mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-25 08:31:09 +02:00
a46def288f
Add support for testing Vault Enterprise with HA seal support by adding a new `seal_ha` scenario that configures more than one seal type for a Vault cluster. We also extend existing scenarios to support testing with or without the Seal HA code path enabled. * Extract starting vault into a separate enos module to allow for better handling of complex clusters that need to be started more than once. * Extract seal key creation into a separate module and provide it to target modules. This allows us to create more than one seal key and associate it with instances. This also allows us to forego creating keys when using shamir seals. * [QT-615] Add support for configuring more that one seal type to `vault_cluster` module. * [QT-616] Add `seal_ha` scenario * [QT-625] Add `seal_ha_beta` variant to existing scenarios to test with both code paths. * Unpin action-setup-terraform * Add `kms:TagResource` to service user IAM profile Signed-off-by: Ryan Cragun <me@ryan.ec>
102 lines
2.6 KiB
HCL
102 lines
2.6 KiB
HCL
# Copyright (c) HashiCorp, Inc.
|
|
# SPDX-License-Identifier: BUSL-1.1
|
|
|
|
variable "ami_id" {
|
|
description = "The machine image identifier"
|
|
type = string
|
|
}
|
|
|
|
variable "cluster_name" {
|
|
type = string
|
|
description = "A unique cluster identifier"
|
|
default = null
|
|
}
|
|
|
|
variable "cluster_tag_key" {
|
|
type = string
|
|
description = "The key name for the cluster tag"
|
|
default = "TargetCluster"
|
|
}
|
|
|
|
variable "common_tags" {
|
|
description = "Common tags for cloud resources"
|
|
type = map(string)
|
|
default = {
|
|
Project = "vault-ci"
|
|
}
|
|
}
|
|
|
|
variable "instance_mem_min" {
|
|
description = "The minimum amount of memory in mebibytes for each instance in the fleet. (1 MiB = 1024 bytes)"
|
|
type = number
|
|
default = 4096 // ~4 GB
|
|
}
|
|
|
|
variable "instance_mem_max" {
|
|
description = "The maximum amount of memory in mebibytes for each instance in the fleet. (1 MiB = 1024 bytes)"
|
|
type = number
|
|
default = 16385 // ~16 GB
|
|
}
|
|
|
|
variable "instance_cpu_min" {
|
|
description = "The minimum number of vCPU's for each instance in the fleet"
|
|
type = number
|
|
default = 2
|
|
}
|
|
|
|
variable "instance_cpu_max" {
|
|
description = "The maximum number of vCPU's for each instance in the fleet"
|
|
type = number
|
|
default = 8 // Unlikely we'll ever get that high due to spot price bid protection
|
|
}
|
|
|
|
variable "instance_count" {
|
|
description = "The number of target instances to create"
|
|
type = number
|
|
default = 3
|
|
}
|
|
|
|
variable "max_price" {
|
|
description = "The maximum hourly price to pay for each target instance"
|
|
type = string
|
|
default = "0.0416"
|
|
}
|
|
|
|
variable "project_name" {
|
|
description = "A unique project name"
|
|
type = string
|
|
}
|
|
|
|
variable "seal_key_names" {
|
|
type = list(string)
|
|
description = "The key management seal key names"
|
|
default = null
|
|
}
|
|
|
|
variable "ssh_allow_ips" {
|
|
description = "Allowlisted IP addresses for SSH access to target nodes. The IP address of the machine running Enos will automatically allowlisted"
|
|
type = list(string)
|
|
default = []
|
|
}
|
|
|
|
variable "ssh_keypair" {
|
|
description = "SSH keypair used to connect to EC2 instances"
|
|
type = string
|
|
}
|
|
|
|
variable "capacity_type" {
|
|
description = "What capacity type to use for EC2 instances"
|
|
type = string
|
|
default = "on-demand"
|
|
|
|
validation {
|
|
condition = contains(["on-demand", "spot"], var.capacity_type)
|
|
error_message = "The capacity_type must be either 'on-demand' or 'spot'."
|
|
}
|
|
}
|
|
|
|
variable "vpc_id" {
|
|
description = "The identifier of the VPC where the target instances will be created"
|
|
type = string
|
|
}
|