aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge 576afa26c1 into af3848e797

Browse Source
pull/6300/merge
Tony 2 days ago committed by GitHub
parent af3848e797 576afa26c1
commit dc93c63b95
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
18 changed files with 280 additions and 118 deletions
Show Stats Download Patch File Download Diff File

16
enos/ci/hcp-resources/main.tf
Unescape View File

@ -27,11 +27,17 @@ provider "aws" {
region = var.aws_region region = var.aws_region
} }
module "generate_ssh_key" {
source = "../../modules/aws_ssh_keypair"
enos_user = var.enos_user
}
provider "enos" { provider "enos" {
transport = { transport = {
ssh = { ssh = {
user = "ubuntu" user = "ubuntu"
private_key_path = abspath(var.aws_ssh_private_key_path) private_key_path = module.generate_ssh_key.private_key_path
} }
} }
} }
@ -85,7 +91,7 @@ module "base_infra" {
} }
module "worker" { module "worker" {
depends_on = [module.base_infra] depends_on = [module.base_infra, module.generate_ssh_key]
source = "../../modules/aws_boundary" source = "../../modules/aws_boundary"
controller_count = 0 controller_count = 0
@ -93,7 +99,8 @@ module "worker" {
db_create = false db_create = false
aws_region = var.aws_region aws_region = var.aws_region
hcp_boundary_cluster_id = var.hcp_boundary_cluster_id hcp_boundary_cluster_id = var.hcp_boundary_cluster_id
ssh_aws_keypair = var.aws_ssh_keypair_name aws_ssh_keypair_name = module.generate_ssh_key.key_pair_name
aws_ssh_private_key = module.generate_ssh_key.private_key_pem
boundary_license = module.license.license boundary_license = module.license.license
kms_key_arn = module.base_infra.kms_key_arn kms_key_arn = module.base_infra.kms_key_arn
ubuntu_ami_id = module.base_infra.ami_ids["ubuntu"]["amd64"] ubuntu_ami_id = module.base_infra.ami_ids["ubuntu"]["amd64"]
@ -129,7 +136,8 @@ module "target" {
source = "../../modules/aws_target" source = "../../modules/aws_target"
target_count = var.target_count target_count = var.target_count
aws_ssh_keypair_name = var.aws_ssh_keypair_name aws_ssh_keypair_name = module.generate_ssh_key.key_pair_name
aws_ssh_private_key = module.generate_ssh_key.private_key_pem
instance_type = local.target_instance_type instance_type = local.target_instance_type
enos_user = local.cluster_tag enos_user = local.cluster_tag
environment = local.environment_tag environment = local.environment_tag

5
enos/ci/hcp-resources/variables.tf
Unescape View File

@ -22,6 +22,11 @@ variable "boundary_license_path" {
type = string type = string
} }
variable "enos_user" {
description = "Name of user and used to tage AWS resources."
type = string
}
variable "aws_ssh_keypair_name" { variable "aws_ssh_keypair_name" {
description = "Name of the AWS EC2 keypair to use for SSH access" description = "Name of the AWS EC2 keypair to use for SSH access"
type = string type = string

9
enos/enos-modules.hcl
Unescape View File

@ -23,7 +23,6 @@ module "aws_boundary" {
alb_listener_api_port = var.alb_listener_api_port alb_listener_api_port = var.alb_listener_api_port
boundary_binary_name = var.boundary_binary_name boundary_binary_name = var.boundary_binary_name
ssh_aws_keypair = var.aws_ssh_keypair_name
} }
module "aws_worker" { module "aws_worker" {
@ -35,8 +34,6 @@ module "aws_worker" {
"Enos User" : var.enos_user, "Enos User" : var.enos_user,
"Environment" : var.environment "Environment" : var.environment
} }
ssh_aws_keypair = var.aws_ssh_keypair_name
} }
module "aws_bucket" { module "aws_bucket" {
@ -114,6 +111,10 @@ module "map2list" {
source = "./modules/map2list" source = "./modules/map2list"
} }
module "aws_ssh_keypair" {
source = "./modules/aws_ssh_keypair"
}
module "aws_target" { module "aws_target" {
source = "./modules/aws_target" source = "./modules/aws_target"
target_count = var.target_count target_count = var.target_count
@ -142,8 +143,6 @@ module "vault" {
"Enos User" : var.enos_user, "Enos User" : var.enos_user,
"Environment" : var.environment "Environment" : var.environment
} }
ssh_aws_keypair = var.aws_ssh_keypair_name
} }
module "test_e2e" { module "test_e2e" {

35
enos/enos-scenario-e2e-aws-base.hcl
Unescape View File

@ -14,10 +14,9 @@ scenario "e2e_aws_base" {
} }
locals { locals {
aws_ssh_private_key_path = abspath(var.aws_ssh_private_key_path) boundary_install_dir = abspath(var.boundary_install_dir)
boundary_install_dir = abspath(var.boundary_install_dir) license_path = abspath(var.boundary_license_path != null ? var.boundary_license_path : joinpath(path.root, "./support/boundary.hclic"))
license_path = abspath(var.boundary_license_path != null ? var.boundary_license_path : joinpath(path.root, "./support/boundary.hclic")) local_boundary_dir = var.local_boundary_dir != null ? abspath(var.local_boundary_dir) : null
local_boundary_dir = var.local_boundary_dir != null ? abspath(var.local_boundary_dir) : null
build_path = { build_path = {
"local" = "/tmp", "local" = "/tmp",
"crt" = var.crt_bundle_path == null ? null : abspath(var.crt_bundle_path) "crt" = var.crt_bundle_path == null ? null : abspath(var.crt_bundle_path)
@ -76,12 +75,21 @@ scenario "e2e_aws_base" {
} }
} }
step "generate_ssh_key" {
module = module.aws_ssh_keypair
variables {
enos_user = var.enos_user
}
}
step "create_boundary_cluster" { step "create_boundary_cluster" {
module = module.aws_boundary module = module.aws_boundary
depends_on = [ depends_on = [
step.create_base_infra, step.create_base_infra,
step.create_db_password, step.create_db_password,
step.build_boundary step.build_boundary,
step.generate_ssh_key
] ]
variables { variables {
@ -100,16 +108,22 @@ scenario "e2e_aws_base" {
worker_count = var.worker_count worker_count = var.worker_count
worker_instance_type = var.worker_instance_type worker_instance_type = var.worker_instance_type
aws_region = var.aws_region aws_region = var.aws_region
aws_ssh_keypair_name = step.generate_ssh_key.key_pair_name
aws_ssh_private_key = step.generate_ssh_key.private_key_pem
} }
} }
step "create_target" { step "create_target" {
module = module.aws_target module = module.aws_target
depends_on = [step.create_base_infra] depends_on = [
step.create_base_infra,
step.generate_ssh_key
]
variables { variables {
ami_id = step.create_base_infra.ami_ids["ubuntu"]["amd64"] ami_id = step.create_base_infra.ami_ids["ubuntu"]["amd64"]
aws_ssh_keypair_name = var.aws_ssh_keypair_name aws_ssh_keypair_name = step.generate_ssh_key.key_pair_name
aws_ssh_private_key = step.generate_ssh_key.private_key_pem
enos_user = var.enos_user enos_user = var.enos_user
instance_type = var.target_instance_type instance_type = var.target_instance_type
vpc_id = step.create_base_infra.vpc_id vpc_id = step.create_base_infra.vpc_id
@ -122,7 +136,8 @@ scenario "e2e_aws_base" {
module = module.test_e2e module = module.test_e2e
depends_on = [ depends_on = [
step.create_boundary_cluster, step.create_boundary_cluster,
step.create_target step.create_target,
step.generate_ssh_key
] ]
variables { variables {
@ -133,7 +148,7 @@ scenario "e2e_aws_base" {
auth_login_name = step.create_boundary_cluster.auth_login_name auth_login_name = step.create_boundary_cluster.auth_login_name
auth_password = step.create_boundary_cluster.auth_password auth_password = step.create_boundary_cluster.auth_password
local_boundary_dir = local.local_boundary_dir local_boundary_dir = local.local_boundary_dir
aws_ssh_private_key_path = local.aws_ssh_private_key_path aws_ssh_private_key_path = step.generate_ssh_key.private_key_path
target_address = step.create_target.target_private_ips[0] target_address = step.create_target.target_private_ips[0]
target_user = "ubuntu" target_user = "ubuntu"
target_port = "22" target_port = "22"

31
enos/enos-scenario-e2e-aws-rdp-base.hcl
Unescape View File

@ -24,12 +24,11 @@ scenario "e2e_aws_rdp_base" {
} }
locals { locals {
aws_ssh_private_key_path = abspath(var.aws_ssh_private_key_path) boundary_install_dir = abspath(var.boundary_install_dir)
boundary_install_dir = abspath(var.boundary_install_dir) local_boundary_dir = var.local_boundary_dir != null ? abspath(var.local_boundary_dir) : null
local_boundary_dir = var.local_boundary_dir != null ? abspath(var.local_boundary_dir) : null local_boundary_src_dir = var.local_boundary_src_dir != null ? abspath(var.local_boundary_src_dir) : null
local_boundary_src_dir = var.local_boundary_src_dir != null ? abspath(var.local_boundary_src_dir) : null boundary_license_path = abspath(var.boundary_license_path != null ? var.boundary_license_path : joinpath(path.root, "./support/boundary.hclic"))
boundary_license_path = abspath(var.boundary_license_path != null ? var.boundary_license_path : joinpath(path.root, "./support/boundary.hclic")) ip_version = "4"
ip_version = "4"
build_path_linux = { build_path_linux = {
"local" = "/tmp", "local" = "/tmp",
@ -74,6 +73,14 @@ scenario "e2e_aws_rdp_base" {
} }
} }
step "generate_ssh_key" {
module = module.aws_ssh_keypair
variables {
enos_user = var.enos_user
}
}
step "build_boundary_linux" { step "build_boundary_linux" {
module = matrix.builder == "crt" ? module.build_crt : module.build_local module = matrix.builder == "crt" ? module.build_crt : module.build_local
@ -131,6 +138,7 @@ scenario "e2e_aws_rdp_base" {
module = module.vault module = module.vault
depends_on = [ depends_on = [
step.create_base_infra, step.create_base_infra,
step.generate_ssh_key
] ]
variables { variables {
@ -146,7 +154,9 @@ scenario "e2e_aws_rdp_base" {
version = var.vault_version version = var.vault_version
edition = "oss" edition = "oss"
} }
vpc_id = step.create_base_infra.vpc_id vpc_id = step.create_base_infra.vpc_id
aws_ssh_keypair_name = step.generate_ssh_key.key_pair_name
aws_ssh_private_key = step.generate_ssh_key.private_key_pem
} }
} }
@ -175,7 +185,8 @@ scenario "e2e_aws_rdp_base" {
step.build_boundary_linux, step.build_boundary_linux,
step.create_windows_client, step.create_windows_client,
step.create_vault_cluster, step.create_vault_cluster,
step.read_boundary_license step.read_boundary_license,
step.generate_ssh_key
] ]
variables { variables {
@ -200,6 +211,8 @@ scenario "e2e_aws_rdp_base" {
ip_version = local.ip_version ip_version = local.ip_version
recording_storage_path = "/recording" recording_storage_path = "/recording"
alb_sg_additional_ips = step.create_windows_client.public_ip_list alb_sg_additional_ips = step.create_windows_client.public_ip_list
aws_ssh_keypair_name = step.generate_ssh_key.key_pair_name
aws_ssh_private_key = step.generate_ssh_key.private_key_pem
} }
} }
@ -302,7 +315,7 @@ scenario "e2e_aws_rdp_base" {
auth_login_name = step.create_boundary_cluster.auth_login_name auth_login_name = step.create_boundary_cluster.auth_login_name
auth_password = step.create_boundary_cluster.auth_password auth_password = step.create_boundary_cluster.auth_password
local_boundary_dir = local.local_boundary_dir local_boundary_dir = local.local_boundary_dir
aws_ssh_private_key_path = local.aws_ssh_private_key_path aws_ssh_private_key_path = step.generate_ssh_key.private_key_path
target_user = "ubuntu" target_user = "ubuntu"
target_port = "22" target_port = "22"
aws_bucket_name = step.create_bucket.bucket_name aws_bucket_name = step.create_bucket.bucket_name

82
enos/enos-scenario-e2e-aws.hcl
Unescape View File

@ -16,11 +16,10 @@ scenario "e2e_aws" {
} }
locals { locals {
aws_ssh_private_key_path = abspath(var.aws_ssh_private_key_path) boundary_install_dir = abspath(var.boundary_install_dir)
boundary_install_dir = abspath(var.boundary_install_dir) local_boundary_dir = var.local_boundary_dir != null ? abspath(var.local_boundary_dir) : null
local_boundary_dir = var.local_boundary_dir != null ? abspath(var.local_boundary_dir) : null boundary_license_path = abspath(var.boundary_license_path != null ? var.boundary_license_path : joinpath(path.root, "./support/boundary.hclic"))
boundary_license_path = abspath(var.boundary_license_path != null ? var.boundary_license_path : joinpath(path.root, "./support/boundary.hclic")) vault_license_path = abspath(var.vault_license_path != null ? var.vault_license_path : joinpath(path.root, "./support/vault.hclic"))
vault_license_path = abspath(var.vault_license_path != null ? var.vault_license_path : joinpath(path.root, "./support/vault.hclic"))
build_path = { build_path = {
"local" = "/tmp", "local" = "/tmp",
@ -82,10 +81,19 @@ scenario "e2e_aws" {
} }
} }
step "generate_ssh_key" {
module = module.aws_ssh_keypair
variables {
enos_user = var.enos_user
}
}
step "create_vault_cluster" { step "create_vault_cluster" {
module = module.vault module = module.vault
depends_on = [ depends_on = [
step.create_base_infra, step.create_base_infra,
step.generate_ssh_key
] ]
variables { variables {
@ -101,7 +109,9 @@ scenario "e2e_aws" {
version = var.vault_version version = var.vault_version
edition = "oss" edition = "oss"
} }
vpc_id = step.create_base_infra.vpc_id vpc_id = step.create_base_infra.vpc_id
aws_ssh_keypair_name = step.generate_ssh_key.key_pair_name
aws_ssh_private_key = step.generate_ssh_key.private_key_pem
} }
} }
@ -154,20 +164,21 @@ scenario "e2e_aws" {
step "create_targets_with_tag1" { step "create_targets_with_tag1" {
module = module.aws_target module = module.aws_target
depends_on = [step.create_base_infra] depends_on = [step.create_base_infra, step.generate_ssh_key]
variables { variables {
ami_id = step.create_base_infra.ami_ids["ubuntu"]["amd64"] ami_id = step.create_base_infra.ami_ids["ubuntu"]["amd64"]
aws_ssh_keypair_name = var.aws_ssh_keypair_name ssh_aws_keypair = step.generate_ssh_key.key_pair_name
enos_user = var.enos_user ssh_private_key = step.generate_ssh_key.private_key_pem
instance_type = var.target_instance_type enos_user = var.enos_user
vpc_id = step.create_base_infra.vpc_id instance_type = var.target_instance_type
target_count = var.target_count <= 1 ? 2 : var.target_count vpc_id = step.create_base_infra.vpc_id
additional_tags = step.create_tag1_inputs.tag_map target_count = var.target_count <= 1 ? 2 : var.target_count
subnet_ids = step.create_boundary_cluster.subnet_ids additional_tags = step.create_tag1_inputs.tag_map
ingress_cidr = matrix.ip_version == "4" ? ["10.0.0.0/8"] : [] subnet_ids = step.create_boundary_cluster.subnet_ids
ingress_ipv6_cidr = step.create_boundary_cluster.worker_ipv6_cidr ingress_cidr = matrix.ip_version == "4" ? ["10.0.0.0/8"] : []
ip_version = matrix.ip_version ingress_ipv6_cidr = step.create_boundary_cluster.worker_ipv6_cidr
ip_version = matrix.ip_version
} }
} }
@ -197,7 +208,7 @@ scenario "e2e_aws" {
step "create_isolated_worker" { step "create_isolated_worker" {
module = module.aws_worker module = module.aws_worker
depends_on = [step.create_boundary_cluster] depends_on = [step.create_boundary_cluster, step.generate_ssh_key]
variables { variables {
vpc_id = step.create_base_infra.vpc_id vpc_id = step.create_base_infra.vpc_id
availability_zones = step.create_base_infra.availability_zone_names availability_zones = step.create_base_infra.availability_zone_names
@ -214,6 +225,8 @@ scenario "e2e_aws" {
worker_type_tags = [local.isolated_tag] worker_type_tags = [local.isolated_tag]
ip_version = matrix.ip_version ip_version = matrix.ip_version
config_file_path = "templates/worker.hcl" config_file_path = "templates/worker.hcl"
ssh_aws_keypair = step.generate_ssh_key.key_pair_name
ssh_private_key = step.generate_ssh_key.private_key_pem
} }
} }
@ -235,21 +248,23 @@ scenario "e2e_aws" {
module = module.aws_target module = module.aws_target
depends_on = [ depends_on = [
step.create_base_infra, step.create_base_infra,
step.create_isolated_worker step.create_isolated_worker,
step.generate_ssh_key
] ]
variables { variables {
ami_id = step.create_base_infra.ami_ids["ubuntu"]["amd64"] ami_id = step.create_base_infra.ami_ids["ubuntu"]["amd64"]
aws_ssh_keypair_name = var.aws_ssh_keypair_name ssh_aws_keypair = step.generate_ssh_key.key_pair_name
enos_user = var.enos_user ssh_private_key = step.generate_ssh_key.private_key_pem
instance_type = var.target_instance_type enos_user = var.enos_user
vpc_id = step.create_base_infra.vpc_id instance_type = var.target_instance_type
target_count = 1 vpc_id = step.create_base_infra.vpc_id
subnet_ids = step.create_isolated_worker.subnet_ids target_count = 1
ingress_cidr = matrix.ip_version == "4" ? ["10.13.9.0/24"] : [] subnet_ids = step.create_isolated_worker.subnet_ids
ingress_ipv6_cidr = step.create_isolated_worker.worker_ipv6_cidr ingress_cidr = matrix.ip_version == "4" ? ["10.13.9.0/24"] : []
additional_tags = step.create_tag2_inputs.tag_map ingress_ipv6_cidr = step.create_isolated_worker.worker_ipv6_cidr
ip_version = matrix.ip_version additional_tags = step.create_tag2_inputs.tag_map
ip_version = matrix.ip_version
} }
} }
@ -260,7 +275,8 @@ scenario "e2e_aws" {
step.create_targets_with_tag1, step.create_targets_with_tag1,
step.iam_setup, step.iam_setup,
step.create_isolated_worker, step.create_isolated_worker,
step.create_isolated_target step.create_isolated_target,
step.generate_ssh_key
] ]
variables { variables {
@ -271,7 +287,7 @@ scenario "e2e_aws" {
auth_login_name = step.create_boundary_cluster.auth_login_name auth_login_name = step.create_boundary_cluster.auth_login_name
auth_password = step.create_boundary_cluster.auth_password auth_password = step.create_boundary_cluster.auth_password
local_boundary_dir = local.local_boundary_dir local_boundary_dir = local.local_boundary_dir
aws_ssh_private_key_path = local.aws_ssh_private_key_path aws_ssh_private_key_path = step.generate_ssh_key.private_key_path
target_user = "ubuntu" target_user = "ubuntu"
target_port = "22" target_port = "22"
aws_access_key_id = step.iam_setup.access_key_id aws_access_key_id = step.iam_setup.access_key_id

23
enos/enos-scenario-e2e-database.hcl
Unescape View File

@ -10,9 +10,8 @@ scenario "e2e_database" {
] ]
locals { locals {
aws_ssh_private_key_path = abspath(var.aws_ssh_private_key_path) local_boundary_dir = var.local_boundary_dir != null ? abspath(var.local_boundary_dir) : null
local_boundary_dir = var.local_boundary_dir != null ? abspath(var.local_boundary_dir) : null license_path = abspath(var.boundary_license_path != null ? var.boundary_license_path : joinpath(path.root, "./support/boundary.hclic"))
license_path = abspath(var.boundary_license_path != null ? var.boundary_license_path : joinpath(path.root, "./support/boundary.hclic"))
tags = merge({ tags = merge({
"Project Name" : var.project_name "Project Name" : var.project_name
@ -31,6 +30,14 @@ scenario "e2e_database" {
} }
} }
step "generate_ssh_key" {
module = module.aws_ssh_keypair
variables {
enos_user = var.enos_user
}
}
step "find_azs" { step "find_azs" {
module = module.aws_az_finder module = module.aws_az_finder
@ -76,11 +83,12 @@ scenario "e2e_database" {
step "create_targets_with_tag" { step "create_targets_with_tag" {
module = module.aws_target module = module.aws_target
depends_on = [step.create_base_infra] depends_on = [step.create_base_infra, step.generate_ssh_key]
variables { variables {
ami_id = step.create_base_infra.ami_ids["ubuntu"]["amd64"] ami_id = step.create_base_infra.ami_ids["ubuntu"]["amd64"]
aws_ssh_keypair_name = var.aws_ssh_keypair_name aws_ssh_keypair_name = module.generate_ssh_key.key_pair_name
aws_ssh_private_key = module.generate_ssh_key.private_key_pem
enos_user = var.enos_user enos_user = var.enos_user
instance_type = var.target_instance_type instance_type = var.target_instance_type
vpc_id = step.create_base_infra.vpc_id vpc_id = step.create_base_infra.vpc_id
@ -114,7 +122,8 @@ scenario "e2e_database" {
module = module.test_e2e module = module.test_e2e
depends_on = [ depends_on = [
step.create_targets_with_tag, step.create_targets_with_tag,
step.iam_setup step.iam_setup,
step.generate_ssh_key
] ]
variables { variables {
@ -123,7 +132,7 @@ scenario "e2e_database" {
boundary_license = var.boundary_edition != "oss" ? step.read_license.license : "" boundary_license = var.boundary_edition != "oss" ? step.read_license.license : ""
local_boundary_dir = local.local_boundary_dir local_boundary_dir = local.local_boundary_dir
target_user = "ubuntu" target_user = "ubuntu"
aws_ssh_private_key_path = local.aws_ssh_private_key_path aws_ssh_private_key_path = step.generate_ssh_key.private_key_path
aws_access_key_id = step.iam_setup.access_key_id aws_access_key_id = step.iam_setup.access_key_id
aws_secret_access_key = step.iam_setup.secret_access_key aws_secret_access_key = step.iam_setup.secret_access_key
aws_host_set_filter1 = step.create_tag_inputs.tag_string aws_host_set_filter1 = step.create_tag_inputs.tag_string

3
enos/enos.hcl
Unescape View File

@ -32,8 +32,7 @@ provider "aws" "default" {
provider "enos" "default" { provider "enos" "default" {
transport = { transport = {
ssh = { ssh = {
user = "ubuntu" user = "ubuntu"
private_key_path = abspath(var.aws_ssh_private_key_path)
} }
} }
} }

43
enos/modules/aws_boundary/boundary-instances.tf
Unescape View File

@ -12,7 +12,7 @@ resource "aws_instance" "controller" {
aws_security_group.boundary_aux_sg.id, aws_security_group.boundary_aux_sg.id,
] ]
subnet_id = tolist(data.aws_subnets.infra.ids)[count.index % length(data.aws_subnets.infra.ids)] subnet_id = tolist(data.aws_subnets.infra.ids)[count.index % length(data.aws_subnets.infra.ids)]
key_name = var.ssh_aws_keypair key_name = var.aws_ssh_keypair_name
iam_instance_profile = aws_iam_instance_profile.boundary_profile.name iam_instance_profile = aws_iam_instance_profile.boundary_profile.name
monitoring = var.controller_monitoring monitoring = var.controller_monitoring
ipv6_address_count = local.network_stack[var.ip_version].ipv6_address_count ipv6_address_count = local.network_stack[var.ip_version].ipv6_address_count
@ -45,7 +45,7 @@ resource "aws_instance" "worker" {
instance_type = var.worker_instance_type instance_type = var.worker_instance_type
vpc_security_group_ids = [aws_security_group.boundary_sg.id] vpc_security_group_ids = [aws_security_group.boundary_sg.id]
subnet_id = tolist(data.aws_subnets.infra.ids)[count.index % length(data.aws_subnets.infra.ids)] subnet_id = tolist(data.aws_subnets.infra.ids)[count.index % length(data.aws_subnets.infra.ids)]
key_name = var.ssh_aws_keypair key_name = var.aws_ssh_keypair_name
iam_instance_profile = aws_iam_instance_profile.boundary_profile.name iam_instance_profile = aws_iam_instance_profile.boundary_profile.name
monitoring = var.worker_monitoring monitoring = var.worker_monitoring
ipv6_address_count = local.network_stack[var.ip_version].ipv6_address_count ipv6_address_count = local.network_stack[var.ip_version].ipv6_address_count
@ -83,7 +83,8 @@ resource "enos_bundle_install" "controller" {
transport = { transport = {
ssh = { ssh = {
host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip
private_key = var.aws_ssh_private_key
} }
} }
} }
@ -100,7 +101,8 @@ resource "enos_remote_exec" "update_path_controller" {
transport = { transport = {
ssh = { ssh = {
host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip
private_key = var.aws_ssh_private_key
} }
} }
} }
@ -138,7 +140,8 @@ resource "enos_file" "controller_config" {
transport = { transport = {
ssh = { ssh = {
host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip
private_key = var.aws_ssh_private_key
} }
} }
} }
@ -153,7 +156,8 @@ resource "enos_boundary_init" "controller" {
transport = { transport = {
ssh = { ssh = {
host = try(var.ip_version == "6" ? aws_instance.controller[0].ipv6_addresses[0] : aws_instance.controller[0].public_ip, null) host = try(var.ip_version == "6" ? aws_instance.controller[0].ipv6_addresses[0] : aws_instance.controller[0].public_ip, null)
private_key = var.aws_ssh_private_key
} }
} }
@ -170,7 +174,8 @@ resource "enos_boundary_start" "controller_start" {
transport = { transport = {
ssh = { ssh = {
host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip
private_key = var.aws_ssh_private_key
} }
} }
@ -195,7 +200,8 @@ resource "enos_remote_exec" "create_controller_audit_log_dir" {
transport = { transport = {
ssh = { ssh = {
host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip host = var.ip_version == "6" ? aws_instance.controller[tonumber(each.value)].ipv6_addresses[0] : aws_instance.controller[tonumber(each.value)].public_ip
private_key = var.aws_ssh_private_key
} }
} }
} }
@ -212,7 +218,8 @@ resource "enos_bundle_install" "worker" {
transport = { transport = {
ssh = { ssh = {
host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip
private_key = var.aws_ssh_private_key
} }
} }
} }
@ -229,7 +236,8 @@ resource "enos_remote_exec" "update_path_worker" {
transport = { transport = {
ssh = { ssh = {
host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip
private_key = var.aws_ssh_private_key
} }
} }
} }
@ -256,7 +264,8 @@ resource "enos_file" "worker_config" {
transport = { transport = {
ssh = { ssh = {
host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip
private_key = var.aws_ssh_private_key
} }
} }
} }
@ -273,7 +282,8 @@ resource "enos_boundary_start" "worker_start" {
transport = { transport = {
ssh = { ssh = {
host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip
private_key = var.aws_ssh_private_key
} }
} }
} }
@ -293,7 +303,8 @@ resource "enos_remote_exec" "create_worker_audit_log_dir" {
transport = { transport = {
ssh = { ssh = {
host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip
private_key = var.aws_ssh_private_key
} }
} }
} }
@ -313,7 +324,8 @@ resource "enos_remote_exec" "create_worker_auth_storage_dir" {
transport = { transport = {
ssh = { ssh = {
host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip
private_key = var.aws_ssh_private_key
} }
} }
} }
@ -325,7 +337,8 @@ resource "enos_remote_exec" "get_worker_token" {
inline = ["timeout 10s bash -c 'set -eo pipefail; until journalctl -u boundary.service | cat | grep \"Worker Auth Registration Request: .*\" | rev | cut -d \" \" -f 1 | rev | xargs; do sleep 2; done'"] inline = ["timeout 10s bash -c 'set -eo pipefail; until journalctl -u boundary.service | cat | grep \"Worker Auth Registration Request: .*\" | rev | cut -d \" \" -f 1 | rev | xargs; do sleep 2; done'"]
transport = { transport = {
ssh = { ssh = {
host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip host = var.ip_version == "6" ? aws_instance.worker[tonumber(each.value)].ipv6_addresses[0] : aws_instance.worker[tonumber(each.value)].public_ip
private_key = var.aws_ssh_private_key
} }
} }
} }

8
enos/modules/aws_boundary/variables.tf
Unescape View File

@ -110,11 +110,17 @@ variable "ssh_user" {
default = "ubuntu" default = "ubuntu"
} }
variable "ssh_aws_keypair" { variable "aws_ssh_keypair_name" {
description = "SSH keypair used to connect to EC2 instances" description = "SSH keypair used to connect to EC2 instances"
type = string type = string
} }
variable "aws_ssh_private_key" {
description = "SSH private key content for connecting to instances"
type = string
sensitive = true
}
variable "ubuntu_ami_id" { variable "ubuntu_ami_id" {
description = "Ubuntu LTS AMI from enos-infra" description = "Ubuntu LTS AMI from enos-infra"
type = string type = string

42
enos/modules/aws_ssh_keypair/main.tf
Unescape View File

@ -0,0 +1,42 @@
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
}
tls = {
source = "hashicorp/tls"
}
local = {
source = "hashicorp/local"
}
}
}
resource "tls_private_key" "ssh" {
algorithm = "RSA"
rsa_bits = 4096
}
resource "aws_key_pair" "generated" {
key_name = "enos-${var.enos_user}-${formatdate("YYYYMMDD-hhmmss", timestamp())}"
public_key = tls_private_key.ssh.public_key_openssh
}
resource "local_sensitive_file" "private_key" {
content = tls_private_key.ssh.private_key_pem
filename = "${path.root}/.terraform/tmp/ssh-key-${aws_key_pair.generated.key_name}"
file_permission = "0400"
}
output "key_pair_name" {
value = aws_key_pair.generated.key_name
}
output "private_key_path" {
value = abspath(local_sensitive_file.private_key.filename)
}
output "private_key_pem" {
value = tls_private_key.ssh.private_key_pem
sensitive = true
}

4
enos/modules/aws_ssh_keypair/variables.tf
Unescape View File

@ -0,0 +1,4 @@
variable "enos_user" {
description = "The user running the tests, this is by default your OS user or Github User"
type = string
}

4
enos/modules/aws_target/main.tf
Unescape View File

@ -17,6 +17,7 @@ variable "environment" {}
variable "project_name" {} variable "project_name" {}
variable "instance_type" {} variable "instance_type" {}
variable "aws_ssh_keypair_name" {} variable "aws_ssh_keypair_name" {}
variable "aws_ssh_private_key" {}
variable "enos_user" {} variable "enos_user" {}
variable "additional_tags" { variable "additional_tags" {
default = {} default = {}
@ -149,7 +150,8 @@ resource "enos_remote_exec" "wait" {
transport = { transport = {
ssh = { ssh = {
host = var.ip_version == "6" ? aws_instance.target[each.key].ipv6_addresses[0] : aws_instance.target[each.key].public_ip host = var.ip_version == "6" ? aws_instance.target[each.key].ipv6_addresses[0] : aws_instance.target[each.key].public_ip
private_key = var.aws_ssh_private_key
} }
} }
} }

8
enos/modules/aws_vault/variables.tf
Unescape View File

@ -118,11 +118,17 @@ variable "sg_additional_ipv6_ips" {
default = [] default = []
} }
variable "ssh_aws_keypair" { variable "aws_ssh_keypair_name" {
description = "SSH keypair used to connect to EC2 instances" description = "SSH keypair used to connect to EC2 instances"
type = string type = string
} }
variable "aws_ssh_private_key" {
description = "SSH private key content for connecting to instances"
type = string
sensitive = true
}
variable "storage_backend" { variable "storage_backend" {
type = string type = string
description = "The type of Vault storage backend which will be used" description = "The type of Vault storage backend which will be used"

44
enos/modules/aws_vault/vault-instances.tf
Unescape View File

@ -7,7 +7,7 @@ resource "aws_instance" "vault_instance" {
instance_type = var.instance_type instance_type = var.instance_type
vpc_security_group_ids = [aws_security_group.enos_vault_sg[0].id] vpc_security_group_ids = [aws_security_group.enos_vault_sg[0].id]
subnet_id = tolist(data.aws_subnets.infra.ids)[each.key % length(data.aws_subnets.infra.ids)] subnet_id = tolist(data.aws_subnets.infra.ids)[each.key % length(data.aws_subnets.infra.ids)]
key_name = var.ssh_aws_keypair key_name = var.aws_ssh_keypair_name
iam_instance_profile = aws_iam_instance_profile.vault_profile[0].name iam_instance_profile = aws_iam_instance_profile.vault_profile[0].name
ipv6_address_count = local.network_stack[var.ip_version].ipv6_address_count ipv6_address_count = local.network_stack[var.ip_version].ipv6_address_count
tags = merge( tags = merge(
@ -37,7 +37,8 @@ resource "enos_remote_exec" "install_dependencies" {
transport = { transport = {
ssh = { ssh = {
host = var.ip_version == "6" ? aws_instance.vault_instance[each.value].ipv6_addresses[0] : aws_instance.vault_instance[each.value].public_ip host = var.ip_version == "6" ? aws_instance.vault_instance[each.value].ipv6_addresses[0] : aws_instance.vault_instance[each.value].public_ip
private_key = var.aws_ssh_private_key
} }
} }
} }
@ -53,7 +54,8 @@ resource "enos_bundle_install" "consul" {
transport = { transport = {
ssh = { ssh = {
host = var.ip_version == "6" ? each.value.ipv6_addresses[0] : each.value.public_ip host = var.ip_version == "6" ? each.value.ipv6_addresses[0] : each.value.public_ip
private_key = var.aws_ssh_private_key
} }
} }
} }
@ -68,7 +70,8 @@ resource "enos_bundle_install" "vault" {
transport = { transport = {
ssh = { ssh = {
host = var.ip_version == "6" ? each.value.ipv6_addresses[0] : each.value.public_ip host = var.ip_version == "6" ? each.value.ipv6_addresses[0] : each.value.public_ip
private_key = var.aws_ssh_private_key
} }
} }
} }
@ -94,7 +97,8 @@ resource "enos_consul_start" "consul" {
transport = { transport = {
ssh = { ssh = {
host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip
private_key = var.aws_ssh_private_key
} }
} }
} }
@ -136,7 +140,8 @@ resource "enos_vault_start" "leader" {
transport = { transport = {
ssh = { ssh = {
host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip
private_key = var.aws_ssh_private_key
} }
} }
} }
@ -177,7 +182,8 @@ resource "enos_vault_start" "followers" {
transport = { transport = {
ssh = { ssh = {
host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip
private_key = var.aws_ssh_private_key
} }
} }
} }
@ -200,7 +206,8 @@ resource "enos_vault_init" "leader" {
transport = { transport = {
ssh = { ssh = {
host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip
private_key = var.aws_ssh_private_key
} }
} }
} }
@ -218,7 +225,8 @@ resource "enos_vault_unseal" "leader" {
transport = { transport = {
ssh = { ssh = {
host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip
private_key = var.aws_ssh_private_key
} }
} }
} }
@ -243,7 +251,8 @@ resource "enos_remote_exec" "create_audit_log_dir" {
transport = { transport = {
ssh = { ssh = {
host = var.ip_version == "6" ? aws_instance.vault_instance[each.value].ipv6_addresses[0] : aws_instance.vault_instance[each.value].public_ip host = var.ip_version == "6" ? aws_instance.vault_instance[each.value].ipv6_addresses[0] : aws_instance.vault_instance[each.value].public_ip
private_key = var.aws_ssh_private_key
} }
} }
} }
@ -272,7 +281,8 @@ resource "enos_remote_exec" "init_audit_device" {
transport = { transport = {
ssh = { ssh = {
host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip
private_key = var.aws_ssh_private_key
} }
} }
} }
@ -295,7 +305,8 @@ resource "enos_vault_unseal" "followers" {
transport = { transport = {
ssh = { ssh = {
host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip
private_key = var.aws_ssh_private_key
} }
} }
} }
@ -321,7 +332,8 @@ resource "enos_vault_unseal" "when_vault_unseal_when_no_init_is_set" {
transport = { transport = {
ssh = { ssh = {
host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip host = var.ip_version == "6" ? aws_instance.vault_instance[each.key].ipv6_addresses[0] : aws_instance.vault_instance[each.key].public_ip
private_key = var.aws_ssh_private_key
} }
} }
} }
@ -341,7 +353,8 @@ resource "enos_remote_exec" "vault_write_license" {
transport = { transport = {
ssh = { ssh = {
host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip
private_key = var.aws_ssh_private_key
} }
} }
} }
@ -360,7 +373,8 @@ resource "enos_remote_exec" "vault_kms_policy" {
transport = { transport = {
ssh = { ssh = {
host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip host = var.ip_version == "6" ? aws_instance.vault_instance[0].ipv6_addresses[0] : aws_instance.vault_instance[0].public_ip
private_key = var.aws_ssh_private_key
} }
} }
} }

17
enos/modules/aws_worker/main.tf
Unescape View File

@ -140,7 +140,7 @@ resource "aws_instance" "worker" {
instance_type = var.worker_instance_type instance_type = var.worker_instance_type
vpc_security_group_ids = [aws_security_group.default.id] vpc_security_group_ids = [aws_security_group.default.id]
subnet_id = aws_subnet.default.id subnet_id = aws_subnet.default.id
key_name = var.ssh_aws_keypair key_name = var.aws_ssh_keypair_name
iam_instance_profile = aws_iam_instance_profile.boundary_profile.name iam_instance_profile = aws_iam_instance_profile.boundary_profile.name
monitoring = var.worker_monitoring monitoring = var.worker_monitoring
@ -178,7 +178,8 @@ resource "enos_bundle_install" "worker" {
transport = { transport = {
ssh = { ssh = {
host = var.ip_version == "6" ? aws_instance.worker.ipv6_addresses[0] : aws_instance.worker.public_ip host = var.ip_version == "6" ? aws_instance.worker.ipv6_addresses[0] : aws_instance.worker.public_ip
private_key = var.aws_ssh_private_key
} }
} }
} }
@ -194,7 +195,8 @@ resource "enos_remote_exec" "update_path_worker" {
transport = { transport = {
ssh = { ssh = {
host = var.ip_version == "6" ? aws_instance.worker.ipv6_addresses[0] : aws_instance.worker.public_ip host = var.ip_version == "6" ? aws_instance.worker.ipv6_addresses[0] : aws_instance.worker.public_ip
private_key = var.aws_ssh_private_key
} }
} }
} }
@ -224,7 +226,8 @@ resource "enos_file" "worker_config" {
transport = { transport = {
ssh = { ssh = {
host = var.ip_version == "6" ? aws_instance.worker.ipv6_addresses[0] : aws_instance.worker.public_ip host = var.ip_version == "6" ? aws_instance.worker.ipv6_addresses[0] : aws_instance.worker.public_ip
private_key = var.aws_ssh_private_key
} }
} }
} }
@ -240,7 +243,8 @@ resource "enos_boundary_start" "worker_start" {
recording_storage_path = var.recording_storage_path != "" ? var.recording_storage_path : null recording_storage_path = var.recording_storage_path != "" ? var.recording_storage_path : null
transport = { transport = {
ssh = { ssh = {
host = var.ip_version == "6" ? aws_instance.worker.ipv6_addresses[0] : aws_instance.worker.public_ip host = var.ip_version == "6" ? aws_instance.worker.ipv6_addresses[0] : aws_instance.worker.public_ip
private_key = var.aws_ssh_private_key
} }
} }
} }
@ -259,7 +263,8 @@ resource "enos_remote_exec" "create_worker_audit_log_dir" {
transport = { transport = {
ssh = { ssh = {
host = var.ip_version == "6" ? aws_instance.worker.ipv6_addresses[0] : aws_instance.worker.public_ip host = var.ip_version == "6" ? aws_instance.worker.ipv6_addresses[0] : aws_instance.worker.public_ip
private_key = var.aws_ssh_private_key
} }
} }
} }

10
enos/modules/aws_worker/variables.tf
Unescape View File

@ -34,11 +34,17 @@ variable "worker_instance_type" {
default = "t2.small" default = "t2.small"
} }
variable "ssh_aws_keypair" { variable "aws_ssh_keypair_name" {
description = "The name of the SSH keypair used to connect to EC2 instances" description = "SSH keypair used to connect to EC2 instances"
type = string type = string
} }
variable "aws_ssh_private_key" {
description = "SSH private key content for connecting to instances"
type = string
sensitive = true
}
variable "worker_monitoring" { variable "worker_monitoring" {
description = "Enable detailed monitoring for workers" description = "Enable detailed monitoring for workers"
type = bool type = bool

14
enos/modules/test_e2e/main.tf
Unescape View File

@ -51,11 +51,12 @@ variable "target_user" {
type = string type = string
default = "" default = ""
} }
variable "aws_ssh_private_key_path" { variable "aws_ssh_private_key_path" {
description = "Local Path to key used to SSH onto created hosts" description = "Path to the private key used to SSH into AWS instances"
type = string type = string
default = ""
} }
variable "target_address" { variable "target_address" {
description = "Address of target" description = "Address of target"
type = string type = string
@ -258,10 +259,9 @@ variable "ip_version" {
} }
locals { locals {
aws_ssh_private_key_path = abspath(var.aws_ssh_private_key_path) aws_host_set_ips1 = jsonencode(var.aws_host_set_ips1)
aws_host_set_ips1 = jsonencode(var.aws_host_set_ips1) aws_host_set_ips2 = jsonencode(var.aws_host_set_ips2)
aws_host_set_ips2 = jsonencode(var.aws_host_set_ips2) package_name = reverse(split("/", var.test_package))[0]
package_name = reverse(split("/", var.test_package))[0]
} }
resource "enos_local_exec" "run_e2e_test" { resource "enos_local_exec" "run_e2e_test" {
@ -275,7 +275,7 @@ resource "enos_local_exec" "run_e2e_test" {
E2E_TARGET_ADDRESS = var.target_address E2E_TARGET_ADDRESS = var.target_address
E2E_TARGET_PORT = var.target_port E2E_TARGET_PORT = var.target_port
E2E_SSH_USER = var.target_user E2E_SSH_USER = var.target_user
E2E_SSH_KEY_PATH = local.aws_ssh_private_key_path E2E_SSH_KEY_PATH = var.aws_ssh_private_key_path
E2E_SSH_CA_KEY = "" E2E_SSH_CA_KEY = ""
VAULT_ADDR = var.vault_addr_public VAULT_ADDR = var.vault_addr_public
VAULT_TOKEN = var.vault_root_token VAULT_TOKEN = var.vault_root_token

Write Preview
Loading…
Cancel
Save