diff --git a/enos/modules/aws_boundary/boundary-instances.tf b/enos/modules/aws_boundary/boundary-instances.tf index e11abb4cfa..3f43a21316 100644 --- a/enos/modules/aws_boundary/boundary-instances.tf +++ b/enos/modules/aws_boundary/boundary-instances.tf @@ -158,11 +158,14 @@ resource "enos_file" "worker_config" { depends_on = [enos_bundle_install.worker] destination = "/etc/boundary/boundary.hcl" content = templatefile("${path.module}/${var.worker_config_file_path}", { - id = each.value - kms_key_id = data.aws_kms_key.kms_key.id, - controller_ips = jsonencode(aws_instance.controller.*.private_ip), - public_addr = aws_instance.worker.0.public_ip - region = var.aws_region + id = each.value + kms_key_id = data.aws_kms_key.kms_key.id, + controller_ips = jsonencode(aws_instance.controller.*.private_ip), + public_addr = aws_instance.worker.0.public_ip + region = var.aws_region + type = jsonencode(var.worker_type_tags) + recording_storage_path = var.recording_storage_path + }) for_each = toset([for idx in range(var.worker_count) : tostring(idx)]) @@ -177,10 +180,12 @@ resource "enos_boundary_start" "worker_start" { depends_on = [enos_boundary_start.controller_start, enos_file.worker_config] for_each = toset([for idx in range(var.worker_count) : tostring(idx)]) - bin_name = var.boundary_binary_name - bin_path = var.boundary_install_dir - config_path = "/etc/boundary" - license = var.boundary_license + bin_name = var.boundary_binary_name + bin_path = var.boundary_install_dir + config_path = "/etc/boundary" + license = var.boundary_license + recording_storage_path = var.recording_storage_path != "" ? var.recording_storage_path : null + transport = { ssh = { host = aws_instance.worker[tonumber(each.value)].public_ip diff --git a/enos/modules/aws_boundary/templates/worker.hcl b/enos/modules/aws_boundary/templates/worker.hcl index 0125a32381..fd636a28b2 100644 --- a/enos/modules/aws_boundary/templates/worker.hcl +++ b/enos/modules/aws_boundary/templates/worker.hcl @@ -18,7 +18,7 @@ worker { public_addr = "${public_addr}" tags { - type = ["prod", "webservers"] + type = ${type} region = ["${region}"] } } diff --git a/enos/modules/aws_boundary/templates/worker_bsr.hcl b/enos/modules/aws_boundary/templates/worker_bsr.hcl new file mode 100644 index 0000000000..4d15ae2ae4 --- /dev/null +++ b/enos/modules/aws_boundary/templates/worker_bsr.hcl @@ -0,0 +1,33 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: BUSL-1.1 + +listener "tcp" { + purpose = "proxy" + tls_disable = true + address = "0.0.0.0" +} + +worker { + # Name attr must be unique across workers + name = "demo-worker-${id}" + description = "Enos Boundary worker ${id}" + + # Workers must be able to reach controllers on :9201 + controllers = ${controller_ips} + + public_addr = "${public_addr}" + + tags { + type = ${type} + region = ["${region}"] + } + + recording_storage_path = "${recording_storage_path}" +} + +# must be same key as used on controller config +kms "awskms" { + purpose = "worker-auth" + region = "${region}" + kms_key_id = "${kms_key_id}" +} diff --git a/enos/modules/aws_boundary/variables.tf b/enos/modules/aws_boundary/variables.tf index a29d889440..b1b7a03a20 100644 --- a/enos/modules/aws_boundary/variables.tf +++ b/enos/modules/aws_boundary/variables.tf @@ -28,6 +28,12 @@ variable "worker_instance_type" { default = "t2.micro" } +variable "worker_type_tags" { + description = "Tag to set on worker for use in worker filters" + type = list(string) + default = ["collocated", "prod", "webservers"] +} + variable "worker_ebs_iops" { description = "EBS IOPS for the root volume" type = number @@ -358,3 +364,9 @@ variable "vpc_tag_module" { type = string default = "aws_vpc" } + +variable "recording_storage_path" { + description = "Path on instance to store recordings" + type = string + default = "" +} diff --git a/enos/modules/test_e2e_ui/main.tf b/enos/modules/test_e2e_ui/main.tf index 56a58683ba..ce19be0956 100644 --- a/enos/modules/test_e2e_ui/main.tf +++ b/enos/modules/test_e2e_ui/main.tf @@ -108,6 +108,16 @@ variable "aws_host_set_filter" { type = string default = "" } +variable "aws_region" { + description = "AWS region where the resources will be created" + type = string + default = "" +} +variable "aws_bucket_name" { + description = "AWS S3 bucket name" + type = string + default = "" +} variable "aws_host_set_ips" { description = "List of IP addresses in aws_host_set_filter1" type = list(string) @@ -153,6 +163,11 @@ variable "worker_token" { type = string default = "" } +variable "worker_tag_egress" { + description = "Worker tag for the egress worker" + type = string + default = "" +} locals { aws_ssh_private_key_path = abspath(var.aws_ssh_private_key_path) @@ -180,6 +195,8 @@ resource "enos_local_exec" "run_e2e_test" { E2E_AWS_SECRET_ACCESS_KEY = var.aws_secret_access_key E2E_AWS_HOST_SET_FILTER = var.aws_host_set_filter E2E_AWS_HOST_SET_IPS = local.aws_host_set_ips + E2E_AWS_REGION = var.aws_region + E2E_AWS_BUCKET_NAME = var.aws_bucket_name E2E_LDAP_ADDR = var.ldap_address E2E_LDAP_DOMAIN_DN = var.ldap_domain_dn E2E_LDAP_ADMIN_DN = var.ldap_admin_dn @@ -188,6 +205,7 @@ resource "enos_local_exec" "run_e2e_test" { E2E_LDAP_USER_PASSWORD = var.ldap_user_password E2E_LDAP_GROUP_NAME = var.ldap_group_name E2E_WORKER_TOKEN = var.worker_token + E2E_WORKER_TAG_EGRESS = var.worker_tag_egress } inline = var.debug_no_run ? [""] : ["set -o pipefail; PATH=\"${var.local_boundary_dir}:$PATH\" yarn --cwd ${var.local_boundary_ui_src_dir}/ui/admin run e2e 2>&1 | tee ${path.module}/../../test-e2e-ui.log"]