From 0dc660f4ba2d73c572425860c6ca51d06af6a84e Mon Sep 17 00:00:00 2001
From: Kris Johnstone <kris.johnstone@fostermoore.com>
Date: Wed, 20 Mar 2024 15:06:34 +1000
Subject: [PATCH] chore: upgrade dependencies

---
 deployment/aws/aws/db.tf              |  6 +++---
 deployment/aws/aws/kms.tf             | 15 +++++++++++++++
 deployment/aws/aws/net.tf             |  6 +++---
 deployment/aws/boundary/hosts.tf      | 13 ++++++-------
 deployment/aws/boundary/main.tf       |  2 +-
 deployment/aws/boundary/principles.tf | 18 ++++++------------
 deployment/aws/boundary/roles.tf      | 14 +++++++-------
 deployment/aws/boundary/targets.tf    |  8 ++++----
 deployment/aws/main.tf                |  8 ++++----
 9 files changed, 49 insertions(+), 41 deletions(-)

diff --git a/deployment/aws/aws/db.tf b/deployment/aws/aws/db.tf
index d86c6a9..b1f4b0b 100644
--- a/deployment/aws/aws/db.tf
+++ b/deployment/aws/aws/db.tf
@@ -3,11 +3,11 @@
 
 resource "aws_db_instance" "boundary" {
   allocated_storage   = 20
-  storage_type        = "gp2"
+  storage_type        = "gp3"
   engine              = "postgres"
-  engine_version      = "14.2"
+  engine_version      = "14.11"
   instance_class      = "db.t3.micro"
-  name                = "boundary"
+  db_name             = "boundary"
   username            = "boundary"
   password            = "boundarydemo"
   skip_final_snapshot = true
diff --git a/deployment/aws/aws/kms.tf b/deployment/aws/aws/kms.tf
index e093ac4..94d7deb 100644
--- a/deployment/aws/aws/kms.tf
+++ b/deployment/aws/aws/kms.tf
@@ -27,3 +27,18 @@ resource "aws_kms_key" "recovery" {
     Name = "${var.tag}-${random_pet.test.id}"
   }
 }
+
+resource "aws_kms_alias" "root" {
+  name          = "alias/boundary_root"
+  target_key_id = aws_kms_key.root.id
+}
+
+resource "aws_kms_alias" "worker_auth" {
+  name          = "alias/boundary_worker_auth"
+  target_key_id = aws_kms_key.worker_auth.id
+}
+
+resource "aws_kms_alias" "recovery" {
+  name          = "alias/boundary_recovery"
+  target_key_id = aws_kms_key.recovery.id
+}
diff --git a/deployment/aws/aws/net.tf b/deployment/aws/aws/net.tf
index 0fbedb2..141b8a9 100644
--- a/deployment/aws/aws/net.tf
+++ b/deployment/aws/aws/net.tf
@@ -48,9 +48,9 @@ resource "aws_subnet" "private" {
 }
 
 resource "aws_eip" "nat" {
-  count = var.num_subnets_private
-  vpc   = true
-  tags  = local.tags
+  count  = var.num_subnets_private
+  domain = "vpc"
+  tags   = local.tags
 }
 
 resource "aws_nat_gateway" "private" {
diff --git a/deployment/aws/boundary/hosts.tf b/deployment/aws/boundary/hosts.tf
index 90d9f35..c8386ad 100644
--- a/deployment/aws/boundary/hosts.tf
+++ b/deployment/aws/boundary/hosts.tf
@@ -1,26 +1,25 @@
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0
 
-resource "boundary_host_catalog" "backend_servers" {
+resource "boundary_host_catalog_static" "backend_servers" {
   name        = "backend_servers"
   description = "Web servers for backend team"
-  type        = "static"
   scope_id    = boundary_scope.core_infra.id
 }
 
-resource "boundary_host" "backend_servers" {
+resource "boundary_host_static" "backend_servers" {
   for_each        = var.target_ips
   type            = "static"
   name            = "backend_server_${each.value}"
   description     = "Backend server #${each.value}"
   address         = each.key
-  host_catalog_id = boundary_host_catalog.backend_servers.id
+  host_catalog_id = boundary_host_catalog_static.backend_servers.id
 }
 
-resource "boundary_host_set" "backend_servers" {
+resource "boundary_host_set_static" "backend_servers" {
   type            = "static"
   name            = "backend_servers"
   description     = "Host set for backend servers"
-  host_catalog_id = boundary_host_catalog.backend_servers.id
-  host_ids        = [for host in boundary_host.backend_servers : host.id]
+  host_catalog_id = boundary_host_catalog_static.backend_servers.id
+  host_ids        = [for host in boundary_host_static.backend_servers : host.id]
 }
diff --git a/deployment/aws/boundary/main.tf b/deployment/aws/boundary/main.tf
index e262a5a..3f59e0a 100644
--- a/deployment/aws/boundary/main.tf
+++ b/deployment/aws/boundary/main.tf
@@ -5,7 +5,7 @@ terraform {
   required_providers {
     boundary = {
       source  = "hashicorp/boundary"
-      version = "1.0.5"
+      version = "1.1.14"
     }
   }
 }
diff --git a/deployment/aws/boundary/principles.tf b/deployment/aws/boundary/principles.tf
index ef87b4f..d009f38 100644
--- a/deployment/aws/boundary/principles.tf
+++ b/deployment/aws/boundary/principles.tf
@@ -3,7 +3,7 @@
 
 resource "boundary_user" "backend" {
   for_each    = var.backend_team
-  name        = each.key
+  name        = lower(each.key)
   description = "Backend user: ${each.key}"
   account_ids = [boundary_account_password.backend_user_acct[each.value].id]
   scope_id    = boundary_scope.org.id
@@ -11,7 +11,7 @@ resource "boundary_user" "backend" {
 
 resource "boundary_user" "frontend" {
   for_each    = var.frontend_team
-  name        = each.key
+  name        = lower(each.key)
   description = "Frontend user: ${each.key}"
   account_ids = [boundary_account_password.frontend_user_acct[each.value].id]
   scope_id    = boundary_scope.org.id
@@ -19,7 +19,7 @@ resource "boundary_user" "frontend" {
 
 resource "boundary_user" "leadership" {
   for_each    = var.leadership_team
-  name        = each.key
+  name        = lower(each.key)
   description = "WARNING: Managers should be read-only"
   account_ids = [boundary_account_password.leadership_user_acct[each.value].id]
   scope_id    = boundary_scope.org.id
@@ -27,30 +27,24 @@ resource "boundary_user" "leadership" {
 
 resource "boundary_account_password" "backend_user_acct" {
   for_each       = var.backend_team
-  name           = each.key
-  description    = "User account for ${each.key}"
-  type           = "password"
   login_name     = lower(each.key)
+  description    = "User account for ${each.key}"
   password       = "foofoofoo"
   auth_method_id = boundary_auth_method.password.id
 }
 
 resource "boundary_account_password" "frontend_user_acct" {
   for_each       = var.frontend_team
-  name           = each.key
-  description    = "User account for ${each.key}"
-  type           = "password"
   login_name     = lower(each.key)
+  description    = "User account for ${each.key}"
   password       = "foofoofoo"
   auth_method_id = boundary_auth_method.password.id
 }
 
 resource "boundary_account_password" "leadership_user_acct" {
   for_each       = var.leadership_team
-  name           = each.key
-  description    = "User account for ${each.key}"
-  type           = "password"
   login_name     = lower(each.key)
+  description    = "User account for ${each.key}"
   password       = "foofoofoo"
   auth_method_id = boundary_auth_method.password.id
 }
diff --git a/deployment/aws/boundary/roles.tf b/deployment/aws/boundary/roles.tf
index 0fa5818..ef86f4c 100644
--- a/deployment/aws/boundary/roles.tf
+++ b/deployment/aws/boundary/roles.tf
@@ -7,9 +7,9 @@
 resource "boundary_role" "global_anon_listing" {
   scope_id = boundary_scope.global.id
   grant_strings = [
-    "id=*;type=auth-method;actions=list,authenticate",
+    "ids=*;type=auth-method;actions=list,authenticate",
     "type=scope;actions=list",
-    "id={{account.id}};actions=read,change-password"
+    "ids={{account.id}};actions=read,change-password"
   ]
   principal_ids = ["u_anon"]
 }
@@ -20,9 +20,9 @@ resource "boundary_role" "global_anon_listing" {
 resource "boundary_role" "org_anon_listing" {
   scope_id = boundary_scope.org.id
   grant_strings = [
-    "id=*;type=auth-method;actions=list,authenticate",
+    "ids=*;type=auth-method;actions=list,authenticate",
     "type=scope;actions=list",
-    "id={{account.id}};actions=read,change-password"
+    "ids={{account.id}};actions=read,change-password"
   ]
   principal_ids = ["u_anon"]
 }
@@ -33,7 +33,7 @@ resource "boundary_role" "org_admin" {
   scope_id       = boundary_scope.global.id
   grant_scope_id = boundary_scope.org.id
   grant_strings = [
-    "id=*;type=*;actions=*"
+    "ids=*;type=*;actions=*"
   ]
   principal_ids = concat(
     [for user in boundary_user.backend : user.id],
@@ -51,7 +51,7 @@ resource "boundary_role" "org_readonly" {
     boundary_group.leadership.id
   ]
   grant_strings = [
-    "id=*;type=*;actions=read"
+    "ids=*;type=*;actions=read"
   ]
   scope_id       = boundary_scope.global.id
   grant_scope_id = boundary_scope.org.id
@@ -64,7 +64,7 @@ resource "boundary_role" "project_admin" {
   scope_id       = boundary_scope.org.id
   grant_scope_id = boundary_scope.core_infra.id
   grant_strings = [
-    "id=*;type=*;actions=*"
+    "ids=*;type=*;actions=*"
   ]
   principal_ids = concat(
     [for user in boundary_user.backend : user.id],
diff --git a/deployment/aws/boundary/targets.tf b/deployment/aws/boundary/targets.tf
index 9206788..854f452 100644
--- a/deployment/aws/boundary/targets.tf
+++ b/deployment/aws/boundary/targets.tf
@@ -8,8 +8,8 @@ resource "boundary_target" "backend_servers_ssh" {
   scope_id                 = boundary_scope.core_infra.id
   session_connection_limit = -1
   default_port             = 22
-  host_set_ids = [
-    boundary_host_set.backend_servers.id
+  host_source_ids = [
+    boundary_host_set_static.backend_servers.id
   ]
 }
 
@@ -20,7 +20,7 @@ resource "boundary_target" "backend_servers_website" {
   scope_id                 = boundary_scope.core_infra.id
   session_connection_limit = -1
   default_port             = 8000
-  host_set_ids = [
-    boundary_host_set.backend_servers.id
+  host_source_ids = [
+    boundary_host_set_static.backend_servers.id
   ]
 }
diff --git a/deployment/aws/main.tf b/deployment/aws/main.tf
index 744f5ab..91d57f8 100644
--- a/deployment/aws/main.tf
+++ b/deployment/aws/main.tf
@@ -5,15 +5,15 @@ terraform {
   required_providers {
     aws = {
       source = "hashicorp/aws"
-      version = "~> 3.0"
+      version = "~> 5.41"
     }
   }
 }
 
 module "aws" {
-  source           = "./aws"
-  boundary_bin     = var.boundary_bin
-  pub_ssh_key_path = var.pub_ssh_key_path
+  source            = "./aws"
+  boundary_bin      = var.boundary_bin
+  pub_ssh_key_path  = var.pub_ssh_key_path
   priv_ssh_key_path = var.priv_ssh_key_path
 }