Skip to content

Commit f401d2e

Browse files
blakeneyopsblakeneyops
committed
Added regex filters to s3_bucket and prefix inputs
1 parent ec18440 commit f401d2e

File tree

4 files changed

+9
-9
lines changed

4 files changed

+9
-9
lines changed

certs/main.tf

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -35,8 +35,8 @@ resource "aws_iam_role_policy" "s3_certs_ro" {
3535
"s3:Get*"
3636
],
3737
"Resource": [
38-
"arn:aws:s3:::${var.s3_bucket}/${var.s3_bucket_prefix}",
39-
"arn:aws:s3:::${var.s3_bucket}/${var.s3_bucket_prefix}/*"
38+
"arn:aws:s3:::${replace(var.s3_bucket,"/(\/)+$/","")}/${replace(var.s3_bucket_prefix,"/^(\/)+|(\/)+$/","")}",
39+
"arn:aws:s3:::${replace(var.s3_bucket,"/(\/)+$/","")}/${replace(var.s3_bucket_prefix,"/^(\/)+|(\/)+$/","")}/*"
4040
]
4141
},
4242
{
@@ -45,7 +45,7 @@ resource "aws_iam_role_policy" "s3_certs_ro" {
4545
"s3:List*"
4646
],
4747
"Resource": [
48-
"arn:aws:s3:::${var.s3_bucket}"
48+
"arn:aws:s3:::${replace(var.s3_bucket,"/(\/)+$/","")}"
4949
]
5050
}
5151
]

certs/templates/user_data.tpl

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
#cloud-config
22
runcmd:
3-
- echo "OPENVPN_CERT_SOURCE=s3://${s3_bucket}/${s3_bucket_prefix}" > /etc/openvpn/get-openvpn-certs.env
3+
- echo "OPENVPN_CERT_SOURCE=s3://${replace(s3_bucket,"/(\/)+$/","")}/${replace(s3_bucket_prefix,"/^(\/)+|(\/)+$/","")}" > /etc/openvpn/get-openvpn-certs.env
44
- echo "push \"route $(ip route get 8.8.8.8| grep src| sed 's/.*src \(.*\)$/\1/g') 255.255.255.255 net_gateway\"" >> /etc/openvpn/server.conf
55
- echo "push \"route ${cidrhost(element(split(",",route_cidrs),1), 0)} ${cidrnetmask(element(split(",",route_cidrs),1))}\"" >> /etc/openvpn/server.conf
66
- echo "push \"route ${cidrhost(element(split(",",route_cidrs),2), 0)} ${cidrnetmask(element(split(",",route_cidrs),2))}\"" >> /etc/openvpn/server.conf

generate-certs/main.tf

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -36,8 +36,8 @@ resource "aws_iam_role_policy" "s3_certs_rw" {
3636
"s3:PutObject"
3737
],
3838
"Resource": [
39-
"arn:aws:s3:::${var.s3_bucket}",
40-
"arn:aws:s3:::${var.s3_bucket}/*"
39+
"arn:aws:s3:::${replace(var.s3_bucket,"/(\/)+$/","")}",
40+
"arn:aws:s3:::${replace(var.s3_bucket,"/(\/)+$/","")}/*"
4141
]
4242
},
4343
{
@@ -46,7 +46,7 @@ resource "aws_iam_role_policy" "s3_certs_rw" {
4646
"s3:List*"
4747
],
4848
"Resource": [
49-
"arn:aws:s3:::${var.s3_bucket}"
49+
"arn:aws:s3:::${replace(var.s3_bucket,"/(\/)+$/","")}"
5050
]
5151
}
5252
]

generate-certs/templates/user_data.tpl

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,9 +3,9 @@ manage_etc_hosts: True
33

44
runcmd:
55
- echo "S3_REGION=\"${region}\"" > /etc/default/openvpn-cert-generator
6-
- echo "S3_CERT_ROOT_PATH=\"s3://${s3_bucket}/\"" >> /etc/default/openvpn-cert-generator
6+
- echo "S3_CERT_ROOT_PATH=\"s3://${replace(s3_bucket,"/(\/)+$/","")}/\"" >> /etc/default/openvpn-cert-generator
77
- echo "KEY_SIZE=${cert_key_size}" >> /etc/default/openvpn-cert-generator
8-
- echo "S3_DIR_OVERRIDE=\"${s3_dir_override}\"" >> /etc/default/openvpn-cert-generator
8+
- echo "S3_DIR_OVERRIDE=\"${replace(s3_bucket_prefix,"/^(\/)+|(\/)+$/","")}\"" >> /etc/default/openvpn-cert-generator
99
- echo "KEY_CITY=\"${key_city}\"" >> /etc/default/openvpn-cert-generator
1010
- echo "KEY_ORG=\"${key_org}\"" >> /etc/default/openvpn-cert-generator
1111
- echo "KEY_EMAIL=\"${key_email}\"" >> /etc/default/openvpn-cert-generator

0 commit comments

Comments
 (0)