aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Backport of rdp(test): Change password retrieval for race condition into release/0.21.x (#6350)

Browse Source 
* backport of commit bdaa32e875

* backport of commit 6d06020b17

* backport of commit b69aa9424a

---------

Co-authored-by: dillanb-hashi <dillan.butler@hashicorp.com>
pull/6359/head
hc-github-team-secure-boundary 3 months ago committed by GitHub
parent 73220ce4a9
commit 11949d4b4d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 6 additions and 11 deletions
Show Stats Download Patch File Download Diff File

4
enos/modules/aws_rdp_domain_controller/main.tf
Unescape View File

@ -439,10 +439,6 @@ resource "aws_instance" "domain_controller" {
}
}
locals {
password = rsadecrypt(aws_instance.domain_controller.password_data, tls_private_key.rsa_4096_key.private_key_pem)
}
resource "local_sensitive_file" "private_key" {
depends_on = [tls_private_key.rsa_4096_key]

3
enos/modules/aws_rdp_domain_controller/outputs.tf
Unescape View File

@ -24,7 +24,8 @@ output "admin_username" {
output "password" {
description = "This is the decrypted administrator password for the EC2 instance"
value = nonsensitive(local.password)
value = nonsensitive(rsadecrypt(aws_instance.domain_controller.password_data, tls_private_key.rsa_4096_key.private_key_pem))
}
output "ssh_private_key" {

1
enos/modules/aws_rdp_member_server/main.tf
Unescape View File

@ -245,7 +245,6 @@ ${var.domain_admin_password}
}
locals {
password = rsadecrypt(aws_instance.member_server.password_data, file(var.domain_controller_private_key))
private_key = abspath(var.domain_controller_private_key)
}

3
enos/modules/aws_rdp_member_server/outputs.tf
Unescape View File

@ -25,7 +25,8 @@ output "admin_username" {
output "password" {
description = "This is the decrypted administrator password for the EC2 instance"
value = local.password
value = nonsensitive(rsadecrypt(aws_instance.member_server.password_data, file(var.domain_controller_private_key)))
}
output "domain_hostname" {

1
enos/modules/aws_rdp_member_server_with_worker/main.tf
Unescape View File

@ -262,7 +262,6 @@ ${var.domain_admin_password}
}
locals {
admin_password = rsadecrypt(aws_instance.worker.password_data, file(var.domain_controller_private_key))
private_key = abspath(var.domain_controller_private_key)
boundary_cli_zip_path = var.boundary_cli_zip_path != "" ? abspath(var.boundary_cli_zip_path) : ""
test_dir = "C:/Test/" # needs to end in a / to ensure it creates the directory

2
enos/modules/aws_rdp_member_server_with_worker/outputs.tf
Unescape View File

@ -26,5 +26,5 @@ output "admin_username" {
// This is the decrypted administrator password for the EC2 instance
output "admin_password" {
description = "Decrpted admin password for the EC2 instance"
value = nonsensitive(local.admin_password)
value = nonsensitive(rsadecrypt(aws_instance.worker.password_data, file(var.domain_controller_private_key)))
}

1
enos/modules/aws_windows_client/main.tf
Unescape View File

@ -275,7 +275,6 @@ resource "aws_instance" "client" {
}
locals {
admin_password = rsadecrypt(aws_instance.client.password_data, tls_private_key.rsa-4096-key.private_key_pem)
boundary_cli_zip_path = var.boundary_cli_zip_path != "" ? abspath(var.boundary_cli_zip_path) : ""
test_dir = "C:/Test/" # needs to end in a / to ensure it creates the directory
}

2
enos/modules/aws_windows_client/outputs.tf
Unescape View File

@ -26,7 +26,7 @@ output "admin_username" {
// This is the decrypted administrator password for the EC2 instance
output "admin_password" {
description = "The password for the administrator account"
value = nonsensitive(local.admin_password)
value = nonsensitive(rsadecrypt(aws_instance.client.password_data, tls_private_key.rsa-4096-key.private_key_pem))
}
output "test_username" {

Write Preview
Loading…
Cancel
Save