Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of docs: improve write-only attribute example into v1.11 #36620

Open
wants to merge 12 commits into
base: v1.11
Choose a base branch
from
Open

Backport of docs: improve write-only attribute example into v1.11 #36620

wants to merge 12 commits into from
+58 −19

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Mar 3, 2025

Backport

This PR is auto-generated from #36605 to be assessed for backporting due to the inclusion of the label 1.11-backport.

🚨

Warning automatic cherry-pick of commits failed. If the first commit failed,
you will see a blank no-op commit below. If at least one commit succeeded, you
will see the cherry-picked commits up to, not including, the commit where
the merge conflict occurred.

The person who merged in the original PR is:
@bschaatsbergen
This person should manually cherry-pick the original PR into a new backport PR,
and close this one when the manual backport PR is merged in.

merge conflict error: unable to process merge commit: "8e0f8bb468ad1d0b322ce79eaff4ec4e7f67878d", automatic backport requires rebase workflow

The below text is copied from the body of the original PR.

This PR makes a few improvements to the write-only arguments example configuration in the documentation. Along with fixing a couple of incorrect arguments—like the ephemeral resource name, the invalid db.t5.micro RDS instance type, and the use of admin as a reserved master username in RDS—this update also improves the workflow to better match what end users typically expect.

Without these changes, the example would not work and the password is essentially lost when it's generated and written to the database without a way to capture it for future use. The updated workflow now writes the ephemeral random_password to AWS Secret Manager using a write-only attribute, then retrieves it through an ephemeral aws_secretsmanager_secret_version resource (which is deferred to the apply stage due to a computed argument) and finally it securely passes the password into the write-only attribute of the aws_db_instance managed resource.

By making these changes, we're able to both capture the random password and securely pass it to the AWS RDS.

Overview of commits

@github-actions github-actions bot force-pushed the backport/write-only-docs/closely-renewed-grouper branch from 78f2b6c to df74ba2 Compare March 3, 2025 22:01
@github-actions github-actions bot requested a review from bschaatsbergen March 3, 2025 22:02
@rkoron007 rkoron007 marked this pull request as ready for review March 3, 2025 22:32
@rkoron007 rkoron007 requested review from a team as code owners March 3, 2025 22:32
@rkoron007 rkoron007 requested a review from pbortnick March 3, 2025 22:32
@bschaatsbergen
Copy link
Member

Waiting before we manually back port this, to include #36621

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bschaatsbergen bschaatsbergen bschaatsbergen approved these changes

@pbortnick pbortnick Awaiting requested review from pbortnick pbortnick is a code owner automatically assigned from hashicorp/web-presence

At least 1 approving review is required to merge this pull request.

Assignees

@bschaatsbergen bschaatsbergen

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@bschaatsbergen