From 9154f025fd50ed20d5444f7106e7e996d848a7fd Mon Sep 17 00:00:00 2001
From: Michael Li <michael.li@hashicorp.com>
Date: Fri, 19 Sep 2025 13:28:01 -0400
Subject: [PATCH] chore(e2e): Update windows worker module to support other
 configs

---
 .../aws_rdp_member_server_with_worker/main.tf | 11 ++--
 .../scripts/worker.hcl                        |  4 +-
 .../scripts/worker_hcp_bsr.hcl                | 59 +++++++++++++++++++
 .../variables.tf                              | 19 +++++-
 4 files changed, 85 insertions(+), 8 deletions(-)
 create mode 100644 enos/modules/aws_rdp_member_server_with_worker/scripts/worker_hcp_bsr.hcl

diff --git a/enos/modules/aws_rdp_member_server_with_worker/main.tf b/enos/modules/aws_rdp_member_server_with_worker/main.tf
index eb31700dd9..7cf965b37b 100644
--- a/enos/modules/aws_rdp_member_server_with_worker/main.tf
+++ b/enos/modules/aws_rdp_member_server_with_worker/main.tf
@@ -311,11 +311,12 @@ resource "local_file" "worker_config" {
     enos_local_exec.add_boundary_cli,
   ]
   content = templatefile("${path.module}/scripts/worker.hcl", {
-    controller_ip    = var.controller_ip
-    aws_kms_key      = data.aws_kms_key.kms_key.id
-    aws_region       = var.aws_region
-    worker_public_ip = aws_instance.worker.public_ip
-    test_dir         = local.test_dir
+    controller_ip           = var.controller_ip
+    aws_kms_key             = data.aws_kms_key.kms_key.id
+    aws_region              = var.aws_region
+    worker_public_ip        = aws_instance.worker.public_ip
+    test_dir                = local.test_dir
+    hcp_boundary_cluster_id = var.hcp_boundary_cluster_id
   })
   filename = "${path.root}/.terraform/tmp/worker.hcl"
 }
diff --git a/enos/modules/aws_rdp_member_server_with_worker/scripts/worker.hcl b/enos/modules/aws_rdp_member_server_with_worker/scripts/worker.hcl
index c818d4db30..23526d2b27 100644
--- a/enos/modules/aws_rdp_member_server_with_worker/scripts/worker.hcl
+++ b/enos/modules/aws_rdp_member_server_with_worker/scripts/worker.hcl
@@ -4,7 +4,7 @@
 # disable memory from being swapped to disk
 disable_mlock = true
 
-# Increase log level for debuggin
+# Increase log level for debugging
 log_level = "debug"
 
 # listener denoting this is a worker proxy
@@ -20,7 +20,7 @@ worker {
   name = "win-worker-0"
   initial_upstreams = ["[${controller_ip}]:9201"]
   tags {
-    type = ["worker", "egress", "windows"]
+    type = ["worker", "rdp", "windows"]
   }
 }
 
diff --git a/enos/modules/aws_rdp_member_server_with_worker/scripts/worker_hcp_bsr.hcl b/enos/modules/aws_rdp_member_server_with_worker/scripts/worker_hcp_bsr.hcl
new file mode 100644
index 0000000000..026725a4b1
--- /dev/null
+++ b/enos/modules/aws_rdp_member_server_with_worker/scripts/worker_hcp_bsr.hcl
@@ -0,0 +1,59 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+# disable memory from being swapped to disk
+disable_mlock = true
+
+# Increase log level for debugging
+log_level = "debug"
+
+# listener denoting this is a worker proxy
+listener "tcp" {
+  address = "0.0.0.0:9202"
+  purpose = "proxy"
+}
+
+hcp_boundary_cluster_id = "${hcp_boundary_cluster_id}"
+
+# worker block for configuring the specifics of the
+# worker service
+worker {
+  public_addr = "${worker_public_ip}"
+  tags {
+    type = ["worker", "rdp", "windows"]
+  }
+
+  auth_storage_path = "${test_dir}/worker"
+  recording_storage_path = "${test_dir}/recordings"
+}
+
+# Events (logging) configuration. This
+# configures logging for ALL events to both
+# stderr and a file at ${test_dir}<boundary_use>.log
+events {
+  audit_enabled       = true
+  sysevents_enabled   = true
+  observations_enable = true
+  sink "stderr" {
+    name = "all-events"
+    description = "All events sent to stderr"
+    event_types = ["*"]
+    format = "cloudevents-json"
+  }
+  sink {
+    name = "file-sink"
+    description = "All events sent to a file"
+    event_types = ["*"]
+    format = "cloudevents-json"
+    file {
+      path = "${test_dir}"
+      file_name = "worker.log"
+    }
+    audit_config {
+      audit_filter_overrides {
+        sensitive = "redact"
+        secret    = "redact"
+      }
+    }
+  }
+}
diff --git a/enos/modules/aws_rdp_member_server_with_worker/variables.tf b/enos/modules/aws_rdp_member_server_with_worker/variables.tf
index 58744f6b46..7bf52cefb5 100644
--- a/enos/modules/aws_rdp_member_server_with_worker/variables.tf
+++ b/enos/modules/aws_rdp_member_server_with_worker/variables.tf
@@ -109,4 +109,21 @@ variable "domain_controller_private_key" {
 variable "domain_controller_sec_group_id_list" {
   type        = list(any)
   description = "ID's of AWS Network Security Groups created during creation of the domain controller."
-}
\ No newline at end of file
+}
+
+# =================================================================
+# Boundary Worker Configuration
+# =================================================================
+variable "worker_config_file_path" {
+  description = "Path to config file to use (relative to module directory)"
+  type        = string
+  default     = "scripts/worker.hcl"
+}
+
+variable "hcp_boundary_cluster_id" {
+  description = "ID of the Boundary cluster in HCP"
+  type        = string
+  default     = ""
+  // If using HCP int, ensure that the cluster id starts with "int-"
+  // Example: "int-19283a-123123-..."
+}