I am using the aws provider and trying to create an aws_workspaces_workspace with encrypted volumes.
I created an aws_kms_key with an associated alias (aws_kms_alias).
I specified the key alias (as a string) for volume_encryption_key.
The resource is created as expected and I can verify in the console that the volumes are encrypted with the specified key.
My issue is that every time I re-run terraform apply, terraform reports that the aws_workspaces_workspace needs to be replaced because of an update in the key value (from a key id to the alias)
How can I prevent this form happening? Is this a bug? Am I doing something incorrectly? Some of the relevant code is below.
resource "aws_workspaces_workspace" "workspace" {
directory_id = aws_workspaces_directory.ws-ad.id
bundle_id = var.bundle_id
user_name = var.username
root_volume_encryption_enabled = true
user_volume_encryption_enabled = true
volume_encryption_key = "alias/workspace-volume"
workspace_properties {
compute_type_name = "POWER"
user_volume_size_gib = 80
root_volume_size_gib = 50
running_mode = "AUTO_STOP"
running_mode_auto_stop_timeout_in_minutes = 60
}
}
resource "aws_kms_key" "kms-ws-volume" {
description = "Workspace Volume Encryption Key"
key_usage = "ENCRYPT_DECRYPT"
deletion_window_in_days = 30
is_enabled = true
}
resource "aws_kms_alias" "kms-ws-volume-alias" {
name = "alias/workspace-volume"
target_key_id = aws_kms_key.kms-ws-volume.key_id
}
Here's what terraform apply reports:
# aws_workspaces_workspace.workspace["1"] must be replaced
-/+ resource "aws_workspaces_workspace" "workspace" {
~ computer_name = "WSAMZN-T34E23BK" -> (known after apply)
~ id = "ws-v98b0y17z" -> (known after apply)
~ ip_address = "10.0.0.45" -> (known after apply)
~ state = "STOPPED" -> (known after apply)
tags = {
"Name" = "workspace-user1-env1"
"Owner" = "mario"
"Profile" = "dev"
"Stack" = "env1"
}
~ volume_encryption_key = "arn:aws:kms:us-west-2:927743275319:key/09de3db9-ecdd-4be1-a781-705fdd0294f9" -> "alias/workspace-volume" # forces replacement
# (6 unchanged attributes hidden)
# (1 unchanged block hidden)
}
Use the ARN of the key: aws_kms_key.kms-ws-volume.arn
volume_encryption_key is storing the ARN of the key, and therefore the plan detects a change.
The example on https://registry.terraform.io/providers/hcavarsan/aws/latest/docs/resources/workspaces_workspace might be misleading in this regard, despite an alias will also work.
Something similar happens with kms_key_id of aws_instance, in that it stores the ARN and not the key_id , and the plan always requires a volume replacement when using key_id instead of ARN. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#kms_key_id
Related
I'm trying to assign the Object ID of my User_Managed_Identity to the KeyVault_Access_Policy
The Managed_Identity will need to Get & List the Certificates from my KeyVault. I've been following Terraform Documentation.
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment
# User Assigned Identity
resource "azurerm_user_assigned_identity" "user_assigned_identity" {
location = "west europe"
name = "Identity_Name"
resource_group_name = "Resource_Group_Name"
}
# Access Policy
data "azurerm_client_config" "example" {
}
resource "azurerm_key_vault_access_policy" "access_policy" {
key_vault_id = "000000-000000-000000-000000"
tenant_id = data.azurerm_client_config.example.tenant_id
object_id = azurerm_user_assigned_identity.user_assigned_identity.id
certificate_permissions = [
"Get","List",
]
}
I'm getting the following error:
Error: expected "object_id" to be a valid UUID, got /subscriptions/0000000-0000-0000-0000-0000000000/resourceGroups/Resource_Group_Name/providers/Microsoft.ManagedIdentity/userAssignedIdentities/Identity_Name
I'd think it should be:
azurerm_user_assigned_identity.user_assigned_identity.principal_id
what you are doing right now - is using resource id, not object id
I am preparing to deploy Aurora MySQL Cluster, I have defined the following in the “variable.tf” under root:
variable "db_subnet_id" {
type = list
description = `DB Subnet IDs`
default = [“subnet-02ddc8565555aaa9b”,“subnet-1d30f3a41ce19635d”] #db-sub-eu-central-1a , db-sub-eu-central-1b
}
variable `db-sg` {
type = list
description = “List of standard security groups”
default = [`“sg-00cfed28101ea95ab”,“sg-08017f86bc12348e8”,“sg-0e8c67c7a3cd79a79”`]
}
variable `db_az` {
type = list
description = “Frankfurt Availability Zones”
default = [“eu-central-1a”,“eu-central-1b”]
}
how can I use those variables with the following parameters:
availability_zones
db_subnet_group_name
vpc_security_group_ids
I have tried to use this vailability_zones = var.db_az[count.index] but the following error shows up:
The “count” object can only be used in “module”, “resource”, and “data” blocks, and only when the “count” argument is set.
please advise, how can I use those variables with those parameters ?
Thanks
My rank command is working fine, iv been trying to add the ability to !rank #user. As you can see i have code there to grab the mentioned user, so it will display the mentioned users name and profile pic but my points (because they are requested from message.author) I'm just unsure how i should get the points from the database for the mentioned user. Any help or advice would be amazing, thanks!
(my database is SQLite)
const member = message.mentions.members.first() || message.member || message.guild.members.cache.get(args[0])
score = bot.getScore.get(message.author.id, message.guild.id);
if (!score) {
score = {
id: `${message.guild.id}-${message.author.id}`,
user: message.author.id,
guild: message.guild.id,
points: 0,
level: 1,
};
}
let curxp = score.points;
let curlvl = score.level;
let nxtLvlXp = curlvl * 300;
let difference = nxtLvlXp - curxp;
const embed = new Discord.RichEmbed()
.setTitle("XP / LEVEL")
.setDescription(member.user.tag)
.setThumbnail(member.user.displayAvatarURL)
.setColor(cyan)
.addField('**' + "Level" + '**', curlvl, true)
.addField('**' + "XP" + '**', curxp, true)
.setFooter(`${difference} XP til next level up`, bot.user.displayAvatarURL);
return message.channel.send({ embed });
You pretty much already have it
Instead of using message.author.id for the first argument why not just use the member variable which gives the final member?
Also you should have message.guild.members.cache.get(args[0]) before message.member, since message.member will always exist unless in a DM Channel.
const member = message.mentions.members.first() || message.guild.members.cache.get(args[0]) || message.member;
score = bot.getScore.get(member.id, message.guild.id);
Here is the configuration options i am using.
storage.backend=cassandra
storage.hostname=192.168.56.121
storage.cassandra.keyspace=graphs
cache.db-cache = false
cache.db-cache-clean-wait = 20
index.search.backend=elasticsearch
index.search.hostname=192.168.56.122
index.search.elasticsearch.client-only=true
index.search.index-name=graphs
TitanGraph graph = GraphFactory.getInstance().getGraph();
TitanManagement mgmt = null;
try {
mgmt = graph.openManagement();
PropertyKey name = mgmt.getPropertyKey(Schema.NAME);
if (name == null) {
name = mgmt.makePropertyKey(Schema.NAME).dataType(String.class).make();
}
TitanGraphIndex graphIndex = mgmt.getGraphIndex("byName");
if (graphIndex == null) {
IndexBuilder builder = mgmt.buildIndex("byName", Vertex.class).addKey(name);
builder.buildCompositeIndex();
}
PropertyKey id = mgmt.getPropertyKey(Schema.ID);
if (id == null) {
id = mgmt.makePropertyKey(Schema.ID).dataType(Long.class).make();
}
PropertyKey sourceType = mgmt.getPropertyKey(Schema.SOURCE_TYPE);
if (sourceType == null) {
sourceType = mgmt.makePropertyKey(Schema.SOURCE_TYPE).dataType(String.class).make();
}
TitanGraphIndex uniqueIndex = mgmt.getGraphIndex("uniqueIndex");
if (uniqueIndex == null) {
IndexBuilder builder = mgmt.buildIndex("uniqueIndex", Vertex.class).addKey(id).addKey(sourceType);
builder.unique().buildCompositeIndex();
}
// Edges
EdgeLabel deps = mgmt.getEdgeLabel("deps");
if (deps == null) {
deps = mgmt.makeEdgeLabel("deps").multiplicity(Multiplicity.SIMPLE).make();
}
RelationTypeIndex depsIndex = mgmt.getRelationIndex(deps, "depsIndex");
if(depsIndex == null) {
depsIndex = mgmt.buildEdgeIndex(deps, "depsIndex", Direction.BOTH, Order.decr);
}
mgmt.commit();
// Re index the existing data
if (reIndexData) {
mgmt = graph.openManagement();
mgmt.updateIndex(mgmt.getGraphIndex("uniqueIndex"), SchemaAction.REINDEX).get();
mgmt.updateIndex(mgmt.getGraphIndex("byName"), SchemaAction.REINDEX).get();
deps = mgmt.getEdgeLabel("deps");
mgmt.updateIndex(mgmt.getRelationIndex(deps,"depsIndex"), SchemaAction.REINDEX).get();
mgmt.commit();
}
} catch (Throwable e) {
log.error(e.getMessage(), e);
if (mgmt != null) {
mgmt.rollback();
}
}
I have created lots of documents and every thing is working fine. But when i observed the number document available in the elastic search is 0.
I am wondered whether titan db really using the elastic search or not.
Any idea what i am missing here ? And why documents are not getting created in elastic search.
And i also tried the belown configuration as well but no luck
storage.backend=cassandra
storage.hostname=192.168.56.121
storage.cassandra.keyspace=graphs
cache.db-cache = false
cache.db-cache-clean-wait = 20
index.graphs.backend=elasticsearch
index.graphs.hostname=192.168.56.122
index.graphs.elasticsearch.client-only=true
index.graphs.index-name=graphs
Titan uses storage backend (cassandra/hbase) for Composite Index and index backend (Solr/Elastic Search) for Mixed Index
Mixed indexes retrieve vertices or edges by any combination of previously added property keys. Mixed indexes provide more flexibility than composite indexes and support additional condition predicates beyond equality. On the other hand, mixed indexes are slower for most equality queries than composite indexes.
Unlike composite indexes, mixed indexes require the configuration of an indexing backend and use that indexing backend to execute lookup operations. Titan can support multiple indexing backends in a single installation. Each indexing backend must be uniquely identified by name in the Titan configuration which is called the indexing backend name.
In you schema you are creating only composite index. That's why there is not data in ElasticSearch.
Here is a example how to create a mixed index :
IndexBuilder builder = mgmt.buildIndex('byName', Vertex.class).addKey(name);
builder.buildMixedIndex("search");
mgmt.commit();
Read More
Source : http://s3.thinkaurelius.com/docs/titan/1.0.0/indexes.html
I've added this block to radiusd.conf
sqlcounter monthlytrafficcounter {
vcounter-name = Monthly-Traffic
check-name = Max-Monthly-Traffic
reply-name = Monthly-Traffic-LIMIT
sqlmod-inst = SQL
key = User-Name
reset = monthly
query = "SELECT SUM(acctinputoctets + acctoutputoctets) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) > '%b'"
}
and added the ditrctionary
ATTRIBUTE Max-Monthly-Traffic 3003 integer
ATTRIBUTE Monthly-Traffic-Limit 3004 integer
then added monthlytrafficcounter to authorize in /etc/freeradius/sites-enabled/default
but it doesn't work
The Max-Monthly-Traffic is defined in MySQL table radgroupcheck and the users has added to the group in radusergroup
Although a user has reached the traffic limit, he still can be authorized by FreeRadius:
http://i.stack.imgur.com/RIVsZ.jpg
Try moving your radiusd.conf block to sql/mysql/counter.conf