From 95ddf21a77146e05233633b4a849806016454421 Mon Sep 17 00:00:00 2001 From: mamrajyadav Date: Thu, 7 Sep 2023 15:47:04 +0530 Subject: [PATCH] feat: added tls provider and veriables description --- .github/workflows/tf-checks.yml | 4 ++-- main.tf | 15 +++++++++++++++ variables.tf | 8 ++++---- 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/.github/workflows/tf-checks.yml b/.github/workflows/tf-checks.yml index 9afdbb6..c0e9a69 100644 --- a/.github/workflows/tf-checks.yml +++ b/.github/workflows/tf-checks.yml @@ -5,7 +5,7 @@ on: pull_request: workflow_dispatch: jobs: - alb: + example: uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master with: - working_directory: './_example/' \ No newline at end of file + working_directory: './_example/' diff --git a/main.tf b/main.tf index 9f2a075..2898552 100644 --- a/main.tf +++ b/main.tf @@ -49,6 +49,10 @@ resource "aws_acm_certificate" "ca" { count = var.enabled ? 1 : 0 private_key = join("", tls_private_key.ca[*].private_key_pem) certificate_body = join("", tls_self_signed_cert.ca[*].cert_pem) + + lifecycle { + create_before_destroy = true + } } resource "tls_private_key" "root" { @@ -95,6 +99,10 @@ resource "aws_acm_certificate" "root" { private_key = join("", tls_private_key.server[*].private_key_pem) certificate_body = join("", tls_locally_signed_cert.root[*].cert_pem) certificate_chain = join("", tls_self_signed_cert.ca[*].cert_pem) + + lifecycle { + create_before_destroy = true + } } resource "tls_private_key" "server" { @@ -120,6 +128,13 @@ resource "tls_cert_request" "server" { ##----------------------------------------------------------------------------- ## Generates a Certificate Signing Request (CSR) in PEM format, which is the typical format used to request a certificate from a certificate authority. ##----------------------------------------------------------------------------- +#The TLS provider provides utilities for working with Transport Layer Security keys and certificates. It provides resources that allow private keys, certificates and certificate requests to be created as part of a Terraform deployment. +provider "tls" { + proxy { + from_env = true + } +} + resource "tls_locally_signed_cert" "server" { count = var.enabled ? 1 : 0 diff --git a/variables.tf b/variables.tf index f180d42..b90d75d 100644 --- a/variables.tf +++ b/variables.tf @@ -156,25 +156,25 @@ variable "self_service_portal" { variable "rsa_bits" { type = number default = 2048 - description = "" + description = "When algorithm is RSA, the size of the generated RSA key, in bits (default: 2048)." } variable "algorithm" { type = string default = "RSA" - description = "" + description = "Name of the algorithm to use when generating the private key. Currently-supported values are: RSA, ECDSA, ED25519." } variable "validity_period_hours" { type = number default = 87600 - description = "" + description = "Number of hours, after initial issuing, that the certificate will remain valid for." } variable "is_ca_certificate" { type = bool default = true - description = "" + description = "Is the generated certificate representing a Certificate Authority (CA)." } variable "authorize_all_groups" {