diff --git a/.github/workflows/handler-destroy.yml b/.github/workflows/handler-destroy.yml index 47c70be3..8b2cc162 100644 --- a/.github/workflows/handler-destroy.yml +++ b/.github/workflows/handler-destroy.yml @@ -5,177 +5,207 @@ on: types: - destroy-command +env: + AWS_DEFAULT_REGION: us-east-2 + jobs: + active_active_rhel7_proxy: + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main + secrets: inherit + name: Destroy resources from AWS Active/Active RHEL7 Proxy + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'active-active-rhel7-proxy') }} + with: + cloud: AWS + test_name: Active/Active RHEL7 Proxy + utility_test: false + is_replicated_deployment: false + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/active-active-rhel7-proxy + TFC_token_secret_name: ACTIVE_ACTIVE_RHEL7_PROXY_TFC_TOKEN + TFC_workspace_substitution_pattern: 's/terraform {/terraform {\n\ + backend "remote" {\n\ + organization = "terraform-enterprise-modules-test"\n\ + workspaces {\n\ + name = "aws-active-active-rhel7-proxy"\n\ + }\n\ + }\n/' + public_active_active: - name: Destroy resources from Public Active/Active + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main + secrets: inherit + name: Destroy resources from AWS Public Active/Active if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'public-active-active') }} - runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: write - env: - WORK_DIR_PATH: ./tests/public-active-active - AWS_DEFAULT_REGION: us-east-2 - steps: - - name: Create URL to the run output - id: vars - run: echo ::set-output name=run-url::https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID - - # Checkout the branch of the pull request being tested - - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - with: - repository: ${{ github.event.client_payload.pull_request.head.repo.full_name }} - ref: ${{ github.event.client_payload.pull_request.head.sha }} - token: ${{ secrets.GITHUB_TOKEN }} - persist-credentials: false - - - name: Setup Terraform - uses: hashicorp/setup-terraform@v1 - with: - cli_config_credentials_hostname: 'app.terraform.io' - cli_config_credentials_token: ${{ secrets.PUBLIC_ACTIVE_ACTIVE_TFC_TOKEN }} - terraform_version: 0.14.8 - terraform_wrapper: true - - - name: Terraform Init - id: init - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform init -input=false -no-color - - - name: Terraform Destroy - id: destroy - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform destroy -auto-approve -input=false -no-color - - - name: Update comment - if: ${{ always() }} - uses: peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d # v2.1.1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - repository: ${{ github.event.client_payload.github.payload.repository.full_name }} - comment-id: ${{ github.event.client_payload.github.payload.comment.id }} - body: | - ${{ format('### {0} Terraform Public Active/Active Destruction Report', job.status == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format(':link: [Action Summary Page]({0})', steps.vars.outputs.run-url) }} - - ${{ format('- {0} Terraform Init', steps.init.outcome == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format('- {0} Terraform Destroy', steps.destroy.outcome == 'success' && ':white_check_mark:' || ':x:') }} + with: + cloud: AWS + test_name: Public Active/Active + utility_test: false + is_replicated_deployment: false + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/public-active-active + TFC_token_secret_name: PUBLIC_ACTIVE_ACTIVE_TFC_TOKEN private_active_active: - name: Destroy resources from Private Active/Active + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main + secrets: inherit + name: Destroy resources from AWS Private Active/Active if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'private-active-active') }} - runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: write - env: - WORK_DIR_PATH: ./tests/private-active-active - AWS_DEFAULT_REGION: us-east-2 - steps: - - name: Create URL to the run output - id: vars - run: echo ::set-output name=run-url::https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID - - # Checkout the branch of the pull request being tested - - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - with: - repository: ${{ github.event.client_payload.pull_request.head.repo.full_name }} - ref: ${{ github.event.client_payload.pull_request.head.sha }} - token: ${{ secrets.GITHUB_TOKEN }} - persist-credentials: false - - - name: Setup Terraform - uses: hashicorp/setup-terraform@v1 - with: - cli_config_credentials_hostname: 'app.terraform.io' - cli_config_credentials_token: ${{ secrets.PRIVATE_ACTIVE_ACTIVE_TFC_TOKEN }} - terraform_version: 0.14.8 - terraform_wrapper: true - - - name: Terraform Init - id: init - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform init -input=false -no-color - - - name: Terraform Destroy - id: destroy - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform destroy -auto-approve -input=false -no-color - - - name: Update comment - if: ${{ always() }} - uses: peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d # v2.1.1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - repository: ${{ github.event.client_payload.github.payload.repository.full_name }} - comment-id: ${{ github.event.client_payload.github.payload.comment.id }} - body: | - ${{ format('### {0} Terraform Private Active/Active Destruction Report', job.status == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format(':link: [Action Summary Page]({0})', steps.vars.outputs.run-url) }} - - ${{ format('- {0} Terraform Init', steps.init.outcome == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format('- {0} Terraform Destroy', steps.destroy.outcome == 'success' && ':white_check_mark:' || ':x:') }} + with: + cloud: AWS + test_name: Private Active/Active + utility_test: false + is_replicated_deployment: false + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/private-active-active + TFC_token_secret_name: PRIVATE_ACTIVE_ACTIVE_TFC_TOKEN private_tcp_active_active: - name: Destroy resources from Private TCP Active/Active + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main + secrets: inherit + name: Destroy resources from AWS Private TCP Active/Active if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'private-tcp-active-active') }} - runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: write - env: - WORK_DIR_PATH: ./tests/private-tcp-active-active - AWS_DEFAULT_REGION: us-east-2 - steps: - - name: Create URL to the run output - id: vars - run: echo ::set-output name=run-url::https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID - - # Checkout the branch of the pull request being tested - - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - with: - repository: ${{ github.event.client_payload.pull_request.head.repo.full_name }} - ref: ${{ github.event.client_payload.pull_request.head.sha }} - token: ${{ secrets.GITHUB_TOKEN }} - persist-credentials: false - - - name: Setup Terraform - uses: hashicorp/setup-terraform@v1 - with: - cli_config_credentials_hostname: 'app.terraform.io' - cli_config_credentials_token: ${{ secrets.PRIVATE_TCP_ACTIVE_ACTIVE_TFC_TOKEN }} - terraform_version: 0.14.8 - terraform_wrapper: true - - - name: Terraform Init - id: init - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform init -input=false -no-color - - - name: Terraform Destroy - id: destroy - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform destroy -auto-approve -input=false -no-color - - - name: Update comment - if: ${{ always() }} - uses: peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d # v2.1.1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - repository: ${{ github.event.client_payload.github.payload.repository.full_name }} - comment-id: ${{ github.event.client_payload.github.payload.comment.id }} - body: | - ${{ format('### {0} Terraform Private TCP Active/Active Destruction Report', job.status == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format(':link: [Action Summary Page]({0})', steps.vars.outputs.run-url) }} - - ${{ format('- {0} Terraform Init', steps.init.outcome == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format('- {0} Terraform Destroy', steps.destroy.outcome == 'success' && ':white_check_mark:' || ':x:') }} + with: + cloud: AWS + test_name: Private TCP Active/Active + utility_test: false + is_replicated_deployment: false + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/private-tcp-active-active + TFC_token_secret_name: PRIVATE_TCP_ACTIVE_ACTIVE_TFC_TOKEN + + standalone_vault: + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main + secrets: inherit + name: Destroy resources from AWS Standalone Vault + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'standalone-vault') }} + with: + cloud: AWS + test_name: Standalone Vault + utility_test: false + is_replicated_deployment: false + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/standalone-vault + TFC_token_secret_name: STANDALONE_VAULT_TFC_TOKEN + TFC_workspace_substitution_pattern: 's/terraform {/terraform {\n\ + backend "remote" {\n\ + organization = "terraform-enterprise-modules-test"\n\ + workspaces {\n\ + name = "aws-standalone-vault"\n\ + }\n\ + }\n/' + + active_active_rhel7_proxy_replicated: + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main + secrets: inherit + name: Destroy resources from AWS Active/Active RHEL7 Proxy (Replicated) + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'active-active-rhel7-proxy-replicated') }} + with: + cloud: AWS + test_name: Active/Active RHEL7 Proxy (Replicated) + utility_test: false + is_replicated_deployment: true + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/active-active-rhel7-proxy + TFC_token_secret_name: ACTIVE_ACTIVE_RHEL7_PROXY_REPLICATED_TFC_TOKEN + TFC_workspace_substitution_pattern: 's/terraform {/terraform {\n\ + backend "remote" {\n\ + organization = "terraform-enterprise-modules-test"\n\ + workspaces {\n\ + name = "aws-active-active-rhel7-proxy-replicated"\n\ + }\n\ + }\n/' + + public_active_active_replicated: + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main + secrets: inherit + name: Destroy resources from AWS Public Active/Active (Replicated) + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'public-active-active-replicated') }} + with: + cloud: AWS + test_name: Public Active/Active (Replicated) + utility_test: false + is_replicated_deployment: true + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/public-active-active + TFC_token_secret_name: PUBLIC_ACTIVE_ACTIVE_REPLICATED_TFC_TOKEN + TFC_workspace_substitution_pattern: s/aws-public-active-active/aws-public-active-active-replicated/ + + private_active_active_replicated: + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main + secrets: inherit + name: Destroy resources from AWS Private Active/Active (Replicated) + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'private-active-active-replicated') }} + with: + cloud: AWS + test_name: Private Active/Active (Replicated) + utility_test: false + is_replicated_deployment: true + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/private-active-active + TFC_token_secret_name: PRIVATE_ACTIVE_ACTIVE_REPLICATED_TFC_TOKEN + TFC_workspace_substitution_pattern: s/aws-private-active-active/aws-private-active-active-replicated/ + + private_tcp_active_active_replicated: + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main + secrets: inherit + name: Destroy resources from AWS Private TCP Active/Active (Replicated) + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'private-tcp-active-active-replicated') }} + with: + cloud: AWS + test_name: Private TCP Active/Active (Replicated) + utility_test: false + is_replicated_deployment: true + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/private-tcp-active-active + TFC_token_secret_name: PRIVATE_TCP_ACTIVE_ACTIVE_REPLICATED_TFC_TOKEN + TFC_workspace_substitution_pattern: s/aws-private-tcp-active-active/aws-private-tcp-active-active-replicated/ + + standalone_vault_replicated: + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main + secrets: inherit + name: Destroy resources from AWS Standalone Vault (Replicated) + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'public-active-active-replicated') }} + with: + cloud: AWS + test_name: Standalone Vault (Replicated) + utility_test: false + is_replicated_deployment: true + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/standalone-vault + TFC_token_secret_name: STANDALONE_VAULT_REPLICATED_TFC_TOKEN + TFC_workspace_substitution_pattern: 's/terraform {/terraform {\n\ + backend "remote" {\n\ + organization = "terraform-enterprise-modules-test"\n\ + workspaces {\n\ + name = "aws-standalone-vault-replicated"\n\ + }\n\ + }\n/' diff --git a/.github/workflows/handler-help.yml b/.github/workflows/handler-help.yml index b8a60d28..35a0d752 100644 --- a/.github/workflows/handler-help.yml +++ b/.github/workflows/handler-help.yml @@ -26,9 +26,19 @@ jobs: > | /help | Shows this help message | ## Test Case Names - + + FDO: + * active-active-rhel7-proxy * private-active-active * private-tcp-active-active * public-active-active + * standalone-vault + + Replicated: + * active-active-rhel7-proxy-replicated + * private-active-active-replicated + * private-tcp-active-active-replicated + * public-active-active-replicated + * standalone-vault-replicated reaction-type: confused diff --git a/.github/workflows/handler-test.yml b/.github/workflows/handler-test.yml index 75f90c66..4dc01e30 100644 --- a/.github/workflows/handler-test.yml +++ b/.github/workflows/handler-test.yml @@ -5,639 +5,209 @@ on: types: - test-command +env: + AWS_DEFAULT_REGION: us-east-2 + jobs: + active_active_rhel7_proxy: + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@main + secrets: inherit + name: Test AWS Active/Active RHEL7 Proxy Scenario + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'active-active-rhel7-proxy') }} + with: + test_name: Active/Active RHEL7 Proxy + utility_test: false + is_replicated_deployment: false + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + k6_work_dir: ./tests/tfe-load-test + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/active-active-rhel7-proxy + TFC_token_secret_name: ACTIVE_ACTIVE_RHEL7_PROXY_TFC_TOKEN + TFC_workspace_substitution_pattern: 's/terraform {/terraform {\n\ + backend "remote" {\n\ + organization = "terraform-enterprise-modules-test"\n\ + workspaces {\n\ + name = "aws-active-active-rhel7-proxy"\n\ + }\n\ + }\n/' + public_active_active: - name: Run tf-test on Public Active/Active + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@main + secrets: inherit + name: Test AWS Public Active/Active Scenario if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'public-active-active') }} - runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: write - env: - WORK_DIR_PATH: ./tests/public-active-active - K6_WORK_DIR_PATH: ./tests/tfe-load-test - AWS_DEFAULT_REGION: us-east-2 - steps: - - name: Create URL to the run output - id: vars - run: echo ::set-output name=run-url::https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID - - # Checkout the branch of the pull request being tested - - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - with: - repository: ${{ github.event.client_payload.pull_request.head.repo.full_name }} - ref: ${{ github.event.client_payload.pull_request.head.sha }} - token: ${{ secrets.GITHUB_TOKEN }} - persist-credentials: false - - # Checkout the hashicorp/tfe-load-test repository - - name: Checkout TFE Load Test - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - with: - path: ${{ env.K6_WORK_DIR_PATH }} - repository: hashicorp/tfe-load-test - token: ${{ secrets.GH_TFE_LOAD_TEST_TOKEN }} - persist-credentials: false - - - name: Install required tools - working-directory: ${{ env.K6_WORK_DIR_PATH }} - env: - K6_URL: https://github.com/loadimpact/k6/releases/download/v0.31.1/k6-v0.31.1-linux64.tar.gz - run: | - sudo apt-get install jq - curl -L $K6_URL | tar -xz --strip-components=1 - - - name: Setup Terraform - uses: hashicorp/setup-terraform@v1 - with: - cli_config_credentials_hostname: 'app.terraform.io' - cli_config_credentials_token: ${{ secrets.PUBLIC_ACTIVE_ACTIVE_TFC_TOKEN }} - terraform_version: 0.14.8 - terraform_wrapper: true - - # Run Terraform commands between these comments vvv - - - name: Terraform Init - id: init - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform init -input=false -no-color - - - name: Terraform Validate - id: validate - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform validate -no-color - - - name: Write GitHub Actions runner CIDR to Terraform Variables - working-directory: ${{ env.WORK_DIR_PATH }} - run: | - echo "iact_subnet_list = [\"$( dig +short @resolver1.opendns.com myip.opendns.com )/32\"]" > github.auto.tfvars - - - name: Terraform Apply - id: apply - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform apply -auto-approve -input=false -no-color - - - name: Retrieve Health Check URL - id: retrieve-health-check-url - working-directory: ${{ env.WORK_DIR_PATH }} - run: | - terraform output -no-color -raw health_check_url - - - name: Wait For TFE - id: wait-for-tfe - timeout-minutes: 15 - env: - HEALTH_CHECK_URL: ${{ steps.retrieve-health-check-url.outputs.stdout }} - run: | - echo "Curling \`health_check_url\` for a return status of 200..." - while ! curl -sfS --max-time 5 "$HEALTH_CHECK_URL"; do sleep 5; done - - - name: Retrieve TFE URL - id: retrieve-tfe-url - working-directory: ${{ env.WORK_DIR_PATH }} - run: | - terraform output -no-color -raw tfe_url - - - name: Retrieve IACT URL - id: retrieve-iact-url - working-directory: ${{ env.WORK_DIR_PATH }} - run: | - terraform output -no-color -raw iact_url - - - name: Retrieve IACT - id: retrieve-iact - env: - IACT_URL: ${{ steps.retrieve-iact-url.outputs.stdout }} - run: | - token=$(curl --fail --retry 5 --verbose "$IACT_URL") - echo "::set-output name=token::$token" - - - name: Retrieve Initial Admin User URL - id: retrieve-initial-admin-user-url - working-directory: ${{ env.WORK_DIR_PATH }} - run: | - terraform output -no-color -raw initial_admin_user_url - - - name: Create Admin in TFE - id: create-admin - env: - TFE_PASSWORD: ${{ secrets.TFE_PASSWORD }} - IAU_URL: ${{ steps.retrieve-initial-admin-user-url.outputs.stdout }} - IACT: ${{ steps.retrieve-iact.outputs.token }} - run: | - echo \ - '{"username": "test", "email": "tf-onprem-team@hashicorp.com", "password": "$TFE_PASSWORD"}' \ - > ./payload.json - response=$( \ - curl \ - --fail \ - --retry 5 \ - --verbose \ - --header 'Content-Type: application/json' \ - --data @./payload.json \ - "$IAU_URL"?token="$IACT") - echo "::set-output name=response::$response" - - - name: Retrieve Admin Token - id: retrieve-admin-token - env: - RESPONSE: ${{ steps.create-admin.outputs.response }} - run: | - token=$(echo "$RESPONSE" | jq --raw-output '.token') - echo "::set-output name=token::$token" - - - name: Run k6 Smoke Test - id: run-smoke-test - working-directory: ${{ env.K6_WORK_DIR_PATH }} - env: - K6_PATHNAME: "./k6" - TFE_URL: "${{ steps.retrieve-tfe-url.outputs.stdout }}" - TFE_API_TOKEN: "${{ steps.retrieve-admin-token.outputs.token }}" - TFE_EMAIL: tf-onprem-team@hashicorp.com - run: | - make smoke-test - - - name: Terraform Destroy - id: destroy - if: ${{ always() && github.event.client_payload.slash_command.args.named.destroy != 'false' }} - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform destroy -auto-approve -input=false -no-color - - # Run Terraform commands between these comments ^^^ - - - name: Update comment - if: ${{ always() }} - uses: peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d # v2.1.1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - repository: ${{ github.event.client_payload.github.payload.repository.full_name }} - comment-id: ${{ github.event.client_payload.github.payload.comment.id }} - body: | - ${{ format('### {0} Terraform Public Active/Active Test Report', job.status == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format(':link: [Action Summary Page]({0})', steps.vars.outputs.run-url) }} - - ${{ format('- {0} Terraform Init', steps.init.outcome == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format('- {0} Terraform Validate', steps.validate.outcome == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format('- {0} Terraform Apply', steps.apply.outcome == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format('- {0} Run k6 Smoke Test', steps.run-smoke-test.outcome == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ github.event.client_payload.slash_command.args.named.destroy != 'false' && format('- {0} Terraform Destroy', steps.destroy.outcome == 'success' && ':white_check_mark:' || ':x:') || '' }} + with: + test_name: Public Active/Active + utility_test: false + is_replicated_deployment: false + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + k6_work_dir: ./tests/tfe-load-test + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/public-active-active + TFC_token_secret_name: PUBLIC_ACTIVE_ACTIVE_TFC_TOKEN private_active_active: - name: Run tf-test on Private Active/Active + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@main + secrets: inherit + name: Test AWS Private Active/Active Scenario if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'private-active-active') }} - runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: write - env: - WORK_DIR_PATH: ./tests/private-active-active - K6_WORK_DIR_PATH: ./tests/tfe-load-test - AWS_DEFAULT_REGION: us-east-2 - steps: - - name: Create URL to the run output - id: vars - run: echo ::set-output name=run-url::https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID - - # Checkout the branch of the pull request being tested - - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - with: - repository: ${{ github.event.client_payload.pull_request.head.repo.full_name }} - ref: ${{ github.event.client_payload.pull_request.head.sha }} - token: ${{ secrets.GITHUB_TOKEN }} - persist-credentials: false - - # Checkout the hashicorp/tfe-load-test repository - - name: Checkout TFE Load Test - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - with: - path: ${{ env.K6_WORK_DIR_PATH }} - repository: hashicorp/tfe-load-test - token: ${{ secrets.GH_TFE_LOAD_TEST_TOKEN }} - persist-credentials: false - - - name: Install required tools - working-directory: ${{ env.K6_WORK_DIR_PATH }} - env: - K6_URL: https://github.com/loadimpact/k6/releases/download/v0.31.1/k6-v0.31.1-linux64.tar.gz - run: | - sudo apt-get install jq - curl -L $K6_URL | tar -xz --strip-components=1 - - - name: Setup Terraform - uses: hashicorp/setup-terraform@v1 - with: - cli_config_credentials_hostname: 'app.terraform.io' - cli_config_credentials_token: ${{ secrets.PRIVATE_ACTIVE_ACTIVE_TFC_TOKEN }} - terraform_version: 0.14.8 - terraform_wrapper: true - - # Run Terraform commands between these comments vvv - - - name: Terraform Init - id: init - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform init -input=false -no-color - - - name: Terraform Validate - id: validate - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform validate -no-color - - - name: Terraform Apply - id: apply - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform apply -auto-approve -input=false -no-color - - - name: Retrieve Health Check URL - id: retrieve-health-check-url - working-directory: ${{ env.WORK_DIR_PATH }} - run: | - terraform output -no-color -raw health_check_url - - - name: Retrieve Instance ID - id: retrieve-instance-id - working-directory: ${{ env.WORK_DIR_PATH }} - run: | - terraform output -no-color -raw proxy_instance_id - - - name: Write Private SSH Key - env: - SSH_KEY_BASE64: ${{ secrets.PRIVATE_ACTIVE_ACTIVE_SSH_KEY_BASE64 }} - run: | - echo "$SSH_KEY_BASE64" | base64 --decode > ./ssh-key.pem - chmod 0400 ./ssh-key.pem - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 - with: - aws-access-key-id: ${{ secrets.PRIVATE_ACTIVE_ACTIVE_AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.PRIVATE_ACTIVE_ACTIVE_AWS_SECRET_ACCESS_KEY }} - aws-region: us-east-2 - role-to-assume: ${{ secrets.PRIVATE_ACTIVE_ACTIVE_AWS_ROLE_TO_ASSUME }} - role-duration-seconds: 2400 - role-skip-session-tagging: true - - - name: Start SOCKS5 Proxy - env: - INSTANCE_ID: ${{ steps.retrieve-instance-id.outputs.stdout }} - run: | - aws ec2 wait instance-status-ok --instance-ids "$INSTANCE_ID" - ssh \ - -o 'BatchMode yes' \ - -o 'StrictHostKeyChecking accept-new' \ - -o 'ProxyCommand sh -c \ - "aws ssm start-session \ - --target %h \ - --document-name AWS-StartSSHSession \ - --parameters \"portNumber=%p\""' \ - -i ./ssh-key.pem \ - -f -N -p 22 -D localhost:5000 \ - ubuntu@"$INSTANCE_ID" - - - name: Wait For TFE - id: wait-for-tfe - timeout-minutes: 15 - env: - HEALTH_CHECK_URL: ${{ steps.retrieve-health-check-url.outputs.stdout }} - run: | - echo "Curling \`health_check_url\` for a return status of 200..." - while ! curl \ - -sfS --max-time 5 --proxy socks5://localhost:5000 \ - $HEALTH_CHECK_URL; \ - do sleep 5; done - - - name: Retrieve TFE URL - id: retrieve-tfe-url - working-directory: ${{ env.WORK_DIR_PATH }} - run: | - terraform output -no-color -raw tfe_url - - - name: Retrieve IACT URL - id: retrieve-iact-url - working-directory: ${{ env.WORK_DIR_PATH }} - run: | - terraform output -no-color -raw iact_url - - - name: Retrieve IACT - id: retrieve-iact - env: - IACT_URL: ${{ steps.retrieve-iact-url.outputs.stdout }} - run: | - token=$(curl --fail --retry 5 --verbose --proxy socks5://localhost:5000 "$IACT_URL") - echo "::set-output name=token::$token" - - - name: Retrieve Initial Admin User URL - id: retrieve-initial-admin-user-url - working-directory: ${{ env.WORK_DIR_PATH }} - run: | - terraform output -no-color -raw initial_admin_user_url - - - name: Create Admin in TFE - id: create-admin - env: - TFE_PASSWORD: ${{ secrets.TFE_PASSWORD }} - IAU_URL: ${{ steps.retrieve-initial-admin-user-url.outputs.stdout }} - IACT_TOKEN: ${{ steps.retrieve-iact.outputs.token }} - run: | - echo \ - '{"username": "test", "email": "tf-onprem-team@hashicorp.com", "password": "$TFE_PASSWORD"}' \ - > ./payload.json - response=$( \ - curl \ - --fail \ - --retry 5 \ - --verbose \ - --header 'Content-Type: application/json' \ - --data @./payload.json \ - --proxy socks5://localhost:5000 \ - "$IAU_URL"?token="$IACT_TOKEN") - echo "::set-output name=response::$response" - - - name: Retrieve Admin Token - id: retrieve-admin-token - env: - RESPONSE: ${{ steps.create-admin.outputs.response }} - run: | - token=$(echo "$RESPONSE" | jq --raw-output '.token') - echo "::set-output name=token::$token" - - - name: Run k6 Smoke Test - id: run-smoke-test - working-directory: ${{ env.K6_WORK_DIR_PATH }} - env: - K6_PATHNAME: "./k6" - TFE_URL: "${{ steps.retrieve-tfe-url.outputs.stdout }}" - TFE_API_TOKEN: "${{ steps.retrieve-admin-token.outputs.token }}" - TFE_EMAIL: tf-onprem-team@hashicorp.com - http_proxy: socks5://localhost:5000/ - https_proxy: socks5://localhost:5000/ - run: | - make smoke-test - - - name: Terraform Destroy - id: destroy - if: ${{ always() && github.event.client_payload.slash_command.args.named.destroy != 'false' }} - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform destroy -auto-approve -input=false -no-color - - # Run Terraform commands between these comments ^^^ - - - name: Update comment - if: ${{ always() }} - uses: peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d # v2.1.1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - repository: ${{ github.event.client_payload.github.payload.repository.full_name }} - comment-id: ${{ github.event.client_payload.github.payload.comment.id }} - body: | - ${{ format('### {0} Terraform Private Active/Active Test Report', job.status == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format(':link: [Action Summary Page]({0})', steps.vars.outputs.run-url) }} - - ${{ format('- {0} Terraform Init', steps.init.outcome == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format('- {0} Terraform Validate', steps.validate.outcome == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format('- {0} Terraform Apply', steps.apply.outcome == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format('- {0} Run k6 Smoke Test', steps.run-smoke-test.outcome == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ github.event.client_payload.slash_command.args.named.destroy != 'false' && format('- {0} Terraform Destroy', steps.destroy.outcome == 'success' && ':white_check_mark:' || ':x:') || '' }} + with: + test_name: Private Active/Active + utility_test: false + is_replicated_deployment: false + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + k6_work_dir: ./tests/tfe-load-test + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/private-active-active + TFC_token_secret_name: PRIVATE_ACTIVE_ACTIVE_TFC_TOKEN private_tcp_active_active: - name: Run tf-test on Private TCP Active/Active + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@main + secrets: inherit + name: Test AWS Private TCP Active/Active Scenario if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'private-tcp-active-active') }} - runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: write - env: - WORK_DIR_PATH: ./tests/private-tcp-active-active - K6_WORK_DIR_PATH: ./tests/tfe-load-test - AWS_DEFAULT_REGION: us-east-2 - steps: - - name: Create URL to the run output - id: vars - run: echo ::set-output name=run-url::https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID - - # Checkout the branch of the pull request being tested - - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - with: - repository: ${{ github.event.client_payload.pull_request.head.repo.full_name }} - ref: ${{ github.event.client_payload.pull_request.head.sha }} - token: ${{ secrets.GITHUB_TOKEN }} - persist-credentials: false - - # Checkout the hashicorp/tfe-load-test repository - - name: Checkout TFE Load Test - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - with: - path: ${{ env.K6_WORK_DIR_PATH }} - repository: hashicorp/tfe-load-test - token: ${{ secrets.GH_TFE_LOAD_TEST_TOKEN }} - persist-credentials: false - - - name: Install required tools - working-directory: ${{ env.K6_WORK_DIR_PATH }} - env: - K6_URL: https://github.com/loadimpact/k6/releases/download/v0.31.1/k6-v0.31.1-linux64.tar.gz - run: | - sudo apt-get install jq - curl -L $K6_URL | tar -xz --strip-components=1 - - - name: Setup Terraform - uses: hashicorp/setup-terraform@v1 - with: - cli_config_credentials_hostname: 'app.terraform.io' - cli_config_credentials_token: ${{ secrets.PRIVATE_TCP_ACTIVE_ACTIVE_TFC_TOKEN }} - terraform_version: 0.14.8 - terraform_wrapper: true - - # Run Terraform commands between these comments vvv - - - name: Terraform Init - id: init - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform init -input=false -no-color - - - name: Terraform Validate - id: validate - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform validate -no-color - - - name: Terraform Apply - id: apply - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform apply -auto-approve -input=false -no-color - - - name: Retrieve Health Check URL - id: retrieve-health-check-url - working-directory: ${{ env.WORK_DIR_PATH }} - run: | - terraform output -no-color -raw health_check_url - - - name: Retrieve Instance ID - id: retrieve-instance-id - working-directory: ${{ env.WORK_DIR_PATH }} - run: | - terraform output -no-color -raw proxy_instance_id - - - name: Write Private TCP SSH Key - env: - SSH_KEY_BASE64: ${{ secrets.PRIVATE_TCP_ACTIVE_ACTIVE_SSH_KEY_BASE64 }} - run: | - echo "$SSH_KEY_BASE64" | base64 --decode > ./ssh-key.pem - chmod 0400 ./ssh-key.pem - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 - with: - aws-access-key-id: ${{ secrets.PRIVATE_TCP_ACTIVE_ACTIVE_AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.PRIVATE_TCP_ACTIVE_ACTIVE_AWS_SECRET_ACCESS_KEY }} - aws-region: us-east-2 - role-to-assume: ${{ secrets.PRIVATE_TCP_ACTIVE_ACTIVE_AWS_ROLE_TO_ASSUME }} - role-duration-seconds: 2400 - role-skip-session-tagging: true - - - name: Start SOCKS5 Proxy - env: - INSTANCE_ID: ${{ steps.retrieve-instance-id.outputs.stdout }} - run: | - aws ec2 wait instance-status-ok --instance-ids "$INSTANCE_ID" - ssh \ - -o 'BatchMode yes' \ - -o 'StrictHostKeyChecking accept-new' \ - -o 'ServerAliveInterval 5' \ - -o 'ServerAliveCountMax 3' \ - -o 'ProxyCommand sh -c \ - "aws ssm start-session \ - --target %h \ - --document-name AWS-StartSSHSession \ - --parameters \"portNumber=%p\""' \ - -i ./ssh-key.pem \ - -f -N -p 22 -D localhost:5000 \ - ubuntu@"$INSTANCE_ID" - - - name: Wait For TFE - id: wait-for-tfe - timeout-minutes: 20 - env: - HEALTH_CHECK_URL: ${{ steps.retrieve-health-check-url.outputs.stdout }} - run: | - echo "Curling \`health_check_url\` for a return status of 200..." - while ! curl \ - --connect-timeout 10 \ - -sfS --max-time 5 --proxy socks5://localhost:5000 \ - --verbose \ - $HEALTH_CHECK_URL; \ - do sleep 5; done - - - name: Retrieve TFE URL - id: retrieve-tfe-url - working-directory: ${{ env.WORK_DIR_PATH }} - run: | - terraform output -no-color -raw tfe_url - - - name: Retrieve IACT URL - id: retrieve-iact-url - working-directory: ${{ env.WORK_DIR_PATH }} - run: | - terraform output -no-color -raw iact_url - - - name: Retrieve IACT - id: retrieve-iact - env: - IACT_URL: ${{ steps.retrieve-iact-url.outputs.stdout }} - run: | - token=$( \ - curl --fail --retry 5 --verbose \ - --connect-timeout 10 \ - --proxy socks5://localhost:5000 "$IACT_URL") - echo "::set-output name=token::$token" - - - name: Retrieve Initial Admin User URL - id: retrieve-initial-admin-user-url - working-directory: ${{ env.WORK_DIR_PATH }} - run: | - terraform output -no-color -raw initial_admin_user_url - - - name: Create Admin in TFE - id: create-admin - env: - TFE_PASSWORD: ${{ secrets.TFE_PASSWORD }} - IAU_URL: ${{ steps.retrieve-initial-admin-user-url.outputs.stdout }} - IACT_TOKEN: ${{ steps.retrieve-iact.outputs.token }} - run: | - echo \ - '{"username": "test", "email": "tf-onprem-team@hashicorp.com", "password": "$TFE_PASSWORD"}' \ - > ./payload.json - response=$( \ - curl \ - --connect-timeout 10 \ - --fail \ - --retry 5 \ - --verbose \ - --header 'Content-Type: application/json' \ - --data @./payload.json \ - --proxy socks5://localhost:5000 \ - "$IAU_URL"?token="$IACT_TOKEN") - echo "::set-output name=response::$response" - - - name: Retrieve Admin Token - id: retrieve-admin-token - env: - RESPONSE: ${{ steps.create-admin.outputs.response }} - run: | - token=$(echo "$RESPONSE" | jq --raw-output '.token') - echo "::set-output name=token::$token" - - - name: Run k6 Smoke Test - id: run-smoke-test - working-directory: ${{ env.K6_WORK_DIR_PATH }} - env: - K6_PATHNAME: "./k6" - TFE_URL: "${{ steps.retrieve-tfe-url.outputs.stdout }}" - TFE_API_TOKEN: "${{ steps.retrieve-admin-token.outputs.token }}" - TFE_EMAIL: tf-onprem-team@hashicorp.com - http_proxy: socks5://localhost:5000/ - https_proxy: socks5://localhost:5000/ - run: | - make smoke-test - - - name: Terraform Destroy - id: destroy - if: ${{ always() && github.event.client_payload.slash_command.args.named.destroy != 'false' }} - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform destroy -auto-approve -input=false -no-color - - # Run Terraform commands between these comments ^^^ - - - name: Update comment - if: ${{ always() }} - uses: peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d # v2.1.1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - repository: ${{ github.event.client_payload.github.payload.repository.full_name }} - comment-id: ${{ github.event.client_payload.github.payload.comment.id }} - body: | - ${{ format('### {0} Terraform Private TCP Active/Active Test Report', job.status == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format(':link: [Action Summary Page]({0})', steps.vars.outputs.run-url) }} - - ${{ format('- {0} Terraform Init', steps.init.outcome == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format('- {0} Terraform Validate', steps.validate.outcome == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format('- {0} Terraform Apply', steps.apply.outcome == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format('- {0} Run k6 Smoke Test', steps.run-smoke-test.outcome == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ github.event.client_payload.slash_command.args.named.destroy != 'false' && format('- {0} Terraform Destroy', steps.destroy.outcome == 'success' && ':white_check_mark:' || ':x:') || '' }} + with: + test_name: Private TCP Active/Active + utility_test: false + is_replicated_deployment: false + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + k6_work_dir: ./tests/tfe-load-test + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/private-tcp-active-active + TFC_token_secret_name: PRIVATE_TCP_ACTIVE_ACTIVE_TFC_TOKEN + + standalone_vault: + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@main + secrets: inherit + name: Test AWS Standalone Vault Scenario + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'standalone-vault') }} + with: + test_name: Standalone Vault + utility_test: false + is_replicated_deployment: false + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + k6_work_dir: ./tests/tfe-load-test + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/standalone-vault + first_apply_args: "-target=module.hcp_vault.hcp_vault_cluster.test -target=module.hcp_vault.hcp_vault_cluster_admin_token.test" + TFC_token_secret_name: STANDALONE_VAULT_TFC_TOKEN + TFC_workspace_substitution_pattern: 's/terraform {/terraform {\n\ + backend "remote" {\n\ + organization = "terraform-enterprise-modules-test"\n\ + workspaces {\n\ + name = "aws-standalone-vault"\n\ + }\n\ + }\n/' + + active_active_rhel7_proxy_replicated: + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@main + secrets: inherit + name: Test AWS Active/Active RHEL7 Proxy (Replicated) Scenario + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'active-active-rhel7-proxy-replicated') }} + with: + test_name: Active/Active RHEL7 Proxy (Replicated) + utility_test: false + is_replicated_deployment: true + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + k6_work_dir: ./tests/tfe-load-test + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/active-active-rhel7-proxy + TFC_token_secret_name: ACTIVE_ACTIVE_RHEL7_PROXY_REPLICATED_TFC_TOKEN + TFC_workspace_substitution_pattern: 's/terraform {/terraform {\n\ + backend "remote" {\n\ + organization = "terraform-enterprise-modules-test"\n\ + workspaces {\n\ + name = "aws-active-active-rhel7-proxy-replicated"\n\ + }\n\ + }\n/' + + public_active_active_replicated: + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@main + secrets: inherit + name: Test AWS Public Active/Active (Replicated) Scenario + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'public-active-active-replicated') }} + with: + test_name: Public Active/Active (Replicated) + utility_test: false + is_replicated_deployment: true + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + k6_work_dir: ./tests/tfe-load-test + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/public-active-active + TFC_token_secret_name: PUBLIC_ACTIVE_ACTIVE_REPLICATED_TFC_TOKEN + TFC_workspace_substitution_pattern: s/aws-public-active-active/aws-public-active-active-replicated/ + + private_active_active_replicated: + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@main + secrets: inherit + name: Test AWS Private Active/Active (Replicated) Scenario + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'private-active-active-replicated') }} + with: + test_name: Private Active/Active (Replicated) + utility_test: false + is_replicated_deployment: true + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + k6_work_dir: ./tests/tfe-load-test + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/private-active-active + TFC_token_secret_name: PRIVATE_ACTIVE_ACTIVE_REPLICATED_TFC_TOKEN + TFC_workspace_substitution_pattern: s/aws-private-active-active/aws-private-active-active-replicated/ + + private_tcp_active_active_replicated: + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@main + secrets: inherit + name: Test AWS Private TCP Active/Active (Replicated) Scenario + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'private-tcp-active-active-replicated') }} + with: + test_name: Private TCP Active/Active (Replicated) + utility_test: false + is_replicated_deployment: true + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + k6_work_dir: ./tests/tfe-load-test + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/private-tcp-active-active + TFC_token_secret_name: PRIVATE_TCP_ACTIVE_ACTIVE_REPLICATED_TFC_TOKEN + TFC_workspace_substitution_pattern: s/aws-private-tcp-active-active/aws-private-tcp-active-active-replicated/ + + standalone_vault_replicated: + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@main + secrets: inherit + name: Test AWS Standalone Vault (Replicated) Scenario + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'public-active-active-replicated') }} + with: + test_name: Standalone Vault (Replicated) + utility_test: false + is_replicated_deployment: true + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + k6_work_dir: ./tests/tfe-load-test + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/standalone-vault + first_apply_args: "-target=module.hcp_vault.hcp_vault_cluster.test -target=module.hcp_vault.hcp_vault_cluster_admin_token.test" + TFC_token_secret_name: STANDALONE_VAULT_REPLICATED_TFC_TOKEN + TFC_workspace_substitution_pattern: 's/terraform {/terraform {\n\ + backend "remote" {\n\ + organization = "terraform-enterprise-modules-test"\n\ + workspaces {\n\ + name = "aws-standalone-vault-replicated"\n\ + }\n\ + }\n/' diff --git a/.tflint.hcl b/.tflint.hcl index e94b9545..b3d2baf3 100644 --- a/.tflint.hcl +++ b/.tflint.hcl @@ -50,3 +50,7 @@ rule "terraform_unused_required_providers" { rule "terraform_standard_module_structure" { enabled = true } + +rule "terraform_module_pinned_source" { + enabled = false +} \ No newline at end of file diff --git a/examples/active-active-proxy/main.tf b/examples/active-active-proxy/main.tf index b7eaeb68..499f2f9c 100644 --- a/examples/active-active-proxy/main.tf +++ b/examples/active-active-proxy/main.tf @@ -4,7 +4,7 @@ resource "random_string" "friendly_name" { length = 4 upper = false # Some AWS resources do not accept uppercase characters. - number = false + numeric = false special = false } diff --git a/examples/existing-image/main.tf b/examples/existing-image/main.tf index 83813467..3f8d4cb0 100644 --- a/examples/existing-image/main.tf +++ b/examples/existing-image/main.tf @@ -4,7 +4,7 @@ resource "random_string" "friendly_name" { length = 4 upper = false # Some AWS resources do not accept uppercase characters. - number = false + numeric = false special = false } diff --git a/examples/existing-network/main.tf b/examples/existing-network/main.tf index cbd0a8e9..4907ad55 100644 --- a/examples/existing-network/main.tf +++ b/examples/existing-network/main.tf @@ -13,7 +13,7 @@ provider "aws" { resource "random_string" "friendly_name" { length = 4 upper = false # Some AWS resources do not accept uppercase characters. - number = false + numeric = false special = false } diff --git a/examples/standalone-airgap-dev/main.tf b/examples/standalone-airgap-dev/main.tf index dba72429..108860b3 100644 --- a/examples/standalone-airgap-dev/main.tf +++ b/examples/standalone-airgap-dev/main.tf @@ -6,7 +6,7 @@ resource "random_string" "friendly_name" { length = 4 upper = false - number = false + numeric = false special = false } diff --git a/examples/standalone-airgap/main.tf b/examples/standalone-airgap/main.tf index 44a5a56b..25132af6 100644 --- a/examples/standalone-airgap/main.tf +++ b/examples/standalone-airgap/main.tf @@ -6,7 +6,7 @@ resource "random_string" "friendly_name" { length = 4 upper = false - number = false + numeric = false special = false } diff --git a/examples/standalone-mounted/main.tf b/examples/standalone-mounted/main.tf index d4388929..80415bcf 100644 --- a/examples/standalone-mounted/main.tf +++ b/examples/standalone-mounted/main.tf @@ -6,7 +6,7 @@ resource "random_string" "friendly_name" { length = 4 upper = false - number = false + numeric = false special = false } diff --git a/main.tf b/main.tf index 55d918a3..c8fb8af6 100644 --- a/main.tf +++ b/main.tf @@ -45,7 +45,6 @@ module "service_accounts" { # AWS S3 Bucket Object Storage # ----------------------------------------------------------------------------- module "object_storage" { - count = local.enable_object_storage_module ? 1 : 0 source = "./modules/object_storage" @@ -58,8 +57,7 @@ module "object_storage" { # AWS Virtual Private Cloud Networking # ----------------------------------------------------------------------------- module "networking" { - count = var.deploy_vpc ? 1 : 0 - + count = var.deploy_vpc ? 1 : 0 source = "./modules/networking" friendly_name_prefix = var.friendly_name_prefix @@ -73,8 +71,7 @@ module "networking" { # ----------------------------------------------------------------------------- module "redis" { source = "./modules/redis" - - count = local.enable_redis_module ? 1 : 0 + count = local.enable_redis_module ? 1 : 0 active_active = local.active_active friendly_name_prefix = var.friendly_name_prefix @@ -99,8 +96,7 @@ module "redis" { # ----------------------------------------------------------------------------- module "database" { source = "./modules/database" - - count = local.enable_database_module ? 1 : 0 + count = local.enable_database_module ? 1 : 0 db_size = var.db_size db_backup_retention = var.db_backup_retention @@ -114,11 +110,101 @@ module "database" { kms_key_arn = local.kms_key_arn } -# ----------------------------------------------------------------------------- -# TFE and Replicated settings to pass to the tfe_init module -# ----------------------------------------------------------------------------- +# ------------------------------------------------------------------------------------ +# Docker Compose File Config for TFE on instance(s) using Flexible Deployment Options +# ------------------------------------------------------------------------------------ +module "docker_compose_config" { + source = "git::https://github.com/hashicorp/terraform-random-tfe-utility//modules/docker_compose_config?ref=main" + count = var.is_replicated_deployment ? 0 : 1 + + hostname = local.fqdn + tfe_license = var.hc_license + license_reporting_opt_out = var.license_reporting_opt_out + operational_mode = var.operational_mode + cert_file = var.tls_bootstrap_cert_pathname + key_file = var.tls_bootstrap_key_pathname + tfe_image = var.tfe_image + tls_ca_bundle_file = var.tls_ca_bundle_file + tls_ciphers = var.tls_ciphers + tls_version = var.tls_version + run_pipeline_image = var.run_pipeline_image + capacity_concurrency = var.capacity_concurrency + capacity_cpu = var.capacity_cpu + capacity_memory = var.capacity_memory + iact_subnets = join(",", var.iact_subnet_list) + iact_time_limit = var.iact_subnet_time_limit + + database_name = local.database.name + database_user = local.database.user + database_password = local.database.password + database_host = local.database.host + database_parameters = local.database.parameters + + storage_type = "s3" + s3_access_key_id = var.aws_access_key_id + s3_secret_access_key = var.aws_secret_access_key + s3_bucket = local.object_storage.s3_bucket.id + s3_region = data.aws_region.current.name + s3_endpoint = var.s3_endpoint + s3_server_side_encryption = "aws:kms" + s3_server_side_encryption_kms_key_id = local.kms_key_arn + s3_use_instance_profile = var.aws_access_key_id == null ? "1" : "0" + + redis_host = local.redis.hostname + redis_user = "" + redis_password = local.redis.password + redis_use_tls = local.redis.use_tls + redis_use_auth = local.redis.use_password_auth + + vault_address = var.extern_vault_addr + vault_namespace = var.extern_vault_namespace + vault_path = var.extern_vault_path + vault_role_id = var.extern_vault_role_id + vault_secret_id = var.extern_vault_secret_id +} + +# -------------------------------------------------------------------------------------------------- +# AWS cloud init used to install and configure TFE on instance(s) using Flexible Deployment Options +# -------------------------------------------------------------------------------------------------- +module "tfe_init_fdo" { + source = "git::https://github.com/hashicorp/terraform-random-tfe-utility//modules/tfe_init?ref=main" + count = var.is_replicated_deployment ? 0 : 1 + + cloud = "aws" + operational_mode = var.operational_mode + custom_image_tag = var.custom_image_tag + enable_monitoring = var.enable_monitoring + + disk_path = local.enable_disk ? var.disk_path : null + disk_device_name = local.enable_disk ? var.ebs_renamed_device_name : null + distribution = var.distribution + + ca_certificate_secret_id = var.ca_certificate_secret_id == null ? null : var.ca_certificate_secret_id + certificate_secret_id = var.vm_certificate_secret_id == null ? null : var.vm_certificate_secret_id + key_secret_id = var.vm_key_secret_id == null ? null : var.vm_key_secret_id + + proxy_ip = var.proxy_ip + proxy_port = var.proxy_port + extra_no_proxy = concat([ + "127.0.0.1", + "169.254.169.254", + ".aws.ce.redhat.com", + "secretsmanager.${data.aws_region.current.name}.amazonaws.com", + local.fqdn, + var.network_cidr + ], var.no_proxy) + + registry_username = var.registry_username + registry_password = var.registry_password + docker_compose_yaml = module.docker_compose_config[0].docker_compose_yaml +} + +# -------------------------------------------------------------------------------------------- +# TFE and Replicated settings to pass to the tfe_init_replicated module for replicated deployment +# -------------------------------------------------------------------------------------------- module "settings" { source = "git::https://github.com/hashicorp/terraform-random-tfe-utility//modules/settings?ref=main" + count = var.is_replicated_deployment ? 1 : 0 # TFE Base Configuration consolidated_services = var.consolidated_services @@ -187,16 +273,17 @@ module "settings" { # ----------------------------------------------------------------------------- # AWS user data / cloud init used to install and configure TFE on instance(s) # ----------------------------------------------------------------------------- -module "tfe_init" { - source = "git::https://github.com/hashicorp/terraform-random-tfe-utility//modules/tfe_init?ref=main" +module "tfe_init_replicated" { + source = "git::https://github.com/hashicorp/terraform-random-tfe-utility//modules/tfe_init_replicated?ref=main" + count = var.is_replicated_deployment ? 1 : 0 # TFE & Replicated Configuration data cloud = "aws" disk_path = local.enable_disk ? var.disk_path : null disk_device_name = local.enable_disk ? var.ebs_renamed_device_name : null distribution = var.distribution - tfe_configuration = module.settings.tfe_configuration - replicated_configuration = module.settings.replicated_configuration + tfe_configuration = module.settings[0].tfe_configuration + replicated_configuration = module.settings[0].replicated_configuration airgap_url = var.airgap_url # Secrets @@ -253,6 +340,7 @@ module "vm" { asg_tags = var.asg_tags default_ami_id = local.default_ami_id enable_disk = local.enable_disk + enable_ssh = var.enable_ssh ebs_device_name = var.ebs_device_name ebs_volume_size = var.ebs_volume_size ebs_volume_type = var.ebs_volume_type @@ -261,9 +349,10 @@ module "vm" { friendly_name_prefix = var.friendly_name_prefix key_name = var.key_name instance_type = var.instance_type + is_replicated_deployment = var.is_replicated_deployment network_id = local.network_id network_subnets_private = local.network_private_subnets network_private_subnet_cidrs = local.network_private_subnet_cidrs node_count = var.node_count - user_data_base64 = module.tfe_init.tfe_userdata_base64_encoded + user_data_base64 = var.is_replicated_deployment ? module.tfe_init_replicated[0].tfe_userdata_base64_encoded : module.tfe_init_fdo[0].tfe_userdata_base64_encoded } diff --git a/modules/service_accounts/main.tf b/modules/service_accounts/main.tf index dd470a1d..d7c7b8ed 100644 --- a/modules/service_accounts/main.tf +++ b/modules/service_accounts/main.tf @@ -109,7 +109,7 @@ resource "aws_iam_policy" "kms_policy" { "kms:ReEncryptTo", ] Effect = "Allow" - Resource = "${var.kms_key_arn}" + Resource = var.kms_key_arn }, ] }) diff --git a/modules/vm/main.tf b/modules/vm/main.tf index 5b3ee0fa..e7a93eaf 100644 --- a/modules/vm/main.tf +++ b/modules/vm/main.tf @@ -19,6 +19,30 @@ resource "aws_security_group_rule" "tfe_ui" { cidr_blocks = var.aws_lb == null ? var.network_private_subnet_cidrs : null } +resource "aws_security_group_rule" "vault_cluster" { + count = var.active_active && !var.is_replicated_deployment ? 1 : 0 + + security_group_id = aws_security_group.tfe_instance.id + type = "ingress" + from_port = 8201 + to_port = 8201 + protocol = "tcp" + source_security_group_id = var.aws_lb + cidr_blocks = var.aws_lb == null ? var.network_private_subnet_cidrs : null +} + +resource "aws_security_group_rule" "ssh_inbound" { + count = var.enable_ssh ? 1 : 0 + + security_group_id = aws_security_group.tfe_instance.id + type = "ingress" + from_port = 22 + to_port = 22 + protocol = "tcp" + source_security_group_id = var.aws_lb + cidr_blocks = var.aws_lb == null ? var.network_private_subnet_cidrs : null +} + resource "aws_security_group_rule" "tfe_inbound" { security_group_id = aws_security_group.tfe_instance.id type = "ingress" @@ -38,7 +62,7 @@ resource "aws_security_group_rule" "tfe_outbound" { } resource "aws_security_group_rule" "tfe_dashboard" { - count = var.active_active ? 0 : 1 + count = !var.active_active || var.is_replicated_deployment ? 1 : 0 security_group_id = aws_security_group.tfe_instance.id type = "ingress" from_port = 8800 @@ -95,7 +119,7 @@ resource "aws_autoscaling_group" "tfe_asg" { max_size = var.node_count desired_capacity = var.node_count vpc_zone_identifier = var.network_subnets_private - target_group_arns = var.active_active ? [var.aws_lb_target_group_tfe_tg_443_arn] : [ + target_group_arns = var.active_active || !var.is_replicated_deployment ? [var.aws_lb_target_group_tfe_tg_443_arn] : [ var.aws_lb_target_group_tfe_tg_8800_arn, var.aws_lb_target_group_tfe_tg_443_arn, ] diff --git a/modules/vm/variables.tf b/modules/vm/variables.tf index 14b9550a..c0f6624c 100644 --- a/modules/vm/variables.tf +++ b/modules/vm/variables.tf @@ -12,26 +12,17 @@ variable "user_data_base64" { } variable "aws_lb" { - description = <<-EOD - The identity of the security group attached to the load balancer which will be - authorized to communicate with the TFE EC2 instance(s). - EOD + description = "The identity of the security group attached to the load balancer which will be authorized to communicate with the TFE EC2 instance(s)." type = string } variable "aws_lb_target_group_tfe_tg_443_arn" { - description = <<-EOD - The Amazon Resource Name of the load balancer target group for traffic on port - 443 which will be backed by the TFE EC2 autoscaling group. - EOD + description = "The Amazon Resource Name of the load balancer target group for traffic on port 443 which will be backed by the TFE EC2 autoscaling group." type = string } variable "aws_lb_target_group_tfe_tg_8800_arn" { - description = <<-EOD - The Amazon Resource Name of the load balancer target group for traffic on port - 8800 which will be backed by the TFE EC2 autoscaling group. - EOD + description = "The Amazon Resource Name of the load balancer target group for traffic on port 8800 which will be backed by the TFE EC2 autoscaling group." type = string } @@ -46,9 +37,7 @@ variable "network_id" { } variable "network_subnets_private" { - description = <<-EOD - A list of the identities of the private subnetworks in which the EC2 autoscaling group will be deployed. - EOD + description = "A list of the identities of the private subnetworks in which the EC2 autoscaling group will be deployed." type = list(string) } @@ -67,11 +56,21 @@ variable "ami_id" { description = "AMI ID to use for TFE instances" } +variable "enable_ssh" { + type = bool + description = "Whether to open port 22 on the TFE instance for SSH access." +} + variable "friendly_name_prefix" { type = string description = "(Required) Friendly name prefix used for tagging and naming AWS resources." } +variable "is_replicated_deployment" { + type = bool + description = "TFE will be installed using a Replicated license and deployment method." +} + variable "node_count" { type = number description = "The number of nodes you want in your autoscaling group (1 for standalone, 2 for active-active configuration)" @@ -79,11 +78,7 @@ variable "node_count" { variable "asg_tags" { type = map(string) - description = <." description = "Login URL to setup the TFE instance once it is initialized" } output "replicated_console_url" { - value = "https://${local.fqdn}:8800/" - description = "The URL of the Terraform Enterprise administration console." + value = var.is_replicated_deployment ? "https://${local.fqdn}:8800/" : "FDO deployments do not have a console." + description = "The URL of the Terraform Enterprise Replicated administration console." } output "tfe_url" { @@ -84,7 +84,7 @@ output "tfe_autoscaling_group" { } output "replicated_dashboard_password" { - value = module.settings.replicated_configuration.DaemonAuthenticationPassword + value = var.is_replicated_deployment ? module.settings[0].replicated_configuration.DaemonAuthenticationPassword : "This is only used for replicated deployments." description = "The password for the TFE console" sensitive = true } diff --git a/tests/active-active-rhel7-proxy/main.tf b/tests/active-active-rhel7-proxy/main.tf index 701e0d35..a1a84b58 100644 --- a/tests/active-active-rhel7-proxy/main.tf +++ b/tests/active-active-rhel7-proxy/main.tf @@ -14,7 +14,7 @@ provider "aws" { resource "random_string" "friendly_name" { length = 4 upper = false # Some AWS resources do not accept uppercase characters. - number = false + numeric = false special = false } @@ -98,6 +98,14 @@ module "tfe" { tfe_subdomain = local.test_name asg_tags = local.common_tags + + # FDO Specific Values + is_replicated_deployment = var.is_replicated_deployment + hc_license = var.hc_license + license_reporting_opt_out = true + registry_password = var.registry_password + registry_username = var.registry_username + tfe_image = "quay.io/hashicorp/terraform-enterprise:${var.tfe_image_tag}" } resource "null_resource" "wait_for_instances" { diff --git a/tests/active-active-rhel7-proxy/outputs.tf b/tests/active-active-rhel7-proxy/outputs.tf index 45e17153..fb2e96f6 100644 --- a/tests/active-active-rhel7-proxy/outputs.tf +++ b/tests/active-active-rhel7-proxy/outputs.tf @@ -17,25 +17,27 @@ output "ptfe_endpoint" { description = "Terraform Enterprise Application URL" } +# Change this to health_check_url for consistency. This requires changing it in ptfe-replicated tests. output "ptfe_health_check" { value = module.tfe.health_check_url description = "Terraform Enterprise Health Check URL" } +output "health_check_url" { + value = module.tfe.health_check_url + description = "The URL with path to access the TFE instance health check." +} output "ssh_config_file" { - value = local.utility_module_test ? "use AWS SSH key define by var.key_name" : local_file.ssh_config[0].filename - + value = local.utility_module_test ? "use AWS SSH key define by var.key_name" : local_file.ssh_config[0].filename description = "The pathname of the SSH configuration file that grants access to the compute instance." } output "ssh_private_key" { - value = local.utility_module_test ? "use AWS SSH key define by var.key_name" : local_file.private_key_pem[0].filename - + value = local.utility_module_test ? "use AWS SSH key define by var.key_name" : local_file.private_key_pem[0].filename description = "The pathname of the private SSH key." } output "proxy_instance_id" { - value = module.test_proxy.proxy_instance_id - + value = module.test_proxy.proxy_instance_id description = "The ID of the proxy EC2 instance." } \ No newline at end of file diff --git a/tests/active-active-rhel7-proxy/variables.tf b/tests/active-active-rhel7-proxy/variables.tf index 18e466b5..e1167c68 100644 --- a/tests/active-active-rhel7-proxy/variables.tf +++ b/tests/active-active-rhel7-proxy/variables.tf @@ -42,6 +42,18 @@ variable "domain_name" { description = "Domain for creating the Terraform Enterprise subdomain on." } +variable "hc_license" { + default = null + type = string + description = "(Not needed if is_replicated_deployment is true) The raw TFE license that is validated on application startup." +} + +variable "is_replicated_deployment" { + type = bool + description = "TFE will be installed using a Replicated license and deployment method." + default = true +} + variable "key_name" { default = null description = "The name of the key pair to be used for SSH access to the EC2 instance(s)." @@ -59,6 +71,24 @@ variable "object_storage_iam_user_name" { description = "The name of the IAM user which will be authorized to access the S3 storage bucket." } +variable "registry_username" { + default = null + type = string + description = "(Not needed if is_replicated_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." +} + +variable "registry_password" { + default = null + type = string + description = "(Not needed if is_replicated_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." +} + +variable "tfe_image_tag" { + default = "latest" + type = string + description = "(Not needed if is_replicated_deployment is true) The image version of the terraform-enterprise image (e.g. \"1234567\")" +} + variable "tfe_license_secret_id" { default = null type = string diff --git a/tests/private-active-active/main.tf b/tests/private-active-active/main.tf index 5a93cc47..e27868d9 100644 --- a/tests/private-active-active/main.tf +++ b/tests/private-active-active/main.tf @@ -14,7 +14,7 @@ provider "aws" { resource "random_string" "friendly_name" { length = 4 upper = false # Some AWS resources do not accept uppercase characters. - number = false + numeric = false special = false } @@ -67,4 +67,12 @@ module "private_active_active" { tfe_subdomain = local.test_name asg_tags = local.common_tags + + # FDO Specific Values + is_replicated_deployment = var.is_replicated_deployment + hc_license = var.hc_license + license_reporting_opt_out = true + registry_password = var.registry_password + registry_username = var.registry_username + tfe_image = "quay.io/hashicorp/terraform-enterprise:${var.tfe_image_tag}" } diff --git a/tests/private-active-active/outputs.tf b/tests/private-active-active/outputs.tf index 0c8c655a..0995d38f 100644 --- a/tests/private-active-active/outputs.tf +++ b/tests/private-active-active/outputs.tf @@ -2,39 +2,33 @@ # SPDX-License-Identifier: MPL-2.0 output "private_active_active" { - value = module.private_active_active - + value = module.private_active_active description = "The outputs of the private_active_active module." # This output is marked as sensitive to work around a bug in Terraform 0.14 sensitive = true } output "tfe_url" { - value = module.private_active_active.tfe_url - + value = module.private_active_active.tfe_url description = "The URL to the TFE application." } output "health_check_url" { - value = "${module.private_active_active.tfe_url}/_health_check" - + value = module.private_active_active.health_check_url description = "The URL with path to access the TFE instance health check." } output "iact_url" { - value = "${module.private_active_active.tfe_url}/admin/retrieve-iact" - + value = "${module.private_active_active.tfe_url}/admin/retrieve-iact" description = "The URL with path to access the TFE instance Retrieve IACT." } output "initial_admin_user_url" { - value = "${module.private_active_active.tfe_url}/admin/initial-admin-user" - + value = "${module.private_active_active.tfe_url}/admin/initial-admin-user" description = "The URL with path to access the TFE instance Initial Admin User." } output "proxy_instance_id" { - value = module.test_proxy.proxy_instance_id - + value = module.test_proxy.proxy_instance_id description = "The ID of the proxy EC2 instance." -} \ No newline at end of file +} diff --git a/tests/private-active-active/variables.tf b/tests/private-active-active/variables.tf index 936a9a33..30da6ffe 100644 --- a/tests/private-active-active/variables.tf +++ b/tests/private-active-active/variables.tf @@ -22,6 +22,18 @@ variable "domain_name" { description = "Domain for creating the Terraform Enterprise subdomain on." } +variable "hc_license" { + default = null + type = string + description = "(Not needed if is_replicated_deployment is true) The raw TFE license that is validated on application startup." +} + +variable "is_replicated_deployment" { + type = bool + description = "TFE will be installed using a Replicated license and deployment method." + default = true +} + variable "key_name" { description = "The name of the key pair to be used for SSH access to the EC2 instance(s)." type = string @@ -33,6 +45,24 @@ variable "license_file" { description = "The local path to the Terraform Enterprise license to be provided by CI." } +variable "registry_username" { + default = null + type = string + description = "(Not needed if is_replicated_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." +} + +variable "registry_password" { + default = null + type = string + description = "(Not needed if is_replicated_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." +} + +variable "tfe_image_tag" { + default = "latest" + type = string + description = "(Not needed if is_replicated_deployment is true) The image version of the terraform-enterprise image (e.g. \"1234567\")" +} + variable "tfe_license_secret_id" { default = null type = string diff --git a/tests/private-tcp-active-active/main.tf b/tests/private-tcp-active-active/main.tf index 07568589..8b667943 100644 --- a/tests/private-tcp-active-active/main.tf +++ b/tests/private-tcp-active-active/main.tf @@ -14,7 +14,7 @@ provider "aws" { resource "random_string" "friendly_name" { length = 4 upper = false # Some AWS resources do not accept uppercase characters. - number = false + numeric = false special = false } @@ -74,4 +74,13 @@ module "private_tcp_active_active" { vm_key_secret_id = var.private_key_pem_secret_id asg_tags = local.common_tags + + # FDO Specific Values + is_replicated_deployment = var.is_replicated_deployment + hc_license = var.hc_license + license_reporting_opt_out = true + registry_password = var.registry_password + registry_username = var.registry_username + tfe_image = "quay.io/hashicorp/terraform-enterprise:${var.tfe_image_tag}" + tls_ca_bundle_file = "/usr/share/pki/ca-trust-source/anchors/tfe-ca-certificate.crt" } diff --git a/tests/private-tcp-active-active/outputs.tf b/tests/private-tcp-active-active/outputs.tf index c459fd94..7f03f2d8 100644 --- a/tests/private-tcp-active-active/outputs.tf +++ b/tests/private-tcp-active-active/outputs.tf @@ -2,47 +2,40 @@ # SPDX-License-Identifier: MPL-2.0 output "private_tcp_active_active" { - value = module.private_tcp_active_active - + value = module.private_tcp_active_active description = "The outputs of the private_tcp_active_active module." # This output is marked as sensitive to work around a bug in Terraform 0.14 sensitive = true } output "tfe_url" { - value = module.private_tcp_active_active.tfe_url - + value = module.private_tcp_active_active.tfe_url description = "The URL to the TFE application." } output "health_check_url" { - value = "${module.private_tcp_active_active.tfe_url}/_health_check" - + value = module.private_tcp_active_active.health_check_url description = "The URL with path to access the TFE instance health check." } output "iact_url" { - value = "${module.private_tcp_active_active.tfe_url}/admin/retrieve-iact" - + value = "${module.private_tcp_active_active.tfe_url}/admin/retrieve-iact" description = "The URL with path to access the TFE instance Retrieve IACT." } output "initial_admin_user_url" { - value = "${module.private_tcp_active_active.tfe_url}/admin/initial-admin-user" - + value = "${module.private_tcp_active_active.tfe_url}/admin/initial-admin-user" description = "The URL with path to access the TFE instance Initial Admin User." } output "tfe_autoscaling_group_name" { - value = module.private_tcp_active_active.tfe_autoscaling_group.name - + value = module.private_tcp_active_active.tfe_autoscaling_group.name description = "The name of the autoscaling group which hosts the TFE EC2 instance(s)." # This output is marked as sensitive to work around a bug in Terraform 0.14 sensitive = true } output "proxy_instance_id" { - value = module.test_proxy.proxy_instance_id - + value = module.test_proxy.proxy_instance_id description = "The ID of the proxy EC2 instance." } diff --git a/tests/private-tcp-active-active/variables.tf b/tests/private-tcp-active-active/variables.tf index 65e87037..42d9ca0f 100644 --- a/tests/private-tcp-active-active/variables.tf +++ b/tests/private-tcp-active-active/variables.tf @@ -37,6 +37,18 @@ variable "domain_name" { description = "Domain for creating the Terraform Enterprise subdomain on." } +variable "hc_license" { + default = null + type = string + description = "(Not needed if is_replicated_deployment is true) The raw TFE license that is validated on application startup." +} + +variable "is_replicated_deployment" { + type = bool + description = "TFE will be installed using a Replicated license and deployment method." + default = true +} + variable "key_name" { description = "The name of the key pair to be used for SSH access to the EC2 instance(s)." type = string @@ -53,11 +65,26 @@ variable "private_key_pem_secret_id" { description = "The secrets manager secret ID of the Base64 & PEM encoded TLS private key." } -variable "tfe_license_secret_id" { +variable "registry_username" { default = null type = string - description = "The secrets manager secret ID of the Base64 encoded Terraform Enterprise license." + description = "(Not needed if is_replicated_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." } +variable "registry_password" { + default = null + type = string + description = "(Not needed if is_replicated_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." +} +variable "tfe_image_tag" { + default = "latest" + type = string + description = "(Not needed if is_replicated_deployment is true) The image version of the terraform-enterprise image (e.g. \"1234567\")" +} +variable "tfe_license_secret_id" { + default = null + type = string + description = "The secrets manager secret ID of the Base64 encoded Terraform Enterprise license." +} diff --git a/tests/public-active-active/main.tf b/tests/public-active-active/main.tf index e1502247..870e4a1b 100644 --- a/tests/public-active-active/main.tf +++ b/tests/public-active-active/main.tf @@ -57,4 +57,12 @@ module "public_active_active" { tfe_subdomain = local.test_name asg_tags = local.common_tags + + # FDO Specific Values + is_replicated_deployment = var.is_replicated_deployment + hc_license = var.hc_license + license_reporting_opt_out = true + registry_password = var.registry_password + registry_username = var.registry_username + tfe_image = "quay.io/hashicorp/terraform-enterprise:${var.tfe_image_tag}" } diff --git a/tests/public-active-active/outputs.tf b/tests/public-active-active/outputs.tf index a95d4f76..fc7732cc 100644 --- a/tests/public-active-active/outputs.tf +++ b/tests/public-active-active/outputs.tf @@ -14,7 +14,7 @@ output "tfe_url" { } output "health_check_url" { - value = "${module.public_active_active.tfe_url}/_health_check" + value = module.public_active_active.health_check_url description = "The URL with path to access the TFE instance health check." } diff --git a/tests/public-active-active/variables.tf b/tests/public-active-active/variables.tf index 178f36d6..eef37957 100644 --- a/tests/public-active-active/variables.tf +++ b/tests/public-active-active/variables.tf @@ -22,12 +22,24 @@ variable "domain_name" { description = "Domain for creating the Terraform Enterprise subdomain on." } +variable "hc_license" { + default = null + type = string + description = "(Not needed if is_replicated_deployment is true) The raw TFE license that is validated on application startup." +} + variable "iact_subnet_list" { default = [] description = "A list of CIDR masks that configure the ability to retrieve the IACT from outside the host." type = list(string) } +variable "is_replicated_deployment" { + type = bool + description = "TFE will be installed using a Replicated license and deployment method." + default = true +} + variable "key_name" { description = "The name of the key pair to be used for SSH access to the EC2 instance(s)." type = string @@ -39,10 +51,26 @@ variable "license_file" { description = "The local path to the Terraform Enterprise license to be provided by CI." } +variable "registry_username" { + default = null + type = string + description = "(Not needed if is_replicated_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." +} + +variable "registry_password" { + default = null + type = string + description = "(Not needed if is_replicated_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." +} + +variable "tfe_image_tag" { + default = "latest" + type = string + description = "(Not needed if is_replicated_deployment is true) The image version of the terraform-enterprise image (e.g. \"1234567\")" +} + variable "tfe_license_secret_id" { default = null type = string - description = <<-EOD - The name of the Secrets Manager secret ID of the Base64 encoded Terraform Enterprise license. - EOD + description = "The name of the Secrets Manager secret ID of the Base64 encoded Terraform Enterprise license." } diff --git a/tests/standalone-vault/main.tf b/tests/standalone-vault/main.tf index 320bdb68..df98163c 100644 --- a/tests/standalone-vault/main.tf +++ b/tests/standalone-vault/main.tf @@ -6,7 +6,7 @@ resource "random_string" "friendly_name" { length = 4 upper = false # Some AWS resources do not accept uppercase characters. - number = false + numeric = false special = false } @@ -71,4 +71,12 @@ module "standalone_vault" { extern_vault_namespace = "admin" asg_tags = local.common_tags + + # FDO Specific Values + is_replicated_deployment = var.is_replicated_deployment + hc_license = var.hc_license + license_reporting_opt_out = true + registry_password = var.registry_password + registry_username = var.registry_username + tfe_image = "quay.io/hashicorp/terraform-enterprise:${var.tfe_image_tag}" } diff --git a/tests/standalone-vault/outputs.tf b/tests/standalone-vault/outputs.tf index d1274095..34af7f8a 100644 --- a/tests/standalone-vault/outputs.tf +++ b/tests/standalone-vault/outputs.tf @@ -11,11 +11,17 @@ output "replicated_console_url" { description = "Terraform Enterprise Console URL" } +# Change this to health_check_url for consistency. This requires changing it in ptfe-replicated tests. output "ptfe_health_check" { value = "${module.standalone_vault.tfe_url}/_health_check" description = "The URL with path to access the TFE instance health check." } +output "health_check_url" { + value = module.standalone_vault.health_check_url + description = "The URL with path to access the TFE instance health check." +} + output "replicated_console_password" { value = module.standalone_vault.replicated_dashboard_password description = "The password for the TFE console" diff --git a/tests/standalone-vault/variables.tf b/tests/standalone-vault/variables.tf index cdd3ff3d..36ba7f1e 100644 --- a/tests/standalone-vault/variables.tf +++ b/tests/standalone-vault/variables.tf @@ -22,6 +22,18 @@ variable "domain_name" { description = "Domain for creating the Terraform Enterprise subdomain on." } +variable "hc_license" { + default = null + type = string + description = "(Not needed if is_replicated_deployment is true) The raw TFE license that is validated on application startup." +} + +variable "is_replicated_deployment" { + type = bool + description = "TFE will be installed using a Replicated license and deployment method." + default = true +} + variable "key_name" { default = null description = "The name of the key pair to be used for SSH access to the EC2 instance(s)." @@ -34,6 +46,24 @@ variable "license_file" { description = "The local path to the Terraform Enterprise license to be provided by CI." } +variable "registry_username" { + default = null + type = string + description = "(Not needed if is_replicated_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." +} + +variable "registry_password" { + default = null + type = string + description = "(Not needed if is_replicated_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." +} + +variable "tfe_image_tag" { + default = "latest" + type = string + description = "(Not needed if is_replicated_deployment is true) The image version of the terraform-enterprise image (e.g. \"1234567\")" +} + variable "tfe_license_secret_id" { default = null type = string diff --git a/variables.tf b/variables.tf index 017ee2d3..0b3a5d3c 100644 --- a/variables.tf +++ b/variables.tf @@ -16,29 +16,19 @@ variable "ami_id" { variable "asg_tags" { type = map(string) - description = <:. - Default is 'hashicorp/build-worker:now'. - EOD + description = "The name and tag for your alternative Terraform build worker image in the format :. Default is 'hashicorp/build-worker:now'." } variable "disk_path" { @@ -201,12 +205,7 @@ variable "disk_path" { variable "hairpin_addressing" { default = null type = bool - description = <<-EOD - In some cloud environments, HTTP clients running on instances behind a loadbalancer cannot send - requests to the public hostname of that load balancer. Use this setting to configure TFE services - to redirect requests for the installation's FQDN to the instance's internal IP address. - Defaults to false. - EOD + description = "In some cloud environments, HTTP clients running on instances behind a loadbalancer cannot send requests to the public hostname of that load balancer. Use this setting to configure TFE services to redirect requests for the installation's FQDN to the instance's internal IP address. Defaults to false." } variable "iact_subnet_list" { @@ -224,39 +223,24 @@ variable "iact_subnet_time_limit" { variable "metrics_endpoint_enabled" { default = null type = bool - description = <<-EOD - (Optional) Metrics are used to understand the behavior of Terraform Enterprise and to - troubleshoot and tune performance. Enable an endpoint to expose container metrics. - Defaults to false. - EOD + description = "(Optional) Metrics are used to understand the behavior of Terraform Enterprise and to troubleshoot and tune performance. Enable an endpoint to expose container metrics. Defaults to false." } variable "metrics_endpoint_port_http" { default = null type = number - description = <<-EOD - (Optional when metrics_endpoint_enabled is true.) Defines the TCP port on which HTTP metrics - requests will be handled. - Defaults to 9090. - EOD + description = "(Optional when metrics_endpoint_enabled is true.) Defines the TCP port on which HTTP metrics requests will be handled. Defaults to 9090." } variable "metrics_endpoint_port_https" { default = null type = string - description = <<-EOD - (Optional when metrics_endpoint_enabled is true.) Defines the TCP port on which HTTPS metrics - requests will be handled. - Defaults to 9091. - EOD + description = "(Optional when metrics_endpoint_enabled is true.) Defines the TCP port on which HTTPS metrics requests will be handled. Defaults to 9091." } variable "operational_mode" { default = "external" - description = <<-EOD - A special string to control the operational mode of Terraform Enterprise. Valid values are: "external" for External - Services mode; "disk" for Mounted Disk mode. - EOD + description = "A special string to control the operational mode of Terraform Enterprise. Valid values are: 'external' for External Services mode; 'disk for Mounted Disk mode." type = string validation { @@ -297,6 +281,24 @@ variable "deploy_vpc" { default = true } +variable "enable_ssh" { + type = bool + description = "Whether to open port 22 on the TFE instance for SSH access." + default = false +} + +variable "hc_license" { + default = null + type = string + description = "(Not needed if is_replicated_deployment is true) The raw TFE license that is validated on application startup." +} + +variable "is_replicated_deployment" { + type = bool + description = "TFE will be installed using a Replicated license and deployment method." + default = true +} + variable "network_cidr" { type = string description = "(Optional) CIDR block for VPC." @@ -361,6 +363,12 @@ variable "key_name" { type = string } +variable "license_reporting_opt_out" { + default = false + type = bool + description = "(Not needed if is_replicated_deployment is true) Whether to opt out of reporting licensing information to HashiCorp. Defaults to false." +} + variable "node_count" { type = number default = 2 @@ -375,12 +383,19 @@ variable "node_count" { variable "pg_extra_params" { default = null type = string - description = <<-EOF - Parameter keywords of the form param1=value1¶m2=value2 to support additional options that - may be necessary for your specific PostgreSQL server. Allowed values are documented on the - PostgreSQL site. An additional restriction on the sslmode parameter is that only the require, - verify-full, verify-ca, and disable values are allowed. - EOF + description = "Parameter keywords of the form param1=value1¶m2=value2 to support additional options that may be necessary for your specific PostgreSQL server. Allowed values are documented on the PostgreSQL site. An additional restriction on the sslmode parameter is that only the require, verify-full, verify-ca, and disable values are allowed." +} + +variable "registry_username" { + default = null + type = string + description = "(Not needed if is_replicated_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." +} + +variable "registry_password" { + default = null + type = string + description = "(Not needed if is_replicated_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." } variable "release_sequence" { @@ -389,12 +404,50 @@ variable "release_sequence" { description = "Terraform Enterprise release sequence" } +variable "run_pipeline_image" { + default = null + type = string + description = "(Not needed if is_replicated_deployment is true) Container image used to execute Terraform runs. Leave blank to use the default image that comes with Terraform Enterprise. Defaults to ''." +} + variable "ssl_policy" { type = string default = "ELBSecurityPolicy-2016-08" description = "SSL policy to use on ALB listener" } +variable "tls_ca_bundle_file" { + default = null + type = string + description = "(Not needed if is_replicated_deployment is true) Path to a file containing TLS CA certificates to be added to the OS CA certificates bundle. Leave blank to not add CA certificates to the OS CA certificates bundle. Defaults to ''." +} + +variable "tls_ciphers" { + default = null + type = string + description = "(Not needed if is_replicated_deployment is true) TLS ciphers to use for TLS. Must be valid OpenSSL format. Leave blank to use the default ciphers. Defaults to ''" +} + +variable "tls_version" { + default = null + type = string + description = "(Not needed if is_replicated_deployment is true) TLS version to use. Leave blank to use both TLS v1.2 and TLS v1.3. Defaults to '' if no value is given." + validation { + condition = ( + var.tls_version == null || + var.tls_version == "tls_1_2" || + var.tls_version == "tls_1_3" + ) + error_message = "The tls_version value must be 'tls_1_2', 'tls_1_3', or null." + } +} + +variable "tfe_image" { + default = "quay.io/hashicorp/terraform-enterprise:latest" + type = string + description = "(Not needed if is_replicated_deployment is true) The registry path, image name, and image version (e.g. \"quay.io/hashicorp/terraform-enterprise:1234567\")" +} + variable "tfe_subdomain" { type = string default = "tfe" @@ -406,12 +459,7 @@ variable "tfe_subdomain" { variable "ca_certificate_secret_id" { default = null type = string - description = <<-EOD - A Secrets Manager secret ARN to the secret which contains the Base64 encoded version of - a PEM encoded public certificate of a certificate authority (CA) to be trusted by the EC2 - instance(s). This argument is only required if TLS certificates in the deployment are not - issued by a well-known CA. - EOD + description = "A Secrets Manager secret ARN to the secret which contains the Base64 encoded version of a PEM encoded public certificate of a certificate authority (CA) to be trusted by the EC2 instance(s). This argument is only required if TLS certificates in the deployment are not issued by a well-known CA." } variable "kms_key_arn" { @@ -459,10 +507,7 @@ variable "proxy_port" { variable "trusted_proxies" { default = [] - description = <<-EOD - A list of IP address ranges which will be considered safe to ignore when evaluating the IP addresses of requests like - those made to the IACT endpoint. - EOD + description = "A list of IP address ranges which will be considered safe to ignore when evaluating the IP addresses of requests like those made to the IACT endpoint." type = list(string) } @@ -471,20 +516,13 @@ variable "trusted_proxies" { variable "airgap_url" { default = null type = string - description = <<-EOD - The URL of the storage bucket object that comprises an airgap package. This is only used in development - environments when bootstapping the TFE instance with the airgap package. You would not use this for an - actual airgapped environment. - EOD + description = "The URL of the storage bucket object that comprises an airgap package. This is only used in development environments when bootstapping the TFE instance with the airgap package. You would not use this for an actual airgapped environment." } variable "tfe_license_bootstrap_airgap_package_path" { default = null type = string - description = <<-EOD - (Required if air-gapped installation) The URL of a Replicated airgap package for Terraform - Enterprise. The suggested path is "/var/lib/ptfe/ptfe.airgap". - EOD + description = "(Required if air-gapped installation) The URL of a Replicated airgap package for Terraform Enterprise. The suggested path is '/var/lib/ptfe/ptfe.airgap'." } # Mounted Disk Installations ONLY @@ -510,10 +548,7 @@ variable "ebs_iops" { variable "ebs_renamed_device_name" { type = string default = "nvme1n1" - description = <<-EOD - (Required if Mounted Disk installation) The device name that AWS renames the ebs_device_name to. - See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/device_naming.html for more details. - EOD + description = "(Required if Mounted Disk installation) The device name that AWS renames the ebs_device_name to. See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/device_naming.html for more details." } variable "ebs_volume_size" {