feat: added tls provider and veriables description

clouddrove · Sep 7, 2023 · 95ddf21 · 95ddf21
1 parent 77ce433
commit 95ddf21
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 6 deletions.
diff --git a/.github/workflows/tf-checks.yml b/.github/workflows/tf-checks.yml
@@ -5,7 +5,7 @@ on:
   pull_request:
   workflow_dispatch:
 jobs:
-  alb:
+  example:
     uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master
     with:
-      working_directory: './_example/'
+      working_directory: './_example/'
diff --git a/main.tf b/main.tf
@@ -49,6 +49,10 @@ resource "aws_acm_certificate" "ca" {
   count            = var.enabled ? 1 : 0
   private_key      = join("", tls_private_key.ca[*].private_key_pem)
   certificate_body = join("", tls_self_signed_cert.ca[*].cert_pem)
+
+  lifecycle {
+    create_before_destroy = true
+  }
 }
 
 resource "tls_private_key" "root" {
@@ -95,6 +99,10 @@ resource "aws_acm_certificate" "root" {
   private_key       = join("", tls_private_key.server[*].private_key_pem)
   certificate_body  = join("", tls_locally_signed_cert.root[*].cert_pem)
   certificate_chain = join("", tls_self_signed_cert.ca[*].cert_pem)
+
+  lifecycle {
+    create_before_destroy = true
+  }
 }
 
 resource "tls_private_key" "server" {
@@ -120,6 +128,13 @@ resource "tls_cert_request" "server" {
 ##-----------------------------------------------------------------------------
 ## Generates a Certificate Signing Request (CSR) in PEM format, which is the typical format used to request a certificate from a certificate authority.
 ##-----------------------------------------------------------------------------
+#The TLS provider provides utilities for working with Transport Layer Security keys and certificates. It provides resources that allow private keys, certificates and certificate requests to be created as part of a Terraform deployment.
+provider "tls" {
+  proxy {
+    from_env = true
+  }
+}
+
 resource "tls_locally_signed_cert" "server" {
   count = var.enabled ? 1 : 0
 

diff --git a/variables.tf b/variables.tf
@@ -156,25 +156,25 @@ variable "self_service_portal" {
 variable "rsa_bits" {
   type        = number
   default     = 2048
-  description = ""
+  description = "When algorithm is RSA, the size of the generated RSA key, in bits (default: 2048)."
 }
 
 variable "algorithm" {
   type        = string
   default     = "RSA"
-  description = ""
+  description = "Name of the algorithm to use when generating the private key. Currently-supported values are: RSA, ECDSA, ED25519."
 }
 
 variable "validity_period_hours" {
   type        = number
   default     = 87600
-  description = ""
+  description = "Number of hours, after initial issuing, that the certificate will remain valid for."
 }
 
 variable "is_ca_certificate" {
   type        = bool
   default     = true
-  description = ""
+  description = "Is the generated certificate representing a Certificate Authority (CA)."
 }
 
 variable "authorize_all_groups" {