feat: Output the pre-shared tunnel keys even when they are auto-generated #89
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… VPN tunnel. This is useful in cases where the caller didnt specify an PSK and AWS auto-generated them. This allows the user to be able to get access to the PSK for further terraform actions, providers or secrets
cdsre
changed the title
cdsre
changed the title
cdsre
changed the title
antonbabenko
approved these changes
Jun 6, 2023
antonbabenko
pushed a commit
that referenced
this pull request
Jun 6, 2023
## [3.5.0](v3.4.0...v3.5.0) (2023-06-06) ### Features * Output the pre-shared tunnel keys even when they are auto-generated ([#89](#89)) ([5ab7f2f](5ab7f2f))
|
This PR is included in version 3.5.0 🎉 |
|
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The AWS cli nor this module require the user to provide tunnel keys for the tunnel to be created. In the event that no keys were provided AWS will automatically generate the tunnel keys. However the user will have no way to retrieve these currently in this module or via the AWS terraform provider as it doesn't expose a
dataresource to the tunnel options.Currently this module will blindly return only the pre-shared keys that were provided. This PR seeks to return the pre-shared keys to the user from the
aws_vpn_connectioninstead. This will ensure the caller gets access to the pre-shared keys even if they are auto-generatedDescription
In the
output.tfupdated the value of the preshared key output for tunnel1 and tunnel2 to instead of returning just the var input. It will look for the pre-shared key output from each of the 4 scenarions, compact them to remove the null values and ensure only one value exists and is returned for each tunnel.Motivation and Context
As part of terraform deployment we create the vpn connection for the project team allowing AWS to create the PSK. We planned to store the PSK in hashicorp vault at a location the projec team has access to so they could then share this with the client/customer to configure the customer gateway at their side. However we had no access to the auto-generated PSK via terraform AWS provider.
This PR would allow us to get the auto-generated PSK from the module and then use the vault provider to store that as a secret in hashicorp vault for later access.
Breaking Changes
There should be no breaking changes here. The output specification has not changed, just the internal implementation that looks for the PSK to return. Even in the use cases where the PSK was provided as VAR by the user will still work as that will be the same PSK thats in the
aws_vpn_connectionresource.How Has This Been Tested?
examples/*to demonstrate and validate my change(s)examples/*projectspre-commit run -aon my pull requestI have run the
complete-vpn-gatewayexample and validated the output matches that of the tunnel configuration in AWS