cloudposse / terraform-aws-key-pair Goto Github PK

what

• Add example invocation

why

• We need this so we can soon enable automated continuous integration testing of module

Dependabot couldn't parse the main.tf found at /main.tf.

The error Dependabot encountered was:

unable to parse HCL: At 3:17: Unknown token: 3:17 IDENT var.namespace

View the update logs.

HI,

I tried to use the module this way but the problem is the resource will fail because the module hasn't generated the key yet. Do you have an inbuilt way to create the resource below through the module so I can refer to it in AWS launch configuration via terraform

module "ssh_key_pair" {
source = "git::https://github.com/cloudposse/terraform-aws-key-pair.git?ref=master"
namespace = "default"
stage = "${var.name}"
name = "${var.name}"
ssh_public_key_path = "${path.root}"
generate_ssh_key = "true"
private_key_extension = "_private_key.pem"
public_key_extension = "_public_key.pub"
chmod_command = "chmod 600 %v"
}

resource "aws_key_pair" "keys" {
key_name = "default-${var.name}-${var.name}_public_key.pub"
key_name = "${module.ssh_key_pair.id}"
public_key = "${file("${path.root}/default-${var.name}-${var.name}_public_key.pub")}"

depends_on = [
"local_file.default-eks_nodes_martini-eks_nodes_martini_public_key.pub",
]
}

what

• Add example invocation

why

• We need this so we can soon enable automated continuous integration testing of module

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

This repository currently has no open or pending branches.

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

The downloaded key file should have the ".pem" extension.

Hi,

I was trying to make use of your module but I found out some issues in it. I'm not sure if it's related because I'm using Terraform 0.12 or not, but this is what it prints out:

Error: Missing resource instance key

  on .terraform/modules/jira.ssh_key_pair/cloudposse-terraform-aws-key-pair-ab1926c/main.tf line 31, in resource "aws_key_pair" "generated":
  31:   public_key = "${tls_private_key.default.public_key_openssh}"

Because tls_private_key.default has "count" set, its attributes must be
accessed on specific instances.

For example, to correlate with indices of a referring resource, use:
    tls_private_key.default[count.index]


Error: Missing resource instance key

  on .terraform/modules/jira.ssh_key_pair/cloudposse-terraform-aws-key-pair-ab1926c/main.tf line 37, in resource "local_file" "public_key_openssh":
  37:   content    = "${tls_private_key.default.public_key_openssh}"

Because tls_private_key.default has "count" set, its attributes must be
accessed on specific instances.

For example, to correlate with indices of a referring resource, use:
    tls_private_key.default[count.index]


Error: Missing resource instance key

  on .terraform/modules/jira.ssh_key_pair/cloudposse-terraform-aws-key-pair-ab1926c/main.tf line 44, in resource "local_file" "private_key_pem":
  44:   content    = "${tls_private_key.default.private_key_pem}"

Because tls_private_key.default has "count" set, its attributes must be
accessed on specific instances.

For example, to correlate with indices of a referring resource, use:
    tls_private_key.default[count.index]

Before creating a PR I wanted to align with you if the fixes proposed by Terraform CLI made sense or you see a better way to accomplish the goal.

Thank you in advance for this module, looking forward to get this fixed :)

Best regards,
Julian

Have a question? Please checkout our Slack Community or visit our Slack Archive.

Describe the Feature

When creating a new key, I am currently forced to save it to a local file. I don't want/need to do that. It would be good to have that as an option.

Expected Behavior

module "key" {
    ...
    no_save = true
}

Use Case

I have a use case where the key is ephemeral. It doesn't create any huge bugs, but I'd like to ignore the creation of the keys, if possible.

Have a question? Please checkout our Slack Community or visit our Slack Archive.

Describe the Feature

Would love to see terraform 0.13 support. Currently I receive an error:

Error: Unsupported Terraform Core version

  on .terraform/modules/admin_ssh_key_pair/versions.tf line 2, in terraform:
   2:   required_version = "~> 0.12.0"

Module module.admin_ssh_key_pair (from
git::https://github.com/cloudposse/terraform-aws-key-pair.git?ref=master) does
not support Terraform version 0.13.0. To proceed, either choose another
supported Terraform version or update this version constraint. Version
constraints are normally set for good reason, so updating the constraint may
lead to other errors or unexpected behavior.

Expected Behavior

Desired behavior is successful execution when using 0.13.0.

Dependabot couldn't parse the main.tf found at /main.tf.

You can mention @dependabot in the comments below to contact the Dependabot team.

 Getting source "git::https://github.com/cloudposse/terraform-aws-key-pair.git?ref=master"
Error downloading modules: Error loading modules: module ssh_key_pair: Error parsing .terraform/modules/dd391732868cc6224bc782f7858abb22/main.tf: At 3:16: Unknown token: 3:16 IDENT var.namespace

I'm seeing this since the update. I'm using Terraform 0.11.13

Issue Description

Hello - I love this module; it's made it much easier for me to create full pipelines for connecting to EC2 instances. However, I do have one major issue - the output variables "public_key_filename" and "private_key_filename" are released to downstream modules/resources too early, aka they are released immediately (during plan) before the files are actually created. This creates problems as other modules will try to parse those files and will fail because the file does not exist.

Workaround

My workaround is to hide the input of these variables behind a "fake" if-then block, as below:

module "tableau_server_on_aws" {
  ...
  # The if-then clause gives the same result regardless of length(public_key); the real purpose is to force a wait on file creation.
  ssh_public_key_filepath  = length(module.ssh_key_pair2.public_key) > 0 ? module.ssh_key_pair2.public_key_filename : module.ssh_key_pair2.public_key_filename
  ssh_private_key_filepath = length(module.ssh_key_pair2.public_key) > 0 ? module.ssh_key_pair2.private_key_filename : module.ssh_key_pair2.private_key_filename
  ...
}

module "ssh_key_pair" {
  source                = "git::https://github.com/cloudposse/terraform-aws-key-pair.git?ref=master"
  namespace             = lower(local.name_prefix)
  ssh_public_key_path   = abspath(local.secrets_folder)
  name                  = "aws-ssh-key"
  ...
}

Because the public_key output variable is not known until after the files are created, this workaround forces the downstream consumer to wait until the files exist before evaluating downstream conditions.

Requested Change

My ask would be to create a similar hold on the module's filename outputs, until those files have been created and can be consumed.

https://www.terraform.io/docs/providers/local/r/file.html

resource "local_file" "foo" {
    content     = "foo!"
    filename = "${path.module}/foo.bar"
}

Dependabot couldn't parse the context.tf found at /context.tf.

The error Dependabot encountered was:

unable to parse HCL: At 24:25: Unknown token: 24:25 IDENT var.enabled

View the update logs.

Currently I have to do this:

"ssh_public_key_path" = "${pathexpand(~/.ssh)}"

It would be nice if the module called pathexpand on this variable automatically. I think most people who put ~ in this field want it to be interpolated as $HOME