From 1ba5748bf01503e073cd98d3af382f0d5f4a0a2b Mon Sep 17 00:00:00 2001 From: Tony Date: Wed, 17 Dec 2025 13:35:15 -0500 Subject: [PATCH 1/9] update scenario e2e_aws_rdp_base --- enos/enos-scenario-e2e-aws-rdp-base.hcl | 23 ++++++++++++++++++----- enos/modules/aws_vault/variables.tf | 6 ++++++ enos/modules/aws_vault/vault-instances.tf | 14 ++++++++++++++ 3 files changed, 38 insertions(+), 5 deletions(-) diff --git a/enos/enos-scenario-e2e-aws-rdp-base.hcl b/enos/enos-scenario-e2e-aws-rdp-base.hcl index 2360c36a59..212dc245bd 100644 --- a/enos/enos-scenario-e2e-aws-rdp-base.hcl +++ b/enos/enos-scenario-e2e-aws-rdp-base.hcl @@ -24,7 +24,6 @@ scenario "e2e_aws_rdp_base" { } locals { - aws_ssh_private_key_path = abspath(var.aws_ssh_private_key_path) boundary_install_dir = abspath(var.boundary_install_dir) local_boundary_dir = var.local_boundary_dir != null ? abspath(var.local_boundary_dir) : null local_boundary_src_dir = var.local_boundary_src_dir != null ? abspath(var.local_boundary_src_dir) : null @@ -74,6 +73,14 @@ scenario "e2e_aws_rdp_base" { } } + step "generate_ssh_key" { + module = module.aws_ssh_keypair + + variables { + enos_user = var.enos_user + } + } + step "build_boundary_linux" { module = matrix.builder == "crt" ? module.build_crt : module.build_local @@ -131,6 +138,7 @@ scenario "e2e_aws_rdp_base" { module = module.vault depends_on = [ step.create_base_infra, + step.generate_ssh_key ] variables { @@ -142,11 +150,13 @@ scenario "e2e_aws_rdp_base" { storage_backend = "raft" unseal_method = "shamir" ip_version = local.ip_version - vault_release = { + vault_release = { version = var.vault_version edition = "oss" } - vpc_id = step.create_base_infra.vpc_id + vpc_id = step.create_base_infra.vpc_id + ssh_aws_keypair = step.generate_ssh_key.key_pair_name + ssh_private_key = step.generate_ssh_key.private_key_pem } } @@ -175,7 +185,8 @@ scenario "e2e_aws_rdp_base" { step.build_boundary_linux, step.create_windows_client, step.create_vault_cluster, - step.read_boundary_license + step.read_boundary_license, + step.generate_ssh_key ] variables { @@ -200,6 +211,8 @@ scenario "e2e_aws_rdp_base" { ip_version = local.ip_version recording_storage_path = "/recording" alb_sg_additional_ips = step.create_windows_client.public_ip_list + ssh_aws_keypair = step.generate_ssh_key.key_pair_name + ssh_private_key = step.generate_ssh_key.private_key_pem } } @@ -301,7 +314,7 @@ scenario "e2e_aws_rdp_base" { auth_login_name = step.create_boundary_cluster.auth_login_name auth_password = step.create_boundary_cluster.auth_password local_boundary_dir = local.local_boundary_dir - aws_ssh_private_key_path = local.aws_ssh_private_key_path + aws_ssh_private_key_path = step.generate_ssh_key.private_key_path target_user = "ubuntu" target_port = "22" aws_bucket_name = step.create_bucket.bucket_name diff --git a/enos/modules/aws_vault/variables.tf b/enos/modules/aws_vault/variables.tf index 5107cfdf08..312a73def7 100644 --- a/enos/modules/aws_vault/variables.tf +++ b/enos/modules/aws_vault/variables.tf @@ -123,6 +123,12 @@ variable "ssh_aws_keypair" { type = string } +variable "ssh_private_key" { + description = "SSH private key content for connecting to instances" + type = string + sensitive = true +} + variable "storage_backend" { type = string description = "The type of Vault storage backend which will be used" diff --git a/enos/modules/aws_vault/vault-instances.tf b/enos/modules/aws_vault/vault-instances.tf index 8ed35ce60a..95df46636e 100644 --- a/enos/modules/aws_vault/vault-instances.tf +++ b/enos/modules/aws_vault/vault-instances.tf @@ -38,6 +38,7 @@ resource "enos_remote_exec" "install_dependencies" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[each.value].ipv6_addresses[0] : aws_instance.vault_instance[each.value].public_ip + private_key = var.ssh_private_key } } } @@ -54,6 +55,7 @@ resource "enos_bundle_install" "consul" { transport = { ssh = { host = var.ip_version == "6" ? each.value.ipv6_addresses[0] : each.value.public_ip + private_key = var.ssh_private_key } } } @@ -69,6 +71,7 @@ resource "enos_bundle_install" "vault" { transport = { ssh = { host = var.ip_version == "6" ? each.value.ipv6_addresses[0] : each.value.public_ip + private_key = var.ssh_private_key } } } @@ -95,6 +98,7 @@ resource "enos_consul_start" "consul" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip + private_key = var.ssh_private_key } } } @@ -137,6 +141,7 @@ resource "enos_vault_start" "leader" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip + private_key = var.ssh_private_key } } } @@ -178,6 +183,7 @@ resource "enos_vault_start" "followers" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip + private_key = var.ssh_private_key } } } @@ -201,6 +207,7 @@ resource "enos_vault_init" "leader" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip + private_key = var.ssh_private_key } } } @@ -219,6 +226,7 @@ resource "enos_vault_unseal" "leader" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip + private_key = var.ssh_private_key } } } @@ -244,6 +252,7 @@ resource "enos_remote_exec" "create_audit_log_dir" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[each.value].ipv6_addresses[0] : aws_instance.vault_instance[each.value].public_ip + private_key = var.ssh_private_key } } } @@ -273,6 +282,7 @@ resource "enos_remote_exec" "init_audit_device" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip + private_key = var.ssh_private_key } } } @@ -296,6 +306,7 @@ resource "enos_vault_unseal" "followers" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip + private_key = var.ssh_private_key } } } @@ -322,6 +333,7 @@ resource "enos_vault_unseal" "when_vault_unseal_when_no_init_is_set" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip + private_key = var.ssh_private_key } } } @@ -342,6 +354,7 @@ resource "enos_remote_exec" "vault_write_license" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip + private_key = var.ssh_private_key } } } @@ -361,6 +374,7 @@ resource "enos_remote_exec" "vault_kms_policy" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip + private_key = var.ssh_private_key } } } From 606b53785a95dda97eeab46ca5df3ab58619dd5b Mon Sep 17 00:00:00 2001 From: Tony Date: Fri, 12 Dec 2025 11:58:43 -0500 Subject: [PATCH 2/9] aws_ssh_keypair module; update e2e_aws_base --- enos/enos-modules.hcl | 4 ++ enos/enos-scenario-e2e-aws-base.hcl | 27 +++++++++--- enos/enos.hcl | 3 +- .../aws_boundary/boundary-instances.tf | 13 ++++++ enos/modules/aws_boundary/variables.tf | 6 +++ enos/modules/aws_ssh_keypair/main.tf | 42 +++++++++++++++++++ enos/modules/aws_ssh_keypair/variables.tf | 4 ++ enos/modules/aws_target/main.tf | 2 + 8 files changed, 93 insertions(+), 8 deletions(-) create mode 100644 enos/modules/aws_ssh_keypair/main.tf create mode 100644 enos/modules/aws_ssh_keypair/variables.tf diff --git a/enos/enos-modules.hcl b/enos/enos-modules.hcl index 7bbfb7f9e6..73afdc414f 100644 --- a/enos/enos-modules.hcl +++ b/enos/enos-modules.hcl @@ -114,6 +114,10 @@ module "map2list" { source = "./modules/map2list" } +module "aws_ssh_keypair" { + source = "./modules/aws_ssh_keypair" +} + module "aws_target" { source = "./modules/aws_target" target_count = var.target_count diff --git a/enos/enos-scenario-e2e-aws-base.hcl b/enos/enos-scenario-e2e-aws-base.hcl index 8deaef9fe3..6ab7afc856 100644 --- a/enos/enos-scenario-e2e-aws-base.hcl +++ b/enos/enos-scenario-e2e-aws-base.hcl @@ -14,7 +14,6 @@ scenario "e2e_aws_base" { } locals { - aws_ssh_private_key_path = abspath(var.aws_ssh_private_key_path) boundary_install_dir = abspath(var.boundary_install_dir) license_path = abspath(var.boundary_license_path != null ? var.boundary_license_path : joinpath(path.root, "./support/boundary.hclic")) local_boundary_dir = var.local_boundary_dir != null ? abspath(var.local_boundary_dir) : null @@ -76,12 +75,21 @@ scenario "e2e_aws_base" { } } + step "generate_ssh_key" { + module = module.aws_ssh_keypair + + variables { + enos_user = var.enos_user + } + } + step "create_boundary_cluster" { module = module.aws_boundary depends_on = [ step.create_base_infra, step.create_db_password, - step.build_boundary + step.build_boundary, + step.generate_ssh_key ] variables { @@ -100,16 +108,22 @@ scenario "e2e_aws_base" { worker_count = var.worker_count worker_instance_type = var.worker_instance_type aws_region = var.aws_region + ssh_aws_keypair = step.generate_ssh_key.key_pair_name + ssh_private_key = step.generate_ssh_key.private_key_pem } } step "create_target" { module = module.aws_target - depends_on = [step.create_base_infra] + depends_on = [ + step.create_base_infra, + step.generate_ssh_key + ] variables { ami_id = step.create_base_infra.ami_ids["ubuntu"]["amd64"] - aws_ssh_keypair_name = var.aws_ssh_keypair_name + aws_ssh_keypair_name = step.generate_ssh_key.key_pair_name + ssh_private_key = step.generate_ssh_key.private_key_pem enos_user = var.enos_user instance_type = var.target_instance_type vpc_id = step.create_base_infra.vpc_id @@ -122,7 +136,8 @@ scenario "e2e_aws_base" { module = module.test_e2e depends_on = [ step.create_boundary_cluster, - step.create_target + step.create_target, + step.generate_ssh_key ] variables { @@ -133,7 +148,7 @@ scenario "e2e_aws_base" { auth_login_name = step.create_boundary_cluster.auth_login_name auth_password = step.create_boundary_cluster.auth_password local_boundary_dir = local.local_boundary_dir - aws_ssh_private_key_path = local.aws_ssh_private_key_path + aws_ssh_private_key_path = step.generate_ssh_key.private_key_path target_address = step.create_target.target_private_ips[0] target_user = "ubuntu" target_port = "22" diff --git a/enos/enos.hcl b/enos/enos.hcl index 85c68c6bbd..2089f95467 100644 --- a/enos/enos.hcl +++ b/enos/enos.hcl @@ -32,8 +32,7 @@ provider "aws" "default" { provider "enos" "default" { transport = { ssh = { - user = "ubuntu" - private_key_path = abspath(var.aws_ssh_private_key_path) + user = "ubuntu" } } } diff --git a/enos/modules/aws_boundary/boundary-instances.tf b/enos/modules/aws_boundary/boundary-instances.tf index 3f4bd7a204..222f64f5cf 100644 --- a/enos/modules/aws_boundary/boundary-instances.tf +++ b/enos/modules/aws_boundary/boundary-instances.tf @@ -84,6 +84,7 @@ resource "enos_bundle_install" "controller" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip + private_key = var.ssh_private_key } } } @@ -101,6 +102,7 @@ resource "enos_remote_exec" "update_path_controller" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip + private_key = var.ssh_private_key } } } @@ -139,6 +141,7 @@ resource "enos_file" "controller_config" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip + private_key = var.ssh_private_key } } } @@ -154,6 +157,7 @@ resource "enos_boundary_init" "controller" { transport = { ssh = { host = try(var.ip_version == "6" ? aws_instance.controller[0].ipv6_addresses[0] : aws_instance.controller[0].public_ip, null) + private_key = var.ssh_private_key } } @@ -171,6 +175,7 @@ resource "enos_boundary_start" "controller_start" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip + private_key = var.ssh_private_key } } @@ -196,6 +201,7 @@ resource "enos_remote_exec" "create_controller_audit_log_dir" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip + private_key = var.ssh_private_key } } } @@ -213,6 +219,7 @@ resource "enos_bundle_install" "worker" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip + private_key = var.ssh_private_key } } } @@ -230,6 +237,7 @@ resource "enos_remote_exec" "update_path_worker" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip + private_key = var.ssh_private_key } } } @@ -257,6 +265,7 @@ resource "enos_file" "worker_config" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip + private_key = var.ssh_private_key } } } @@ -274,6 +283,7 @@ resource "enos_boundary_start" "worker_start" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip + private_key = var.ssh_private_key } } } @@ -294,6 +304,7 @@ resource "enos_remote_exec" "create_worker_audit_log_dir" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip + private_key = var.ssh_private_key } } } @@ -314,6 +325,7 @@ resource "enos_remote_exec" "create_worker_auth_storage_dir" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip + private_key = var.ssh_private_key } } } @@ -326,6 +338,7 @@ resource "enos_remote_exec" "get_worker_token" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip + private_key = var.ssh_private_key } } } diff --git a/enos/modules/aws_boundary/variables.tf b/enos/modules/aws_boundary/variables.tf index 5a55a00a6e..3ac58d38f3 100644 --- a/enos/modules/aws_boundary/variables.tf +++ b/enos/modules/aws_boundary/variables.tf @@ -115,6 +115,12 @@ variable "ssh_aws_keypair" { type = string } +variable "ssh_private_key" { + description = "SSH private key content for connecting to instances" + type = string + sensitive = true +} + variable "ubuntu_ami_id" { description = "Ubuntu LTS AMI from enos-infra" type = string diff --git a/enos/modules/aws_ssh_keypair/main.tf b/enos/modules/aws_ssh_keypair/main.tf new file mode 100644 index 0000000000..99cf436f96 --- /dev/null +++ b/enos/modules/aws_ssh_keypair/main.tf @@ -0,0 +1,42 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + } + tls = { + source = "hashicorp/tls" + } + local = { + source = "hashicorp/local" + } + } +} + +resource "tls_private_key" "ssh" { + algorithm = "RSA" + rsa_bits = 4096 +} + +resource "aws_key_pair" "generated" { + key_name = "enos-${var.enos_user}-${formatdate("YYYYMMDD-hhmmss", timestamp())}" + public_key = tls_private_key.ssh.public_key_openssh +} + +resource "local_sensitive_file" "private_key" { + content = tls_private_key.ssh.private_key_pem + filename = "${path.root}/.terraform/tmp/ssh-key-${aws_key_pair.generated.key_name}" + file_permission = "0400" +} + +output "key_pair_name" { + value = aws_key_pair.generated.key_name +} + +output "private_key_path" { + value = abspath(local_sensitive_file.private_key.filename) +} + +output "private_key_pem" { + value = tls_private_key.ssh.private_key_pem + sensitive = true +} \ No newline at end of file diff --git a/enos/modules/aws_ssh_keypair/variables.tf b/enos/modules/aws_ssh_keypair/variables.tf new file mode 100644 index 0000000000..454f626224 --- /dev/null +++ b/enos/modules/aws_ssh_keypair/variables.tf @@ -0,0 +1,4 @@ +variable "enos_user" { + description = "The user running the tests, this is by default your OS user or Github User" + type = string +} \ No newline at end of file diff --git a/enos/modules/aws_target/main.tf b/enos/modules/aws_target/main.tf index e7694cf9b1..e4601b7ada 100644 --- a/enos/modules/aws_target/main.tf +++ b/enos/modules/aws_target/main.tf @@ -17,6 +17,7 @@ variable "environment" {} variable "project_name" {} variable "instance_type" {} variable "aws_ssh_keypair_name" {} +variable "ssh_private_key" {} variable "enos_user" {} variable "additional_tags" { default = {} @@ -150,6 +151,7 @@ resource "enos_remote_exec" "wait" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.target[each.key].ipv6_addresses[0] : aws_instance.target[each.key].public_ip + private_key = var.ssh_private_key } } } From d2f2fb5075f63780abeaa5519cfe331d6cc3f68d Mon Sep 17 00:00:00 2001 From: Tony Date: Wed, 17 Dec 2025 13:59:53 -0500 Subject: [PATCH 3/9] enos fmt formatting --- enos/enos-scenario-e2e-aws-base.hcl | 8 ++++---- enos/enos-scenario-e2e-aws-rdp-base.hcl | 12 ++++++------ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/enos/enos-scenario-e2e-aws-base.hcl b/enos/enos-scenario-e2e-aws-base.hcl index 6ab7afc856..43dce0786a 100644 --- a/enos/enos-scenario-e2e-aws-base.hcl +++ b/enos/enos-scenario-e2e-aws-base.hcl @@ -14,9 +14,9 @@ scenario "e2e_aws_base" { } locals { - boundary_install_dir = abspath(var.boundary_install_dir) - license_path = abspath(var.boundary_license_path != null ? var.boundary_license_path : joinpath(path.root, "./support/boundary.hclic")) - local_boundary_dir = var.local_boundary_dir != null ? abspath(var.local_boundary_dir) : null + boundary_install_dir = abspath(var.boundary_install_dir) + license_path = abspath(var.boundary_license_path != null ? var.boundary_license_path : joinpath(path.root, "./support/boundary.hclic")) + local_boundary_dir = var.local_boundary_dir != null ? abspath(var.local_boundary_dir) : null build_path = { "local" = "/tmp", "crt" = var.crt_bundle_path == null ? null : abspath(var.crt_bundle_path) @@ -114,7 +114,7 @@ scenario "e2e_aws_base" { } step "create_target" { - module = module.aws_target + module = module.aws_target depends_on = [ step.create_base_infra, step.generate_ssh_key diff --git a/enos/enos-scenario-e2e-aws-rdp-base.hcl b/enos/enos-scenario-e2e-aws-rdp-base.hcl index 212dc245bd..973f5d6197 100644 --- a/enos/enos-scenario-e2e-aws-rdp-base.hcl +++ b/enos/enos-scenario-e2e-aws-rdp-base.hcl @@ -24,11 +24,11 @@ scenario "e2e_aws_rdp_base" { } locals { - boundary_install_dir = abspath(var.boundary_install_dir) - local_boundary_dir = var.local_boundary_dir != null ? abspath(var.local_boundary_dir) : null - local_boundary_src_dir = var.local_boundary_src_dir != null ? abspath(var.local_boundary_src_dir) : null - boundary_license_path = abspath(var.boundary_license_path != null ? var.boundary_license_path : joinpath(path.root, "./support/boundary.hclic")) - ip_version = "4" + boundary_install_dir = abspath(var.boundary_install_dir) + local_boundary_dir = var.local_boundary_dir != null ? abspath(var.local_boundary_dir) : null + local_boundary_src_dir = var.local_boundary_src_dir != null ? abspath(var.local_boundary_src_dir) : null + boundary_license_path = abspath(var.boundary_license_path != null ? var.boundary_license_path : joinpath(path.root, "./support/boundary.hclic")) + ip_version = "4" build_path_linux = { "local" = "/tmp", @@ -150,7 +150,7 @@ scenario "e2e_aws_rdp_base" { storage_backend = "raft" unseal_method = "shamir" ip_version = local.ip_version - vault_release = { + vault_release = { version = var.vault_version edition = "oss" } From 5b6e1a6028d19fba85a8b98b00f270a9598db3ff Mon Sep 17 00:00:00 2001 From: Tony Date: Wed, 17 Dec 2025 14:04:34 -0500 Subject: [PATCH 4/9] terraform fmt modules --- .../aws_boundary/boundary-instances.tf | 46 +++++++++---------- enos/modules/aws_target/main.tf | 2 +- enos/modules/aws_vault/vault-instances.tf | 28 +++++------ 3 files changed, 38 insertions(+), 38 deletions(-) diff --git a/enos/modules/aws_boundary/boundary-instances.tf b/enos/modules/aws_boundary/boundary-instances.tf index 222f64f5cf..baec569073 100644 --- a/enos/modules/aws_boundary/boundary-instances.tf +++ b/enos/modules/aws_boundary/boundary-instances.tf @@ -83,7 +83,7 @@ resource "enos_bundle_install" "controller" { transport = { ssh = { - host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip + host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip private_key = var.ssh_private_key } } @@ -101,8 +101,8 @@ resource "enos_remote_exec" "update_path_controller" { transport = { ssh = { - host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip - private_key = var.ssh_private_key + host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip + private_key = var.ssh_private_key } } } @@ -140,8 +140,8 @@ resource "enos_file" "controller_config" { transport = { ssh = { - host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip - private_key = var.ssh_private_key + host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip + private_key = var.ssh_private_key } } } @@ -156,8 +156,8 @@ resource "enos_boundary_init" "controller" { transport = { ssh = { - host = try(var.ip_version == "6" ? aws_instance.controller[0].ipv6_addresses[0] : aws_instance.controller[0].public_ip, null) - private_key = var.ssh_private_key + host = try(var.ip_version == "6" ? aws_instance.controller[0].ipv6_addresses[0] : aws_instance.controller[0].public_ip, null) + private_key = var.ssh_private_key } } @@ -174,8 +174,8 @@ resource "enos_boundary_start" "controller_start" { transport = { ssh = { - host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip - private_key = var.ssh_private_key + host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip + private_key = var.ssh_private_key } } @@ -200,8 +200,8 @@ resource "enos_remote_exec" "create_controller_audit_log_dir" { transport = { ssh = { - host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip - private_key = var.ssh_private_key + host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip + private_key = var.ssh_private_key } } } @@ -218,7 +218,7 @@ resource "enos_bundle_install" "worker" { transport = { ssh = { - host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip + host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip private_key = var.ssh_private_key } } @@ -236,7 +236,7 @@ resource "enos_remote_exec" "update_path_worker" { transport = { ssh = { - host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip + host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip private_key = var.ssh_private_key } } @@ -264,8 +264,8 @@ resource "enos_file" "worker_config" { transport = { ssh = { - host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip - private_key = var.ssh_private_key + host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip + private_key = var.ssh_private_key } } } @@ -282,8 +282,8 @@ resource "enos_boundary_start" "worker_start" { transport = { ssh = { - host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip - private_key = var.ssh_private_key + host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip + private_key = var.ssh_private_key } } } @@ -303,8 +303,8 @@ resource "enos_remote_exec" "create_worker_audit_log_dir" { transport = { ssh = { - host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip - private_key = var.ssh_private_key + host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip + private_key = var.ssh_private_key } } } @@ -324,8 +324,8 @@ resource "enos_remote_exec" "create_worker_auth_storage_dir" { transport = { ssh = { - host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip - private_key = var.ssh_private_key + host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip + private_key = var.ssh_private_key } } } @@ -337,8 +337,8 @@ resource "enos_remote_exec" "get_worker_token" { inline = ["timeout 10s bash -c 'set -eo pipefail; until journalctl -u boundary.service | cat | grep \"Worker Auth Registration Request: .*\" | rev | cut -d \" \" -f 1 | rev | xargs; do sleep 2; done'"] transport = { ssh = { - host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip - private_key = var.ssh_private_key + host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip + private_key = var.ssh_private_key } } } diff --git a/enos/modules/aws_target/main.tf b/enos/modules/aws_target/main.tf index e4601b7ada..35d529a3d7 100644 --- a/enos/modules/aws_target/main.tf +++ b/enos/modules/aws_target/main.tf @@ -150,7 +150,7 @@ resource "enos_remote_exec" "wait" { transport = { ssh = { - host = var.ip_version == "6" ? aws_instance.target[each.key].ipv6_addresses[0] : aws_instance.target[each.key].public_ip + host = var.ip_version == "6" ? aws_instance.target[each.key].ipv6_addresses[0] : aws_instance.target[each.key].public_ip private_key = var.ssh_private_key } } diff --git a/enos/modules/aws_vault/vault-instances.tf b/enos/modules/aws_vault/vault-instances.tf index 95df46636e..184eab6a48 100644 --- a/enos/modules/aws_vault/vault-instances.tf +++ b/enos/modules/aws_vault/vault-instances.tf @@ -37,7 +37,7 @@ resource "enos_remote_exec" "install_dependencies" { transport = { ssh = { - host = var.ip_version == "6" ? aws_instance.vault_instance[each.value].ipv6_addresses[0] : aws_instance.vault_instance[each.value].public_ip + host = var.ip_version == "6" ? aws_instance.vault_instance[each.value].ipv6_addresses[0] : aws_instance.vault_instance[each.value].public_ip private_key = var.ssh_private_key } } @@ -54,7 +54,7 @@ resource "enos_bundle_install" "consul" { transport = { ssh = { - host = var.ip_version == "6" ? each.value.ipv6_addresses[0] : each.value.public_ip + host = var.ip_version == "6" ? each.value.ipv6_addresses[0] : each.value.public_ip private_key = var.ssh_private_key } } @@ -70,7 +70,7 @@ resource "enos_bundle_install" "vault" { transport = { ssh = { - host = var.ip_version == "6" ? each.value.ipv6_addresses[0] : each.value.public_ip + host = var.ip_version == "6" ? each.value.ipv6_addresses[0] : each.value.public_ip private_key = var.ssh_private_key } } @@ -97,7 +97,7 @@ resource "enos_consul_start" "consul" { transport = { ssh = { - host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip + host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip private_key = var.ssh_private_key } } @@ -140,7 +140,7 @@ resource "enos_vault_start" "leader" { transport = { ssh = { - host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip + host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip private_key = var.ssh_private_key } } @@ -182,7 +182,7 @@ resource "enos_vault_start" "followers" { transport = { ssh = { - host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip + host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip private_key = var.ssh_private_key } } @@ -206,7 +206,7 @@ resource "enos_vault_init" "leader" { transport = { ssh = { - host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip + host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip private_key = var.ssh_private_key } } @@ -225,7 +225,7 @@ resource "enos_vault_unseal" "leader" { transport = { ssh = { - host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip + host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip private_key = var.ssh_private_key } } @@ -251,7 +251,7 @@ resource "enos_remote_exec" "create_audit_log_dir" { transport = { ssh = { - host = var.ip_version == "6" ? aws_instance.vault_instance[each.value].ipv6_addresses[0] : aws_instance.vault_instance[each.value].public_ip + host = var.ip_version == "6" ? aws_instance.vault_instance[each.value].ipv6_addresses[0] : aws_instance.vault_instance[each.value].public_ip private_key = var.ssh_private_key } } @@ -281,7 +281,7 @@ resource "enos_remote_exec" "init_audit_device" { transport = { ssh = { - host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip + host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip private_key = var.ssh_private_key } } @@ -305,7 +305,7 @@ resource "enos_vault_unseal" "followers" { transport = { ssh = { - host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip + host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip private_key = var.ssh_private_key } } @@ -332,7 +332,7 @@ resource "enos_vault_unseal" "when_vault_unseal_when_no_init_is_set" { transport = { ssh = { - host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip + host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip private_key = var.ssh_private_key } } @@ -353,7 +353,7 @@ resource "enos_remote_exec" "vault_write_license" { transport = { ssh = { - host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip + host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip private_key = var.ssh_private_key } } @@ -373,7 +373,7 @@ resource "enos_remote_exec" "vault_kms_policy" { transport = { ssh = { - host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip + host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip private_key = var.ssh_private_key } } From e97794cffcecf12765aba399f7b356af4530e246 Mon Sep 17 00:00:00 2001 From: Tony Date: Wed, 17 Dec 2025 15:13:50 -0500 Subject: [PATCH 5/9] rename module variables to aws_ssh_... --- enos/enos-modules.hcl | 5 ---- enos/enos-scenario-e2e-aws-base.hcl | 6 ++-- enos/enos-scenario-e2e-aws-rdp-base.hcl | 10 +++---- .../aws_boundary/boundary-instances.tf | 30 +++++++++---------- enos/modules/aws_boundary/variables.tf | 4 +-- enos/modules/aws_target/main.tf | 4 +-- enos/modules/aws_vault/variables.tf | 4 +-- enos/modules/aws_vault/vault-instances.tf | 30 +++++++++---------- enos/modules/test_e2e/main.tf | 14 ++++----- 9 files changed, 51 insertions(+), 56 deletions(-) diff --git a/enos/enos-modules.hcl b/enos/enos-modules.hcl index 73afdc414f..ccb70950e9 100644 --- a/enos/enos-modules.hcl +++ b/enos/enos-modules.hcl @@ -23,7 +23,6 @@ module "aws_boundary" { alb_listener_api_port = var.alb_listener_api_port boundary_binary_name = var.boundary_binary_name - ssh_aws_keypair = var.aws_ssh_keypair_name } module "aws_worker" { @@ -35,8 +34,6 @@ module "aws_worker" { "Enos User" : var.enos_user, "Environment" : var.environment } - - ssh_aws_keypair = var.aws_ssh_keypair_name } module "aws_bucket" { @@ -146,8 +143,6 @@ module "vault" { "Enos User" : var.enos_user, "Environment" : var.environment } - - ssh_aws_keypair = var.aws_ssh_keypair_name } module "test_e2e" { diff --git a/enos/enos-scenario-e2e-aws-base.hcl b/enos/enos-scenario-e2e-aws-base.hcl index 43dce0786a..236ffd651b 100644 --- a/enos/enos-scenario-e2e-aws-base.hcl +++ b/enos/enos-scenario-e2e-aws-base.hcl @@ -108,8 +108,8 @@ scenario "e2e_aws_base" { worker_count = var.worker_count worker_instance_type = var.worker_instance_type aws_region = var.aws_region - ssh_aws_keypair = step.generate_ssh_key.key_pair_name - ssh_private_key = step.generate_ssh_key.private_key_pem + aws_ssh_keypair_name = step.generate_ssh_key.key_pair_name + aws_ssh_private_key = step.generate_ssh_key.private_key_pem } } @@ -123,7 +123,7 @@ scenario "e2e_aws_base" { variables { ami_id = step.create_base_infra.ami_ids["ubuntu"]["amd64"] aws_ssh_keypair_name = step.generate_ssh_key.key_pair_name - ssh_private_key = step.generate_ssh_key.private_key_pem + aws_ssh_private_key = step.generate_ssh_key.private_key_pem enos_user = var.enos_user instance_type = var.target_instance_type vpc_id = step.create_base_infra.vpc_id diff --git a/enos/enos-scenario-e2e-aws-rdp-base.hcl b/enos/enos-scenario-e2e-aws-rdp-base.hcl index 973f5d6197..2b04198d45 100644 --- a/enos/enos-scenario-e2e-aws-rdp-base.hcl +++ b/enos/enos-scenario-e2e-aws-rdp-base.hcl @@ -154,9 +154,9 @@ scenario "e2e_aws_rdp_base" { version = var.vault_version edition = "oss" } - vpc_id = step.create_base_infra.vpc_id - ssh_aws_keypair = step.generate_ssh_key.key_pair_name - ssh_private_key = step.generate_ssh_key.private_key_pem + vpc_id = step.create_base_infra.vpc_id + aws_ssh_keypair_name = step.generate_ssh_key.key_pair_name + aws_ssh_private_key = step.generate_ssh_key.private_key_pem } } @@ -211,8 +211,8 @@ scenario "e2e_aws_rdp_base" { ip_version = local.ip_version recording_storage_path = "/recording" alb_sg_additional_ips = step.create_windows_client.public_ip_list - ssh_aws_keypair = step.generate_ssh_key.key_pair_name - ssh_private_key = step.generate_ssh_key.private_key_pem + aws_ssh_keypair_name = step.generate_ssh_key.key_pair_name + aws_ssh_private_key = step.generate_ssh_key.private_key_pem } } diff --git a/enos/modules/aws_boundary/boundary-instances.tf b/enos/modules/aws_boundary/boundary-instances.tf index baec569073..7e6b4d76a7 100644 --- a/enos/modules/aws_boundary/boundary-instances.tf +++ b/enos/modules/aws_boundary/boundary-instances.tf @@ -12,7 +12,7 @@ resource "aws_instance" "controller" { aws_security_group.boundary_aux_sg.id, ] subnet_id = tolist(data.aws_subnets.infra.ids)[count.index % length(data.aws_subnets.infra.ids)] - key_name = var.ssh_aws_keypair + key_name = var.aws_ssh_keypair_name iam_instance_profile = aws_iam_instance_profile.boundary_profile.name monitoring = var.controller_monitoring ipv6_address_count = local.network_stack[var.ip_version].ipv6_address_count @@ -45,7 +45,7 @@ resource "aws_instance" "worker" { instance_type = var.worker_instance_type vpc_security_group_ids = [aws_security_group.boundary_sg.id] subnet_id = tolist(data.aws_subnets.infra.ids)[count.index % length(data.aws_subnets.infra.ids)] - key_name = var.ssh_aws_keypair + key_name = var.aws_ssh_keypair_name iam_instance_profile = aws_iam_instance_profile.boundary_profile.name monitoring = var.worker_monitoring ipv6_address_count = local.network_stack[var.ip_version].ipv6_address_count @@ -84,7 +84,7 @@ resource "enos_bundle_install" "controller" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -102,7 +102,7 @@ resource "enos_remote_exec" "update_path_controller" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -141,7 +141,7 @@ resource "enos_file" "controller_config" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -157,7 +157,7 @@ resource "enos_boundary_init" "controller" { transport = { ssh = { host = try(var.ip_version == "6" ? aws_instance.controller[0].ipv6_addresses[0] : aws_instance.controller[0].public_ip, null) - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } @@ -175,7 +175,7 @@ resource "enos_boundary_start" "controller_start" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } @@ -201,7 +201,7 @@ resource "enos_remote_exec" "create_controller_audit_log_dir" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -219,7 +219,7 @@ resource "enos_bundle_install" "worker" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -237,7 +237,7 @@ resource "enos_remote_exec" "update_path_worker" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -265,7 +265,7 @@ resource "enos_file" "worker_config" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -283,7 +283,7 @@ resource "enos_boundary_start" "worker_start" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -304,7 +304,7 @@ resource "enos_remote_exec" "create_worker_audit_log_dir" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -325,7 +325,7 @@ resource "enos_remote_exec" "create_worker_auth_storage_dir" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -338,7 +338,7 @@ resource "enos_remote_exec" "get_worker_token" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } diff --git a/enos/modules/aws_boundary/variables.tf b/enos/modules/aws_boundary/variables.tf index 3ac58d38f3..b83ea3a37e 100644 --- a/enos/modules/aws_boundary/variables.tf +++ b/enos/modules/aws_boundary/variables.tf @@ -110,12 +110,12 @@ variable "ssh_user" { default = "ubuntu" } -variable "ssh_aws_keypair" { +variable "aws_ssh_keypair_name" { description = "SSH keypair used to connect to EC2 instances" type = string } -variable "ssh_private_key" { +variable "aws_ssh_private_key" { description = "SSH private key content for connecting to instances" type = string sensitive = true diff --git a/enos/modules/aws_target/main.tf b/enos/modules/aws_target/main.tf index 35d529a3d7..98858d5fd9 100644 --- a/enos/modules/aws_target/main.tf +++ b/enos/modules/aws_target/main.tf @@ -17,7 +17,7 @@ variable "environment" {} variable "project_name" {} variable "instance_type" {} variable "aws_ssh_keypair_name" {} -variable "ssh_private_key" {} +variable "aws_ssh_private_key" {} variable "enos_user" {} variable "additional_tags" { default = {} @@ -151,7 +151,7 @@ resource "enos_remote_exec" "wait" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.target[each.key].ipv6_addresses[0] : aws_instance.target[each.key].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } diff --git a/enos/modules/aws_vault/variables.tf b/enos/modules/aws_vault/variables.tf index 312a73def7..a8f0c36c77 100644 --- a/enos/modules/aws_vault/variables.tf +++ b/enos/modules/aws_vault/variables.tf @@ -118,12 +118,12 @@ variable "sg_additional_ipv6_ips" { default = [] } -variable "ssh_aws_keypair" { +variable "aws_ssh_keypair_name" { description = "SSH keypair used to connect to EC2 instances" type = string } -variable "ssh_private_key" { +variable "aws_ssh_private_key" { description = "SSH private key content for connecting to instances" type = string sensitive = true diff --git a/enos/modules/aws_vault/vault-instances.tf b/enos/modules/aws_vault/vault-instances.tf index 184eab6a48..25136389a3 100644 --- a/enos/modules/aws_vault/vault-instances.tf +++ b/enos/modules/aws_vault/vault-instances.tf @@ -7,7 +7,7 @@ resource "aws_instance" "vault_instance" { instance_type = var.instance_type vpc_security_group_ids = [aws_security_group.enos_vault_sg[0].id] subnet_id = tolist(data.aws_subnets.infra.ids)[each.key % length(data.aws_subnets.infra.ids)] - key_name = var.ssh_aws_keypair + key_name = var.aws_ssh_keypair_name iam_instance_profile = aws_iam_instance_profile.vault_profile[0].name ipv6_address_count = local.network_stack[var.ip_version].ipv6_address_count tags = merge( @@ -38,7 +38,7 @@ resource "enos_remote_exec" "install_dependencies" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[each.value].ipv6_addresses[0] : aws_instance.vault_instance[each.value].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -55,7 +55,7 @@ resource "enos_bundle_install" "consul" { transport = { ssh = { host = var.ip_version == "6" ? each.value.ipv6_addresses[0] : each.value.public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -71,7 +71,7 @@ resource "enos_bundle_install" "vault" { transport = { ssh = { host = var.ip_version == "6" ? each.value.ipv6_addresses[0] : each.value.public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -98,7 +98,7 @@ resource "enos_consul_start" "consul" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -141,7 +141,7 @@ resource "enos_vault_start" "leader" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -183,7 +183,7 @@ resource "enos_vault_start" "followers" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -207,7 +207,7 @@ resource "enos_vault_init" "leader" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -226,7 +226,7 @@ resource "enos_vault_unseal" "leader" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -252,7 +252,7 @@ resource "enos_remote_exec" "create_audit_log_dir" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[each.value].ipv6_addresses[0] : aws_instance.vault_instance[each.value].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -282,7 +282,7 @@ resource "enos_remote_exec" "init_audit_device" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -306,7 +306,7 @@ resource "enos_vault_unseal" "followers" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -333,7 +333,7 @@ resource "enos_vault_unseal" "when_vault_unseal_when_no_init_is_set" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -354,7 +354,7 @@ resource "enos_remote_exec" "vault_write_license" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } @@ -374,7 +374,7 @@ resource "enos_remote_exec" "vault_kms_policy" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip - private_key = var.ssh_private_key + private_key = var.aws_ssh_private_key } } } diff --git a/enos/modules/test_e2e/main.tf b/enos/modules/test_e2e/main.tf index 275fd70032..67f23c9945 100644 --- a/enos/modules/test_e2e/main.tf +++ b/enos/modules/test_e2e/main.tf @@ -51,11 +51,12 @@ variable "target_user" { type = string default = "" } + variable "aws_ssh_private_key_path" { - description = "Local Path to key used to SSH onto created hosts" + description = "Path to the private key used to SSH into AWS instances" type = string - default = "" } + variable "target_address" { description = "Address of target" type = string @@ -253,10 +254,9 @@ variable "ip_version" { } locals { - aws_ssh_private_key_path = abspath(var.aws_ssh_private_key_path) - aws_host_set_ips1 = jsonencode(var.aws_host_set_ips1) - aws_host_set_ips2 = jsonencode(var.aws_host_set_ips2) - package_name = reverse(split("/", var.test_package))[0] + aws_host_set_ips1 = jsonencode(var.aws_host_set_ips1) + aws_host_set_ips2 = jsonencode(var.aws_host_set_ips2) + package_name = reverse(split("/", var.test_package))[0] } resource "enos_local_exec" "run_e2e_test" { @@ -270,7 +270,7 @@ resource "enos_local_exec" "run_e2e_test" { E2E_TARGET_ADDRESS = var.target_address E2E_TARGET_PORT = var.target_port E2E_SSH_USER = var.target_user - E2E_SSH_KEY_PATH = local.aws_ssh_private_key_path + E2E_SSH_KEY_PATH = var.aws_ssh_private_key_path E2E_SSH_CA_KEY = "" VAULT_ADDR = var.vault_addr_public VAULT_TOKEN = var.vault_root_token From 566db464ba6a2da47c96ec07d4eb66acd3016e16 Mon Sep 17 00:00:00 2001 From: Tony Date: Wed, 17 Dec 2025 16:02:36 -0500 Subject: [PATCH 6/9] update hcp-resources, e2e_aws scenario, aws_worker module --- enos/ci/hcp-resources/main.tf | 16 ++++++++++---- enos/ci/hcp-resources/variables.tf | 5 +++++ enos/enos-scenario-e2e-aws.hcl | 32 +++++++++++++++++++++------- enos/modules/aws_worker/main.tf | 7 +++++- enos/modules/aws_worker/variables.tf | 10 +++++++-- 5 files changed, 55 insertions(+), 15 deletions(-) diff --git a/enos/ci/hcp-resources/main.tf b/enos/ci/hcp-resources/main.tf index f75d170260..7c1b27dbf4 100644 --- a/enos/ci/hcp-resources/main.tf +++ b/enos/ci/hcp-resources/main.tf @@ -27,11 +27,17 @@ provider "aws" { region = var.aws_region } +module "generate_ssh_key" { + source = "../../modules/aws_ssh_keypair" + + enos_user = var.enos_user +} + provider "enos" { transport = { ssh = { user = "ubuntu" - private_key_path = abspath(var.aws_ssh_private_key_path) + private_key_path = module.generate_ssh_key.private_key_path } } } @@ -85,7 +91,7 @@ module "base_infra" { } module "worker" { - depends_on = [module.base_infra] + depends_on = [module.base_infra, module.generate_ssh_key] source = "../../modules/aws_boundary" controller_count = 0 @@ -93,7 +99,8 @@ module "worker" { db_create = false aws_region = var.aws_region hcp_boundary_cluster_id = var.hcp_boundary_cluster_id - ssh_aws_keypair = var.aws_ssh_keypair_name + aws_ssh_keypair_name = module.generate_ssh_key.aws_ssh_keypair_name + aws_ssh_private_key = module.generate_ssh_key.private_key_pem boundary_license = module.license.license kms_key_arn = module.base_infra.kms_key_arn ubuntu_ami_id = module.base_infra.ami_ids["ubuntu"]["amd64"] @@ -129,7 +136,8 @@ module "target" { source = "../../modules/aws_target" target_count = var.target_count - aws_ssh_keypair_name = var.aws_ssh_keypair_name + aws_ssh_keypair_name = module.generate_ssh_key.aws_ssh_keypair_name + aws_ssh_private_key = module.generate_ssh_key.private_key_pem instance_type = local.target_instance_type enos_user = local.cluster_tag environment = local.environment_tag diff --git a/enos/ci/hcp-resources/variables.tf b/enos/ci/hcp-resources/variables.tf index 7d2f2e38e7..da54d809a3 100644 --- a/enos/ci/hcp-resources/variables.tf +++ b/enos/ci/hcp-resources/variables.tf @@ -22,6 +22,11 @@ variable "boundary_license_path" { type = string } +variable "enos_user" { + description = "Name of user and used to tage AWS resources." + type = string +} + variable "aws_ssh_keypair_name" { description = "Name of the AWS EC2 keypair to use for SSH access" type = string diff --git a/enos/enos-scenario-e2e-aws.hcl b/enos/enos-scenario-e2e-aws.hcl index ebcf37c82e..e9a2da920c 100644 --- a/enos/enos-scenario-e2e-aws.hcl +++ b/enos/enos-scenario-e2e-aws.hcl @@ -16,7 +16,6 @@ scenario "e2e_aws" { } locals { - aws_ssh_private_key_path = abspath(var.aws_ssh_private_key_path) boundary_install_dir = abspath(var.boundary_install_dir) local_boundary_dir = var.local_boundary_dir != null ? abspath(var.local_boundary_dir) : null boundary_license_path = abspath(var.boundary_license_path != null ? var.boundary_license_path : joinpath(path.root, "./support/boundary.hclic")) @@ -82,10 +81,19 @@ scenario "e2e_aws" { } } + step "generate_ssh_key" { + module = module.aws_ssh_keypair + + variables { + enos_user = var.enos_user + } + } + step "create_vault_cluster" { module = module.vault depends_on = [ step.create_base_infra, + step.generate_ssh_key ] variables { @@ -102,6 +110,8 @@ scenario "e2e_aws" { edition = "oss" } vpc_id = step.create_base_infra.vpc_id + ssh_aws_keypair = step.generate_ssh_key.key_pair_name + ssh_private_key = step.generate_ssh_key.private_key_pem } } @@ -154,11 +164,12 @@ scenario "e2e_aws" { step "create_targets_with_tag1" { module = module.aws_target - depends_on = [step.create_base_infra] + depends_on = [step.create_base_infra,step.generate_ssh_key] variables { ami_id = step.create_base_infra.ami_ids["ubuntu"]["amd64"] - aws_ssh_keypair_name = var.aws_ssh_keypair_name + ssh_aws_keypair = step.generate_ssh_key.key_pair_name + ssh_private_key = step.generate_ssh_key.private_key_pem enos_user = var.enos_user instance_type = var.target_instance_type vpc_id = step.create_base_infra.vpc_id @@ -197,7 +208,7 @@ scenario "e2e_aws" { step "create_isolated_worker" { module = module.aws_worker - depends_on = [step.create_boundary_cluster] + depends_on = [step.create_boundary_cluster, step.generate_ssh_key] variables { vpc_id = step.create_base_infra.vpc_id availability_zones = step.create_base_infra.availability_zone_names @@ -214,6 +225,8 @@ scenario "e2e_aws" { worker_type_tags = [local.isolated_tag] ip_version = matrix.ip_version config_file_path = "templates/worker.hcl" + ssh_aws_keypair = step.generate_ssh_key.key_pair_name + ssh_private_key = step.generate_ssh_key.private_key_pem } } @@ -235,12 +248,14 @@ scenario "e2e_aws" { module = module.aws_target depends_on = [ step.create_base_infra, - step.create_isolated_worker + step.create_isolated_worker, + step.generate_ssh_key ] variables { ami_id = step.create_base_infra.ami_ids["ubuntu"]["amd64"] - aws_ssh_keypair_name = var.aws_ssh_keypair_name + ssh_aws_keypair = step.generate_ssh_key.key_pair_name + ssh_private_key = step.generate_ssh_key.private_key_pem enos_user = var.enos_user instance_type = var.target_instance_type vpc_id = step.create_base_infra.vpc_id @@ -260,7 +275,8 @@ scenario "e2e_aws" { step.create_targets_with_tag1, step.iam_setup, step.create_isolated_worker, - step.create_isolated_target + step.create_isolated_target, + step.generate_ssh_key ] variables { @@ -271,7 +287,7 @@ scenario "e2e_aws" { auth_login_name = step.create_boundary_cluster.auth_login_name auth_password = step.create_boundary_cluster.auth_password local_boundary_dir = local.local_boundary_dir - aws_ssh_private_key_path = local.aws_ssh_private_key_path + aws_ssh_private_key_path = step.generate_ssh_key.ssh_private_key_path target_user = "ubuntu" target_port = "22" aws_access_key_id = step.iam_setup.access_key_id diff --git a/enos/modules/aws_worker/main.tf b/enos/modules/aws_worker/main.tf index e92061a439..796b012873 100644 --- a/enos/modules/aws_worker/main.tf +++ b/enos/modules/aws_worker/main.tf @@ -140,7 +140,7 @@ resource "aws_instance" "worker" { instance_type = var.worker_instance_type vpc_security_group_ids = [aws_security_group.default.id] subnet_id = aws_subnet.default.id - key_name = var.ssh_aws_keypair + key_name = var.aws_ssh_keypair_name iam_instance_profile = aws_iam_instance_profile.boundary_profile.name monitoring = var.worker_monitoring @@ -179,6 +179,7 @@ resource "enos_bundle_install" "worker" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.worker.ipv6_addresses[0] : aws_instance.worker.public_ip + private_key = var.aws_ssh_private_key } } } @@ -195,6 +196,7 @@ resource "enos_remote_exec" "update_path_worker" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.worker.ipv6_addresses[0] : aws_instance.worker.public_ip + private_key = var.aws_ssh_private_key } } } @@ -225,6 +227,7 @@ resource "enos_file" "worker_config" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.worker.ipv6_addresses[0] : aws_instance.worker.public_ip + private_key = var.aws_ssh_private_key } } } @@ -241,6 +244,7 @@ resource "enos_boundary_start" "worker_start" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.worker.ipv6_addresses[0] : aws_instance.worker.public_ip + private_key = var.aws_ssh_private_key } } } @@ -260,6 +264,7 @@ resource "enos_remote_exec" "create_worker_audit_log_dir" { transport = { ssh = { host = var.ip_version == "6" ? aws_instance.worker.ipv6_addresses[0] : aws_instance.worker.public_ip + private_key = var.aws_ssh_private_key } } } diff --git a/enos/modules/aws_worker/variables.tf b/enos/modules/aws_worker/variables.tf index 6b1d510337..80f8bb14cc 100644 --- a/enos/modules/aws_worker/variables.tf +++ b/enos/modules/aws_worker/variables.tf @@ -34,11 +34,17 @@ variable "worker_instance_type" { default = "t2.small" } -variable "ssh_aws_keypair" { - description = "The name of the SSH keypair used to connect to EC2 instances" +variable "aws_ssh_keypair_name" { + description = "SSH keypair used to connect to EC2 instances" type = string } +variable "aws_ssh_private_key" { + description = "SSH private key content for connecting to instances" + type = string + sensitive = true +} + variable "worker_monitoring" { description = "Enable detailed monitoring for workers" type = bool From f37ea52272f64a7bffbdbeda085e8f6b167abc47 Mon Sep 17 00:00:00 2001 From: Tony Date: Wed, 17 Dec 2025 16:07:05 -0500 Subject: [PATCH 7/9] update e2e_database scenario --- enos/enos-scenario-e2e-database.hcl | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/enos/enos-scenario-e2e-database.hcl b/enos/enos-scenario-e2e-database.hcl index 8c8bdbfbc2..b06e78589c 100644 --- a/enos/enos-scenario-e2e-database.hcl +++ b/enos/enos-scenario-e2e-database.hcl @@ -10,7 +10,6 @@ scenario "e2e_database" { ] locals { - aws_ssh_private_key_path = abspath(var.aws_ssh_private_key_path) local_boundary_dir = var.local_boundary_dir != null ? abspath(var.local_boundary_dir) : null license_path = abspath(var.boundary_license_path != null ? var.boundary_license_path : joinpath(path.root, "./support/boundary.hclic")) @@ -31,6 +30,14 @@ scenario "e2e_database" { } } + step "generate_ssh_key" { + module = module.aws_ssh_keypair + + variables { + enos_user = var.enos_user + } + } + step "find_azs" { module = module.aws_az_finder @@ -76,11 +83,12 @@ scenario "e2e_database" { step "create_targets_with_tag" { module = module.aws_target - depends_on = [step.create_base_infra] + depends_on = [step.create_base_infra, step.generate_ssh_key] variables { ami_id = step.create_base_infra.ami_ids["ubuntu"]["amd64"] - aws_ssh_keypair_name = var.aws_ssh_keypair_name + ssh_aws_keypair = step.generate_ssh_key.key_pair_name + ssh_private_key = step.generate_ssh_key.private_key_pem enos_user = var.enos_user instance_type = var.target_instance_type vpc_id = step.create_base_infra.vpc_id @@ -114,7 +122,8 @@ scenario "e2e_database" { module = module.test_e2e depends_on = [ step.create_targets_with_tag, - step.iam_setup + step.iam_setup, + step.generate_ssh_key ] variables { @@ -123,7 +132,7 @@ scenario "e2e_database" { boundary_license = var.boundary_edition != "oss" ? step.read_license.license : "" local_boundary_dir = local.local_boundary_dir target_user = "ubuntu" - aws_ssh_private_key_path = local.aws_ssh_private_key_path + aws_ssh_private_key_path = step.generate_ssh_key.private_key_path aws_access_key_id = step.iam_setup.access_key_id aws_secret_access_key = step.iam_setup.secret_access_key aws_host_set_filter1 = step.create_tag_inputs.tag_string From c982da945d85418b714b5eafa22a8df356d6f656 Mon Sep 17 00:00:00 2001 From: Tony Date: Wed, 17 Dec 2025 16:07:56 -0500 Subject: [PATCH 8/9] lint and format --- enos/enos-scenario-e2e-aws.hcl | 68 ++++++++++++++--------------- enos/enos-scenario-e2e-database.hcl | 22 +++++----- enos/modules/aws_worker/main.tf | 10 ++--- 3 files changed, 50 insertions(+), 50 deletions(-) diff --git a/enos/enos-scenario-e2e-aws.hcl b/enos/enos-scenario-e2e-aws.hcl index e9a2da920c..5105ef3f38 100644 --- a/enos/enos-scenario-e2e-aws.hcl +++ b/enos/enos-scenario-e2e-aws.hcl @@ -16,10 +16,10 @@ scenario "e2e_aws" { } locals { - boundary_install_dir = abspath(var.boundary_install_dir) - local_boundary_dir = var.local_boundary_dir != null ? abspath(var.local_boundary_dir) : null - boundary_license_path = abspath(var.boundary_license_path != null ? var.boundary_license_path : joinpath(path.root, "./support/boundary.hclic")) - vault_license_path = abspath(var.vault_license_path != null ? var.vault_license_path : joinpath(path.root, "./support/vault.hclic")) + boundary_install_dir = abspath(var.boundary_install_dir) + local_boundary_dir = var.local_boundary_dir != null ? abspath(var.local_boundary_dir) : null + boundary_license_path = abspath(var.boundary_license_path != null ? var.boundary_license_path : joinpath(path.root, "./support/boundary.hclic")) + vault_license_path = abspath(var.vault_license_path != null ? var.vault_license_path : joinpath(path.root, "./support/vault.hclic")) build_path = { "local" = "/tmp", @@ -109,9 +109,9 @@ scenario "e2e_aws" { version = var.vault_version edition = "oss" } - vpc_id = step.create_base_infra.vpc_id - ssh_aws_keypair = step.generate_ssh_key.key_pair_name - ssh_private_key = step.generate_ssh_key.private_key_pem + vpc_id = step.create_base_infra.vpc_id + ssh_aws_keypair = step.generate_ssh_key.key_pair_name + ssh_private_key = step.generate_ssh_key.private_key_pem } } @@ -164,21 +164,21 @@ scenario "e2e_aws" { step "create_targets_with_tag1" { module = module.aws_target - depends_on = [step.create_base_infra,step.generate_ssh_key] + depends_on = [step.create_base_infra, step.generate_ssh_key] variables { - ami_id = step.create_base_infra.ami_ids["ubuntu"]["amd64"] - ssh_aws_keypair = step.generate_ssh_key.key_pair_name - ssh_private_key = step.generate_ssh_key.private_key_pem - enos_user = var.enos_user - instance_type = var.target_instance_type - vpc_id = step.create_base_infra.vpc_id - target_count = var.target_count <= 1 ? 2 : var.target_count - additional_tags = step.create_tag1_inputs.tag_map - subnet_ids = step.create_boundary_cluster.subnet_ids - ingress_cidr = matrix.ip_version == "4" ? ["10.0.0.0/8"] : [] - ingress_ipv6_cidr = step.create_boundary_cluster.worker_ipv6_cidr - ip_version = matrix.ip_version + ami_id = step.create_base_infra.ami_ids["ubuntu"]["amd64"] + ssh_aws_keypair = step.generate_ssh_key.key_pair_name + ssh_private_key = step.generate_ssh_key.private_key_pem + enos_user = var.enos_user + instance_type = var.target_instance_type + vpc_id = step.create_base_infra.vpc_id + target_count = var.target_count <= 1 ? 2 : var.target_count + additional_tags = step.create_tag1_inputs.tag_map + subnet_ids = step.create_boundary_cluster.subnet_ids + ingress_cidr = matrix.ip_version == "4" ? ["10.0.0.0/8"] : [] + ingress_ipv6_cidr = step.create_boundary_cluster.worker_ipv6_cidr + ip_version = matrix.ip_version } } @@ -225,8 +225,8 @@ scenario "e2e_aws" { worker_type_tags = [local.isolated_tag] ip_version = matrix.ip_version config_file_path = "templates/worker.hcl" - ssh_aws_keypair = step.generate_ssh_key.key_pair_name - ssh_private_key = step.generate_ssh_key.private_key_pem + ssh_aws_keypair = step.generate_ssh_key.key_pair_name + ssh_private_key = step.generate_ssh_key.private_key_pem } } @@ -253,18 +253,18 @@ scenario "e2e_aws" { ] variables { - ami_id = step.create_base_infra.ami_ids["ubuntu"]["amd64"] - ssh_aws_keypair = step.generate_ssh_key.key_pair_name - ssh_private_key = step.generate_ssh_key.private_key_pem - enos_user = var.enos_user - instance_type = var.target_instance_type - vpc_id = step.create_base_infra.vpc_id - target_count = 1 - subnet_ids = step.create_isolated_worker.subnet_ids - ingress_cidr = matrix.ip_version == "4" ? ["10.13.9.0/24"] : [] - ingress_ipv6_cidr = step.create_isolated_worker.worker_ipv6_cidr - additional_tags = step.create_tag2_inputs.tag_map - ip_version = matrix.ip_version + ami_id = step.create_base_infra.ami_ids["ubuntu"]["amd64"] + ssh_aws_keypair = step.generate_ssh_key.key_pair_name + ssh_private_key = step.generate_ssh_key.private_key_pem + enos_user = var.enos_user + instance_type = var.target_instance_type + vpc_id = step.create_base_infra.vpc_id + target_count = 1 + subnet_ids = step.create_isolated_worker.subnet_ids + ingress_cidr = matrix.ip_version == "4" ? ["10.13.9.0/24"] : [] + ingress_ipv6_cidr = step.create_isolated_worker.worker_ipv6_cidr + additional_tags = step.create_tag2_inputs.tag_map + ip_version = matrix.ip_version } } diff --git a/enos/enos-scenario-e2e-database.hcl b/enos/enos-scenario-e2e-database.hcl index b06e78589c..ee905babf9 100644 --- a/enos/enos-scenario-e2e-database.hcl +++ b/enos/enos-scenario-e2e-database.hcl @@ -10,8 +10,8 @@ scenario "e2e_database" { ] locals { - local_boundary_dir = var.local_boundary_dir != null ? abspath(var.local_boundary_dir) : null - license_path = abspath(var.boundary_license_path != null ? var.boundary_license_path : joinpath(path.root, "./support/boundary.hclic")) + local_boundary_dir = var.local_boundary_dir != null ? abspath(var.local_boundary_dir) : null + license_path = abspath(var.boundary_license_path != null ? var.boundary_license_path : joinpath(path.root, "./support/boundary.hclic")) tags = merge({ "Project Name" : var.project_name @@ -86,15 +86,15 @@ scenario "e2e_database" { depends_on = [step.create_base_infra, step.generate_ssh_key] variables { - ami_id = step.create_base_infra.ami_ids["ubuntu"]["amd64"] - ssh_aws_keypair = step.generate_ssh_key.key_pair_name - ssh_private_key = step.generate_ssh_key.private_key_pem - enos_user = var.enos_user - instance_type = var.target_instance_type - vpc_id = step.create_base_infra.vpc_id - target_count = 1 - additional_tags = step.create_tag_inputs.tag_map - subnet_ids = step.get_subnets.list + ami_id = step.create_base_infra.ami_ids["ubuntu"]["amd64"] + ssh_aws_keypair = step.generate_ssh_key.key_pair_name + ssh_private_key = step.generate_ssh_key.private_key_pem + enos_user = var.enos_user + instance_type = var.target_instance_type + vpc_id = step.create_base_infra.vpc_id + target_count = 1 + additional_tags = step.create_tag_inputs.tag_map + subnet_ids = step.get_subnets.list } } diff --git a/enos/modules/aws_worker/main.tf b/enos/modules/aws_worker/main.tf index 796b012873..ff82334e22 100644 --- a/enos/modules/aws_worker/main.tf +++ b/enos/modules/aws_worker/main.tf @@ -178,7 +178,7 @@ resource "enos_bundle_install" "worker" { transport = { ssh = { - host = var.ip_version == "6" ? aws_instance.worker.ipv6_addresses[0] : aws_instance.worker.public_ip + host = var.ip_version == "6" ? aws_instance.worker.ipv6_addresses[0] : aws_instance.worker.public_ip private_key = var.aws_ssh_private_key } } @@ -195,7 +195,7 @@ resource "enos_remote_exec" "update_path_worker" { transport = { ssh = { - host = var.ip_version == "6" ? aws_instance.worker.ipv6_addresses[0] : aws_instance.worker.public_ip + host = var.ip_version == "6" ? aws_instance.worker.ipv6_addresses[0] : aws_instance.worker.public_ip private_key = var.aws_ssh_private_key } } @@ -226,7 +226,7 @@ resource "enos_file" "worker_config" { transport = { ssh = { - host = var.ip_version == "6" ? aws_instance.worker.ipv6_addresses[0] : aws_instance.worker.public_ip + host = var.ip_version == "6" ? aws_instance.worker.ipv6_addresses[0] : aws_instance.worker.public_ip private_key = var.aws_ssh_private_key } } @@ -243,7 +243,7 @@ resource "enos_boundary_start" "worker_start" { recording_storage_path = var.recording_storage_path != "" ? var.recording_storage_path : null transport = { ssh = { - host = var.ip_version == "6" ? aws_instance.worker.ipv6_addresses[0] : aws_instance.worker.public_ip + host = var.ip_version == "6" ? aws_instance.worker.ipv6_addresses[0] : aws_instance.worker.public_ip private_key = var.aws_ssh_private_key } } @@ -263,7 +263,7 @@ resource "enos_remote_exec" "create_worker_audit_log_dir" { transport = { ssh = { - host = var.ip_version == "6" ? aws_instance.worker.ipv6_addresses[0] : aws_instance.worker.public_ip + host = var.ip_version == "6" ? aws_instance.worker.ipv6_addresses[0] : aws_instance.worker.public_ip private_key = var.aws_ssh_private_key } } From 576afa26c180c46c5b6acf9a3d5ddf013e829db7 Mon Sep 17 00:00:00 2001 From: Tony Date: Wed, 17 Dec 2025 16:33:19 -0500 Subject: [PATCH 9/9] fix vars --- enos/ci/hcp-resources/main.tf | 8 ++++---- enos/enos-scenario-e2e-aws.hcl | 8 ++++---- enos/enos-scenario-e2e-database.hcl | 18 +++++++++--------- 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/enos/ci/hcp-resources/main.tf b/enos/ci/hcp-resources/main.tf index 7c1b27dbf4..47910c1d8b 100644 --- a/enos/ci/hcp-resources/main.tf +++ b/enos/ci/hcp-resources/main.tf @@ -99,8 +99,8 @@ module "worker" { db_create = false aws_region = var.aws_region hcp_boundary_cluster_id = var.hcp_boundary_cluster_id - aws_ssh_keypair_name = module.generate_ssh_key.aws_ssh_keypair_name - aws_ssh_private_key = module.generate_ssh_key.private_key_pem + aws_ssh_keypair_name = module.generate_ssh_key.key_pair_name + aws_ssh_private_key = module.generate_ssh_key.private_key_pem boundary_license = module.license.license kms_key_arn = module.base_infra.kms_key_arn ubuntu_ami_id = module.base_infra.ami_ids["ubuntu"]["amd64"] @@ -136,8 +136,8 @@ module "target" { source = "../../modules/aws_target" target_count = var.target_count - aws_ssh_keypair_name = module.generate_ssh_key.aws_ssh_keypair_name - aws_ssh_private_key = module.generate_ssh_key.private_key_pem + aws_ssh_keypair_name = module.generate_ssh_key.key_pair_name + aws_ssh_private_key = module.generate_ssh_key.private_key_pem instance_type = local.target_instance_type enos_user = local.cluster_tag environment = local.environment_tag diff --git a/enos/enos-scenario-e2e-aws.hcl b/enos/enos-scenario-e2e-aws.hcl index 5105ef3f38..777daf71b5 100644 --- a/enos/enos-scenario-e2e-aws.hcl +++ b/enos/enos-scenario-e2e-aws.hcl @@ -109,9 +109,9 @@ scenario "e2e_aws" { version = var.vault_version edition = "oss" } - vpc_id = step.create_base_infra.vpc_id - ssh_aws_keypair = step.generate_ssh_key.key_pair_name - ssh_private_key = step.generate_ssh_key.private_key_pem + vpc_id = step.create_base_infra.vpc_id + aws_ssh_keypair_name = step.generate_ssh_key.key_pair_name + aws_ssh_private_key = step.generate_ssh_key.private_key_pem } } @@ -287,7 +287,7 @@ scenario "e2e_aws" { auth_login_name = step.create_boundary_cluster.auth_login_name auth_password = step.create_boundary_cluster.auth_password local_boundary_dir = local.local_boundary_dir - aws_ssh_private_key_path = step.generate_ssh_key.ssh_private_key_path + aws_ssh_private_key_path = step.generate_ssh_key.private_key_path target_user = "ubuntu" target_port = "22" aws_access_key_id = step.iam_setup.access_key_id diff --git a/enos/enos-scenario-e2e-database.hcl b/enos/enos-scenario-e2e-database.hcl index ee905babf9..2facb5ff8b 100644 --- a/enos/enos-scenario-e2e-database.hcl +++ b/enos/enos-scenario-e2e-database.hcl @@ -86,15 +86,15 @@ scenario "e2e_database" { depends_on = [step.create_base_infra, step.generate_ssh_key] variables { - ami_id = step.create_base_infra.ami_ids["ubuntu"]["amd64"] - ssh_aws_keypair = step.generate_ssh_key.key_pair_name - ssh_private_key = step.generate_ssh_key.private_key_pem - enos_user = var.enos_user - instance_type = var.target_instance_type - vpc_id = step.create_base_infra.vpc_id - target_count = 1 - additional_tags = step.create_tag_inputs.tag_map - subnet_ids = step.get_subnets.list + ami_id = step.create_base_infra.ami_ids["ubuntu"]["amd64"] + aws_ssh_keypair_name = module.generate_ssh_key.key_pair_name + aws_ssh_private_key = module.generate_ssh_key.private_key_pem + enos_user = var.enos_user + instance_type = var.target_instance_type + vpc_id = step.create_base_infra.vpc_id + target_count = 1 + additional_tags = step.create_tag_inputs.tag_map + subnet_ids = step.get_subnets.list } }