From 6ef7bc742615ad296d22f3d7eadee1aefe5e131f Mon Sep 17 00:00:00 2001 From: "romg@pecan.ai" Date: Sun, 4 Aug 2024 08:51:50 +0100 Subject: [PATCH 1/9] enabling using multiple ssh keys for one user in sftp module --- main.tf | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/main.tf b/main.tf index 49d0cc2..f4a9417 100644 --- a/main.tf +++ b/main.tf @@ -6,13 +6,31 @@ locals { is_vpc = var.vpc_id != null user_names = keys(var.sftp_users) - + sftp_users = { for user, val in var.sftp_users : user => merge(val, + { public_key = flatten(tolist([val["public_key"]])) }) + } user_names_map = { - for user, val in var.sftp_users : + for user, val in local.sftp_users : user => merge(val, { s3_bucket_arn = lookup(val, "s3_bucket_name", null) != null ? "${local.s3_arn_prefix}${lookup(val, "s3_bucket_name")}" : one(data.aws_s3_bucket.landing[*].arn) }) } + ssh_keys = flatten([ + for user, val in local.sftp_users : [ + for key in val["public_key"] : { + user_name = val["user_name"] + public_key = key, + token = "${val["user_name"]}#${key}" + } + ] + ]) + + ssh_keys_expanded = { + for v in local.ssh_keys : v["token"] => { + public_key = v["public_key"] + user_name = v["user_name"] + } + } } data "aws_partition" "default" { @@ -51,7 +69,7 @@ resource "aws_transfer_server" "default" { } resource "aws_transfer_user" "default" { - for_each = local.enabled ? var.sftp_users : {} + for_each = local.enabled ? local.sftp_users : {} server_id = join("", aws_transfer_server.default[*].id) role = aws_iam_role.s3_access_for_sftp_users[each.value.user_name].arn @@ -83,7 +101,7 @@ resource "aws_transfer_user" "default" { } resource "aws_transfer_ssh_key" "default" { - for_each = local.enabled ? var.sftp_users : {} + for_each = local.enabled ? local.ssh_keys_expanded : {} server_id = join("", aws_transfer_server.default[*].id) From f1d3c0b8415ce06843d6da3937a3e5faef90930b Mon Sep 17 00:00:00 2001 From: "romg@pecan.ai" Date: Thu, 22 Aug 2024 15:31:28 +0100 Subject: [PATCH 2/9] post cr and remove deprecation --- main.tf | 21 +++++++++------------ variables.tf | 12 +++++++++--- 2 files changed, 18 insertions(+), 15 deletions(-) diff --git a/main.tf b/main.tf index f4a9417..d1d0444 100644 --- a/main.tf +++ b/main.tf @@ -4,27 +4,24 @@ locals { s3_arn_prefix = "arn:${one(data.aws_partition.default[*].partition)}:s3:::" is_vpc = var.vpc_id != null - - user_names = keys(var.sftp_users) - sftp_users = { for user, val in var.sftp_users : user => merge(val, - { public_key = flatten(tolist([val["public_key"]])) }) - } + # create map that include the data we need for creating sftp user, adding the s3 bucket to the sftp_users variable user_names_map = { - for user, val in local.sftp_users : - user => merge(val, { + for val in var.sftp_users : + val.user_name => merge(val, { s3_bucket_arn = lookup(val, "s3_bucket_name", null) != null ? "${local.s3_arn_prefix}${lookup(val, "s3_bucket_name")}" : one(data.aws_s3_bucket.landing[*].arn) }) } + # create list of maps that holds the public keys of each user, in that way we can have more than one public key to user ssh_keys = flatten([ - for user, val in local.sftp_users : [ - for key in val["public_key"] : { + for val in var.sftp_users : [ + for key in val["public_keys"] : { user_name = val["user_name"] public_key = key, token = "${val["user_name"]}#${key}" } ] ]) - + # create map of maps that holds the keys of each user, that way we iterate over this map and add all the keys that user needs ssh_keys_expanded = { for v in local.ssh_keys : v["token"] => { public_key = v["public_key"] @@ -69,7 +66,7 @@ resource "aws_transfer_server" "default" { } resource "aws_transfer_user" "default" { - for_each = local.enabled ? local.sftp_users : {} + for_each = local.enabled ? local.user_names_map : {} server_id = join("", aws_transfer_server.default[*].id) role = aws_iam_role.s3_access_for_sftp_users[each.value.user_name].arn @@ -116,7 +113,7 @@ resource "aws_transfer_ssh_key" "default" { resource "aws_eip" "sftp" { count = local.enabled && var.eip_enabled ? length(var.subnet_ids) : 0 - vpc = local.is_vpc + domain = local.is_vpc ? "vpc" : null tags = module.this.tags } diff --git a/variables.tf b/variables.tf index 6762121..580979c 100644 --- a/variables.tf +++ b/variables.tf @@ -5,9 +5,15 @@ variable "domain" { } variable "sftp_users" { - type = any - default = {} - description = "List of SFTP usernames and public keys. The keys `user_name`, `public_key` are required. The keys `s3_bucket_name` are optional." + type = list( + object({ + user_name = string + public_keys = list(string) + s3_bucket_name = optional(string) + }) + ) + default = [] + description = "List of SFTP usernames and public keys. The keys `user_name` and `public_keys` are required. The key `s3_bucket_name` is optional." } variable "restricted_home" { From 461c5616ae8d00c11aa1ab8023d99344f4cb03cb Mon Sep 17 00:00:00 2001 From: "romg@pecan.ai" Date: Thu, 31 Oct 2024 08:25:39 +0000 Subject: [PATCH 3/9] fix failed tests --- examples/vpc/fixtures.us-east-2.tfvars | 22 ++++++++++++---------- examples/vpc/main.tf | 4 ++-- examples/vpc/variables.tf | 17 ++++++++++------- main.tf | 2 +- outputs.tf | 4 ++-- variables.tf | 16 +++++----------- 6 files changed, 32 insertions(+), 33 deletions(-) diff --git a/examples/vpc/fixtures.us-east-2.tfvars b/examples/vpc/fixtures.us-east-2.tfvars index ccedb15..657ad2f 100644 --- a/examples/vpc/fixtures.us-east-2.tfvars +++ b/examples/vpc/fixtures.us-east-2.tfvars @@ -10,16 +10,18 @@ name = "sftp" availability_zones = ["us-east-2a", "us-east-2b"] -cidr_block = "10.0.0.0/16" +ipv4_primary_cidr_block = "10.0.0.0/16" -sftp_users = { - "brad" = { - user_name = "brad", - public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCziM50ppY+lb95xwkfPmz9i9fjcZ+jxut1hwhGJrnLUED26/tmlgSS4OaTi9jDHLeHaRcSRvKJObwsfR3tYH45YDGF4kwjv+OyMnsepPXrBX9cI0Bq0aH39BBBdRICbEEyoJdNhLH8MRGddtJ6G2uXZV9AvVqr01NokayLVO1WvCUi8bSvAHe8+KDE/odVsoOTRnKVK6Ov2LtJuff5OF9LmsY+vAtPkGZF9hfoB6k8irUqG8f8hx7ZooKUFZv9k9F4gvEXen9e/DdJ2VZHaL1LGUtNGNsrwgvgaQlbgqyuiIL91JYDrCR6ZwuI42CPQfqWwUfeO0W9roE0E7v/04+76TSVmHA1arqAETDmpAqvQNGP4uxml3u7ZqUD82At9u0yAgTX+xS4qnrg383e3ZXoTTa6q3ms/z75NHlttSRaN4Yf260RmTHDlyg4i+8qJasnhOcMLgMwuS7iywUZrIkmmpr6FQk3XwvUGbKpwdxepF4OFz5aMAouF17ZOajv1vxSDhTRQZzHbT18HFDNHDbHm61XwEeuurFxxO6TiQw8rSRrcUBmN8Mk9mVvC2FMRLJt3SonTyDpzcvQlcES6eSvXM6C/qy4xYB4wA3vZLgSswy8dGK2PlwszsqeT4WtA/6kC6i+0w30i2xxBCjKwSTNQzPUz/aVE+QDsN32f1i/Q== developer@developers-MacBook-Pro.local" +sftp_users = [ + { + user_name = "brad", + public_keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCziM50ppY+lb95xwkfPmz9i9fjcZ+jxut1hwhGJrnLUED26/tmlgSS4OaTi9jDHLeHaRcSRvKJObwsfR3tYH45YDGF4kwjv+OyMnsepPXrBX9cI0Bq0aH39BBBdRICbEEyoJdNhLH8MRGddtJ6G2uXZV9AvVqr01NokayLVO1WvCUi8bSvAHe8+KDE/odVsoOTRnKVK6Ov2LtJuff5OF9LmsY+vAtPkGZF9hfoB6k8irUqG8f8hx7ZooKUFZv9k9F4gvEXen9e/DdJ2VZHaL1LGUtNGNsrwgvgaQlbgqyuiIL91JYDrCR6ZwuI42CPQfqWwUfeO0W9roE0E7v/04+76TSVmHA1arqAETDmpAqvQNGP4uxml3u7ZqUD82At9u0yAgTX+xS4qnrg383e3ZXoTTa6q3ms/z75NHlttSRaN4Yf260RmTHDlyg4i+8qJasnhOcMLgMwuS7iywUZrIkmmpr6FQk3XwvUGbKpwdxepF4OFz5aMAouF17ZOajv1vxSDhTRQZzHbT18HFDNHDbHm61XwEeuurFxxO6TiQw8rSRrcUBmN8Mk9mVvC2FMRLJt3SonTyDpzcvQlcES6eSvXM6C/qy4xYB4wA3vZLgSswy8dGK2PlwszsqeT4WtA/6kC6i+0w30i2xxBCjKwSTNQzPUz/aVE+QDsN32f1i/Q== developer@developers-MacBook-Pro.local"], + s3_bucket_name = "eg-ue2-test-sftp-cmobdn-home" }, - "kenny" = { - user_name = "kenny", - public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYN8IRq10gKJj5/y2IHYFFRXHctJ+VblcsOnwvsbUIB+PKMLLWd5ySpW30s8OFVcxpMu2VXzXVKRGGbOUbZEN7MqH9xkW8eV6tSfXsZK2osLdIQ3QG3eSyoN4gPFlDBkZSzmkb2oaaclGPGRezbzDnp+oz8IiC5ZE8aprq3Xk850fifIEEOhJtVsrL84uwgx4LGZMMQmLdf6xm2SMSMx53zDPtSnlSeMlC2qUz6LBC41gwObQDoh0j3svsENf8FS8iIkdX50NaRoZvhJU0Oud5A7bj3zz0xtKn6uQZnL9hb6ttvp2/mNe1CKBZt9hUdrn4SHPs0sbWYbQLTzp+9okcg8LCe7qnFdHH7xQGp17SAgi5f91RPOUWtqvkOC5yoVaveR82KZObU+HSCfT/PObLjdUDtWrZABp4VM/u5t9Fn6BQ+eRSAiCIqLQlizs9kpKO8LYX7CagxRJz8KtRXfhndA3nTFq35vml8rD5hKsTrtbSkycmytQZ8TF7IwuN0amRfZ7Iwb3/eLTEv6jp5PKKVprBvnjDH1ipn/AwidsKrbCCVquKg0X/7rwVLrvMuYAtlxPLqjqZpvfTwXBwLlHTEuCvuh/Y/TpjJqqxCnbY/6R4TcabHVGsA4b1kVajRbvVPZPGVcWs+XvycO4Y8KR/hZZGGxK16SVFGbrnhX1D2Q== developer@developers.local" - + { + user_name = "kenny", + public_keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYN8IRq10gKJj5/y2IHYFFRXHctJ+VblcsOnwvsbUIB+PKMLLWd5ySpW30s8OFVcxpMu2VXzXVKRGGbOUbZEN7MqH9xkW8eV6tSfXsZK2osLdIQ3QG3eSyoN4gPFlDBkZSzmkb2oaaclGPGRezbzDnp+oz8IiC5ZE8aprq3Xk850fifIEEOhJtVsrL84uwgx4LGZMMQmLdf6xm2SMSMx53zDPtSnlSeMlC2qUz6LBC41gwObQDoh0j3svsENf8FS8iIkdX50NaRoZvhJU0Oud5A7bj3zz0xtKn6uQZnL9hb6ttvp2/mNe1CKBZt9hUdrn4SHPs0sbWYbQLTzp+9okcg8LCe7qnFdHH7xQGp17SAgi5f91RPOUWtqvkOC5yoVaveR82KZObU+HSCfT/PObLjdUDtWrZABp4VM/u5t9Fn6BQ+eRSAiCIqLQlizs9kpKO8LYX7CagxRJz8KtRXfhndA3nTFq35vml8rD5hKsTrtbSkycmytQZ8TF7IwuN0amRfZ7Iwb3/eLTEv6jp5PKKVprBvnjDH1ipn/AwidsKrbCCVquKg0X/7rwVLrvMuYAtlxPLqjqZpvfTwXBwLlHTEuCvuh/Y/TpjJqqxCnbY/6R4TcabHVGsA4b1kVajRbvVPZPGVcWs+XvycO4Y8KR/hZZGGxK16SVFGbrnhX1D2Q== developer@developers.local", "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCziM50ppY+lb95xwkfPmz9i9fjcZ+jxut1hwhGJrnLUED26/tmlgSS4OaTi9jDHLeHaRcSRvKJObwsfR3tYH45YDGF4kwjv+OyMnsepPXrBX9cI0Bq0aH39BBBdRICbEEyoJdNhLH8MRGddtJ6G2uXZV9AvVqr01NokayLVO1WvCUi8bSvAHe8+KDE/odVsoOTRnKVK6Ov2LtJuff5OF9LmsY+vAtPkGZF9hfoB6k8irUqG8f8hx7ZooKUFZv9k9F4gvEXen9e/DdJ2VZHaL1LGUtNGNsrwgvgaQlbgqyuiIL91JYDrCR6ZwuI42CPQfqWwUfeO0W9roE0E7v/04+76TSVmHA1arqAETDmpAqvQNGP4uxml3u7ZqUD82At9u0yAgTX+xS4qnrg383e3ZXoTTa6q3ms/z75NHlttSRaN4Yf260RmTHDlyg4i+8qJasnhOcMLgMwuS7iywUZrIkmmpr6FQk3XwvUGbKpwdxepF4OFz5aMAouF17ZOajv1vxSDhTRQZzHbT18HFDNHDbHm61XwEeuurFxxO6TiQw8rSRrcUBmN8Mk9mVvC2FMRLJt3SonTyDpzcvQlcES6eSvXM6C/qy4xYB4wA3vZLgSswy8dGK2PlwszsqeT4WtA/6kC6i+0w30i2xxBCjKwSTNQzPUz/aVE+QDsN32f1i/Q== developer@developers-MacBook-Pro.local"], + s3_bucket_name = "eg-ue2-test-sftp-cmobdn-home" } -} +] + diff --git a/examples/vpc/main.tf b/examples/vpc/main.tf index a7d7e8c..660fa31 100644 --- a/examples/vpc/main.tf +++ b/examples/vpc/main.tf @@ -9,9 +9,9 @@ provider "awsutils" { module "vpc" { source = "cloudposse/vpc/aws" - version = "1.1.0" + version = "2.1.1" - cidr_block = var.cidr_block + ipv4_primary_cidr_block = var.ipv4_primary_cidr_block context = module.this.context } diff --git a/examples/vpc/variables.tf b/examples/vpc/variables.tf index 45d161c..e104f21 100644 --- a/examples/vpc/variables.tf +++ b/examples/vpc/variables.tf @@ -7,15 +7,18 @@ variable "availability_zones" { description = "List of availability zones" } -variable "cidr_block" { +variable "ipv4_primary_cidr_block" { type = string description = "CIDR for the VPC" } variable "sftp_users" { - type = map(object({ - user_name = string, - public_key = string - })) - description = "The value which will be passed to the example module" -} + type = list( + object({ + user_name = string + public_keys = list(string) + s3_bucket_name = optional(string) + }) + ) + description = "List of SFTP usernames and public keys. The keys `user_name` and `public_keys` are required. The key `s3_bucket_name` is optional." +} \ No newline at end of file diff --git a/main.tf b/main.tf index d1d0444..3c4056f 100644 --- a/main.tf +++ b/main.tf @@ -58,7 +58,7 @@ resource "aws_transfer_server" "default" { subnet_ids = var.subnet_ids security_group_ids = var.vpc_security_group_ids vpc_id = var.vpc_id - address_allocation_ids = var.eip_enabled ? aws_eip.sftp.*.id : var.address_allocation_ids + address_allocation_ids = var.eip_enabled ? aws_eip.sftp[*].id : var.address_allocation_ids } } diff --git a/outputs.tf b/outputs.tf index fe40584..1663e9d 100644 --- a/outputs.tf +++ b/outputs.tf @@ -5,12 +5,12 @@ output "id" { output "transfer_endpoint" { description = "The endpoint of the Transfer Server" - value = module.this.enabled ? join("", aws_transfer_server.default.*.endpoint) : null + value = module.this.enabled ? join("", aws_transfer_server.default[*].endpoint) : null } output "elastic_ips" { description = "Provisioned Elastic IPs" - value = module.this.enabled && var.eip_enabled ? aws_eip.sftp.*.id : null + value = module.this.enabled && var.eip_enabled ? aws_eip.sftp[*].id : null } output "s3_access_role_arns" { diff --git a/variables.tf b/variables.tf index 580979c..7fcacc7 100644 --- a/variables.tf +++ b/variables.tf @@ -6,11 +6,11 @@ variable "domain" { variable "sftp_users" { type = list( - object({ - user_name = string - public_keys = list(string) - s3_bucket_name = optional(string) - }) + object({ + user_name = string + public_keys = list(string) + s3_bucket_name = optional(string) + }) ) default = [] description = "List of SFTP usernames and public keys. The keys `user_name` and `public_keys` are required. The key `s3_bucket_name` is optional." @@ -58,12 +58,6 @@ variable "subnet_ids" { default = [] } -variable "vpc_endpoint_id" { - type = string - description = "The ID of the VPC endpoint. This property can only be used when endpoint_type is set to VPC_ENDPOINT" - default = null -} - variable "security_policy_name" { type = string description = "Specifies the name of the security policy that is attached to the server. Possible values are TransferSecurityPolicy-2018-11, TransferSecurityPolicy-2020-06, and TransferSecurityPolicy-FIPS-2020-06. Default value is: TransferSecurityPolicy-2018-11." From 4497aa81f899051301033f9e6bb309ea5b4d9845 Mon Sep 17 00:00:00 2001 From: "romg@pecan.ai" Date: Thu, 31 Oct 2024 08:30:08 +0000 Subject: [PATCH 4/9] add md5 --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 3c4056f..0751aef 100644 --- a/main.tf +++ b/main.tf @@ -17,7 +17,7 @@ locals { for key in val["public_keys"] : { user_name = val["user_name"] public_key = key, - token = "${val["user_name"]}#${key}" + token = md5("${val["user_name"]}#${key}") } ] ]) From 3121cfe50ff3d98ae82b6bc11389572b5d7f3c4f Mon Sep 17 00:00:00 2001 From: "romg@pecan.ai" Date: Thu, 31 Oct 2024 08:32:29 +0000 Subject: [PATCH 5/9] post make readme --- README.md | 29 ++++++++++++++--------------- docs/terraform.md | 29 ++++++++++++++--------------- 2 files changed, 28 insertions(+), 30 deletions(-) diff --git a/README.md b/README.md index 4ee8140..a62d088 100644 --- a/README.md +++ b/README.md @@ -135,35 +135,34 @@ Available targets: | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no | +| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no | | [address\_allocation\_ids](#input\_address\_allocation\_ids) | A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. This property can only be used when endpoint\_type is set to VPC. | `list(string)` | `[]` | no | -| [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no | -| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "descriptor_formats": {},
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "labels_as_tags": [
    "unset"
  ],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {},
  "tenant": null
}
| no | -| [delimiter](#input\_delimiter) | Delimiter to be used between ID elements.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | -| [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
`{
format = string
labels = list(string)
}`
(Type is `any` so the map values can later be enhanced to provide additional options.)
`format` is a Terraform format string to be passed to the `format()` function.
`labels` is a list of labels, in order, to pass to `format()` function.
Label values will be normalized before being passed to `format()` so they will be
identical to how they appear in `id`.
Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no | +| [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no | +| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "descriptor_formats": {},
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "labels_as_tags": [
    "unset"
  ],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {},
  "tenant": null
}
| no | +| [delimiter](#input\_delimiter) | Delimiter to be used between ID elements.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | +| [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
`{
format = string
labels = list(string)
}`
(Type is `any` so the map values can later be enhanced to provide additional options.)
`format` is a Terraform format string to be passed to the `format()` function.
`labels` is a list of labels, in order, to pass to `format()` function.
Label values will be normalized before being passed to `format()` so they will be
identical to how they appear in `id`.
Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no | | [domain](#input\_domain) | Where your files are stored. S3 or EFS | `string` | `"S3"` | no | | [domain\_name](#input\_domain\_name) | Domain to use when connecting to the SFTP endpoint | `string` | `""` | no | | [eip\_enabled](#input\_eip\_enabled) | Whether to provision and attach an Elastic IP to be used as the SFTP endpoint. An EIP will be provisioned per subnet. | `bool` | `false` | no | | [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | | [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | | [force\_destroy](#input\_force\_destroy) | Forces the AWS Transfer Server to be destroyed | `bool` | `false` | no | -| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no | -| [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.
Does not affect keys of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | -| [label\_order](#input\_label\_order) | The order in which the labels (ID elements) appear in the `id`.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | `list(string)` | `null` | no | -| [label\_value\_case](#input\_label\_value\_case) | Controls the letter case of ID elements (labels) as included in `id`,
set as tag values, and output by this module individually.
Does not affect values of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.
Default value: `lower`. | `string` | `null` | no | -| [labels\_as\_tags](#input\_labels\_as\_tags) | Set of labels (ID elements) to include as tags in the `tags` output.
Default is to include all labels.
Tags with empty values will not be included in the `tags` output.
Set to `[]` to suppress all generated tags.
**Notes:**
The value of the `name` tag, if included, will be the `id`, not the `name`.
Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be
changed in later chained modules. Attempts to change it will be silently ignored. | `set(string)` | 
[
  "default"
]
| no | -| [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no | +| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no | +| [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.
Does not affect keys of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | +| [label\_order](#input\_label\_order) | The order in which the labels (ID elements) appear in the `id`.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | `list(string)` | `null` | no | +| [label\_value\_case](#input\_label\_value\_case) | Controls the letter case of ID elements (labels) as included in `id`,
set as tag values, and output by this module individually.
Does not affect values of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.
Default value: `lower`. | `string` | `null` | no | +| [labels\_as\_tags](#input\_labels\_as\_tags) | Set of labels (ID elements) to include as tags in the `tags` output.
Default is to include all labels.
Tags with empty values will not be included in the `tags` output.
Set to `[]` to suppress all generated tags.
**Notes:**
The value of the `name` tag, if included, will be the `id`, not the `name`.
Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be
changed in later chained modules. Attempts to change it will be silently ignored. | `set(string)` | 
[
  "default"
]
| no | +| [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no | | [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no | -| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | +| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | | [restricted\_home](#input\_restricted\_home) | Restricts SFTP users so they only have access to their home directories. | `bool` | `true` | no | | [s3\_bucket\_name](#input\_s3\_bucket\_name) | This is the bucket that the SFTP users will use when managing files | `string` | n/a | yes | | [security\_policy\_name](#input\_security\_policy\_name) | Specifies the name of the security policy that is attached to the server. Possible values are TransferSecurityPolicy-2018-11, TransferSecurityPolicy-2020-06, and TransferSecurityPolicy-FIPS-2020-06. Default value is: TransferSecurityPolicy-2018-11. | `string` | `"TransferSecurityPolicy-2018-11"` | no | -| [sftp\_users](#input\_sftp\_users) | List of SFTP usernames and public keys. The keys `user_name`, `public_key` are required. The keys `s3_bucket_name` are optional. | `any` | `{}` | no | +| [sftp\_users](#input\_sftp\_users) | List of SFTP usernames and public keys. The keys `user_name` and `public_keys` are required. The key `s3_bucket_name` is optional. | 
list(
    object({
      user_name      = string
      public_keys    = list(string)
      s3_bucket_name = optional(string)
    })
  )
| `[]` | no | | [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | | [subnet\_ids](#input\_subnet\_ids) | A list of subnet IDs that are required to host your SFTP server endpoint in your VPC. This property can only be used when endpoint\_type is set to VPC. | `list(string)` | `[]` | no | -| [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no | +| [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no | | [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no | -| [vpc\_endpoint\_id](#input\_vpc\_endpoint\_id) | The ID of the VPC endpoint. This property can only be used when endpoint\_type is set to VPC\_ENDPOINT | `string` | `null` | no | | [vpc\_id](#input\_vpc\_id) | VPC ID that the AWS Transfer Server will be deployed to | `string` | `null` | no | | [vpc\_security\_group\_ids](#input\_vpc\_security\_group\_ids) | A list of security groups IDs that are available to attach to your server's endpoint. If no security groups are specified, the VPC's default security groups are automatically assigned to your endpoint. This property can only be used when endpoint\_type is set to VPC. | `list(string)` | `[]` | no | | [zone\_id](#input\_zone\_id) | Route53 Zone ID to add the CNAME | `string` | `""` | no | diff --git a/docs/terraform.md b/docs/terraform.md index df22aa6..cb57270 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -43,35 +43,34 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no | +| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no | | [address\_allocation\_ids](#input\_address\_allocation\_ids) | A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. This property can only be used when endpoint\_type is set to VPC. | `list(string)` | `[]` | no | -| [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no | -| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "descriptor_formats": {},
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "labels_as_tags": [
    "unset"
  ],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {},
  "tenant": null
}
| no | -| [delimiter](#input\_delimiter) | Delimiter to be used between ID elements.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | -| [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
`{
format = string
labels = list(string)
}`
(Type is `any` so the map values can later be enhanced to provide additional options.)
`format` is a Terraform format string to be passed to the `format()` function.
`labels` is a list of labels, in order, to pass to `format()` function.
Label values will be normalized before being passed to `format()` so they will be
identical to how they appear in `id`.
Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no | +| [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no | +| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "descriptor_formats": {},
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "labels_as_tags": [
    "unset"
  ],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {},
  "tenant": null
}
| no | +| [delimiter](#input\_delimiter) | Delimiter to be used between ID elements.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | +| [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
`{
format = string
labels = list(string)
}`
(Type is `any` so the map values can later be enhanced to provide additional options.)
`format` is a Terraform format string to be passed to the `format()` function.
`labels` is a list of labels, in order, to pass to `format()` function.
Label values will be normalized before being passed to `format()` so they will be
identical to how they appear in `id`.
Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no | | [domain](#input\_domain) | Where your files are stored. S3 or EFS | `string` | `"S3"` | no | | [domain\_name](#input\_domain\_name) | Domain to use when connecting to the SFTP endpoint | `string` | `""` | no | | [eip\_enabled](#input\_eip\_enabled) | Whether to provision and attach an Elastic IP to be used as the SFTP endpoint. An EIP will be provisioned per subnet. | `bool` | `false` | no | | [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | | [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | | [force\_destroy](#input\_force\_destroy) | Forces the AWS Transfer Server to be destroyed | `bool` | `false` | no | -| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no | -| [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.
Does not affect keys of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | -| [label\_order](#input\_label\_order) | The order in which the labels (ID elements) appear in the `id`.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | `list(string)` | `null` | no | -| [label\_value\_case](#input\_label\_value\_case) | Controls the letter case of ID elements (labels) as included in `id`,
set as tag values, and output by this module individually.
Does not affect values of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.
Default value: `lower`. | `string` | `null` | no | -| [labels\_as\_tags](#input\_labels\_as\_tags) | Set of labels (ID elements) to include as tags in the `tags` output.
Default is to include all labels.
Tags with empty values will not be included in the `tags` output.
Set to `[]` to suppress all generated tags.
**Notes:**
The value of the `name` tag, if included, will be the `id`, not the `name`.
Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be
changed in later chained modules. Attempts to change it will be silently ignored. | `set(string)` | 
[
  "default"
]
| no | -| [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no | +| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no | +| [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.
Does not affect keys of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | +| [label\_order](#input\_label\_order) | The order in which the labels (ID elements) appear in the `id`.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | `list(string)` | `null` | no | +| [label\_value\_case](#input\_label\_value\_case) | Controls the letter case of ID elements (labels) as included in `id`,
set as tag values, and output by this module individually.
Does not affect values of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.
Default value: `lower`. | `string` | `null` | no | +| [labels\_as\_tags](#input\_labels\_as\_tags) | Set of labels (ID elements) to include as tags in the `tags` output.
Default is to include all labels.
Tags with empty values will not be included in the `tags` output.
Set to `[]` to suppress all generated tags.
**Notes:**
The value of the `name` tag, if included, will be the `id`, not the `name`.
Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be
changed in later chained modules. Attempts to change it will be silently ignored. | `set(string)` | 
[
  "default"
]
| no | +| [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no | | [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no | -| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | +| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | | [restricted\_home](#input\_restricted\_home) | Restricts SFTP users so they only have access to their home directories. | `bool` | `true` | no | | [s3\_bucket\_name](#input\_s3\_bucket\_name) | This is the bucket that the SFTP users will use when managing files | `string` | n/a | yes | | [security\_policy\_name](#input\_security\_policy\_name) | Specifies the name of the security policy that is attached to the server. Possible values are TransferSecurityPolicy-2018-11, TransferSecurityPolicy-2020-06, and TransferSecurityPolicy-FIPS-2020-06. Default value is: TransferSecurityPolicy-2018-11. | `string` | `"TransferSecurityPolicy-2018-11"` | no | -| [sftp\_users](#input\_sftp\_users) | List of SFTP usernames and public keys. The keys `user_name`, `public_key` are required. The keys `s3_bucket_name` are optional. | `any` | `{}` | no | +| [sftp\_users](#input\_sftp\_users) | List of SFTP usernames and public keys. The keys `user_name` and `public_keys` are required. The key `s3_bucket_name` is optional. | 
list(
    object({
      user_name      = string
      public_keys    = list(string)
      s3_bucket_name = optional(string)
    })
  )
| `[]` | no | | [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | | [subnet\_ids](#input\_subnet\_ids) | A list of subnet IDs that are required to host your SFTP server endpoint in your VPC. This property can only be used when endpoint\_type is set to VPC. | `list(string)` | `[]` | no | -| [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no | +| [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no | | [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no | -| [vpc\_endpoint\_id](#input\_vpc\_endpoint\_id) | The ID of the VPC endpoint. This property can only be used when endpoint\_type is set to VPC\_ENDPOINT | `string` | `null` | no | | [vpc\_id](#input\_vpc\_id) | VPC ID that the AWS Transfer Server will be deployed to | `string` | `null` | no | | [vpc\_security\_group\_ids](#input\_vpc\_security\_group\_ids) | A list of security groups IDs that are available to attach to your server's endpoint. If no security groups are specified, the VPC's default security groups are automatically assigned to your endpoint. This property can only be used when endpoint\_type is set to VPC. | `list(string)` | `[]` | no | | [zone\_id](#input\_zone\_id) | Route53 Zone ID to add the CNAME | `string` | `""` | no | From bb4d53d422b6c8469536eaba74ecc81e071211a8 Mon Sep 17 00:00:00 2001 From: "romg@pecan.ai" Date: Tue, 5 Nov 2024 08:52:14 +0000 Subject: [PATCH 6/9] post tflint --- examples/vpc/fixtures.us-east-2.tfvars | 4 ++-- main.tf | 12 ++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/examples/vpc/fixtures.us-east-2.tfvars b/examples/vpc/fixtures.us-east-2.tfvars index 657ad2f..d5885c9 100644 --- a/examples/vpc/fixtures.us-east-2.tfvars +++ b/examples/vpc/fixtures.us-east-2.tfvars @@ -15,12 +15,12 @@ ipv4_primary_cidr_block = "10.0.0.0/16" sftp_users = [ { user_name = "brad", - public_keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCziM50ppY+lb95xwkfPmz9i9fjcZ+jxut1hwhGJrnLUED26/tmlgSS4OaTi9jDHLeHaRcSRvKJObwsfR3tYH45YDGF4kwjv+OyMnsepPXrBX9cI0Bq0aH39BBBdRICbEEyoJdNhLH8MRGddtJ6G2uXZV9AvVqr01NokayLVO1WvCUi8bSvAHe8+KDE/odVsoOTRnKVK6Ov2LtJuff5OF9LmsY+vAtPkGZF9hfoB6k8irUqG8f8hx7ZooKUFZv9k9F4gvEXen9e/DdJ2VZHaL1LGUtNGNsrwgvgaQlbgqyuiIL91JYDrCR6ZwuI42CPQfqWwUfeO0W9roE0E7v/04+76TSVmHA1arqAETDmpAqvQNGP4uxml3u7ZqUD82At9u0yAgTX+xS4qnrg383e3ZXoTTa6q3ms/z75NHlttSRaN4Yf260RmTHDlyg4i+8qJasnhOcMLgMwuS7iywUZrIkmmpr6FQk3XwvUGbKpwdxepF4OFz5aMAouF17ZOajv1vxSDhTRQZzHbT18HFDNHDbHm61XwEeuurFxxO6TiQw8rSRrcUBmN8Mk9mVvC2FMRLJt3SonTyDpzcvQlcES6eSvXM6C/qy4xYB4wA3vZLgSswy8dGK2PlwszsqeT4WtA/6kC6i+0w30i2xxBCjKwSTNQzPUz/aVE+QDsN32f1i/Q== developer@developers-MacBook-Pro.local"], + public_keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCziM50ppY+lb95xwkfPmz9i9fjcZ+jxut1hwhGJrnLUED26/tmlgSS4OaTi9jDHLeHaRcSRvKJObwsfR3tYH45YDGF4kwjv+OyMnsepPXrBX9cI0Bq0aH39BBBdRICbEEyoJdNhLH8MRGddtJ6G2uXZV9AvVqr01NokayLVO1WvCUi8bSvAHe8+KDE/odVsoOTRnKVK6Ov2LtJuff5OF9LmsY+vAtPkGZF9hfoB6k8irUqG8f8hx7ZooKUFZv9k9F4gvEXen9e/DdJ2VZHaL1LGUtNGNsrwgvgaQlbgqyuiIL91JYDrCR6ZwuI42CPQfqWwUfeO0W9roE0E7v/04+76TSVmHA1arqAETDmpAqvQNGP4uxml3u7ZqUD82At9u0yAgTX+xS4qnrg383e3ZXoTTa6q3ms/z75NHlttSRaN4Yf260RmTHDlyg4i+8qJasnhOcMLgMwuS7iywUZrIkmmpr6FQk3XwvUGbKpwdxepF4OFz5aMAouF17ZOajv1vxSDhTRQZzHbT18HFDNHDbHm61XwEeuurFxxO6TiQw8rSRrcUBmN8Mk9mVvC2FMRLJt3SonTyDpzcvQlcES6eSvXM6C/qy4xYB4wA3vZLgSswy8dGK2PlwszsqeT4WtA/6kC6i+0w30i2xxBCjKwSTNQzPUz/aVE+QDsN32f1i/Q== developer@developers-MacBook-Pro.local"], s3_bucket_name = "eg-ue2-test-sftp-cmobdn-home" }, { user_name = "kenny", - public_keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYN8IRq10gKJj5/y2IHYFFRXHctJ+VblcsOnwvsbUIB+PKMLLWd5ySpW30s8OFVcxpMu2VXzXVKRGGbOUbZEN7MqH9xkW8eV6tSfXsZK2osLdIQ3QG3eSyoN4gPFlDBkZSzmkb2oaaclGPGRezbzDnp+oz8IiC5ZE8aprq3Xk850fifIEEOhJtVsrL84uwgx4LGZMMQmLdf6xm2SMSMx53zDPtSnlSeMlC2qUz6LBC41gwObQDoh0j3svsENf8FS8iIkdX50NaRoZvhJU0Oud5A7bj3zz0xtKn6uQZnL9hb6ttvp2/mNe1CKBZt9hUdrn4SHPs0sbWYbQLTzp+9okcg8LCe7qnFdHH7xQGp17SAgi5f91RPOUWtqvkOC5yoVaveR82KZObU+HSCfT/PObLjdUDtWrZABp4VM/u5t9Fn6BQ+eRSAiCIqLQlizs9kpKO8LYX7CagxRJz8KtRXfhndA3nTFq35vml8rD5hKsTrtbSkycmytQZ8TF7IwuN0amRfZ7Iwb3/eLTEv6jp5PKKVprBvnjDH1ipn/AwidsKrbCCVquKg0X/7rwVLrvMuYAtlxPLqjqZpvfTwXBwLlHTEuCvuh/Y/TpjJqqxCnbY/6R4TcabHVGsA4b1kVajRbvVPZPGVcWs+XvycO4Y8KR/hZZGGxK16SVFGbrnhX1D2Q== developer@developers.local", "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCziM50ppY+lb95xwkfPmz9i9fjcZ+jxut1hwhGJrnLUED26/tmlgSS4OaTi9jDHLeHaRcSRvKJObwsfR3tYH45YDGF4kwjv+OyMnsepPXrBX9cI0Bq0aH39BBBdRICbEEyoJdNhLH8MRGddtJ6G2uXZV9AvVqr01NokayLVO1WvCUi8bSvAHe8+KDE/odVsoOTRnKVK6Ov2LtJuff5OF9LmsY+vAtPkGZF9hfoB6k8irUqG8f8hx7ZooKUFZv9k9F4gvEXen9e/DdJ2VZHaL1LGUtNGNsrwgvgaQlbgqyuiIL91JYDrCR6ZwuI42CPQfqWwUfeO0W9roE0E7v/04+76TSVmHA1arqAETDmpAqvQNGP4uxml3u7ZqUD82At9u0yAgTX+xS4qnrg383e3ZXoTTa6q3ms/z75NHlttSRaN4Yf260RmTHDlyg4i+8qJasnhOcMLgMwuS7iywUZrIkmmpr6FQk3XwvUGbKpwdxepF4OFz5aMAouF17ZOajv1vxSDhTRQZzHbT18HFDNHDbHm61XwEeuurFxxO6TiQw8rSRrcUBmN8Mk9mVvC2FMRLJt3SonTyDpzcvQlcES6eSvXM6C/qy4xYB4wA3vZLgSswy8dGK2PlwszsqeT4WtA/6kC6i+0w30i2xxBCjKwSTNQzPUz/aVE+QDsN32f1i/Q== developer@developers-MacBook-Pro.local"], + public_keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYN8IRq10gKJj5/y2IHYFFRXHctJ+VblcsOnwvsbUIB+PKMLLWd5ySpW30s8OFVcxpMu2VXzXVKRGGbOUbZEN7MqH9xkW8eV6tSfXsZK2osLdIQ3QG3eSyoN4gPFlDBkZSzmkb2oaaclGPGRezbzDnp+oz8IiC5ZE8aprq3Xk850fifIEEOhJtVsrL84uwgx4LGZMMQmLdf6xm2SMSMx53zDPtSnlSeMlC2qUz6LBC41gwObQDoh0j3svsENf8FS8iIkdX50NaRoZvhJU0Oud5A7bj3zz0xtKn6uQZnL9hb6ttvp2/mNe1CKBZt9hUdrn4SHPs0sbWYbQLTzp+9okcg8LCe7qnFdHH7xQGp17SAgi5f91RPOUWtqvkOC5yoVaveR82KZObU+HSCfT/PObLjdUDtWrZABp4VM/u5t9Fn6BQ+eRSAiCIqLQlizs9kpKO8LYX7CagxRJz8KtRXfhndA3nTFq35vml8rD5hKsTrtbSkycmytQZ8TF7IwuN0amRfZ7Iwb3/eLTEv6jp5PKKVprBvnjDH1ipn/AwidsKrbCCVquKg0X/7rwVLrvMuYAtlxPLqjqZpvfTwXBwLlHTEuCvuh/Y/TpjJqqxCnbY/6R4TcabHVGsA4b1kVajRbvVPZPGVcWs+XvycO4Y8KR/hZZGGxK16SVFGbrnhX1D2Q== developer@developers.local", "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCziM50ppY+lb95xwkfPmz9i9fjcZ+jxut1hwhGJrnLUED26/tmlgSS4OaTi9jDHLeHaRcSRvKJObwsfR3tYH45YDGF4kwjv+OyMnsepPXrBX9cI0Bq0aH39BBBdRICbEEyoJdNhLH8MRGddtJ6G2uXZV9AvVqr01NokayLVO1WvCUi8bSvAHe8+KDE/odVsoOTRnKVK6Ov2LtJuff5OF9LmsY+vAtPkGZF9hfoB6k8irUqG8f8hx7ZooKUFZv9k9F4gvEXen9e/DdJ2VZHaL1LGUtNGNsrwgvgaQlbgqyuiIL91JYDrCR6ZwuI42CPQfqWwUfeO0W9roE0E7v/04+76TSVmHA1arqAETDmpAqvQNGP4uxml3u7ZqUD82At9u0yAgTX+xS4qnrg383e3ZXoTTa6q3ms/z75NHlttSRaN4Yf260RmTHDlyg4i+8qJasnhOcMLgMwuS7iywUZrIkmmpr6FQk3XwvUGbKpwdxepF4OFz5aMAouF17ZOajv1vxSDhTRQZzHbT18HFDNHDbHm61XwEeuurFxxO6TiQw8rSRrcUBmN8Mk9mVvC2FMRLJt3SonTyDpzcvQlcES6eSvXM6C/qy4xYB4wA3vZLgSswy8dGK2PlwszsqeT4WtA/6kC6i+0w30i2xxBCjKwSTNQzPUz/aVE+QDsN32f1i/Q== developer@developers-MacBook-Pro.local"], s3_bucket_name = "eg-ue2-test-sftp-cmobdn-home" } ] diff --git a/main.tf b/main.tf index 0751aef..bfd0671 100644 --- a/main.tf +++ b/main.tf @@ -8,7 +8,7 @@ locals { user_names_map = { for val in var.sftp_users : val.user_name => merge(val, { - s3_bucket_arn = lookup(val, "s3_bucket_name", null) != null ? "${local.s3_arn_prefix}${lookup(val, "s3_bucket_name")}" : one(data.aws_s3_bucket.landing[*].arn) + s3_bucket_arn = lookup(val, "s3_bucket_name", null) != null ? "${local.s3_arn_prefix}${lookup(val, "s3_bucket_name", "")}" : one(data.aws_s3_bucket.landing[*].arn) }) } # create list of maps that holds the public keys of each user, in that way we can have more than one public key to user @@ -73,12 +73,12 @@ resource "aws_transfer_user" "default" { user_name = each.value.user_name - home_directory_type = lookup(each.value, "home_directory_type", null) != null ? lookup(each.value, "home_directory_type") : (var.restricted_home ? "LOGICAL" : "PATH") - home_directory = lookup(each.value, "home_directory", null) != null ? lookup(each.value, "home_directory") : (!var.restricted_home ? "/${lookup(each.value, "s3_bucket_name", var.s3_bucket_name)}" : null) + home_directory_type = lookup(each.value, "home_directory_type", null) != null ? lookup(each.value, "home_directory_type", "") : (var.restricted_home ? "LOGICAL" : "PATH") + home_directory = lookup(each.value, "home_directory", null) != null ? lookup(each.value, "home_directory", "") : (!var.restricted_home ? "/${lookup(each.value, "s3_bucket_name", var.s3_bucket_name)}" : null) dynamic "home_directory_mappings" { for_each = var.restricted_home ? ( - lookup(each.value, "home_directory_mappings", null) != null ? lookup(each.value, "home_directory_mappings") : [ + lookup(each.value, "home_directory_mappings", null) != null ? lookup(each.value, "home_directory_mappings", null) : [ { entry = "/" # Specifically do not use $${Transfer:UserName} since subsequent terraform plan/applies will try to revert @@ -89,8 +89,8 @@ resource "aws_transfer_user" "default" { ) : toset([]) content { - entry = lookup(home_directory_mappings.value, "entry") - target = lookup(home_directory_mappings.value, "target") + entry = lookup(home_directory_mappings.value, "entry", null) + target = lookup(home_directory_mappings.value, "target", null) } } From 5d8b815c8e93631dc980ff8cbe48b904b6d09c38 Mon Sep 17 00:00:00 2001 From: "romg@pecan.ai" Date: Tue, 5 Nov 2024 09:19:04 +0000 Subject: [PATCH 7/9] add description to region --- examples/complete/variables.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf index b767628..9968746 100644 --- a/examples/complete/variables.tf +++ b/examples/complete/variables.tf @@ -1,5 +1,6 @@ variable "region" { - type = string + type = string + description = "The aws region the resources should be deployed" } variable "sftp_users" { From 170bc5cd25ea50a485ef4214a53647a1b5b63c7c Mon Sep 17 00:00:00 2001 From: "romg@pecan.ai" Date: Tue, 5 Nov 2024 16:54:05 +0000 Subject: [PATCH 8/9] add description to region --- examples/vpc/variables.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/examples/vpc/variables.tf b/examples/vpc/variables.tf index e104f21..598edb5 100644 --- a/examples/vpc/variables.tf +++ b/examples/vpc/variables.tf @@ -1,5 +1,6 @@ variable "region" { type = string + description = "The aws region the resources should be deployed" } variable "availability_zones" { From d0a07c545f5a225dd0e0a7c82ccb084b21f65835 Mon Sep 17 00:00:00 2001 From: "romg@pecan.ai" Date: Thu, 7 Nov 2024 17:43:15 +0000 Subject: [PATCH 9/9] upgrade s3 module --- examples/complete/fixtures.us-east-2.tfvars | 19 ++++++++++--------- examples/complete/main.tf | 2 +- examples/vpc/main.tf | 2 +- examples/vpc/variables.tf | 2 +- 4 files changed, 13 insertions(+), 12 deletions(-) diff --git a/examples/complete/fixtures.us-east-2.tfvars b/examples/complete/fixtures.us-east-2.tfvars index 12cf202..d2da10a 100644 --- a/examples/complete/fixtures.us-east-2.tfvars +++ b/examples/complete/fixtures.us-east-2.tfvars @@ -8,14 +8,15 @@ stage = "test" name = "sftp" -sftp_users = { - "brad" = { - user_name = "brad", - public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYN8IRq10gKJj5/y2IHYFFRXHctJ+VblcsOnwvsbUIB+PKMLLWd5ySpW30s8OFVcxpMu2VXzXVKRGGbOUbZEN7MqH9xkW8eV6tSfXsZK2osLdIQ3QG3eSyoN4gPFlDBkZSzmkb2oaaclGPGRezbzDnp+oz8IiC5ZE8aprq3Xk850fifIEEOhJtVsrL84uwgx4LGZMMQmLdf6xm2SMSMx53zDPtSnlSeMlC2qUz6LBC41gwObQDoh0j3svsENf8FS8iIkdX50NaRoZvhJU0Oud5A7bj3zz0xtKn6uQZnL9hb6ttvp2/mNe1CKBZt9hUdrn4SHPs0sbWYbQLTzp+9okcg8LCe7qnFdHH7xQGp17SAgi5f91RPOUWtqvkOC5yoVaveR82KZObU+HSCfT/PObLjdUDtWrZABp4VM/u5t9Fn6BQ+eRSAiCIqLQlizs9kpKO8LYX7CagxRJz8KtRXfhndA3nTFq35vml8rD5hKsTrtbSkycmytQZ8TF7IwuN0amRfZ7Iwb3/eLTEv6jp5PKKVprBvnjDH1ipn/AwidsKrbCCVquKg0X/7rwVLrvMuYAtlxPLqjqZpvfTwXBwLlHTEuCvuh/Y/TpjJqqxCnbY/6R4TcabHVGsA4b1kVajRbvVPZPGVcWs+XvycO4Y8KR/hZZGGxK16SVFGbrnhX1D2Q== developer@developers.local" +sftp_users = [ + { + user_name = "brad", + public_keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCziM50ppY+lb95xwkfPmz9i9fjcZ+jxut1hwhGJrnLUED26/tmlgSS4OaTi9jDHLeHaRcSRvKJObwsfR3tYH45YDGF4kwjv+OyMnsepPXrBX9cI0Bq0aH39BBBdRICbEEyoJdNhLH8MRGddtJ6G2uXZV9AvVqr01NokayLVO1WvCUi8bSvAHe8+KDE/odVsoOTRnKVK6Ov2LtJuff5OF9LmsY+vAtPkGZF9hfoB6k8irUqG8f8hx7ZooKUFZv9k9F4gvEXen9e/DdJ2VZHaL1LGUtNGNsrwgvgaQlbgqyuiIL91JYDrCR6ZwuI42CPQfqWwUfeO0W9roE0E7v/04+76TSVmHA1arqAETDmpAqvQNGP4uxml3u7ZqUD82At9u0yAgTX+xS4qnrg383e3ZXoTTa6q3ms/z75NHlttSRaN4Yf260RmTHDlyg4i+8qJasnhOcMLgMwuS7iywUZrIkmmpr6FQk3XwvUGbKpwdxepF4OFz5aMAouF17ZOajv1vxSDhTRQZzHbT18HFDNHDbHm61XwEeuurFxxO6TiQw8rSRrcUBmN8Mk9mVvC2FMRLJt3SonTyDpzcvQlcES6eSvXM6C/qy4xYB4wA3vZLgSswy8dGK2PlwszsqeT4WtA/6kC6i+0w30i2xxBCjKwSTNQzPUz/aVE+QDsN32f1i/Q== developer@developers-MacBook-Pro.local"], + s3_bucket_name = "eg-ue2-test-sftp-cmobdn-home" }, - "kenny" = { - user_name = "kenny", - public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYN8IRq10gKJj5/y2IHYFFRXHctJ+VblcsOnwvsbUIB+PKMLLWd5ySpW30s8OFVcxpMu2VXzXVKRGGbOUbZEN7MqH9xkW8eV6tSfXsZK2osLdIQ3QG3eSyoN4gPFlDBkZSzmkb2oaaclGPGRezbzDnp+oz8IiC5ZE8aprq3Xk850fifIEEOhJtVsrL84uwgx4LGZMMQmLdf6xm2SMSMx53zDPtSnlSeMlC2qUz6LBC41gwObQDoh0j3svsENf8FS8iIkdX50NaRoZvhJU0Oud5A7bj3zz0xtKn6uQZnL9hb6ttvp2/mNe1CKBZt9hUdrn4SHPs0sbWYbQLTzp+9okcg8LCe7qnFdHH7xQGp17SAgi5f91RPOUWtqvkOC5yoVaveR82KZObU+HSCfT/PObLjdUDtWrZABp4VM/u5t9Fn6BQ+eRSAiCIqLQlizs9kpKO8LYX7CagxRJz8KtRXfhndA3nTFq35vml8rD5hKsTrtbSkycmytQZ8TF7IwuN0amRfZ7Iwb3/eLTEv6jp5PKKVprBvnjDH1ipn/AwidsKrbCCVquKg0X/7rwVLrvMuYAtlxPLqjqZpvfTwXBwLlHTEuCvuh/Y/TpjJqqxCnbY/6R4TcabHVGsA4b1kVajRbvVPZPGVcWs+XvycO4Y8KR/hZZGGxK16SVFGbrnhX1D2Q== developer@developers.local" - + { + user_name = "kenny", + public_keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYN8IRq10gKJj5/y2IHYFFRXHctJ+VblcsOnwvsbUIB+PKMLLWd5ySpW30s8OFVcxpMu2VXzXVKRGGbOUbZEN7MqH9xkW8eV6tSfXsZK2osLdIQ3QG3eSyoN4gPFlDBkZSzmkb2oaaclGPGRezbzDnp+oz8IiC5ZE8aprq3Xk850fifIEEOhJtVsrL84uwgx4LGZMMQmLdf6xm2SMSMx53zDPtSnlSeMlC2qUz6LBC41gwObQDoh0j3svsENf8FS8iIkdX50NaRoZvhJU0Oud5A7bj3zz0xtKn6uQZnL9hb6ttvp2/mNe1CKBZt9hUdrn4SHPs0sbWYbQLTzp+9okcg8LCe7qnFdHH7xQGp17SAgi5f91RPOUWtqvkOC5yoVaveR82KZObU+HSCfT/PObLjdUDtWrZABp4VM/u5t9Fn6BQ+eRSAiCIqLQlizs9kpKO8LYX7CagxRJz8KtRXfhndA3nTFq35vml8rD5hKsTrtbSkycmytQZ8TF7IwuN0amRfZ7Iwb3/eLTEv6jp5PKKVprBvnjDH1ipn/AwidsKrbCCVquKg0X/7rwVLrvMuYAtlxPLqjqZpvfTwXBwLlHTEuCvuh/Y/TpjJqqxCnbY/6R4TcabHVGsA4b1kVajRbvVPZPGVcWs+XvycO4Y8KR/hZZGGxK16SVFGbrnhX1D2Q== developer@developers.local", "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCziM50ppY+lb95xwkfPmz9i9fjcZ+jxut1hwhGJrnLUED26/tmlgSS4OaTi9jDHLeHaRcSRvKJObwsfR3tYH45YDGF4kwjv+OyMnsepPXrBX9cI0Bq0aH39BBBdRICbEEyoJdNhLH8MRGddtJ6G2uXZV9AvVqr01NokayLVO1WvCUi8bSvAHe8+KDE/odVsoOTRnKVK6Ov2LtJuff5OF9LmsY+vAtPkGZF9hfoB6k8irUqG8f8hx7ZooKUFZv9k9F4gvEXen9e/DdJ2VZHaL1LGUtNGNsrwgvgaQlbgqyuiIL91JYDrCR6ZwuI42CPQfqWwUfeO0W9roE0E7v/04+76TSVmHA1arqAETDmpAqvQNGP4uxml3u7ZqUD82At9u0yAgTX+xS4qnrg383e3ZXoTTa6q3ms/z75NHlttSRaN4Yf260RmTHDlyg4i+8qJasnhOcMLgMwuS7iywUZrIkmmpr6FQk3XwvUGbKpwdxepF4OFz5aMAouF17ZOajv1vxSDhTRQZzHbT18HFDNHDbHm61XwEeuurFxxO6TiQw8rSRrcUBmN8Mk9mVvC2FMRLJt3SonTyDpzcvQlcES6eSvXM6C/qy4xYB4wA3vZLgSswy8dGK2PlwszsqeT4WtA/6kC6i+0w30i2xxBCjKwSTNQzPUz/aVE+QDsN32f1i/Q== developer@developers-MacBook-Pro.local"], + s3_bucket_name = "eg-ue2-test-sftp-cmobdn-home" } -} +] \ No newline at end of file diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 5789848..d022c30 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -8,7 +8,7 @@ provider "awsutils" { module "s3_bucket" { source = "cloudposse/s3-bucket/aws" - version = "2.0.3" + version = "4.7.1" for_each = toset(["home", "extra"]) diff --git a/examples/vpc/main.tf b/examples/vpc/main.tf index 660fa31..19b4f76 100644 --- a/examples/vpc/main.tf +++ b/examples/vpc/main.tf @@ -51,7 +51,7 @@ module "security_group" { module "s3_bucket" { source = "cloudposse/s3-bucket/aws" - version = "2.0.3" + version = "4.7.1" acl = "private" enabled = true user_enabled = false diff --git a/examples/vpc/variables.tf b/examples/vpc/variables.tf index 598edb5..786a5cc 100644 --- a/examples/vpc/variables.tf +++ b/examples/vpc/variables.tf @@ -1,5 +1,5 @@ variable "region" { - type = string + type = string description = "The aws region the resources should be deployed" }