Self Signed Certs all have hardcoded names, not allowing for multiple Client VPNs in a region

[garrinmf]

what

The certificate names are all hardcoded, not allowing modification via context.

why

In order to have multiple Client VPNs in the same region, the keys stored in SSM need to be unique, the hardcoded approach doesn't allow this.

I really don't know best practices around backwards compatibility or naming in general, just that the way it is doesn't allow for specifying unique names for the stored SSM keys. let me know if a different approach would work better.

references

• Closes https://github.com/cloudposse/terraform-aws-ec2-client-vpn/pull/31
• Upstream fix to use id instead of name https://github.com/cloudposse/terraform-aws-ssm-tls-self-signed-cert/pull/10

[nitrocode]

/test all

[nitrocode]

@garrinmf please review the terratest failure if you get a chance

[garrinmf]

@nitrocode It doesn't seem like the self signed cert module, https://github.com/cloudposse/terraform-aws-ssm-tls-self-signed-cert, knows how to look to the attributes. So all the keys are writing to the same SSM parameter name, in the test case it's example.pem as example is the module.this.name. I pulled it and manually tried it locally and if I don't specify context (with a name) the keyname is actually just .pem. If I do specify context with a name they're named the same, not taking into account attributes. Not sure if this needs fixed downstream or a different approach in this module ?

[garrinmf]

@nitrocode Is there another approach, besides the attributes, that works better than my original attempt but the downstream packages work with?

[josh-onchain]

+1

[nitrocode]

/test test/terratest

[mergify[bot]]

This pull request is now in conflict. Could you fix it @garrinmf? 🙏

[nitrocode]

/test all

[nitrocode]

/test all