mirror of https://github.com/hashicorp/boundary
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
434 lines
15 KiB
434 lines
15 KiB
# Copyright (c) HashiCorp, Inc.
|
|
# SPDX-License-Identifier: BUSL-1.1
|
|
|
|
# This scenario creates a complete end-to-end test environment for Boundary to
|
|
# test RDP functionality. It includes a Windows client, a Boundary controller
|
|
# and worker, a domain controller, a member server, and another member server
|
|
# with a worker running on it.
|
|
scenario "e2e_aws_rdp_base" {
|
|
terraform_cli = terraform_cli.default
|
|
terraform = terraform.default
|
|
providers = [
|
|
provider.aws.default,
|
|
provider.enos.default
|
|
]
|
|
|
|
matrix {
|
|
builder = ["local", "crt"]
|
|
client = ["win10", "win11"]
|
|
kerberos_only = ["true", "false"]
|
|
# Windows Server 2016 does not support OpenSSH, but it's relied on for some
|
|
# parts of setup. If 2016 is selected, the member server will be created as
|
|
# 2016, but the domain controller and worker will be 2019.
|
|
rdp_server = ["2016", "2019", "2022", "2025"]
|
|
}
|
|
|
|
locals {
|
|
aws_ssh_private_key_path = abspath(var.aws_ssh_private_key_path)
|
|
boundary_install_dir = abspath(var.boundary_install_dir)
|
|
local_boundary_dir = var.local_boundary_dir != null ? abspath(var.local_boundary_dir) : null
|
|
local_boundary_src_dir = var.local_boundary_src_dir != null ? abspath(var.local_boundary_src_dir) : null
|
|
boundary_license_path = abspath(var.boundary_license_path != null ? var.boundary_license_path : joinpath(path.root, "./support/boundary.hclic"))
|
|
ip_version = "4"
|
|
|
|
build_path_linux = {
|
|
"local" = "/tmp",
|
|
"crt" = var.crt_bundle_path == null ? null : abspath(var.crt_bundle_path)
|
|
}
|
|
|
|
build_path_windows = {
|
|
"local" = "/tmp",
|
|
"crt" = var.crt_bundle_path_windows == null ? null : abspath(var.crt_bundle_path_windows)
|
|
}
|
|
|
|
tags = merge({
|
|
"Project Name" : var.project_name
|
|
"Project" : "Enos",
|
|
"Environment" : "ci"
|
|
}, var.tags)
|
|
|
|
collocated_tag = "collocated"
|
|
}
|
|
|
|
step "find_azs" {
|
|
module = module.aws_az_finder
|
|
|
|
variables {
|
|
instance_type = [
|
|
var.worker_instance_type,
|
|
var.controller_instance_type
|
|
]
|
|
}
|
|
}
|
|
|
|
step "create_base_infra" {
|
|
module = local.ip_version == "4" ? module.aws_vpc : module.aws_vpc_ipv6
|
|
|
|
depends_on = [
|
|
step.find_azs,
|
|
]
|
|
|
|
variables {
|
|
availability_zones = step.find_azs.availability_zones
|
|
common_tags = local.tags
|
|
}
|
|
}
|
|
|
|
step "build_boundary_linux" {
|
|
module = matrix.builder == "crt" ? module.build_crt : module.build_local
|
|
|
|
variables {
|
|
path = local.build_path_linux[matrix.builder]
|
|
edition = var.boundary_edition
|
|
}
|
|
}
|
|
|
|
step "build_boundary_windows" {
|
|
module = matrix.builder == "crt" ? module.build_crt : module.build_local
|
|
|
|
depends_on = [
|
|
step.build_boundary_linux,
|
|
]
|
|
|
|
variables {
|
|
path = local.build_path_windows[matrix.builder]
|
|
edition = var.boundary_edition
|
|
goos = "windows"
|
|
build_target = "build"
|
|
artifact_name = "boundary_windows"
|
|
binary_name = "boundary.exe"
|
|
}
|
|
}
|
|
|
|
step "create_windows_client" {
|
|
module = module.aws_windows_client
|
|
|
|
depends_on = [
|
|
step.create_base_infra,
|
|
step.build_boundary_windows,
|
|
]
|
|
|
|
variables {
|
|
vpc_id = step.create_base_infra.vpc_id
|
|
client_version = matrix.client
|
|
boundary_cli_zip_path = step.build_boundary_windows.artifact_path
|
|
boundary_src_path = local.local_boundary_src_dir
|
|
github_token = var.github_token
|
|
ip_version = local.ip_version
|
|
vault_version = var.vault_version
|
|
}
|
|
}
|
|
|
|
step "read_boundary_license" {
|
|
module = module.read_license
|
|
|
|
variables {
|
|
license_path = local.boundary_license_path
|
|
}
|
|
}
|
|
|
|
step "create_vault_cluster" {
|
|
module = module.vault
|
|
depends_on = [
|
|
step.create_base_infra,
|
|
]
|
|
|
|
variables {
|
|
deploy = true
|
|
ami_id = step.create_base_infra.ami_ids["ubuntu"]["amd64"]
|
|
instance_type = var.vault_instance_type
|
|
instance_count = 1
|
|
kms_key_arn = step.create_base_infra.kms_key_arn
|
|
storage_backend = "raft"
|
|
unseal_method = "shamir"
|
|
ip_version = local.ip_version
|
|
vault_release = {
|
|
version = var.vault_version
|
|
edition = "oss"
|
|
}
|
|
vpc_id = step.create_base_infra.vpc_id
|
|
}
|
|
}
|
|
|
|
step "create_db_password" {
|
|
module = module.random_stringifier
|
|
}
|
|
|
|
step "create_rdp_domain_controller" {
|
|
module = module.aws_rdp_domain_controller
|
|
depends_on = [
|
|
step.create_base_infra,
|
|
]
|
|
|
|
variables {
|
|
vpc_id = step.create_base_infra.vpc_id
|
|
server_version = matrix.rdp_server == "2016" ? "2019" : matrix.rdp_server
|
|
ip_version = local.ip_version
|
|
}
|
|
}
|
|
|
|
step "create_boundary_cluster" {
|
|
module = module.aws_boundary
|
|
depends_on = [
|
|
step.create_base_infra,
|
|
step.create_db_password,
|
|
step.build_boundary_linux,
|
|
step.create_windows_client,
|
|
step.create_vault_cluster,
|
|
step.read_boundary_license
|
|
]
|
|
|
|
variables {
|
|
boundary_binary_name = var.boundary_binary_name
|
|
boundary_install_dir = local.boundary_install_dir
|
|
boundary_license = var.boundary_edition != "oss" ? step.read_boundary_license.license : null
|
|
common_tags = local.tags
|
|
controller_instance_type = var.controller_instance_type
|
|
controller_count = var.controller_count
|
|
db_pass = step.create_db_password.string
|
|
kms_key_arn = step.create_base_infra.kms_key_arn
|
|
local_artifact_path = step.build_boundary_linux.artifact_path
|
|
ubuntu_ami_id = step.create_base_infra.ami_ids["ubuntu"]["amd64"]
|
|
vpc_id = step.create_base_infra.vpc_id
|
|
worker_count = var.worker_count
|
|
worker_instance_type = var.worker_instance_type
|
|
controller_config_file_path = "templates/controller_bsr.hcl"
|
|
worker_config_file_path = "templates/worker_bsr.hcl"
|
|
vault_address = step.create_vault_cluster.instance_public_ips[0]
|
|
vault_transit_token = step.create_vault_cluster.vault_transit_token
|
|
aws_region = var.aws_region
|
|
ip_version = local.ip_version
|
|
recording_storage_path = "/recording"
|
|
alb_sg_additional_ips = step.create_windows_client.public_ip_list
|
|
}
|
|
}
|
|
|
|
step "create_test_id" {
|
|
module = module.random_stringifier
|
|
variables {
|
|
length = 5
|
|
}
|
|
}
|
|
|
|
step "iam_setup" {
|
|
module = module.aws_iam_setup
|
|
depends_on = [
|
|
step.create_base_infra,
|
|
step.create_test_id
|
|
]
|
|
|
|
variables {
|
|
test_id = step.create_test_id.string
|
|
test_email = var.test_email
|
|
}
|
|
}
|
|
|
|
step "create_bucket" {
|
|
module = module.aws_bucket
|
|
depends_on = [
|
|
step.create_boundary_cluster,
|
|
]
|
|
variables {
|
|
cluster_tag = step.create_boundary_cluster.cluster_tag
|
|
user = step.iam_setup.user_name
|
|
is_user = true
|
|
}
|
|
}
|
|
|
|
step "create_windows_worker" {
|
|
module = module.aws_rdp_member_server_with_worker
|
|
depends_on = [
|
|
step.create_base_infra,
|
|
step.create_rdp_domain_controller,
|
|
step.build_boundary_windows,
|
|
step.create_boundary_cluster,
|
|
]
|
|
|
|
variables {
|
|
vpc_id = step.create_base_infra.vpc_id
|
|
server_version = matrix.rdp_server == "2016" ? "2019" : matrix.rdp_server
|
|
boundary_cli_zip_path = step.build_boundary_windows.artifact_path
|
|
kms_key_arn = step.create_base_infra.kms_key_arn
|
|
controller_ip = step.create_boundary_cluster.controller_ips_private
|
|
iam_name = step.create_boundary_cluster.iam_instance_profile_name
|
|
boundary_security_group = step.create_boundary_cluster.boundary_sg_id
|
|
active_directory_domain = step.create_rdp_domain_controller.domain_name
|
|
domain_controller_aws_keypair_name = step.create_rdp_domain_controller.keypair_name
|
|
domain_controller_ip = step.create_rdp_domain_controller.private_ip
|
|
domain_admin_password = step.create_rdp_domain_controller.password
|
|
domain_controller_private_key = step.create_rdp_domain_controller.ssh_private_key
|
|
domain_controller_sec_group_id_list = step.create_rdp_domain_controller.security_group_id_list
|
|
aws_region = var.aws_region
|
|
ip_version = local.ip_version
|
|
}
|
|
}
|
|
|
|
step "create_rdp_member_server" {
|
|
module = module.aws_rdp_member_server
|
|
depends_on = [
|
|
step.create_base_infra,
|
|
step.create_rdp_domain_controller,
|
|
]
|
|
|
|
variables {
|
|
vpc_id = step.create_base_infra.vpc_id
|
|
server_version = matrix.rdp_server
|
|
kerberos_only = matrix.kerberos_only == "true" ? true : false
|
|
active_directory_domain = step.create_rdp_domain_controller.domain_name
|
|
domain_controller_aws_keypair_name = step.create_rdp_domain_controller.keypair_name
|
|
domain_controller_ip = step.create_rdp_domain_controller.private_ip
|
|
domain_admin_password = step.create_rdp_domain_controller.password
|
|
domain_controller_private_key = step.create_rdp_domain_controller.ssh_private_key
|
|
domain_controller_sec_group_id_list = step.create_rdp_domain_controller.security_group_id_list
|
|
ip_version = local.ip_version
|
|
}
|
|
}
|
|
|
|
step "run_e2e_test" {
|
|
module = module.test_e2e
|
|
depends_on = [
|
|
step.create_boundary_cluster,
|
|
step.create_rdp_domain_controller,
|
|
step.create_rdp_member_server,
|
|
step.create_bucket
|
|
]
|
|
|
|
variables {
|
|
test_package = ""
|
|
debug_no_run = true
|
|
alb_boundary_api_addr = step.create_boundary_cluster.alb_boundary_api_addr
|
|
auth_method_id = step.create_boundary_cluster.auth_method_id
|
|
auth_login_name = step.create_boundary_cluster.auth_login_name
|
|
auth_password = step.create_boundary_cluster.auth_password
|
|
local_boundary_dir = local.local_boundary_dir
|
|
aws_ssh_private_key_path = local.aws_ssh_private_key_path
|
|
target_user = "ubuntu"
|
|
target_port = "22"
|
|
aws_bucket_name = step.create_bucket.bucket_name
|
|
aws_region = var.aws_region
|
|
max_page_size = step.create_boundary_cluster.max_page_size
|
|
worker_tag_collocated = local.collocated_tag
|
|
target_rdp_domain_controller_addr = step.create_rdp_domain_controller.private_ip
|
|
target_rdp_domain_controller_addr_ipv6 = local.ip_version == "4" ? "" : step.create_rdp_domain_controller.ipv6[0]
|
|
target_rdp_domain_controller_user = step.create_rdp_domain_controller.admin_username
|
|
target_rdp_domain_controller_password = step.create_rdp_domain_controller.password
|
|
target_rdp_member_server_addr = step.create_rdp_member_server.private_ip
|
|
target_rdp_member_server_domain_hostname = step.create_rdp_member_server.domain_hostname
|
|
target_rdp_member_server_user = step.create_rdp_member_server.admin_username
|
|
target_rdp_member_server_password = step.create_rdp_member_server.password
|
|
target_rdp_domain_name = step.create_rdp_domain_controller.domain_name
|
|
target_rdp_server_version = matrix.rdp_server
|
|
controller_ip_public = step.create_boundary_cluster.controller_ips[0]
|
|
client_ip_public = step.create_windows_client.public_ip
|
|
client_username = step.create_windows_client.test_username
|
|
client_password = step.create_windows_client.test_password
|
|
client_test_dir = step.create_windows_client.test_dir
|
|
client_ssh_key = step.create_windows_client.ssh_private_key
|
|
client_version = matrix.client
|
|
vault_addr_public = step.create_vault_cluster.instance_addresses[0]
|
|
vault_addr_private = step.create_vault_cluster.instance_addresses_private[0]
|
|
vault_root_token = step.create_vault_cluster.vault_root_token
|
|
}
|
|
}
|
|
|
|
output "controller_ips" {
|
|
value = step.create_boundary_cluster.controller_ips
|
|
}
|
|
|
|
output "worker_ips" {
|
|
value = step.create_boundary_cluster.worker_ips
|
|
}
|
|
|
|
output "rdp_domain_ssh_key" {
|
|
value = step.create_rdp_domain_controller.ssh_private_key
|
|
}
|
|
|
|
output "rdp_domain_controller_public_ip" {
|
|
value = step.create_rdp_domain_controller.public_ip
|
|
}
|
|
|
|
output "rdp_domain_controller_private_ip" {
|
|
value = step.create_rdp_domain_controller.private_ip
|
|
}
|
|
|
|
output "rdp_domain_controller_ipv6" {
|
|
value = step.create_rdp_domain_controller.ipv6
|
|
}
|
|
|
|
output "rdp_domain_controller_admin_username" {
|
|
value = step.create_rdp_domain_controller.admin_username
|
|
}
|
|
|
|
output "rdp_domain_controller_admin_password" {
|
|
value = step.create_rdp_domain_controller.password
|
|
}
|
|
|
|
output "rdp_domain" {
|
|
value = step.create_rdp_domain_controller.domain_name
|
|
}
|
|
|
|
output "rdp_member_server_public_ip" {
|
|
value = step.create_rdp_member_server.public_ip
|
|
}
|
|
|
|
output "rdp_member_server_private_ip" {
|
|
value = step.create_rdp_member_server.private_ip
|
|
}
|
|
|
|
output "rdp_member_server_domain_hostname" {
|
|
value = step.create_rdp_member_server.domain_hostname
|
|
}
|
|
|
|
output "rdp_member_server_admin_password" {
|
|
value = step.create_rdp_member_server.password
|
|
}
|
|
|
|
output "windows_client_public_ip" {
|
|
value = step.create_windows_client.public_ip
|
|
}
|
|
|
|
output "windows_client_private_ip" {
|
|
value = step.create_windows_client.private_ip
|
|
}
|
|
|
|
output "windows_client_admin_password" {
|
|
value = step.create_windows_client.admin_password
|
|
}
|
|
|
|
output "windows_client_test_user" {
|
|
value = step.create_windows_client.test_username
|
|
}
|
|
|
|
output "windows_client_test_password" {
|
|
value = step.create_windows_client.test_password
|
|
}
|
|
|
|
output "windows_client_ssh_key" {
|
|
value = step.create_windows_client.ssh_private_key
|
|
}
|
|
|
|
output "windows_worker_admin_username" {
|
|
value = step.create_windows_worker.admin_username
|
|
}
|
|
|
|
output "windows_worker_admin_password" {
|
|
value = step.create_windows_worker.admin_password
|
|
}
|
|
|
|
output "windows_worker_public_ip" {
|
|
value = step.create_windows_worker.public_ip
|
|
}
|
|
|
|
output "windows_worker_private_ip" {
|
|
value = step.create_windows_worker.private_ip
|
|
}
|
|
|
|
output "vault_address_public" {
|
|
value = step.create_vault_cluster.instance_public_ips_ipv4[0]
|
|
}
|
|
|
|
output "vault_root_token" {
|
|
value = step.create_vault_cluster.vault_root_token
|
|
}
|
|
}
|