Skip to content

fix: adjust logic to address manage_master_user_password variable bugs #131

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Aug 13, 2025
Merged

fix: adjust logic to address manage_master_user_password variable bugs #131

merged 5 commits into from
Aug 13, 2025

Conversation

@RoseSecurity
Copy link
Contributor

@RoseSecurity RoseSecurity commented Aug 12, 2025
edited
Loading

what and why

  • This PR fixes critical bugs created when the manage_master_user_password variable was introduced. The first bug caused a Terraform error where the master_password output attempted to join a null value when AWS was managing the password, failing with "Invalid function argument: cannot concatenate null values."
  • These fixes ensure that when manage_master_user_password = null (default), random passwords are created and stored in SSM as expected, and when manage_master_user_password = true, AWS manages the password without attempting to expose it in Terraform outputs or store it in SSM, maintaining both backward compatibility and the intended security

bug

│ Error: Invalid function argument

│   on .terraform/modules/documentdb/outputs.tf line 7, in output "master_password":
│    7:   value       = var.manage_master_user_password != null ? join("", aws_docdb_cluster.default[*].master_password) : null
│     ├────────────────
│     │ while calling join(separator, lists...)
│     │ aws_docdb_cluster.default is tuple with 1 element

│ Invalid value for "lists" parameter: element 0 is null; cannot concatenate null values.

references

@RoseSecurity RoseSecurity requested review from a team as code owners August 12, 2025 18:26
@mergify mergify bot added the triage Needs triage label Aug 12, 2025
@RoseSecurity
fix(auth): update master password management logic
80c8c5d 
Change the `manage_master_user_password` variable to use `null` as the
default value instead of `false` and add validation to ensure it can only
be set to `true` or `null`. Update related logic in password creation.
@RoseSecurity
fix: update logic for master password creation
18f6423
@RoseSecurity
fix: update output logic
1df1a24
@RoseSecurity
Copy link
Contributor Author

RoseSecurity commented Aug 12, 2025

/terratest

@RoseSecurity RoseSecurity added patch A minor, backward compatible change bugfix Change that restores intended behavior labels Aug 12, 2025
@RoseSecurity RoseSecurity mentioned this pull request Aug 12, 2025
Closed
@tdinunzio-trayport
Copy link
Contributor

tdinunzio-trayport commented Aug 13, 2025

This looks good to me. Tested in my environment and works as expected.

@gberenice gberenice merged commit bf9b357 into main Aug 13, 2025
15 checks passed
@gberenice gberenice deleted the refactor-manage-master-user-password-logic branch August 13, 2025 12:49
@mergify mergify bot removed the triage Needs triage label Aug 13, 2025
@github-actions
Copy link

github-actions bot commented Aug 13, 2025

These changes were released in v0.30.2.

@RoseSecurity RoseSecurity mentioned this pull request Oct 9, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gberenice gberenice gberenice approved these changes

@joe-niland joe-niland Awaiting requested review from joe-niland joe-niland is a code owner automatically assigned from cloudposse/contributors

@nitrocode nitrocode Awaiting requested review from nitrocode nitrocode is a code owner automatically assigned from cloudposse/contributors

Assignees

No one assigned

Labels

bugfix Change that restores intended behavior patch A minor, backward compatible change

Projects

None yet

Milestone

No milestone

4 participants

@RoseSecurity @tdinunzio-trayport @gberenice