backport of commit 9a10117

hashicorp · Feb 18, 2025 · 602e4f8 · 602e4f8
1 parent 94026ab
commit 602e4f8
Show file tree

Hide file tree

Showing 15 changed files with 56 additions and 49 deletions.
diff --git a/enos/enos-scenario-e2e-aws-base-with-vault.hcl b/enos/enos-scenario-e2e-aws-base-with-vault.hcl
@@ -159,8 +159,8 @@ scenario "e2e_aws_base_with_vault" {
       target_address           = step.create_target.target_private_ips[0]
       target_user              = "ubuntu"
       target_port              = "22"
-      vault_addr               = step.create_vault_cluster.instance_addresses[0]
-      vault_addr_internal      = step.create_vault_cluster.instance_addresses[0]
+      vault_addr_public        = step.create_vault_cluster.instance_addresses[0]
+      vault_addr_private       = step.create_vault_cluster.instance_addresses[0]
       vault_root_token         = step.create_vault_cluster.vault_root_token
       aws_region               = var.aws_region
       max_page_size            = step.create_boundary_cluster.max_page_size

diff --git a/enos/enos-scenario-e2e-docker-base-with-vault.hcl b/enos/enos-scenario-e2e-docker-base-with-vault.hcl
@@ -136,8 +136,8 @@ scenario "e2e_docker_base_with_vault" {
       target_address           = step.create_host.address
       target_port              = step.create_host.port
       target_user              = "ubuntu"
-      vault_addr               = step.create_vault.address
-      vault_addr_internal      = step.create_vault.address_internal
+      vault_addr_public        = step.create_vault.address_public
+      vault_addr_private       = step.create_vault.address_private
       vault_root_token         = step.create_vault.token
       vault_port               = step.create_vault.port
       max_page_size            = step.create_boundary.max_page_size

diff --git a/enos/enos-scenario-e2e-docker-base-with-worker.hcl b/enos/enos-scenario-e2e-docker-base-with-worker.hcl
@@ -177,8 +177,8 @@ scenario "e2e_docker_base_with_worker" {
       target_address           = step.create_host.address
       target_port              = step.create_host.port
       target_user              = "ubuntu"
-      vault_addr               = step.create_vault.address
-      vault_addr_internal      = step.create_vault.address_internal
+      vault_addr_public        = step.create_vault.address_public
+      vault_addr_private       = step.create_vault.address_private
       vault_root_token         = step.create_vault.token
       vault_port               = step.create_vault.port
       worker_tag_egress        = local.egress_tag

diff --git a/enos/enos-scenario-e2e-docker-worker-registration-controller-led.hcl b/enos/enos-scenario-e2e-docker-worker-registration-controller-led.hcl
@@ -192,8 +192,8 @@ scenario "e2e_docker_worker_registration_controller_led" {
       target_address           = step.create_host.address
       target_port              = step.create_host.port
       target_user              = "ubuntu"
-      vault_addr               = step.create_vault.address
-      vault_addr_internal      = step.create_vault.address_internal
+      vault_addr_public        = step.create_vault.address_public
+      vault_addr_private       = step.create_vault.address_private
       vault_root_token         = step.create_vault.token
       vault_port               = step.create_vault.port
       worker_tag_egress        = local.egress_tag

diff --git a/enos/enos-scenario-e2e-docker-worker-registration-worker-led.hcl b/enos/enos-scenario-e2e-docker-worker-registration-worker-led.hcl
@@ -207,8 +207,8 @@ scenario "e2e_docker_worker_registration_worker_led" {
       target_address           = step.create_host.address
       target_port              = step.create_host.port
       target_user              = "ubuntu"
-      vault_addr               = step.create_vault.address
-      vault_addr_internal      = step.create_vault.address_internal
+      vault_addr_public        = step.create_vault.address_public
+      vault_addr_private       = step.create_vault.address_private
       vault_root_token         = step.create_vault.token
       vault_port               = step.create_vault.port
       worker_tag_egress        = local.egress_tag

diff --git a/enos/enos-scenario-e2e-ui-aws.hcl b/enos/enos-scenario-e2e-ui-aws.hcl
@@ -201,8 +201,8 @@ scenario "e2e_ui_aws" {
       target_address            = step.create_targets_with_tag.target_private_ips[0]
       target_user               = "ubuntu"
       target_port               = "22"
-      vault_addr                = step.create_vault_cluster.instance_addresses[0]
-      vault_addr_internal       = step.create_vault_cluster.instance_addresses[0]
+      vault_addr_public         = step.create_vault_cluster.instance_addresses[0]
+      vault_addr_private        = step.create_vault_cluster.instance_addresses_private[0]
       vault_root_token          = step.create_vault_cluster.vault_root_token
       aws_access_key_id         = step.iam_setup.access_key_id
       aws_secret_access_key     = step.iam_setup.secret_access_key

diff --git a/enos/enos-scenario-e2e-ui-docker.hcl b/enos/enos-scenario-e2e-ui-docker.hcl
@@ -168,8 +168,8 @@ scenario "e2e_ui_docker" {
       target_user               = "ubuntu"
       target_ca_key             = step.create_host.ca_key_private
       target_ca_key_public      = step.create_host.ca_key_public
-      vault_addr                = step.create_vault.address
-      vault_addr_internal       = step.create_vault.address_internal
+      vault_addr_public         = step.create_vault.address_public
+      vault_addr_private        = step.create_vault.address_private
       vault_root_token          = step.create_vault.token
       vault_port                = step.create_vault.port
       ldap_address              = step.create_ldap_server.address

diff --git a/enos/modules/aws_vault/outputs.tf b/enos/modules/aws_vault/outputs.tf
@@ -18,7 +18,12 @@ output "instance_private_ips" {
 
 output "instance_addresses" {
   description = "Addresses of Vault instances"
-  value       = [for instance in aws_instance.vault_instance : "http://${instance.public_ip}:8200"]
+  value       = var.ip_version == "4" ? [for instance in aws_instance.vault_instance : "http://${instance.public_ip}:8200"] : flatten([for instance in aws_instance.vault_instance : instance.ipv6_addresses])
+}
+
+output "instance_addresses_private" {
+  description = "Private addresses of Vault instances"
+  value       = [for instance in aws_instance.vault_instance : "http://${instance.private_ip}:8200"]
 }
 
 output "key_id" {

diff --git a/enos/modules/docker_vault/main.tf b/enos/modules/docker_vault/main.tf
@@ -132,11 +132,11 @@ resource "enos_local_exec" "check_health" {
   inline = ["timeout 10s bash -c 'until vault status; do sleep 2; done'"]
 }
 
-output "address" {
+output "address_public" {
   value = "http://${var.container_name}:${var.vault_port}"
 }
 
-output "address_internal" {
+output "address_private" {
   value = "http://${var.container_name}:${var.vault_port_internal}"
 }
 

diff --git a/enos/modules/test_e2e/main.tf b/enos/modules/test_e2e/main.tf
@@ -66,13 +66,14 @@ variable "target_port" {
   type        = string
   default     = ""
 }
-variable "vault_addr" {
-  description = "External network address of Vault. Will be converted to a URL below"
+variable "vault_addr_public" {
+  description = "Public address to a vault instance"
   type        = string
   default     = ""
 }
-variable "vault_addr_internal" {
-  description = "Internal network address of Vault (i.e. within a docker network). Will be converted to a URL below"
+
+variable "vault_addr_private" {
+  description = "Private address to a vault instance"
   type        = string
   default     = ""
 }
@@ -81,11 +82,6 @@ variable "vault_root_token" {
   type        = string
   default     = ""
 }
-variable "vault_port" {
-  description = "External Port that vault instance is attached to (outside of docker network)"
-  type        = string
-  default     = "8200"
-}
 variable "aws_access_key_id" {
   description = "Access Key Id for AWS IAM user used in dynamic host catalogs"
   type        = string
@@ -174,8 +170,6 @@ variable "ip_version" {
 
 locals {
   aws_ssh_private_key_path = abspath(var.aws_ssh_private_key_path)
-  vault_addr               = var.vault_addr != "" ? "http://${var.vault_addr}:${var.vault_port}" : ""
-  vault_addr_internal      = var.vault_addr_internal != "" ? "http://${var.vault_addr_internal}:8200" : local.vault_addr
   aws_host_set_ips1        = jsonencode(var.aws_host_set_ips1)
   aws_host_set_ips2        = jsonencode(var.aws_host_set_ips2)
   package_name             = reverse(split("/", var.test_package))[0]
@@ -194,9 +188,10 @@ resource "enos_local_exec" "run_e2e_test" {
     E2E_SSH_USER                  = var.target_user
     E2E_SSH_KEY_PATH              = local.aws_ssh_private_key_path
     E2E_SSH_CA_KEY                = ""
-    VAULT_ADDR                    = local.vault_addr
+    VAULT_ADDR                    = var.vault_addr_public
     VAULT_TOKEN                   = var.vault_root_token
-    E2E_VAULT_ADDR                = local.vault_addr_internal
+    E2E_VAULT_ADDR_PUBLIC         = var.vault_addr_public
+    E2E_VAULT_ADDR_PRIVATE        = var.vault_addr_private
     E2E_AWS_ACCESS_KEY_ID         = var.aws_access_key_id
     E2E_AWS_SECRET_ACCESS_KEY     = var.aws_secret_access_key
     E2E_AWS_HOST_SET_FILTER       = var.aws_host_set_filter1

diff --git a/enos/modules/test_e2e_docker/main.tf b/enos/modules/test_e2e_docker/main.tf
@@ -94,13 +94,14 @@ variable "target_ca_key" {
   type        = string
   default     = ""
 }
-variable "vault_addr" {
-  description = "External network address of Vault. Will be converted to a URL below"
+variable "vault_addr_public" {
+  description = "Public address to a vault instance"
   type        = string
   default     = ""
 }
-variable "vault_addr_internal" {
-  description = "Internal network address of Vault (i.e. within a docker network). Will be converted to a URL below"
+
+variable "vault_addr_private" {
+  description = "Private address to a vault instance"
   type        = string
   default     = ""
 }
@@ -314,10 +315,11 @@ resource "enos_local_exec" "run_e2e_test" {
     E2E_SSH_USER                  = var.target_user
     E2E_SSH_KEY_PATH              = local.aws_ssh_private_key_path
     E2E_SSH_CA_KEY                = var.target_ca_key
-    VAULT_ADDR                    = var.vault_addr
-    VAULT_ADDR_INTERNAL           = var.vault_addr_internal
+    VAULT_ADDR                    = var.vault_addr_public
+    VAULT_ADDR_INTERNAL           = var.vault_addr_private
     VAULT_TOKEN                   = var.vault_root_token
-    E2E_VAULT_ADDR                = var.vault_addr_internal
+    E2E_VAULT_ADDR_PUBLIC         = var.vault_addr_public
+    E2E_VAULT_ADDR_PRIVATE        = var.vault_addr_private
     E2E_BUCKET_NAME               = var.bucket_name
     E2E_BUCKET_ENDPOINT_URL       = var.bucket_endpoint_url
     E2E_BUCKET_USER_ID            = var.bucket_user_id

diff --git a/enos/modules/test_e2e_docker/test_runner.sh b/enos/modules/test_e2e_docker/test_runner.sh
@@ -31,7 +31,8 @@ docker run \
     -e "E2E_MINIO_ALIAS=$E2E_MINIO_ALIAS" \
     -e "VAULT_ADDR=$VAULT_ADDR_INTERNAL" \
     -e "VAULT_TOKEN=$VAULT_TOKEN" \
-    -e "E2E_VAULT_ADDR=$E2E_VAULT_ADDR" \
+    -e "E2E_VAULT_ADDR_PUBLIC=$E2E_VAULT_ADDR_PUBLIC" \
+    -e "E2E_VAULT_ADDR_PRIVATE=$E2E_VAULT_ADDR_PRIVATE" \
     -e "E2E_POSTGRES_USER=$E2E_POSTGRES_USER" \
     -e "E2E_POSTGRES_PASSWORD=$E2E_POSTGRES_PASSWORD" \
     -e "E2E_POSTGRES_DB_NAME=$E2E_POSTGRES_DB_NAME" \

diff --git a/enos/modules/test_e2e_ui/main.tf b/enos/modules/test_e2e_ui/main.tf
@@ -73,13 +73,14 @@ variable "target_ca_key_public" {
   type        = string
   default     = ""
 }
-variable "vault_addr" {
-  description = "External network address of Vault. Will be converted to a URL below"
+variable "vault_addr_public" {
+  description = "Public address to a vault instance"
   type        = string
   default     = ""
 }
-variable "vault_addr_internal" {
-  description = "Internal network address of Vault (i.e. within a docker network). Will be converted to a URL below"
+
+variable "vault_addr_private" {
+  description = "Private address to a vault instance"
   type        = string
   default     = ""
 }
@@ -211,9 +212,10 @@ resource "enos_local_exec" "run_e2e_test" {
     E2E_SSH_KEY_PATH              = local.aws_ssh_private_key_path
     E2E_SSH_CA_KEY                = var.target_ca_key
     E2E_SSH_CA_KEY_PUBLIC         = var.target_ca_key_public
-    VAULT_ADDR                    = var.vault_addr
+    VAULT_ADDR                    = var.vault_addr_public
     VAULT_TOKEN                   = var.vault_root_token
-    E2E_VAULT_ADDR                = var.vault_addr_internal
+    E2E_VAULT_ADDR_PUBLIC         = var.vault_addr_public
+    E2E_VAULT_ADDR_PRIVATE        = var.vault_addr_private
     E2E_AWS_ACCESS_KEY_ID         = var.aws_access_key_id
     E2E_AWS_SECRET_ACCESS_KEY     = var.aws_secret_access_key
     E2E_AWS_HOST_SET_FILTER       = var.aws_host_set_filter

diff --git a/testing/internal/e2e/tests/base_with_vault/env_test.go b/testing/internal/e2e/tests/base_with_vault/env_test.go
@@ -13,9 +13,10 @@ type config struct {
 	// Note: Key is base64 encoded
 	TargetCaKey string `envconfig:"E2E_SSH_CA_KEY" required:"true"`
 	// VaultAddr is the address that the Boundary server uses to interact with the running Vault instance
-	VaultAddr       string `envconfig:"E2E_VAULT_ADDR" required:"true"` // e.g. "http://127.0.0.1:8200"
-	VaultSecretPath string `envconfig:"E2E_VAULT_SECRET_PATH" default:"e2e_secrets"`
-	MaxPageSize     int    `envconfig:"E2E_MAX_PAGE_SIZE" default:"1000"`
+	VaultAddr        string `envconfig:"E2E_VAULT_ADDR_PUBLIC" required:"true"`  // e.g. "http://127.0.0.1:8200"
+	VaultAddrPrivate string `envconfig:"E2E_VAULT_ADDR_PRIVATE" required:"true"` // e.g. "http://10.10.10.10:8200"
+	VaultSecretPath  string `envconfig:"E2E_VAULT_SECRET_PATH" default:"e2e_secrets"`
+	MaxPageSize      int    `envconfig:"E2E_MAX_PAGE_SIZE" default:"1000"`
 }
 
 func loadTestConfig() (*config, error) {

diff --git a/testing/internal/e2e/tests/base_with_worker/env_test.go b/testing/internal/e2e/tests/base_with_worker/env_test.go
@@ -14,8 +14,9 @@ type config struct {
 	WorkerTagEgress     string `envconfig:"E2E_WORKER_TAG_EGRESS" required:"true"`     // e.g. "egress"
 	WorkerTagCollocated string `envconfig:"E2E_WORKER_TAG_COLLOCATED" required:"true"` // e.g. "collocated"
 	// VaultAddr is the address that the Boundary server uses to interact with the running Vault instance
-	VaultAddr       string `envconfig:"E2E_VAULT_ADDR" required:"true"` // e.g. "http://127.0.0.1:8200"
-	VaultSecretPath string `envconfig:"E2E_VAULT_SECRET_PATH" default:"e2e_secrets"`
+	VaultAddr        string `envconfig:"E2E_VAULT_ADDR_PUBLIC" required:"true"`  // e.g. "http://127.0.0.1:8200"
+	VaultAddrPrivate string `envconfig:"E2E_VAULT_ADDR_PRIVATE" required:"true"` // e.g. "http://10.10.10.10:8200"
+	VaultSecretPath  string `envconfig:"E2E_VAULT_SECRET_PATH" default:"e2e_secrets"`
 }
 
 func loadTestConfig() (*config, error) {