move the creation of the ssh agent to the parent function so that defer works properly

Signed-off-by: matttrach <matttrach@gmail.com>
2023-08-28 11:47:04 -05:00 · 2023-08-28 11:47:04 -05:00 · 0466179366
parent 47c29b906d
commit 0466179366
23 changed files with 486 additions and 24 deletions
--- a/examples/securitygroups/egress/README.md
+++ b/examples/securitygroups/egress/README.md
@ -0,0 +1,16 @@
+# Egress Security Group Example
+
+This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform.
+If you would like to test this example go to the ./tests directory and run the test with `go test`
+
+This is an example of using this module to deploy a small sles15 server on AWS with the "egress" security group type.
+
+## Security Group Type
+
+We provide a selection of security group "types" which produces archetypical objects in AWS.
+
+The basic security group adds the single IP of the server running Terraform, allowing it access to the server created for the purpose of validation and configuration, we call this type "specific".
+
+The next security group adds to the "specific" group by adding rules to allow for internal subnet traffic, in this type the subnet cidr is allowed for both ingress and egress. This type is called "internal".
+
+The next security group duplicates the "internal" type, then adds rules to allow egress only to the public internet. This is helpful if you want to be able to upgrade your server, or if you need your server to be able to download packages from the internet, but you don't want the public internet to be able to initiate connections with your server. Thie type is called "egress", and is the type selected for this example.
--- a/examples/securitygroups/egress/main.tf
+++ b/examples/securitygroups/egress/main.tf
@ -0,0 +1,37 @@
+locals {
+  category       = "securitygroups"
+  example        = "egress"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "sles-15"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.name
+  security_group_type = "egress"
+  ssh_key_name        = local.key_name
+}
+
+module "TestEgress" {
+  depends_on = [
+    module.aws_access,
+  ]
+  source                     = "../../../"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
+  server_type                = "small"
+  server_user                = local.username
+  server_ssh_key             = module.aws_access.ssh_key.public_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group_name
+}
--- a/examples/securitygroups/egress/variables.tf
+++ b/examples/securitygroups/egress/variables.tf
@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
--- a/examples/securitygroups/egress/versions.tf
+++ b/examples/securitygroups/egress/versions.tf
@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0, < 1.6"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
--- a/examples/securitygroups/internal/README.md
+++ b/examples/securitygroups/internal/README.md
@ -0,0 +1,14 @@
+# Internal Security Group Example
+
+This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform.
+If you would like to test this example go to the ./tests directory and run the test with `go test`
+
+This is an example of using this module to deploy a small sles15 server on AWS with the "egress" security group type.
+
+## Security Group Type
+
+We provide a selection of security group "types" which produces archetypical objects in AWS.
+
+The basic security group adds the single IP of the server running Terraform, allowing it access to the server created for the purpose of validation and configuration, we call this type "specific".
+
+The next security group adds to the "specific" group by adding rules to allow for internal subnet traffic, in this type the subnet cidr is allowed for both ingress and egress. This type is called "internal", and is the type selected for this example.
--- a/examples/securitygroups/internal/main.tf
+++ b/examples/securitygroups/internal/main.tf
@ -0,0 +1,37 @@
+locals {
+  category       = "securitygroups"
+  example        = "internal"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "sles-15"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.name
+  security_group_type = "internal"
+  ssh_key_name        = local.key_name
+}
+
+module "TestInternal" {
+  depends_on = [
+    module.aws_access,
+  ]
+  source                     = "../../../"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
+  server_type                = "small"
+  server_user                = local.username
+  server_ssh_key             = module.aws_access.ssh_key.public_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group_name
+}
--- a/examples/securitygroups/internal/variables.tf
+++ b/examples/securitygroups/internal/variables.tf
@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
--- a/examples/securitygroups/internal/versions.tf
+++ b/examples/securitygroups/internal/versions.tf
@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0, < 1.6"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
--- a/examples/securitygroups/public/README.md
+++ b/examples/securitygroups/public/README.md
@ -0,0 +1,18 @@
+# Public Security Group Example
+
+This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform.
+If you would like to test this example go to the ./tests directory and run the test with `go test`
+
+This is an example of using this module to deploy a small sles15 server on AWS with the "egress" security group type.
+
+## Security Group Type
+
+We provide a selection of security group "types" which produces archetypical objects in AWS.
+
+The basic security group adds the single IP of the server running Terraform, allowing it access to the server created for the purpose of validation and configuration, we call this type "specific".
+
+The next security group adds to the "specific" group by adding rules to allow for internal subnet traffic, in this type the subnet cidr is allowed for both ingress and egress. This type is called "internal".
+
+The next security group duplicates the "internal" type, then adds rules to allow egress only to the public internet. This is helpful if you want to be able to upgrade your server, or if you need your server to be able to download packages from the internet, but you don't want the public internet to be able to initiate connections with your server. This type is called "egress".
+
+The final, and most permissive security group type is called "public". This adds to the "egress" rule set allowing public access from any IP. This essentially opens your server up to the general public, and is the type selected for this example.
--- a/examples/securitygroups/public/main.tf
+++ b/examples/securitygroups/public/main.tf
@ -0,0 +1,37 @@
+locals {
+  category       = "securitygroups"
+  example        = "public"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "sles-15"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.name
+  security_group_type = "public"
+  ssh_key_name        = local.key_name
+}
+
+module "TestPublic" {
+  depends_on = [
+    module.aws_access,
+  ]
+  source                     = "../../../"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
+  server_type                = "small"
+  server_user                = local.username
+  server_ssh_key             = module.aws_access.ssh_key.public_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group_name
+}
--- a/examples/securitygroups/public/variables.tf
+++ b/examples/securitygroups/public/variables.tf
@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
--- a/examples/securitygroups/public/versions.tf
+++ b/examples/securitygroups/public/versions.tf
@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0, < 1.6"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
--- a/examples/securitygroups/specific/README.md
+++ b/examples/securitygroups/specific/README.md
@ -0,0 +1,12 @@
+# Specific Security Group Example
+
+This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform.
+If you would like to test this example go to the ./tests directory and run the test with `go test`
+
+This is an example of using this module to deploy a small sles15 server on AWS with the "egress" security group type.
+
+## Security Group Type
+
+We provide a selection of security group "types" which produces archetypical objects in AWS.
+
+The basic security group adds the single IP of the server running Terraform, allowing it access to the server created for the purpose of validation and configuration, we call this type "specific". This is the type selected for this example.
--- a/examples/securitygroups/specific/main.tf
+++ b/examples/securitygroups/specific/main.tf
@ -0,0 +1,37 @@
+locals {
+  category       = "securitygroups"
+  example        = "specific"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "sles-15"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.name
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}
+
+module "TestSpecific" {
+  depends_on = [
+    module.aws_access,
+  ]
+  source                     = "../../../"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
+  server_type                = "small"
+  server_user                = local.username
+  server_ssh_key             = module.aws_access.ssh_key.public_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group_name
+}
--- a/examples/securitygroups/specific/variables.tf
+++ b/examples/securitygroups/specific/variables.tf
@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
--- a/examples/securitygroups/specific/versions.tf
+++ b/examples/securitygroups/specific/versions.tf
@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0, < 1.6"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
--- a/tests/basic_test.go
+++ b/tests/basic_test.go
@ -3,6 +3,7 @@ package test
 import (
 	"testing"

+	"github.com/gruntwork-io/terratest/modules/ssh"
 	"github.com/gruntwork-io/terratest/modules/terraform"
 )

@ -12,7 +13,12 @@ func TestBasic(t *testing.T) {
 	directory := "basic"
 	region := "us-west-1"
 	owner := "terraform-ci@suse.com"
-	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	terraformOptions, keyPair := setup(t, category, directory, region, owner)
+
+	sshAgent := ssh.SshAgentWithKeyPair(t, keyPair.KeyPair)
+	defer sshAgent.Stop()
+	terraformOptions.SshAgent = sshAgent
+
 	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
--- a/tests/os_test.go
+++ b/tests/os_test.go
@ -3,6 +3,7 @@ package test
 import (
 	"testing"

+	"github.com/gruntwork-io/terratest/modules/ssh"
 	"github.com/gruntwork-io/terratest/modules/terraform"
 )

@ -12,7 +13,13 @@ func TestCis(t *testing.T) {
 	directory := "cis"
 	region := "us-west-1"
 	owner := "terraform-ci@suse.com"
-	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+
+	terraformOptions, keyPair := setup(t, category, directory, region, owner)
+
+	sshAgent := ssh.SshAgentWithKeyPair(t, keyPair.KeyPair)
+	defer sshAgent.Stop()
+	terraformOptions.SshAgent = sshAgent
+
 	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
@ -24,7 +31,11 @@ func TestSles15(t *testing.T) {
 	directory := "sles15"
 	region := "us-west-1"
 	owner := "terraform-ci@suse.com"
-	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	terraformOptions, keyPair := setup(t, category, directory, region, owner)
+
+	sshAgent := ssh.SshAgentWithKeyPair(t, keyPair.KeyPair)
+	defer sshAgent.Stop()
+	terraformOptions.SshAgent = sshAgent
 	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
@ -36,7 +47,11 @@ func TestRocky8(t *testing.T) {
 	directory := "rocky8"
 	region := "us-west-1"
 	owner := "terraform-ci@suse.com"
-	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	terraformOptions, keyPair := setup(t, category, directory, region, owner)
+
+	sshAgent := ssh.SshAgentWithKeyPair(t, keyPair.KeyPair)
+	defer sshAgent.Stop()
+	terraformOptions.SshAgent = sshAgent
 	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
@ -48,7 +63,11 @@ func TestRhel8(t *testing.T) {
 	directory := "rhel8"
 	region := "us-west-1"
 	owner := "terraform-ci@suse.com"
-	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	terraformOptions, keyPair := setup(t, category, directory, region, owner)
+
+	sshAgent := ssh.SshAgentWithKeyPair(t, keyPair.KeyPair)
+	defer sshAgent.Stop()
+	terraformOptions.SshAgent = sshAgent
 	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
@ -60,7 +79,11 @@ func TestUbuntu20(t *testing.T) {
 	directory := "ubuntu20"
 	region := "us-west-1"
 	owner := "terraform-ci@suse.com"
-	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	terraformOptions, keyPair := setup(t, category, directory, region, owner)
+
+	sshAgent := ssh.SshAgentWithKeyPair(t, keyPair.KeyPair)
+	defer sshAgent.Stop()
+	terraformOptions.SshAgent = sshAgent
 	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
@ -72,7 +95,11 @@ func TestUbuntu22(t *testing.T) {
 	directory := "ubuntu22"
 	region := "us-west-1"
 	owner := "terraform-ci@suse.com"
-	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	terraformOptions, keyPair := setup(t, category, directory, region, owner)
+
+	sshAgent := ssh.SshAgentWithKeyPair(t, keyPair.KeyPair)
+	defer sshAgent.Stop()
+	terraformOptions.SshAgent = sshAgent
 	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
--- a/tests/overrides_test.go
+++ b/tests/overrides_test.go
@ -4,6 +4,7 @@ import (
 	"fmt"
 	"testing"

+	"github.com/gruntwork-io/terratest/modules/ssh"
 	"github.com/gruntwork-io/terratest/modules/terraform"
 )

@ -14,7 +15,11 @@ func TestServerOnly(t *testing.T) {
 	directory := "server_only"
 	region := "us-west-1"
 	owner := "terraform-ci@suse.com"
-	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	terraformOptions, keyPair := setup(t, category, directory, region, owner)
+
+	sshAgent := ssh.SshAgentWithKeyPair(t, keyPair.KeyPair)
+	defer sshAgent.Stop()
+	terraformOptions.SshAgent = sshAgent
 	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
--- a/tests/region_test.go
+++ b/tests/region_test.go
@ -1,8 +1,10 @@
 package test

 import (
-	"github.com/gruntwork-io/terratest/modules/terraform"
 	"testing"
+
+	"github.com/gruntwork-io/terratest/modules/ssh"
+	"github.com/gruntwork-io/terratest/modules/terraform"
 )

 func TestUsEast1(t *testing.T) {
@ -12,7 +14,11 @@ func TestUsEast1(t *testing.T) {
 	directory := "useast1"
 	region := "us-east-1"
 	owner := "terraform-ci@suse.com"
-	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	terraformOptions, keyPair := setup(t, category, directory, region, owner)
+
+	sshAgent := ssh.SshAgentWithKeyPair(t, keyPair.KeyPair)
+	defer sshAgent.Stop()
+	terraformOptions.SshAgent = sshAgent
 	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
@ -24,7 +30,11 @@ func TestUsEast2(t *testing.T) {
 	directory := "useast2"
 	region := "us-east-2"
 	owner := "terraform-ci@suse.com"
-	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	terraformOptions, keyPair := setup(t, category, directory, region, owner)
+
+	sshAgent := ssh.SshAgentWithKeyPair(t, keyPair.KeyPair)
+	defer sshAgent.Stop()
+	terraformOptions.SshAgent = sshAgent
 	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
@ -36,7 +46,11 @@ func TestUsWest1(t *testing.T) {
 	directory := "uswest1"
 	region := "us-west-1"
 	owner := "terraform-ci@suse.com"
-	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	terraformOptions, keyPair := setup(t, category, directory, region, owner)
+
+	sshAgent := ssh.SshAgentWithKeyPair(t, keyPair.KeyPair)
+	defer sshAgent.Stop()
+	terraformOptions.SshAgent = sshAgent
 	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
@ -48,7 +62,11 @@ func TestUsWest2(t *testing.T) {
 	directory := "uswest2"
 	region := "us-west-2"
 	owner := "terraform-ci@suse.com"
-	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	terraformOptions, keyPair := setup(t, category, directory, region, owner)
+
+	sshAgent := ssh.SshAgentWithKeyPair(t, keyPair.KeyPair)
+	defer sshAgent.Stop()
+	terraformOptions.SshAgent = sshAgent
 	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
--- a/tests/securitygroup_test.go
+++ b/tests/securitygroup_test.go
@ -0,0 +1,73 @@
+package test
+
+import (
+	"testing"
+
+	"github.com/gruntwork-io/terratest/modules/ssh"
+	"github.com/gruntwork-io/terratest/modules/terraform"
+)
+
+func TestSpecific(t *testing.T) {
+	// in this test we are going to create a small server
+	t.Parallel()
+	category := "securitygroups"
+	directory := "specific"
+	region := "us-west-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair := setup(t, category, directory, region, owner)
+
+	sshAgent := ssh.SshAgentWithKeyPair(t, keyPair.KeyPair)
+	defer sshAgent.Stop()
+	terraformOptions.SshAgent = sshAgent
+	defer teardown(t, category, directory, keyPair, sshAgent)
+	defer terraform.Destroy(t, terraformOptions)
+	terraform.InitAndApply(t, terraformOptions)
+}
+func TestInternal(t *testing.T) {
+	// in this test we are going to create a medium server
+	t.Parallel()
+	category := "securitygroups"
+	directory := "internal"
+	region := "us-west-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair := setup(t, category, directory, region, owner)
+
+	sshAgent := ssh.SshAgentWithKeyPair(t, keyPair.KeyPair)
+	defer sshAgent.Stop()
+	terraformOptions.SshAgent = sshAgent
+	defer teardown(t, category, directory, keyPair, sshAgent)
+	defer terraform.Destroy(t, terraformOptions)
+	terraform.InitAndApply(t, terraformOptions)
+}
+func TestEgress(t *testing.T) {
+	// in this test we are going to create a large server
+	t.Parallel()
+	category := "securitygroups"
+	directory := "egress"
+	region := "us-west-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair := setup(t, category, directory, region, owner)
+
+	sshAgent := ssh.SshAgentWithKeyPair(t, keyPair.KeyPair)
+	defer sshAgent.Stop()
+	terraformOptions.SshAgent = sshAgent
+	defer teardown(t, category, directory, keyPair, sshAgent)
+	defer terraform.Destroy(t, terraformOptions)
+	terraform.InitAndApply(t, terraformOptions)
+}
+func TestPublic(t *testing.T) {
+	// in this test we are going to create a extra large server
+	t.Parallel()
+	category := "securitygroups"
+	directory := "public"
+	region := "us-west-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair := setup(t, category, directory, region, owner)
+
+	sshAgent := ssh.SshAgentWithKeyPair(t, keyPair.KeyPair)
+	defer sshAgent.Stop()
+	terraformOptions.SshAgent = sshAgent
+	defer teardown(t, category, directory, keyPair, sshAgent)
+	defer terraform.Destroy(t, terraformOptions)
+	terraform.InitAndApply(t, terraformOptions)
+}
--- a/tests/size_test.go
+++ b/tests/size_test.go
@ -3,6 +3,7 @@ package test
 import (
 	"testing"

+	"github.com/gruntwork-io/terratest/modules/ssh"
 	"github.com/gruntwork-io/terratest/modules/terraform"
 )

@ -13,7 +14,11 @@ func TestSmall(t *testing.T) {
 	directory := "small"
 	region := "us-west-1"
 	owner := "terraform-ci@suse.com"
-	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	terraformOptions, keyPair := setup(t, category, directory, region, owner)
+
+	sshAgent := ssh.SshAgentWithKeyPair(t, keyPair.KeyPair)
+	defer sshAgent.Stop()
+	terraformOptions.SshAgent = sshAgent
 	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
@ -25,7 +30,11 @@ func TestMedium(t *testing.T) {
 	directory := "medium"
 	region := "us-west-1"
 	owner := "terraform-ci@suse.com"
-	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	terraformOptions, keyPair := setup(t, category, directory, region, owner)
+
+	sshAgent := ssh.SshAgentWithKeyPair(t, keyPair.KeyPair)
+	defer sshAgent.Stop()
+	terraformOptions.SshAgent = sshAgent
 	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
@ -37,7 +46,11 @@ func TestLarge(t *testing.T) {
 	directory := "large"
 	region := "us-west-1"
 	owner := "terraform-ci@suse.com"
-	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	terraformOptions, keyPair := setup(t, category, directory, region, owner)
+
+	sshAgent := ssh.SshAgentWithKeyPair(t, keyPair.KeyPair)
+	defer sshAgent.Stop()
+	terraformOptions.SshAgent = sshAgent
 	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
@ -49,7 +62,11 @@ func TestXl(t *testing.T) {
 	directory := "xl"
 	region := "us-west-1"
 	owner := "terraform-ci@suse.com"
-	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	terraformOptions, keyPair := setup(t, category, directory, region, owner)
+
+	sshAgent := ssh.SshAgentWithKeyPair(t, keyPair.KeyPair)
+	defer sshAgent.Stop()
+	terraformOptions.SshAgent = sshAgent
 	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
@ -61,7 +78,11 @@ func TestXxl(t *testing.T) {
 	directory := "xxl"
 	region := "us-west-1"
 	owner := "terraform-ci@suse.com"
-	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	terraformOptions, keyPair := setup(t, category, directory, region, owner)
+
+	sshAgent := ssh.SshAgentWithKeyPair(t, keyPair.KeyPair)
+	defer sshAgent.Stop()
+	terraformOptions.SshAgent = sshAgent
 	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
--- a/tests/util_test.go
+++ b/tests/util_test.go
@ -21,7 +21,7 @@ func teardown(t *testing.T, category string, directory string, keyPair *aws.Ec2K
 	sshAgent.Stop()
 }

-func setup(t *testing.T, category string, directory string, region string, owner string) (*terraform.Options, *aws.Ec2Keypair, *ssh.SshAgent) {
+func setup(t *testing.T, category string, directory string, region string, owner string) (*terraform.Options, *aws.Ec2Keypair) {
 	uniqueID := random.UniqueId()

 	// Create an EC2 KeyPair that we can use for SSH access
@ -40,9 +40,6 @@ func setup(t *testing.T, category string, directory string, region string, owner

 	aws.AddTagsToResource(t, region, *result.KeyPairs[0].KeyPairId, map[string]string{"Name": keyPairName, "Owner": owner})

-	// start an SSH agent, with our key pair added
-	sshAgent := ssh.SshAgentWithKeyPair(t, keyPair.KeyPair)
-
 	retryableTerraformErrors := map[string]string{
 		// The reason is unknown, but eventually these succeed after a few retries.
 		".*unable to verify signature.*":             "Failed due to transient network error.",
@ -64,8 +61,7 @@ func setup(t *testing.T, category string, directory string, region string, owner
 		EnvVars: map[string]string{
 			"AWS_DEFAULT_REGION": region,
 		},
-		SshAgent:                 sshAgent, // Overrides local SSH agent with our new agent
 		RetryableTerraformErrors: retryableTerraformErrors,
 	})
-	return terraformOptions, keyPair, sshAgent
+	return terraformOptions, keyPair
 }