From f5c6f50cd98b2da296d50a316e95e915f374e12c Mon Sep 17 00:00:00 2001 From: sohan yadav Date: Fri, 22 Mar 2024 13:50:12 +0530 Subject: [PATCH 1/4] add manage_master_user_password argument --- example/mysql-complete/.terraform.lock.hcl | 43 +++++++++++++++++++ .../.terraform.tfstate.lock.info | 1 + example/mysql-complete/main.tf | 10 ++--- main.tf | 3 +- variables.tf | 6 +++ 5 files changed, 57 insertions(+), 6 deletions(-) create mode 100644 example/mysql-complete/.terraform.lock.hcl create mode 100644 example/mysql-complete/.terraform.tfstate.lock.info diff --git a/example/mysql-complete/.terraform.lock.hcl b/example/mysql-complete/.terraform.lock.hcl new file mode 100644 index 0000000..bcdeaee --- /dev/null +++ b/example/mysql-complete/.terraform.lock.hcl @@ -0,0 +1,43 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "5.42.0" + constraints = ">= 4.48.0, >= 5.1.0, >= 5.9.0" + hashes = [ + "h1:Gwe5HXZYD/3M5j6LwKhp8amb1SraCR9p+G96d381RVc=", + "zh:0fb12bd56a3ad777b29f957c56dd2119776dbc01b6074458f597990e368c82de", + "zh:16e99c13bef6e3777f67c240c916f57c01c9c142254cfb2720e08281ff906447", + "zh:218268f5fe73bcb19e9a996f781ab66df0da9e333d1c60612e3c51ad28a5105f", + "zh:220b17f7053d11548f35136669687d30ef1f1036e15393275325fd2b9654c715", + "zh:2256cfd74988ce05eada76b42efffc6fe2bf4d60b61f57e4db4fcf65ced4c666", + "zh:52da19f531e0cb9828f73bca620e30264e63a494bd7f9ce826aabcf010d3a241", + "zh:56069ce08d720280ba39aaf2fdd40c4357ffb54262c80e4d39c4e540a38e76af", + "zh:82c81398e68324029167f813fbb7c54fa3d233e99fa05001d85cbce8bdd08bb3", + "zh:82d6eaa87f5ab318959064e6c89adc2baabaf70b13f2f7de866f62416de05352", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:ade8490cfdd8de8b9a82986588595b67e0ad1048d9e2d3a6f5164320179c2cd0", + "zh:b094ef56ae9bfffd586f46d4f7fb0097798738df758a8f3c51578ee163495c7e", + "zh:bd5e68e1e454bae0f8d73cff8448e814a35855a561c33b745e1b8b525fb06c9f", + "zh:c111c6a854bf121facca1642d528bfa80fb4214554ac6c33e4a59c86bc605b71", + "zh:e04df69a557adbcdf8efc77eb45be748f0acbe800ccede1e0895393c87722a0f", + ] +} + +provider "registry.terraform.io/hashicorp/random" { + version = "3.0.0" + constraints = "3.0.0" + hashes = [ + "h1:grDzxfnOdFXi90FRIIwP/ZrCzirJ/SfsGBe6cE0Shg4=", + "zh:0fcb00ff8b87dcac1b0ee10831e47e0203a6c46aafd76cb140ba2bab81f02c6b", + "zh:123c984c0e04bad910c421028d18aa2ca4af25a153264aef747521f4e7c36a17", + "zh:287443bc6fd7fa9a4341dec235589293cbcc6e467a042ae225fd5d161e4e68dc", + "zh:2c1be5596dd3cca4859466885eaedf0345c8e7628503872610629e275d71b0d2", + "zh:684a2ef6f415287944a3d966c4c8cee82c20e393e096e2f7cdcb4b2528407f6b", + "zh:7625ccbc6ff17c2d5360ff2af7f9261c3f213765642dcd84e84ae02a3768fd51", + "zh:9a60811ab9e6a5bfa6352fbb943bb530acb6198282a49373283a8fa3aa2b43fc", + "zh:c73e0eaeea6c65b1cf5098b101d51a2789b054201ce7986a6d206a9e2dacaefd", + "zh:e8f9ed41ac83dbe407de9f0206ef1148204a0d51ba240318af801ffb3ee5f578", + "zh:fbdd0684e62563d3ac33425b0ac9439d543a3942465f4b26582bcfabcb149515", + ] +} diff --git a/example/mysql-complete/.terraform.tfstate.lock.info b/example/mysql-complete/.terraform.tfstate.lock.info new file mode 100644 index 0000000..eec533c --- /dev/null +++ b/example/mysql-complete/.terraform.tfstate.lock.info @@ -0,0 +1 @@ +{"ID":"d1f3c3ed-270c-c8ad-0f75-7fa01497585e","Operation":"OperationTypeApply","Info":"","Who":"jaihind@jaihind","Version":"1.6.6","Created":"2024-03-22T07:44:03.131426514Z","Path":"terraform.tfstate"} \ No newline at end of file diff --git a/example/mysql-complete/main.tf b/example/mysql-complete/main.tf index 55ecbf8..9742c44 100644 --- a/example/mysql-complete/main.tf +++ b/example/mysql-complete/main.tf @@ -33,7 +33,7 @@ module "mysql" { engine = "mysql" engine_version = "8.0.28" - instance_class = "db.m6i.xlarge." + instance_class = "db.m6i.xlarge" allocated_storage = 5 @@ -41,10 +41,10 @@ module "mysql" { allowed_ip = [module.vpc.vpc_cidr_block] allowed_ports = [3306] - db_name = "test" - username = "user" - password = "esfsgcGdfawAhdxtfjm!" - port = "3306" + db_name = "test" + username = "user" + manage_master_user_password = true + port = "3306" maintenance_window = "Mon:00:00-Mon:03:00" backup_window = "03:00-06:00" diff --git a/main.tf b/main.tf index 2068326..ae60191 100644 --- a/main.tf +++ b/main.tf @@ -274,7 +274,8 @@ resource "aws_db_instance" "this" { db_name = var.db_name username = local.username - password = local.password + password = var.manage_master_user_password != null ? null : local.password + manage_master_user_password = var.manage_master_user_password port = var.port domain = var.domain domain_iam_role_name = var.domain_iam_role_name diff --git a/variables.tf b/variables.tf index 682dc81..59202d5 100644 --- a/variables.tf +++ b/variables.tf @@ -162,6 +162,12 @@ variable "password" { description = "Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file" } +variable "manage_master_user_password" { + type = bool + default = null + description = "et to true to allow RDS to manage the master user password in Secrets Manager. Cannot be set if password is provided." +} + variable "port" { type = string default = null From d058eff4ef4800d27b40a5ee3f756e9b0d44833a Mon Sep 17 00:00:00 2001 From: sohan yadav Date: Fri, 22 Mar 2024 13:59:41 +0530 Subject: [PATCH 2/4] add manage_master_user_password argument --- example/mariaDb/main.tf | 8 ++++---- example/oracle_db/main.tf | 8 ++++---- example/postgreSQL/main.tf | 8 ++++---- example/replica-mysql/main.tf | 6 +++--- main.tf | 3 ++- 5 files changed, 17 insertions(+), 16 deletions(-) diff --git a/example/mariaDb/main.tf b/example/mariaDb/main.tf index 6a6dca5..b87858f 100644 --- a/example/mariaDb/main.tf +++ b/example/mariaDb/main.tf @@ -38,10 +38,10 @@ module "mariadb" { engine_name = "MariaDB" allocated_storage = 50 - db_name = "test" - username = "user" - password = "esfsgcGdfawAhdxtfjm!" - port = "3306" + db_name = "test" + username = "user" + manage_master_user_password = true + port = "3306" maintenance_window = "Mon:00:00-Mon:03:00" backup_window = "03:00-06:00" diff --git a/example/oracle_db/main.tf b/example/oracle_db/main.tf index 6e3e1ea..37c0bc8 100644 --- a/example/oracle_db/main.tf +++ b/example/oracle_db/main.tf @@ -41,10 +41,10 @@ module "oracle" { storage_encrypted = true family = "oracle-ee-19" - db_name = "test" - username = "admin" - password = "esfsgcGdfawAhdxtfjm!" - port = "1521" + db_name = "test" + username = "admin" + manage_master_user_password = true + port = "1521" maintenance_window = "Mon:00:00-Mon:03:00" backup_window = "03:00-06:00" diff --git a/example/postgreSQL/main.tf b/example/postgreSQL/main.tf index ab9851b..a27479c 100644 --- a/example/postgreSQL/main.tf +++ b/example/postgreSQL/main.tf @@ -43,10 +43,10 @@ module "postgresql" { storage_encrypted = true family = "postgres14" - db_name = "test" - username = "dbname" - password = "esfsgcGdfawAhdxtfjm!" - port = "5432" + db_name = "test" + username = "dbname" + manage_master_user_password = true + port = "5432" maintenance_window = "Mon:00:00-Mon:03:00" backup_window = "03:00-06:00" diff --git a/example/replica-mysql/main.tf b/example/replica-mysql/main.tf index e592fac..ec092c5 100644 --- a/example/replica-mysql/main.tf +++ b/example/replica-mysql/main.tf @@ -43,9 +43,9 @@ module "mysql" { enabled_read_replica = true enabled_replica = true - db_name = "replica" - username = "replica_mysql" - password = "clkjvnsdikjhdsijfsdli" + db_name = "replica" + username = "replica_mysql" + manage_master_user_password = true port = 3306 maintenance_window = "Mon:00:00-Mon:03:00" diff --git a/main.tf b/main.tf index ae60191..c1d4769 100644 --- a/main.tf +++ b/main.tf @@ -390,7 +390,8 @@ resource "aws_db_instance" "read" { db_name = null username = null - password = local.password + password = var.manage_master_user_password != null ? null : local.password + manage_master_user_password = var.manage_master_user_password port = var.port domain = var.domain domain_iam_role_name = var.domain_iam_role_name From 87415016907bf9450912efd63b1abe3fb5b0fd3c Mon Sep 17 00:00:00 2001 From: sohan yadav Date: Thu, 28 Mar 2024 14:58:27 +0530 Subject: [PATCH 3/4] add manage_master_user_password argument --- example/postgreSQL/.terraform.lock.hcl | 43 +++++++++++++++++++++++ example/replica-mysql/.terraform.lock.hcl | 43 +++++++++++++++++++++++ example/replica-mysql/main.tf | 8 ++--- main.tf | 3 +- 4 files changed, 91 insertions(+), 6 deletions(-) create mode 100644 example/postgreSQL/.terraform.lock.hcl create mode 100644 example/replica-mysql/.terraform.lock.hcl diff --git a/example/postgreSQL/.terraform.lock.hcl b/example/postgreSQL/.terraform.lock.hcl new file mode 100644 index 0000000..bcdeaee --- /dev/null +++ b/example/postgreSQL/.terraform.lock.hcl @@ -0,0 +1,43 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "5.42.0" + constraints = ">= 4.48.0, >= 5.1.0, >= 5.9.0" + hashes = [ + "h1:Gwe5HXZYD/3M5j6LwKhp8amb1SraCR9p+G96d381RVc=", + "zh:0fb12bd56a3ad777b29f957c56dd2119776dbc01b6074458f597990e368c82de", + "zh:16e99c13bef6e3777f67c240c916f57c01c9c142254cfb2720e08281ff906447", + "zh:218268f5fe73bcb19e9a996f781ab66df0da9e333d1c60612e3c51ad28a5105f", + "zh:220b17f7053d11548f35136669687d30ef1f1036e15393275325fd2b9654c715", + "zh:2256cfd74988ce05eada76b42efffc6fe2bf4d60b61f57e4db4fcf65ced4c666", + "zh:52da19f531e0cb9828f73bca620e30264e63a494bd7f9ce826aabcf010d3a241", + "zh:56069ce08d720280ba39aaf2fdd40c4357ffb54262c80e4d39c4e540a38e76af", + "zh:82c81398e68324029167f813fbb7c54fa3d233e99fa05001d85cbce8bdd08bb3", + "zh:82d6eaa87f5ab318959064e6c89adc2baabaf70b13f2f7de866f62416de05352", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:ade8490cfdd8de8b9a82986588595b67e0ad1048d9e2d3a6f5164320179c2cd0", + "zh:b094ef56ae9bfffd586f46d4f7fb0097798738df758a8f3c51578ee163495c7e", + "zh:bd5e68e1e454bae0f8d73cff8448e814a35855a561c33b745e1b8b525fb06c9f", + "zh:c111c6a854bf121facca1642d528bfa80fb4214554ac6c33e4a59c86bc605b71", + "zh:e04df69a557adbcdf8efc77eb45be748f0acbe800ccede1e0895393c87722a0f", + ] +} + +provider "registry.terraform.io/hashicorp/random" { + version = "3.0.0" + constraints = "3.0.0" + hashes = [ + "h1:grDzxfnOdFXi90FRIIwP/ZrCzirJ/SfsGBe6cE0Shg4=", + "zh:0fcb00ff8b87dcac1b0ee10831e47e0203a6c46aafd76cb140ba2bab81f02c6b", + "zh:123c984c0e04bad910c421028d18aa2ca4af25a153264aef747521f4e7c36a17", + "zh:287443bc6fd7fa9a4341dec235589293cbcc6e467a042ae225fd5d161e4e68dc", + "zh:2c1be5596dd3cca4859466885eaedf0345c8e7628503872610629e275d71b0d2", + "zh:684a2ef6f415287944a3d966c4c8cee82c20e393e096e2f7cdcb4b2528407f6b", + "zh:7625ccbc6ff17c2d5360ff2af7f9261c3f213765642dcd84e84ae02a3768fd51", + "zh:9a60811ab9e6a5bfa6352fbb943bb530acb6198282a49373283a8fa3aa2b43fc", + "zh:c73e0eaeea6c65b1cf5098b101d51a2789b054201ce7986a6d206a9e2dacaefd", + "zh:e8f9ed41ac83dbe407de9f0206ef1148204a0d51ba240318af801ffb3ee5f578", + "zh:fbdd0684e62563d3ac33425b0ac9439d543a3942465f4b26582bcfabcb149515", + ] +} diff --git a/example/replica-mysql/.terraform.lock.hcl b/example/replica-mysql/.terraform.lock.hcl new file mode 100644 index 0000000..bcdeaee --- /dev/null +++ b/example/replica-mysql/.terraform.lock.hcl @@ -0,0 +1,43 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "5.42.0" + constraints = ">= 4.48.0, >= 5.1.0, >= 5.9.0" + hashes = [ + "h1:Gwe5HXZYD/3M5j6LwKhp8amb1SraCR9p+G96d381RVc=", + "zh:0fb12bd56a3ad777b29f957c56dd2119776dbc01b6074458f597990e368c82de", + "zh:16e99c13bef6e3777f67c240c916f57c01c9c142254cfb2720e08281ff906447", + "zh:218268f5fe73bcb19e9a996f781ab66df0da9e333d1c60612e3c51ad28a5105f", + "zh:220b17f7053d11548f35136669687d30ef1f1036e15393275325fd2b9654c715", + "zh:2256cfd74988ce05eada76b42efffc6fe2bf4d60b61f57e4db4fcf65ced4c666", + "zh:52da19f531e0cb9828f73bca620e30264e63a494bd7f9ce826aabcf010d3a241", + "zh:56069ce08d720280ba39aaf2fdd40c4357ffb54262c80e4d39c4e540a38e76af", + "zh:82c81398e68324029167f813fbb7c54fa3d233e99fa05001d85cbce8bdd08bb3", + "zh:82d6eaa87f5ab318959064e6c89adc2baabaf70b13f2f7de866f62416de05352", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:ade8490cfdd8de8b9a82986588595b67e0ad1048d9e2d3a6f5164320179c2cd0", + "zh:b094ef56ae9bfffd586f46d4f7fb0097798738df758a8f3c51578ee163495c7e", + "zh:bd5e68e1e454bae0f8d73cff8448e814a35855a561c33b745e1b8b525fb06c9f", + "zh:c111c6a854bf121facca1642d528bfa80fb4214554ac6c33e4a59c86bc605b71", + "zh:e04df69a557adbcdf8efc77eb45be748f0acbe800ccede1e0895393c87722a0f", + ] +} + +provider "registry.terraform.io/hashicorp/random" { + version = "3.0.0" + constraints = "3.0.0" + hashes = [ + "h1:grDzxfnOdFXi90FRIIwP/ZrCzirJ/SfsGBe6cE0Shg4=", + "zh:0fcb00ff8b87dcac1b0ee10831e47e0203a6c46aafd76cb140ba2bab81f02c6b", + "zh:123c984c0e04bad910c421028d18aa2ca4af25a153264aef747521f4e7c36a17", + "zh:287443bc6fd7fa9a4341dec235589293cbcc6e467a042ae225fd5d161e4e68dc", + "zh:2c1be5596dd3cca4859466885eaedf0345c8e7628503872610629e275d71b0d2", + "zh:684a2ef6f415287944a3d966c4c8cee82c20e393e096e2f7cdcb4b2528407f6b", + "zh:7625ccbc6ff17c2d5360ff2af7f9261c3f213765642dcd84e84ae02a3768fd51", + "zh:9a60811ab9e6a5bfa6352fbb943bb530acb6198282a49373283a8fa3aa2b43fc", + "zh:c73e0eaeea6c65b1cf5098b101d51a2789b054201ce7986a6d206a9e2dacaefd", + "zh:e8f9ed41ac83dbe407de9f0206ef1148204a0d51ba240318af801ffb3ee5f578", + "zh:fbdd0684e62563d3ac33425b0ac9439d543a3942465f4b26582bcfabcb149515", + ] +} diff --git a/example/replica-mysql/main.tf b/example/replica-mysql/main.tf index ec092c5..536e341 100644 --- a/example/replica-mysql/main.tf +++ b/example/replica-mysql/main.tf @@ -36,16 +36,16 @@ module "mysql" { engine_version = "8.0" instance_class = "db.t4g.large" replica_instance_class = "db.t4g.large" - allocated_storage = 20 + allocated_storage = 32 identifier = "" snapshot_identifier = "" kms_key_id = "" enabled_read_replica = true enabled_replica = true - db_name = "replica" - username = "replica_mysql" - manage_master_user_password = true + db_name = "replica" + username = "replica_mysql" + password = "cdsjhcjjkxnna5s" port = 3306 maintenance_window = "Mon:00:00-Mon:03:00" diff --git a/main.tf b/main.tf index c1d4769..ae60191 100644 --- a/main.tf +++ b/main.tf @@ -390,8 +390,7 @@ resource "aws_db_instance" "read" { db_name = null username = null - password = var.manage_master_user_password != null ? null : local.password - manage_master_user_password = var.manage_master_user_password + password = local.password port = var.port domain = var.domain domain_iam_role_name = var.domain_iam_role_name From 244c6e64c7439413b9a0661dfab59f05f83efe78 Mon Sep 17 00:00:00 2001 From: Abhi Yerra Date: Wed, 3 Apr 2024 23:23:17 -0700 Subject: [PATCH 4/4] Update variables.tf --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 59202d5..e248e02 100644 --- a/variables.tf +++ b/variables.tf @@ -165,7 +165,7 @@ variable "password" { variable "manage_master_user_password" { type = bool default = null - description = "et to true to allow RDS to manage the master user password in Secrets Manager. Cannot be set if password is provided." + description = "Set to true to allow RDS to manage the master user password in Secrets Manager. Cannot be set if password is provided." } variable "port" {