-
-
Notifications
You must be signed in to change notification settings - Fork 181
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add feature Master Passwords via Secrets Manager #157
Conversation
This would be really useful to have, and could potentially avoid the need for #118 for most users, while also not exposing the password in the state file. Can this be reviewed? |
outputs.tf
Outdated
@@ -47,3 +47,8 @@ output "resource_id" { | |||
value = join("", aws_db_instance.default.*.resource_id) | |||
description = "The RDS Resource ID of this instance." | |||
} | |||
|
|||
output "master_user_secret_arn" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think exposing the entire master_user_secret
object would be useful for users, and will simplify this logic by avoiding those local
values:
output "master_user_secret" {
value = one(aws_db_instance.default[*].master_user_secret)
@joe-niland, @Gowiem, gentle ping. Can this be reviewed? |
/terratest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ByJacob this looks good and I'm happy to provide another review after my couple of small requests. One larger issue is that this module hasn't been updated in a while, and that has resulted in our tests rotting and them using an old version of our VPC module that includes a deprecated argument (see screenshot). Can you update the VPC + Subnet module usages in these two locations to the latest versions and then we'll re-run tests?
@adamantike thanks for the ping! I've seen you do that on a few PRs and it's appreciated when there are good fixes + enhancements like this one that fall through the cracks. Though I think we'd all like to do better, there are so many modules that the squeaky wheels get the grease. That said, I believe Erik + team are always looking for more maintainers so if you're interested in helping us get things reviewed + merged, please reach out to me or Erik via Slack and we can likely make that happen. |
@ByJacob, if needed, I can tackle the VPC and subnet module upgrade in the examples, for you to rebase your changes after that is done. |
Thanks for message @adamantike. I forgot about this PR. Changes are added. |
/terratest |
@Gowiem I fixed tflint and Readme |
/terratest |
/terratest |
@ByJacob Tests are failing on the following: |
Id was change. I fix it and add identifier parameter |
/terratest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Solid work @ByJacob -- Thanks for working through the test failures!
It was enough to tighten the main branch, there it was fixed :D |
what
manage_master_user_password
master_user_secret_kms_key_id
why
references