Closed cdsre closed 1 year ago
This PR is included in version 3.5.0 :tada:
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
The AWS cli nor this module require the user to provide tunnel keys for the tunnel to be created. In the event that no keys were provided AWS will automatically generate the tunnel keys. However the user will have no way to retrieve these currently in this module or via the AWS terraform provider as it doesn't expose a
data
resource to the tunnel options.Currently this module will blindly return only the pre-shared keys that were provided. This PR seeks to return the pre-shared keys to the user from the
aws_vpn_connection
instead. This will ensure the caller gets access to the pre-shared keys even if they are auto-generatedDescription
In the
output.tf
updated the value of the preshared key output for tunnel1 and tunnel2 to instead of returning just the var input. It will look for the pre-shared key output from each of the 4 scenarions, compact them to remove the null values and ensure only one value exists and is returned for each tunnel.Motivation and Context
As part of terraform deployment we create the vpn connection for the project team allowing AWS to create the PSK. We planned to store the PSK in hashicorp vault at a location the projec team has access to so they could then share this with the client/customer to configure the customer gateway at their side. However we had no access to the auto-generated PSK via terraform AWS provider.
This PR would allow us to get the auto-generated PSK from the module and then use the vault provider to store that as a secret in hashicorp vault for later access.
Breaking Changes
There should be no breaking changes here. The output specification has not changed, just the internal implementation that looks for the PSK to return. Even in the use cases where the PSK was provided as VAR by the user will still work as that will be the same PSK thats in the
aws_vpn_connection
resource.How Has This Been Tested?
examples/*
to demonstrate and validate my change(s)examples/*
projectspre-commit run -a
on my pull requestI have run the
complete-vpn-gateway
example and validated the output matches that of the tunnel configuration in AWS