hashicorp · moduli · Apr 23, 2026 · Apr 14, 2026 · Apr 20, 2026
@@ -87,16 +87,14 @@ jobs:
       ENOS_VAR_aws_ssh_keypair_name: ${{ github.event.repository.name }}-ci-ssh-key
       ENOS_VAR_aws_ssh_private_key_path: ./support/private_key.pem
       ENOS_VAR_local_boundary_dir: ./support/boundary
-      ENOS_VAR_local_boundary_src_dir: ${{ github.workspace }}
-      ENOS_VAR_local_boundary_ui_src_dir: ./support/src/boundary-ui
       ENOS_VAR_crt_bundle_path: ./support/boundary.zip
       ENOS_VAR_test_email: ${{ secrets.SERVICE_USER_EMAIL }}
-      ENOS_VAR_boundary_edition: ${{ inputs.edition }}
       ENOS_VAR_boundary_docker_image_file: ./support/boundary_docker_image.tar
       ENOS_VAR_gcp_project_id: ${{ secrets.GCP_PROJECT_ID_CI }}
       ENOS_VAR_gcp_client_email: ${{ secrets.GCP_CLIENT_EMAIL_CI }}
       ENOS_VAR_gcp_private_key_id: ${{ secrets.GCP_PRIVATE_KEY_ID_CI }}
       ENOS_VAR_gcp_private_key: ${{ secrets.GCP_PRIVATE_KEY_CI }}
+      ENOS_VAR_is_ci: true
     steps:
       - name: Checkout
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
@@ -261,12 +259,6 @@ jobs:
 
           # redis
           sudo apt update && sudo apt install -y redis-tools mysql-client
-      - name: Output Terraform version info
-        run: |
-          mkdir -p ./enos/terraform-plugin-cache
-          export ENOS_VAR_enos_user=$GITHUB_ACTOR && \
-          enos scenario check --chdir ./enos ${{ matrix.filter }} && \
-          enos scenario exec --chdir ./enos ${{ matrix.filter }} --cmd "version"
       - name: Determine boundary version to test against previous worker version
         # Resolve the worker version from the previous release line.
         if: contains(matrix.filter, 'e2e_docker_base_with_worker_version')
@@ -299,6 +291,12 @@ jobs:
           fi
 
           echo "ENOS_VAR_worker_version=$previous_version" >> "$GITHUB_ENV"
+      - name: Output Terraform version info
+        run: |
+          mkdir -p ./enos/terraform-plugin-cache
+          export ENOS_VAR_enos_user=$GITHUB_ACTOR && \
+          enos scenario check --chdir ./enos ${{ matrix.filter }} && \
+          enos scenario exec --chdir ./enos ${{ matrix.filter }} --cmd "version"
       - name: Run Enos scenario
         id: run
         # Continue once and retry

@@ -17,29 +17,23 @@ for further information regarding installation, execution, or composing Enos sce
 * Doormat
 ```shell
 brew tap hashicorp/tap
-brew install hashicorp/tap/vault
 brew install hashicorp/tap/terraform
-brew install hashicorp/tap/enos
-brew install coreutils
+brew install hashicorp/tap/vault
+brew install enos coreutils jq
+
+# (Optional)
+export ENOS_VAR_boundary_license=${license_key}
 
-# Install doormat cli
+# Install doormat cli for AWS access
 brew tap hashicorp/security [email protected]:hashicorp/homebrew-security.git
 brew install hashicorp/security/doormat-cli
+
+
+#
+
 ```
 
 * AWS access. HashiCorp Boundary developers should use Doormat.
-* An SSH keypair in the AWS region you wish to run the scenario. You can use
-  doormat to login to the AWS console to create or upload an existing keypair.
-```shell
-# Create a SSH Key Pair
-ssh-keygen -t ed25519 -C "[email protected]"
-
-# <https://doormat.hashicorp.services/>
-# Go to the console for the corresponding AWS account
-# Select the desired AWS region on the top-right
-# Go to EC2 -> Key Pairs -> Actions -> Import Key Pair -> Import public key file (.pub)
-# Note the name of the key pair
-```
 * Boundary CLI installed locally
 
 ### Enos Variables
@@ -57,15 +51,6 @@ See [enos.vars.hcl](./enos.vars.hcl) for complete descriptions of each variable.
 You can either modify `enos.vars.hcl` directly or create your own copy at
 `enos-local.vars.hcl` which gets ignored by git.
 
-### System File Modifications
-
-For docker-based scenarios, you will need to modify `/etc/hosts` to include the
-following lines
-```
-127.0.0.1       localhost       boundary
-127.0.0.1       localhost       worker
-127.0.0.1       localhost       vault
-```
 ### AWS Credentials
 Copy the AWS Account credentials from doormat and set it in the terminal, where the enos commands are run.
 
@@ -210,4 +195,4 @@ This can be done under `Firefox Settings > Privacy & Security > View Certificate
 ```shell
 > sudo cp mycert.crt /usr/local/share/ca-certificates/
 > sudo update-ca-certificates
-```
+```
@@ -25,11 +25,13 @@ variable "boundary_license_path" {
 variable "aws_ssh_keypair_name" {
   description = "Name of the AWS EC2 keypair to use for SSH access"
   type        = string
+  default     = null
 }
 
 variable "aws_ssh_private_key_path" {
   description = "Path to the private key file for the AWS EC2 keypair"
   type        = string
+  default     = null
 }
 
 variable "worker_count" {

@@ -71,6 +71,10 @@ module "generate_aws_host_tag_vars" {
   source = "./modules/generate_aws_host_tag_vars"
 }
 
+module "generate_docker_image_name" {
+  source = "./modules/generate_docker_image_name"
+}
+
 module "aws_iam_setup" {
   source = "./modules/aws_iam_setup"
 }
@@ -221,3 +225,15 @@ module "gcp_target" {
   environment  = var.environment
   enos_user    = var.enos_user
 }
+
+module "get_repo_root" {
+  source = "./modules/get_repo_root"
+}
+
+module "get_binary_path" {
+  source = "./modules/get_binary_path"
+}
+
+module "get_boundary_edition" {
+  source = "./modules/get_boundary_edition"
+}
@@ -28,6 +28,19 @@ scenario "e2e_aws_base_with_vault" {
     }, var.tags)
   }
 
+  step "get_boundary_binary" {
+    skip_step = local.local_boundary_dir != null ? true : false
+    module    = module.get_binary_path
+
+    variables {
+      name = "boundary"
+    }
+  }
+
+  step "get_boundary_edition" {
+    module = module.get_boundary_edition
+  }
+
   step "find_azs" {
     module = module.aws_az_finder
 
@@ -42,12 +55,12 @@ scenario "e2e_aws_base_with_vault" {
   }
 
   step "read_license" {
-    skip_step = var.boundary_edition == "oss"
-    module    = module.read_license
+    module = module.read_license
 
     variables {
       license_path = local.license_path
       license      = var.boundary_license
+      edition      = step.get_boundary_edition.edition
     }
   }
 
@@ -60,7 +73,7 @@ scenario "e2e_aws_base_with_vault" {
 
     variables {
       path    = local.build_path[matrix.builder]
-      edition = var.boundary_edition
+      edition = step.get_boundary_edition.edition
     }
   }
 
@@ -96,7 +109,7 @@ scenario "e2e_aws_base_with_vault" {
     variables {
       boundary_binary_name     = var.boundary_binary_name
       boundary_install_dir     = local.boundary_install_dir
-      boundary_license         = var.boundary_edition != "oss" ? step.read_license.license : null
+      boundary_license         = step.read_license.license
       common_tags              = local.tags
       controller_instance_type = var.controller_instance_type
       controller_count         = var.controller_count
@@ -164,13 +177,13 @@ scenario "e2e_aws_base_with_vault" {
     ]
 
     variables {
+      is_ci                    = var.is_ci
       test_package             = "github.com/hashicorp/boundary/testing/internal/e2e/tests/base_with_vault"
-      debug_no_run             = var.e2e_debug_no_run
       alb_boundary_api_addr    = step.create_boundary_cluster.alb_boundary_api_addr
       auth_method_id           = step.create_boundary_cluster.auth_method_id
       auth_login_name          = step.create_boundary_cluster.auth_login_name
       auth_password            = step.create_boundary_cluster.auth_password
-      local_boundary_dir       = local.local_boundary_dir
+      local_boundary_dir       = local.local_boundary_dir != null ? local.local_boundary_dir : step.get_boundary_binary.path
       aws_ssh_private_key_path = step.generate_ssh_key.private_key_path
       target_address           = step.create_target.target_private_ips[0]
       target_user              = "ubuntu"

@@ -28,6 +28,19 @@ scenario "e2e_aws_base" {
     }, var.tags)
   }
 
+  step "get_boundary_binary" {
+    skip_step = local.local_boundary_dir != null ? true : false
+    module    = module.get_binary_path
+
+    variables {
+      name = "boundary"
+    }
+  }
+
+  step "get_boundary_edition" {
+    module = module.get_boundary_edition
+  }
+
   step "find_azs" {
     module = module.aws_az_finder
 
@@ -41,12 +54,12 @@ scenario "e2e_aws_base" {
   }
 
   step "read_license" {
-    skip_step = var.boundary_edition == "oss"
-    module    = module.read_license
+    module = module.read_license
 
     variables {
       license_path = local.license_path
       license      = var.boundary_license
+      edition      = step.get_boundary_edition.edition
     }
   }
 
@@ -59,7 +72,7 @@ scenario "e2e_aws_base" {
 
     variables {
       path    = local.build_path[matrix.builder]
-      edition = var.boundary_edition
+      edition = step.get_boundary_edition.edition
     }
   }
 
@@ -96,7 +109,7 @@ scenario "e2e_aws_base" {
     variables {
       boundary_binary_name     = var.boundary_binary_name
       boundary_install_dir     = local.boundary_install_dir
-      boundary_license         = var.boundary_edition != "oss" ? step.read_license.license : null
+      boundary_license         = step.read_license.license
       common_tags              = local.tags
       controller_instance_type = var.controller_instance_type
       controller_count         = var.controller_count
@@ -142,13 +155,13 @@ scenario "e2e_aws_base" {
     ]
 
     variables {
+      is_ci                    = var.is_ci
       test_package             = "github.com/hashicorp/boundary/testing/internal/e2e/tests/base"
-      debug_no_run             = var.e2e_debug_no_run
       alb_boundary_api_addr    = step.create_boundary_cluster.alb_boundary_api_addr
       auth_method_id           = step.create_boundary_cluster.auth_method_id
       auth_login_name          = step.create_boundary_cluster.auth_login_name
       auth_password            = step.create_boundary_cluster.auth_password
-      local_boundary_dir       = local.local_boundary_dir
+      local_boundary_dir       = local.local_boundary_dir != null ? local.local_boundary_dir : step.get_boundary_binary.path
       aws_ssh_private_key_path = step.generate_ssh_key.private_key_path
       target_address           = step.create_target.target_private_ips[0]
       target_user              = "ubuntu"

@@ -26,7 +26,6 @@ scenario "e2e_aws_rdp_base" {
     aws_ssh_private_key_path = var.aws_ssh_private_key_path != null ? abspath(var.aws_ssh_private_key_path) : null
     boundary_install_dir     = abspath(var.boundary_install_dir)
     local_boundary_dir       = var.local_boundary_dir != null ? abspath(var.local_boundary_dir) : null
-    local_boundary_src_dir   = var.local_boundary_src_dir != null ? abspath(var.local_boundary_src_dir) : null
     boundary_license_path    = abspath(var.boundary_license_path != null ? var.boundary_license_path : joinpath(path.root, "./support/boundary.hclic"))
     ip_version               = "4"
 
@@ -49,6 +48,23 @@ scenario "e2e_aws_rdp_base" {
     collocated_tag = "collocated"
   }
 
+  step "get_repo_root" {
+    module = module.get_repo_root
+  }
+
+  step "get_boundary_binary" {
+    skip_step = local.local_boundary_dir != null ? true : false
+    module    = module.get_binary_path
+
+    variables {
+      name = "boundary"
+    }
+  }
+
+  step "get_boundary_edition" {
+    module = module.get_boundary_edition
+  }
+
   step "find_azs" {
     module = module.aws_az_finder
 
@@ -87,7 +103,7 @@ scenario "e2e_aws_rdp_base" {
 
     variables {
       path    = local.build_path_linux[matrix.builder]
-      edition = var.boundary_edition
+      edition = step.get_boundary_edition.edition
     }
   }
 
@@ -100,7 +116,7 @@ scenario "e2e_aws_rdp_base" {
 
     variables {
       path          = local.build_path_windows[matrix.builder]
-      edition       = var.boundary_edition
+      edition       = step.get_boundary_edition.edition
       goos          = "windows"
       build_target  = "build"
       artifact_name = "boundary_windows"
@@ -120,7 +136,7 @@ scenario "e2e_aws_rdp_base" {
       vpc_id                = step.create_base_infra.vpc_id
       client_version        = matrix.client
       boundary_cli_zip_path = step.build_boundary_windows.artifact_path
-      boundary_src_path     = local.local_boundary_src_dir
+      boundary_src_path     = step.get_repo_root.path
       github_token          = var.github_token
       ip_version            = local.ip_version
       vault_version         = var.vault_version
@@ -132,6 +148,8 @@ scenario "e2e_aws_rdp_base" {
 
     variables {
       license_path = local.boundary_license_path
+      license      = var.boundary_license
+      edition      = step.get_boundary_edition.edition
     }
   }
 
@@ -193,7 +211,7 @@ scenario "e2e_aws_rdp_base" {
     variables {
       boundary_binary_name        = var.boundary_binary_name
       boundary_install_dir        = local.boundary_install_dir
-      boundary_license            = var.boundary_edition != "oss" ? step.read_boundary_license.license : null
+      boundary_license            = step.read_boundary_license.license
       common_tags                 = local.tags
       controller_instance_type    = var.controller_instance_type
       controller_count            = var.controller_count
@@ -310,12 +328,11 @@ scenario "e2e_aws_rdp_base" {
 
     variables {
       test_package                             = ""
-      debug_no_run                             = true
       alb_boundary_api_addr                    = step.create_boundary_cluster.alb_boundary_api_addr
       auth_method_id                           = step.create_boundary_cluster.auth_method_id
       auth_login_name                          = step.create_boundary_cluster.auth_login_name
       auth_password                            = step.create_boundary_cluster.auth_password
-      local_boundary_dir                       = local.local_boundary_dir
+      local_boundary_dir                       = local.local_boundary_dir != null ? local.local_boundary_dir : step.get_boundary_binary.path
       aws_ssh_private_key_path                 = step.generate_ssh_key.private_key_path
       target_user                              = "ubuntu"
       target_port                              = "22"