This PR deploys the assessment archive script (and corresponding credentials file) to Terraformer instances, but only when there are no Kali instances in the assessment environment (var.assessment_artifact_export_enabled also must be set to true).
π Motivation and context
There are certain assessment types that only receive a Terraformer and don't get any Kali instances, but they still would like to be able to run the assessment artifact export script. The current workaround has been to spin up a Kali instance at the end of the assessment in order to run the artifact export script, but that is cumbersome. This approach will simplify things.
If there are any Kali instances in the environment, they continue to be where assessment artifacts should be exported from. This change is only meant to handle the situation where there is a Terraformer instance, but no Kali instances.
Resolves #224.
π§ͺ Testing
I applied this code several times in a test environment, modifying the TF variables each time and verifying that the outcome was as expected:
Deploy 1 Kali and 0 Terraformer instances - confirmed that artifact export script and credentials were deployed to the Kali instance π
Deploy 1 Kali and 1 Terraformer instance - confirmed that artifact export script and credentials were deployed to the Kali instance π
Deploy 0 Kali and 1 Terraformer instance - confirmed that artifact export script and credentials were deployed to the Terraformer instance π
I also confirmed that if there was a Terraformer instance and no Kali instances deployed, followed by the deployment of a Kali instance, the Terraformer instance was destroyed and recreated without the artifact export script and credentials. This is the expected behavior since the Kali got the artifact export script and credentials.
β Pre-approval checklist
[x] This PR has an informative and human-readable title.
[x] Changes are limited to a single goal - eschew scope creep!
[x] All relevant type-of-change labels have been added.
π£ Description
This PR deploys the assessment archive script (and corresponding credentials file) to Terraformer instances, but only when there are no Kali instances in the assessment environment (
var.assessment_artifact_export_enabledalso must be set totrue).π Motivation and context
There are certain assessment types that only receive a Terraformer and don't get any Kali instances, but they still would like to be able to run the assessment artifact export script. The current workaround has been to spin up a Kali instance at the end of the assessment in order to run the artifact export script, but that is cumbersome. This approach will simplify things.
If there are any Kali instances in the environment, they continue to be where assessment artifacts should be exported from. This change is only meant to handle the situation where there is a Terraformer instance, but no Kali instances.
Resolves #224.
π§ͺ Testing
I applied this code several times in a test environment, modifying the TF variables each time and verifying that the outcome was as expected:
I also confirmed that if there was a Terraformer instance and no Kali instances deployed, followed by the deployment of a Kali instance, the Terraformer instance was destroyed and recreated without the artifact export script and credentials. This is the expected behavior since the Kali got the artifact export script and credentials.
β Pre-approval checklist