+
+  # Workers must be able to reach controllers on :9201
+  controllers = ${controller_ips}
+
+  public_addr = "${public_addr}"
+
+  tags {
+    type   = ${type}
+    region = ["${region}"]
+  }
+
+  recording_storage_path = "${recording_storage_path}"
+}
+
+# must be same key as used on controller config
+kms "awskms" {
+  purpose    = "worker-auth"
+  region     = "${region}"
+  kms_key_id = "${kms_key_id}"
+}

enos/modules/aws_boundary/variables.tf

@@ -28,6 +28,12 @@ variable "worker_instance_type" {
   default     = "t2.micro"
 }
 
+variable "worker_type_tags" {
+  description = "Tag to set on worker for use in worker filters"
+  type        = list(string)
+  default     = ["collocated", "prod", "webservers"]
+}
+
 variable "worker_ebs_iops" {
   description = "EBS IOPS for the root volume"
   type        = number
@@ -358,3 +364,9 @@ variable "vpc_tag_module" {
   type        = string
   default     = "aws_vpc"
 }
+
+variable "recording_storage_path" {
+  description = "Path on instance to store recordings"
+  type        = string
+  default     = ""
+}

enos/modules/test_e2e_ui/main.tf

@@ -108,6 +108,16 @@ variable "aws_host_set_filter" {
   type        = string
   default     = ""
 }
+variable "aws_region" {
+  description = "AWS region where the resources will be created"
+  type        = string
+  default     = ""
+}
+variable "aws_bucket_name" {
+  description = "AWS S3 bucket name"
+  type        = string
+  default     = ""
+}
 variable "aws_host_set_ips" {
   description = "List of IP addresses in aws_host_set_filter1"
   type        = list(string)
@@ -153,6 +163,11 @@ variable "worker_token" {
   type        = string
   default     = ""
 }
+variable "worker_tag_egress" {
+  description = "Worker tag for the egress worker"
+  type        = string
+  default     = ""
+}
 
 locals {
   aws_ssh_private_key_path = abspath(var.aws_ssh_private_key_path)
@@ -180,6 +195,8 @@ resource "enos_local_exec" "run_e2e_test" {
     E2E_AWS_SECRET_ACCESS_KEY     = var.aws_secret_access_key
     E2E_AWS_HOST_SET_FILTER       = var.aws_host_set_filter
     E2E_AWS_HOST_SET_IPS          = local.aws_host_set_ips
+    E2E_AWS_REGION                = var.aws_region
+    E2E_AWS_BUCKET_NAME           = var.aws_bucket_name
     E2E_LDAP_ADDR                 = var.ldap_address
     E2E_LDAP_DOMAIN_DN            = var.ldap_domain_dn
     E2E_LDAP_ADMIN_DN             = var.ldap_admin_dn
@@ -188,6 +205,7 @@ resource "enos_local_exec" "run_e2e_test" {
     E2E_LDAP_USER_PASSWORD        = var.ldap_user_password
     E2E_LDAP_GROUP_NAME           = var.ldap_group_name
     E2E_WORKER_TOKEN              = var.worker_token
+    E2E_WORKER_TAG_EGRESS         = var.worker_tag_egress
   }
 
   inline = var.debug_no_run ? [""] : ["set -o pipefail; PATH=\"${var.local_boundary_dir}:$PATH\" yarn --cwd ${var.local_boundary_ui_src_dir}/ui/admin run e2e 2>&1 | tee ${path.module}/../../test-e2e-ui.log"]