feat: allow random auth token variable as an option #202

travertischio · 2023-06-14T00:38:39Z

what

Add a two variables create_random_auth_token and random_auth_token_length that would be used to generate a random auth token that is stored in terraform state and used as the auth_token for redis

why

Currently users of this module need to either handle the auth_token through something more secret outside of this module or commit the auth_token directly to their terraform variables. This random password path is a highly used pattern for modules like this one

goruha · 2023-06-21T09:13:01Z

@travertischio
Terraform lint failed.

Could you please fix this issue

  Missing version constraint for provider "random" in `required_providers`
  
  Raw Output:
  main.tf:36:1: warning: Missing version constraint for provider "random" in `required_providers` ()

goruha · 2023-06-21T09:13:56Z

@Nuru @aknysh @Benbentwo @milldr
What do you think about a random auth token for Redis module?

goruha · 2023-06-22T13:30:47Z

@travertischio
May I ask you to update README by running the following commands on your local

make init
make readme

Thanks.

travertischio · 2023-07-11T16:20:11Z

@goruha I think this should be good now

travertischio · 2023-07-24T16:56:08Z

@goruha thank you, it looks like i'm now waiting on #204 before the CI will pass

travertischio · 2023-08-24T20:29:44Z

@goruha any movement on getting the README fixed in master?

@nitrocode

* Plumb through data_tiering_enabled (#2) ## what * Introduce var.data_tiering_enabled and plumb it through to the aws provider ## why * We need to set `data_tiering_enabled` true to provision our desired node type [![DEVOPS-2155](https://img.shields.io/badge/DEVOPS-2155-blue.svg)](https://teikametrics.atlassian.net/browse/DEVOPS-2155) * This flag `data_tiering_enabled` doesn't currently exist in the `terraform-aws-elasticache-redis` module * After verifying this change, we plan to send it back upstream in a PR to https://github.com/cloudposse/terraform-aws-elasticache-redis ## testing Against @teikametrics/bid-orchestrator#202, made locally the following changes: ```diff diff --git a/terraform-redis-bidder-common/redis.tf b/terraform-redis-bidder-common/redis.tf index fc582ae..1bdb9df 100644 --- a/terraform-redis-bidder-common/redis.tf +++ b/terraform-redis-bidder-common/redis.tf @@ -48,7 +48,7 @@ resource "random_password" "password" { module "redis" { # https://registry.terraform.io/modules/cloudposse/elasticache-redis/aws/latest # source = "cloudposse/elasticache-redis/aws" ## FIXME: DEVOPS-2155 - source = "git@github.com:teikametrics/terraform-aws-elasticache-redis.git" + source = "git@github.com:teikametrics/terraform-aws-elasticache-redis.git?ref=bml.DEVOPS-2155.cloudposse-fork-data-tiering" # Auth token for password protecting redis, `transit_encryption_enabled` must be set to `true`. auth_token = random_password.password.result name = var.redis_name @@ -63,7 +63,7 @@ module "redis" { automatic_failover_enabled = var.redis_automatic_failover cluster_size = var.redis_cluster_size # Must be set to true to enable data tiering - # data_tiering_enabled = var.redis_data_tiering ## FIXME: DEVOPS-2155 + data_tiering_enabled = var.redis_data_tiering # The instance class used --> https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html instance_type = var.redis_instance_type # Apply changes immediately ``` Staging plan reports no changes (because `redis_data_tiering` is false in staging); production plan reports the same currently-unapplied changes as before, plus including `data_tiering_enabled`. Previously the plan errored out as this module did not support the flag. ## terraform plans ### Staging `tm-terraform staging staging plan` ``` No changes. Infrastructure is up-to-date. ``` ### Production `tm-terraform production production plan` ``` Terraform will perform the following actions: # module.redis.aws_elasticache_parameter_group.default[0] will be updated in-place ~ resource "aws_elasticache_parameter_group" "default" { id = "bidder-redis-cluster-production" name = "bidder-redis-cluster-production" ~ tags = { + "Name" = "bidder-redis-cluster-production" + "teikametrics.com/app" = "bid-orchestrator" + "teikametrics.com/deploy/stage" = "production" + "teikametrics.com/name" = "bidder-redis-cluster-production" + "teikametrics.com/team" = "artificial-intelligence" + "teikametrics.com/terraform/gitpath" = "teikametrics/bid-orchestrator/terraform-redis" } ~ tags_all = { + "Name" = "bidder-redis-cluster-production" + "teikametrics.com/app" = "bid-orchestrator" + "teikametrics.com/deploy/stage" = "production" + "teikametrics.com/name" = "bidder-redis-cluster-production" + "teikametrics.com/team" = "artificial-intelligence" + "teikametrics.com/terraform/gitpath" = "teikametrics/bid-orchestrator/terraform-redis" } # (3 unchanged attributes hidden) # (1 unchanged block hidden) } # module.redis.aws_elasticache_replication_group.default[0] will be created + resource "aws_elasticache_replication_group" "default" { + apply_immediately = true + arn = (known after apply) + at_rest_encryption_enabled = false + auth_token = (sensitive value) + auto_minor_version_upgrade = (known after apply) + automatic_failover_enabled = true + cluster_enabled = (known after apply) + configuration_endpoint_address = (known after apply) + data_tiering_enabled = true + description = "bidder-redis-cluster-production" + engine = "redis" + engine_version = "6.x" + engine_version_actual = (known after apply) + global_replication_group_id = (known after apply) + id = (known after apply) + maintenance_window = "sun:03:00-sun:04:00" + member_clusters = (known after apply) + multi_az_enabled = false + node_type = "cache.r6gd.xlarge" + num_cache_clusters = (known after apply) + num_node_groups = 2 + number_cache_clusters = (known after apply) + parameter_group_name = "bidder-redis-cluster-production" + port = 6379 + primary_endpoint_address = (known after apply) + reader_endpoint_address = (known after apply) + replicas_per_node_group = 1 + replication_group_description = (known after apply) + replication_group_id = "bidder-redis-cluster-production" + security_group_ids = (known after apply) + security_group_names = (known after apply) + snapshot_retention_limit = 7 + snapshot_window = "04:00-05:00" + subnet_group_name = "bidder-redis-cluster-production" + tags = { + "Name" = "bidder-redis-cluster-production" + "teikametrics.com/app" = "bid-orchestrator" + "teikametrics.com/deploy/stage" = "production" + "teikametrics.com/name" = "bidder-redis-cluster-production" + "teikametrics.com/team" = "artificial-intelligence" + "teikametrics.com/terraform/gitpath" = "teikametrics/bid-orchestrator/terraform-redis" } + tags_all = { + "Name" = "bidder-redis-cluster-production" + "teikametrics.com/app" = "bid-orchestrator" + "teikametrics.com/deploy/stage" = "production" + "teikametrics.com/name" = "bidder-redis-cluster-production" + "teikametrics.com/team" = "artificial-intelligence" + "teikametrics.com/terraform/gitpath" = "teikametrics/bid-orchestrator/terraform-redis" } + transit_encryption_enabled = true + cluster_mode { + num_node_groups = (known after apply) + replicas_per_node_group = (known after apply) } } # module.redis.aws_elasticache_subnet_group.default[0] will be updated in-place ~ resource "aws_elasticache_subnet_group" "default" { ~ description = "Managed by Terraform" -> "Elasticache subnet group for bidder-redis-cluster-production" id = "bidder-redis-cluster-production" name = "bidder-redis-cluster-production" ~ tags = { + "Name" = "bidder-redis-cluster-production" + "teikametrics.com/app" = "bid-orchestrator" + "teikametrics.com/deploy/stage" = "production" + "teikametrics.com/name" = "bidder-redis-cluster-production" + "teikametrics.com/team" = "artificial-intelligence" + "teikametrics.com/terraform/gitpath" = "teikametrics/bid-orchestrator/terraform-redis" } ~ tags_all = { + "Name" = "bidder-redis-cluster-production" + "teikametrics.com/app" = "bid-orchestrator" + "teikametrics.com/deploy/stage" = "production" + "teikametrics.com/name" = "bidder-redis-cluster-production" + "teikametrics.com/team" = "artificial-intelligence" + "teikametrics.com/terraform/gitpath" = "teikametrics/bid-orchestrator/terraform-redis" } # (2 unchanged attributes hidden) } # module.redis.module.aws_security_group.aws_security_group.cbd[0] will be created + resource "aws_security_group" "cbd" { + arn = (known after apply) + description = "Security group for Elasticache Redis" + egress = (known after apply) + id = (known after apply) + ingress = (known after apply) + name = (known after apply) + name_prefix = "bidder-redis-cluster-production-" + owner_id = (known after apply) + revoke_rules_on_delete = false + tags = { + "Name" = "bidder-redis-cluster-production" + "teikametrics.com/app" = "bid-orchestrator" + "teikametrics.com/deploy/stage" = "production" + "teikametrics.com/name" = "bidder-redis-cluster-production" + "teikametrics.com/team" = "artificial-intelligence" + "teikametrics.com/terraform/gitpath" = "teikametrics/bid-orchestrator/terraform-redis" } + tags_all = { + "Name" = "bidder-redis-cluster-production" + "teikametrics.com/app" = "bid-orchestrator" + "teikametrics.com/deploy/stage" = "production" + "teikametrics.com/name" = "bidder-redis-cluster-production" + "teikametrics.com/team" = "artificial-intelligence" + "teikametrics.com/terraform/gitpath" = "teikametrics/bid-orchestrator/terraform-redis" } + vpc_id = "vpc-0134131a45fbf70e6" + timeouts { + create = "10m" + delete = "15m" } } # module.redis.module.aws_security_group.aws_security_group_rule.keyed["_allow_all_egress_"] will be created + resource "aws_security_group_rule" "keyed" { + cidr_blocks = [ + "0.0.0.0/0", ] + description = "Allow all egress" + from_port = 0 + id = (known after apply) + ipv6_cidr_blocks = [ + "::/0", ] + prefix_list_ids = [] + protocol = "-1" + security_group_id = (known after apply) + self = false + source_security_group_id = (known after apply) + to_port = 0 + type = "egress" } # module.redis.module.aws_security_group.aws_security_group_rule.keyed["extra[0]"] will be created + resource "aws_security_group_rule" "keyed" { + cidr_blocks = [ + "10.76.0.0/16", + "10.60.0.0/16", + "10.78.0.0/16", + "10.30.0.0/16", ] + description = "Allow TCP inbound traffic on port 6379 from Convox and the vpc which is hosting this redis." + from_port = 6379 + id = (known after apply) + prefix_list_ids = [] + protocol = "tcp" + security_group_id = (known after apply) + self = false + source_security_group_id = (known after apply) + to_port = 6379 + type = "ingress" } # module.redis.module.security_group.aws_security_group.default[0] will be destroyed - resource "aws_security_group" "default" { - arn = "arn:aws:ec2:us-east-1:659641375152:security-group/sg-02edcb2360f6895b0" -> null - description = "ElastiCache Security Group" -> null - egress = [ - { - cidr_blocks = [ - "0.0.0.0/0", ] - description = "Allow all outbound traffic" - from_port = 0 - ipv6_cidr_blocks = [] - prefix_list_ids = [] - protocol = "-1" - security_groups = [] - self = false - to_port = 0 }, ] -> null - id = "sg-02edcb2360f6895b0" -> null - ingress = [ - { - cidr_blocks = [ - "10.76.0.0/16", - "10.60.0.0/16", - "10.78.0.0/16", - "10.30.0.0/16", ] - description = "Allow TCP inbound traffic on port 6379 from Convox and the vpc which is hosting this redis." - from_port = 6379 - ipv6_cidr_blocks = [] - prefix_list_ids = [] - protocol = "tcp" - security_groups = [] - self = false - to_port = 6379 }, ] -> null - name = "bidder-redis-cluster-production" -> null - owner_id = "659641375152" -> null - revoke_rules_on_delete = false -> null - tags = { - "Name" = "bidder-redis-cluster-production" - "teikametrics.com/app" = "bid-orchestrator" - "teikametrics.com/deploy/stage" = "production" - "teikametrics.com/name" = "bidder-redis-cluster-production" - "teikametrics.com/team" = "artificial-intelligence" - "teikametrics.com/terraform/gitpath" = "teikametrics/bid-orchestrator/terraform-redis" } -> null - tags_all = { - "Name" = "bidder-redis-cluster-production" - "teikametrics.com/app" = "bid-orchestrator" - "teikametrics.com/deploy/stage" = "production" - "teikametrics.com/name" = "bidder-redis-cluster-production" - "teikametrics.com/team" = "artificial-intelligence" - "teikametrics.com/terraform/gitpath" = "teikametrics/bid-orchestrator/terraform-redis" } -> null - vpc_id = "vpc-0134131a45fbf70e6" -> null } # module.redis.module.security_group.aws_security_group_rule.default["egress--1-0-0-9c87e5e1ed040a443ce1ac8e6d6cf159"] will be destroyed - resource "aws_security_group_rule" "default" { - cidr_blocks = [ - "0.0.0.0/0", ] -> null - description = "Allow all outbound traffic" -> null - from_port = 0 -> null - id = "sgrule-3785251229" -> null - protocol = "-1" -> null - security_group_id = "sg-02edcb2360f6895b0" -> null - self = false -> null - to_port = 0 -> null - type = "egress" -> null } # module.redis.module.security_group.aws_security_group_rule.default["ingress-tcp-6379-6379-c992040fb21cf75967d80aa440691f00"] will be destroyed - resource "aws_security_group_rule" "default" { - cidr_blocks = [ - "10.76.0.0/16", - "10.60.0.0/16", - "10.78.0.0/16", - "10.30.0.0/16", ] -> null - description = "Allow TCP inbound traffic on port 6379 from Convox and the vpc which is hosting this redis." -> null - from_port = 6379 -> null - id = "sgrule-236626820" -> null - protocol = "tcp" -> null - security_group_id = "sg-02edcb2360f6895b0" -> null - self = false -> null - to_port = 6379 -> null - type = "ingress" -> null } Plan: 4 to add, 2 to change, 3 to destroy. Changes to Outputs: + redis_master_endpoint = (known after apply) ``` ## references * https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_replication_group#data_tiering_enabled * make pr/auto-format * Update variables.tf per @nitrocode Co-authored-by: nitrocode <7775707+nitrocode@users.noreply.github.com> * make pr/auto-format Co-authored-by: Brendan Luchen <bluchen@teikametrics.com> Co-authored-by: nitrocode <7775707+nitrocode@users.noreply.github.com>

travertischio · 2023-10-11T18:33:30Z

@goruha can you run the ci again?
master was updated to unblock this pr

Gowiem · 2024-02-19T19:06:16Z

This is somewhat related to #195. I believe if a consumer wants to use a random password for the auth_token value... they can provider that via their root module that consumes this child module. Then there is less going on in this module and it's less opinionated, but still supported. @goruha @travertischio Thoughts?

travertischio · 2024-02-19T21:46:48Z

@Gowiem this is only tangentially related to #195

There are many cases in which providing a secret as a value to a terraform module is not easy or possible at all in a secure manner. This PR actually makes this module less opinionated because it allows its use without forcing the user to create their own token and then pass it. This also has security benefits where users might default to something like "password12345678."

For me specifically, using terragrunt means that there is no "root module" consuming this module. I am just referencing this module, and I don't want to have an aditional secret that is managed outside of the terraform state just to create a token for this module. Having it all in the terraform state is simpler and the change here doesn't force anyone else to do anything different.

mergify · 2024-03-08T17:43:46Z

This pull request is now in conflict. Could you fix it @travertischio? 🙏

mergify · 2024-03-13T16:56:53Z

Thanks @travertischio for creating this pull request!

A maintainer will review your changes shortly. Please don't be discouraged if it takes a while.

While you wait, make sure to review our contributor guidelines.

Tip

Need help or want to ask for a PR review to be expedited?

Join us on Slack in the #pr-reviews channel.

@nitrocode

* Plumb through data_tiering_enabled (cloudposse#2) ## what * Introduce var.data_tiering_enabled and plumb it through to the aws provider ## why * We need to set `data_tiering_enabled` true to provision our desired node type [![DEVOPS-2155](https://img.shields.io/badge/DEVOPS-2155-blue.svg)](https://teikametrics.atlassian.net/browse/DEVOPS-2155) * This flag `data_tiering_enabled` doesn't currently exist in the `terraform-aws-elasticache-redis` module * After verifying this change, we plan to send it back upstream in a PR to https://github.com/cloudposse/terraform-aws-elasticache-redis ## testing Against @teikametrics/bid-orchestratorcloudposse#202, made locally the following changes: ```diff diff --git a/terraform-redis-bidder-common/redis.tf b/terraform-redis-bidder-common/redis.tf index fc582ae..1bdb9df 100644 --- a/terraform-redis-bidder-common/redis.tf +++ b/terraform-redis-bidder-common/redis.tf @@ -48,7 +48,7 @@ resource "random_password" "password" { module "redis" { # https://registry.terraform.io/modules/cloudposse/elasticache-redis/aws/latest # source = "cloudposse/elasticache-redis/aws" ## FIXME: DEVOPS-2155 - source = "git@github.com:teikametrics/terraform-aws-elasticache-redis.git" + source = "git@github.com:teikametrics/terraform-aws-elasticache-redis.git?ref=bml.DEVOPS-2155.cloudposse-fork-data-tiering" # Auth token for password protecting redis, `transit_encryption_enabled` must be set to `true`. auth_token = random_password.password.result name = var.redis_name @@ -63,7 +63,7 @@ module "redis" { automatic_failover_enabled = var.redis_automatic_failover cluster_size = var.redis_cluster_size # Must be set to true to enable data tiering - # data_tiering_enabled = var.redis_data_tiering ## FIXME: DEVOPS-2155 + data_tiering_enabled = var.redis_data_tiering # The instance class used --> https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html instance_type = var.redis_instance_type # Apply changes immediately ``` Staging plan reports no changes (because `redis_data_tiering` is false in staging); production plan reports the same currently-unapplied changes as before, plus including `data_tiering_enabled`. Previously the plan errored out as this module did not support the flag. ## terraform plans ### Staging `tm-terraform staging staging plan` ``` No changes. Infrastructure is up-to-date. ``` ### Production `tm-terraform production production plan` ``` Terraform will perform the following actions: # module.redis.aws_elasticache_parameter_group.default[0] will be updated in-place ~ resource "aws_elasticache_parameter_group" "default" { id = "bidder-redis-cluster-production" name = "bidder-redis-cluster-production" ~ tags = { + "Name" = "bidder-redis-cluster-production" + "teikametrics.com/app" = "bid-orchestrator" + "teikametrics.com/deploy/stage" = "production" + "teikametrics.com/name" = "bidder-redis-cluster-production" + "teikametrics.com/team" = "artificial-intelligence" + "teikametrics.com/terraform/gitpath" = "teikametrics/bid-orchestrator/terraform-redis" } ~ tags_all = { + "Name" = "bidder-redis-cluster-production" + "teikametrics.com/app" = "bid-orchestrator" + "teikametrics.com/deploy/stage" = "production" + "teikametrics.com/name" = "bidder-redis-cluster-production" + "teikametrics.com/team" = "artificial-intelligence" + "teikametrics.com/terraform/gitpath" = "teikametrics/bid-orchestrator/terraform-redis" } # (3 unchanged attributes hidden) # (1 unchanged block hidden) } # module.redis.aws_elasticache_replication_group.default[0] will be created + resource "aws_elasticache_replication_group" "default" { + apply_immediately = true + arn = (known after apply) + at_rest_encryption_enabled = false + auth_token = (sensitive value) + auto_minor_version_upgrade = (known after apply) + automatic_failover_enabled = true + cluster_enabled = (known after apply) + configuration_endpoint_address = (known after apply) + data_tiering_enabled = true + description = "bidder-redis-cluster-production" + engine = "redis" + engine_version = "6.x" + engine_version_actual = (known after apply) + global_replication_group_id = (known after apply) + id = (known after apply) + maintenance_window = "sun:03:00-sun:04:00" + member_clusters = (known after apply) + multi_az_enabled = false + node_type = "cache.r6gd.xlarge" + num_cache_clusters = (known after apply) + num_node_groups = 2 + number_cache_clusters = (known after apply) + parameter_group_name = "bidder-redis-cluster-production" + port = 6379 + primary_endpoint_address = (known after apply) + reader_endpoint_address = (known after apply) + replicas_per_node_group = 1 + replication_group_description = (known after apply) + replication_group_id = "bidder-redis-cluster-production" + security_group_ids = (known after apply) + security_group_names = (known after apply) + snapshot_retention_limit = 7 + snapshot_window = "04:00-05:00" + subnet_group_name = "bidder-redis-cluster-production" + tags = { + "Name" = "bidder-redis-cluster-production" + "teikametrics.com/app" = "bid-orchestrator" + "teikametrics.com/deploy/stage" = "production" + "teikametrics.com/name" = "bidder-redis-cluster-production" + "teikametrics.com/team" = "artificial-intelligence" + "teikametrics.com/terraform/gitpath" = "teikametrics/bid-orchestrator/terraform-redis" } + tags_all = { + "Name" = "bidder-redis-cluster-production" + "teikametrics.com/app" = "bid-orchestrator" + "teikametrics.com/deploy/stage" = "production" + "teikametrics.com/name" = "bidder-redis-cluster-production" + "teikametrics.com/team" = "artificial-intelligence" + "teikametrics.com/terraform/gitpath" = "teikametrics/bid-orchestrator/terraform-redis" } + transit_encryption_enabled = true + cluster_mode { + num_node_groups = (known after apply) + replicas_per_node_group = (known after apply) } } # module.redis.aws_elasticache_subnet_group.default[0] will be updated in-place ~ resource "aws_elasticache_subnet_group" "default" { ~ description = "Managed by Terraform" -> "Elasticache subnet group for bidder-redis-cluster-production" id = "bidder-redis-cluster-production" name = "bidder-redis-cluster-production" ~ tags = { + "Name" = "bidder-redis-cluster-production" + "teikametrics.com/app" = "bid-orchestrator" + "teikametrics.com/deploy/stage" = "production" + "teikametrics.com/name" = "bidder-redis-cluster-production" + "teikametrics.com/team" = "artificial-intelligence" + "teikametrics.com/terraform/gitpath" = "teikametrics/bid-orchestrator/terraform-redis" } ~ tags_all = { + "Name" = "bidder-redis-cluster-production" + "teikametrics.com/app" = "bid-orchestrator" + "teikametrics.com/deploy/stage" = "production" + "teikametrics.com/name" = "bidder-redis-cluster-production" + "teikametrics.com/team" = "artificial-intelligence" + "teikametrics.com/terraform/gitpath" = "teikametrics/bid-orchestrator/terraform-redis" } # (2 unchanged attributes hidden) } # module.redis.module.aws_security_group.aws_security_group.cbd[0] will be created + resource "aws_security_group" "cbd" { + arn = (known after apply) + description = "Security group for Elasticache Redis" + egress = (known after apply) + id = (known after apply) + ingress = (known after apply) + name = (known after apply) + name_prefix = "bidder-redis-cluster-production-" + owner_id = (known after apply) + revoke_rules_on_delete = false + tags = { + "Name" = "bidder-redis-cluster-production" + "teikametrics.com/app" = "bid-orchestrator" + "teikametrics.com/deploy/stage" = "production" + "teikametrics.com/name" = "bidder-redis-cluster-production" + "teikametrics.com/team" = "artificial-intelligence" + "teikametrics.com/terraform/gitpath" = "teikametrics/bid-orchestrator/terraform-redis" } + tags_all = { + "Name" = "bidder-redis-cluster-production" + "teikametrics.com/app" = "bid-orchestrator" + "teikametrics.com/deploy/stage" = "production" + "teikametrics.com/name" = "bidder-redis-cluster-production" + "teikametrics.com/team" = "artificial-intelligence" + "teikametrics.com/terraform/gitpath" = "teikametrics/bid-orchestrator/terraform-redis" } + vpc_id = "vpc-0134131a45fbf70e6" + timeouts { + create = "10m" + delete = "15m" } } # module.redis.module.aws_security_group.aws_security_group_rule.keyed["_allow_all_egress_"] will be created + resource "aws_security_group_rule" "keyed" { + cidr_blocks = [ + "0.0.0.0/0", ] + description = "Allow all egress" + from_port = 0 + id = (known after apply) + ipv6_cidr_blocks = [ + "::/0", ] + prefix_list_ids = [] + protocol = "-1" + security_group_id = (known after apply) + self = false + source_security_group_id = (known after apply) + to_port = 0 + type = "egress" } # module.redis.module.aws_security_group.aws_security_group_rule.keyed["extra[0]"] will be created + resource "aws_security_group_rule" "keyed" { + cidr_blocks = [ + "10.76.0.0/16", + "10.60.0.0/16", + "10.78.0.0/16", + "10.30.0.0/16", ] + description = "Allow TCP inbound traffic on port 6379 from Convox and the vpc which is hosting this redis." + from_port = 6379 + id = (known after apply) + prefix_list_ids = [] + protocol = "tcp" + security_group_id = (known after apply) + self = false + source_security_group_id = (known after apply) + to_port = 6379 + type = "ingress" } # module.redis.module.security_group.aws_security_group.default[0] will be destroyed - resource "aws_security_group" "default" { - arn = "arn:aws:ec2:us-east-1:659641375152:security-group/sg-02edcb2360f6895b0" -> null - description = "ElastiCache Security Group" -> null - egress = [ - { - cidr_blocks = [ - "0.0.0.0/0", ] - description = "Allow all outbound traffic" - from_port = 0 - ipv6_cidr_blocks = [] - prefix_list_ids = [] - protocol = "-1" - security_groups = [] - self = false - to_port = 0 }, ] -> null - id = "sg-02edcb2360f6895b0" -> null - ingress = [ - { - cidr_blocks = [ - "10.76.0.0/16", - "10.60.0.0/16", - "10.78.0.0/16", - "10.30.0.0/16", ] - description = "Allow TCP inbound traffic on port 6379 from Convox and the vpc which is hosting this redis." - from_port = 6379 - ipv6_cidr_blocks = [] - prefix_list_ids = [] - protocol = "tcp" - security_groups = [] - self = false - to_port = 6379 }, ] -> null - name = "bidder-redis-cluster-production" -> null - owner_id = "659641375152" -> null - revoke_rules_on_delete = false -> null - tags = { - "Name" = "bidder-redis-cluster-production" - "teikametrics.com/app" = "bid-orchestrator" - "teikametrics.com/deploy/stage" = "production" - "teikametrics.com/name" = "bidder-redis-cluster-production" - "teikametrics.com/team" = "artificial-intelligence" - "teikametrics.com/terraform/gitpath" = "teikametrics/bid-orchestrator/terraform-redis" } -> null - tags_all = { - "Name" = "bidder-redis-cluster-production" - "teikametrics.com/app" = "bid-orchestrator" - "teikametrics.com/deploy/stage" = "production" - "teikametrics.com/name" = "bidder-redis-cluster-production" - "teikametrics.com/team" = "artificial-intelligence" - "teikametrics.com/terraform/gitpath" = "teikametrics/bid-orchestrator/terraform-redis" } -> null - vpc_id = "vpc-0134131a45fbf70e6" -> null } # module.redis.module.security_group.aws_security_group_rule.default["egress--1-0-0-9c87e5e1ed040a443ce1ac8e6d6cf159"] will be destroyed - resource "aws_security_group_rule" "default" { - cidr_blocks = [ - "0.0.0.0/0", ] -> null - description = "Allow all outbound traffic" -> null - from_port = 0 -> null - id = "sgrule-3785251229" -> null - protocol = "-1" -> null - security_group_id = "sg-02edcb2360f6895b0" -> null - self = false -> null - to_port = 0 -> null - type = "egress" -> null } # module.redis.module.security_group.aws_security_group_rule.default["ingress-tcp-6379-6379-c992040fb21cf75967d80aa440691f00"] will be destroyed - resource "aws_security_group_rule" "default" { - cidr_blocks = [ - "10.76.0.0/16", - "10.60.0.0/16", - "10.78.0.0/16", - "10.30.0.0/16", ] -> null - description = "Allow TCP inbound traffic on port 6379 from Convox and the vpc which is hosting this redis." -> null - from_port = 6379 -> null - id = "sgrule-236626820" -> null - protocol = "tcp" -> null - security_group_id = "sg-02edcb2360f6895b0" -> null - self = false -> null - to_port = 6379 -> null - type = "ingress" -> null } Plan: 4 to add, 2 to change, 3 to destroy. Changes to Outputs: + redis_master_endpoint = (known after apply) ``` ## references * https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_replication_group#data_tiering_enabled * make pr/auto-format * Update variables.tf per @nitrocode Co-authored-by: nitrocode <7775707+nitrocode@users.noreply.github.com> * make pr/auto-format Co-authored-by: Brendan Luchen <bluchen@teikametrics.com> Co-authored-by: nitrocode <7775707+nitrocode@users.noreply.github.com>

mergify · 2024-06-11T16:57:52Z

💥 This pull request now has conflicts. Could you fix it @travertischio? 🙏

mergify · 2024-06-11T16:57:54Z

This PR was closed due to inactivity and merge conflicts. 😭
Please resolve the conflicts and reopen if necessary.

Allow random auth token to be created

6ad5bbc

travertischio requested review from a team as code owners June 14, 2023 00:38

travertischio requested review from dotCipher and srhopkins June 14, 2023 00:38

Merge branch 'main' into random-auth-option

a2a16f1

travertischio and others added 3 commits June 21, 2023 10:35

Add random version constraint

378b0ce

Update docs

922338e

Fix formatting

a46b789

Update README

3a29a5d

Merge remote-tracking branch 'upstream/main' into random-auth-option

d03c7c3

travertischio added 2 commits January 3, 2024 14:44

Merge branch 'main' into random-auth-option

e22d348

Run make readme

b6c6e24

travertischio changed the title ~~Allow random auth token variable as an option~~ feat: allow random auth token variable as an option Feb 19, 2024

hans-d added wip Work in Progress: Not ready for final review or merge and removed wip Work in Progress: Not ready for final review or merge labels Mar 8, 2024

Merge branch 'main' into random-auth-option

b41dad0

mergify bot added triage Needs triage needs-test Needs testing labels Mar 13, 2024

fix README after master merge

56735d2

mergify bot added the conflict This PR has conflicts label Jun 11, 2024

mergify bot closed this Jun 11, 2024

mergify bot removed conflict This PR has conflicts triage Needs triage labels Jun 11, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

feat: allow random auth token variable as an option #202

feat: allow random auth token variable as an option #202

Uh oh!

travertischio commented Jun 14, 2023

Uh oh!

goruha commented Jun 21, 2023

Uh oh!

goruha commented Jun 21, 2023

Uh oh!

goruha commented Jun 22, 2023

Uh oh!

travertischio commented Jul 11, 2023

Uh oh!

travertischio commented Jul 24, 2023

Uh oh!

travertischio commented Aug 24, 2023

Uh oh!

travertischio commented Oct 11, 2023

Uh oh!

Gowiem commented Feb 19, 2024 •

edited

Loading

Uh oh!

travertischio commented Feb 19, 2024

Uh oh!

mergify bot commented Mar 8, 2024

Uh oh!

mergify bot commented Mar 13, 2024

Need help or want to ask for a PR review to be expedited?

Uh oh!

mergify bot commented Jun 11, 2024

Uh oh!

mergify bot commented Jun 11, 2024

Uh oh!

Uh oh!

Uh oh!

feat: allow random auth token variable as an option #202

feat: allow random auth token variable as an option #202

Uh oh!

Conversation

travertischio commented Jun 14, 2023

what

why

Uh oh!

goruha commented Jun 21, 2023

Uh oh!

goruha commented Jun 21, 2023

Uh oh!

goruha commented Jun 22, 2023

Uh oh!

travertischio commented Jul 11, 2023

Uh oh!

travertischio commented Jul 24, 2023

Uh oh!

travertischio commented Aug 24, 2023

Uh oh!

travertischio commented Oct 11, 2023

Uh oh!

Gowiem commented Feb 19, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

travertischio commented Feb 19, 2024

Uh oh!

mergify bot commented Mar 8, 2024

Uh oh!

mergify bot commented Mar 13, 2024

Need help or want to ask for a PR review to be expedited?

Uh oh!

mergify bot commented Jun 11, 2024

Uh oh!

mergify bot commented Jun 11, 2024

Uh oh!

Uh oh!

Gowiem commented Feb 19, 2024 •

edited

Loading