From 11f2e6108b4f7ed6badfbe6f60243e23ede03069 Mon Sep 17 00:00:00 2001 From: rachit89 Date: Thu, 23 Nov 2023 16:09:19 +0530 Subject: [PATCH 1/5] added for custom user password --- examples/complete-psql-replica/main.tf | 2 ++ examples/complete/main.tf | 5 ++++- main.tf | 9 +++++---- outputs.tf | 2 +- variables.tf | 7 +++++++ 5 files changed, 19 insertions(+), 6 deletions(-) diff --git a/examples/complete-psql-replica/main.tf b/examples/complete-psql-replica/main.tf index 13a8ffa..8b74987 100644 --- a/examples/complete-psql-replica/main.tf +++ b/examples/complete-psql-replica/main.tf @@ -10,6 +10,7 @@ locals { replica_enable = true replica_count = 1 current_identity = data.aws_caller_identity.current.arn + custom_user_password = "" allowed_security_groups = ["sg-0a680afd35"] additional_tags = { Owner = "Organization_Name" @@ -111,4 +112,5 @@ module "rds-pg" { slack_username = "Admin" slack_channel = "postgresql-notification" slack_webhook_url = "https://hooks/xxxxxxxx" + custom_user_password = local.custom_user_password } diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 4b298b6..bd2e792 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -9,6 +9,7 @@ locals { storage_type = "gp3" current_identity = data.aws_caller_identity.current.arn allowed_security_groups = ["sg-0a680afd35"] + custom_user_password = "" additional_tags = { Owner = "Organization_Name" Expires = "Never" @@ -96,7 +97,8 @@ module "vpc" { } module "rds-pg" { - source = "squareops/rds-postgresql/aws" + source = "../../" + #source = "squareops/rds-postgresql/aws" name = local.name db_name = "postgres" multi_az = "true" @@ -125,4 +127,5 @@ module "rds-pg" { slack_username = "Admin" slack_channel = "postgresql-notification" slack_webhook_url = "https://hooks/xxxxxxxx" + custom_user_password = local.custom_user_password } diff --git a/main.tf b/main.tf index 30f7e9f..9d6276d 100644 --- a/main.tf +++ b/main.tf @@ -16,7 +16,7 @@ module "db" { port = var.port engine = var.engine username = var.master_username - password = var.manage_master_user_password ? null : random_password.master[0].result + password = var.custom_user_password != "" ? var.custom_user_password : var.manage_master_user_password ? null : length(random_password.master) > 0 ? random_password.master[0].result : null multi_az = var.multi_az subnet_ids = var.subnet_ids kms_key_id = var.kms_key_arn @@ -301,18 +301,19 @@ resource "aws_secretsmanager_secret" "secret_master_db" { } resource "random_password" "master" { - count = var.manage_master_user_password ? 0 : 1 + count = var.manage_master_user_password && var.custom_user_password == "" ? 1 : 0 length = var.random_password_length special = false } resource "aws_secretsmanager_secret_version" "rds_credentials" { - count = var.manage_master_user_password ? 0 : 1 + count = length(random_password.master) > 0 ? 1 : 0 secret_id = aws_secretsmanager_secret.secret_master_db.id secret_string = < 0 ? element(random_password.master, 0).result : var.custom_password, "engine": "${var.engine}", "host": "${module.db.db_instance_endpoint}" } diff --git a/outputs.tf b/outputs.tf index 114533f..eefb182 100644 --- a/outputs.tf +++ b/outputs.tf @@ -25,7 +25,7 @@ output "db_instance_username" { output "db_instance_password" { description = "Password for accessing the database." - value = nonsensitive(random_password.master[0].result) + value = var.custom_user_password != "" ? var.custom_user_password : nonsensitive(random_password.master[0].result) } output "master_credential_secret_arn" { diff --git a/variables.tf b/variables.tf index 5708464..57ee912 100644 --- a/variables.tf +++ b/variables.tf @@ -305,3 +305,10 @@ variable "performance_insights_retention_period" { type = number default = 7 } + +variable "custom_user_password" { + description = "Custom password for the RDS master user" + default = "" + type = string +} + From cf89fb9a625eef7969929cf82bc63d896163acea Mon Sep 17 00:00:00 2001 From: Rohit Singh Date: Thu, 23 Nov 2023 18:18:21 +0530 Subject: [PATCH 2/5] updated readme.md files --- README.md | 2 ++ examples/complete/README.md | 2 +- main.tf | 2 +- variables.tf | 1 - 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 17ab5b9..49cc740 100644 --- a/README.md +++ b/README.md @@ -53,6 +53,7 @@ module "rds-pg" { slack_username = "John" slack_channel = "skaf-dev" slack_webhook_url = "https://hooks/xxxxxxxx" + custom_user_password = "postgresqlpasswd" } ``` Refer [examples](https://github.com/squareops/terraform-aws-rds-postgresql/tree/main/examples) for more details. @@ -121,6 +122,7 @@ The required IAM permissions to create resources from this module can be found [ | [cloudwatch\_metric\_alarms\_enabled](#input\_cloudwatch\_metric\_alarms\_enabled) | Boolean flag to enable/disable CloudWatch metrics alarms | `bool` | `false` | no | | [create\_db\_subnet\_group](#input\_create\_db\_subnet\_group) | Whether to create a database subnet group | `bool` | `true` | no | | [create\_security\_group](#input\_create\_security\_group) | Whether to create a security group for the database | `bool` | `true` | no | +| [custom\_user\_password](#input\_custom\_user\_password) | Custom password for the RDS master user | `string` | `""` | no | | [cw\_sns\_topic\_arn](#input\_cw\_sns\_topic\_arn) | The username to use when sending notifications to Slack. | `string` | `""` | no | | [db\_name](#input\_db\_name) | The name of the automatically created database on cluster creation | `string` | `""` | no | | [deletion\_protection](#input\_deletion\_protection) | Specifies whether accidental deletion protection is enabled | `bool` | `true` | no | diff --git a/examples/complete/README.md b/examples/complete/README.md index 5381319..d056d1b 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -27,7 +27,7 @@ This example will be very useful for users who are new to a module and want to q | Name | Source | Version | |------|--------|---------| | [kms](#module\_kms) | terraform-aws-modules/kms/aws | n/a | -| [rds-pg](#module\_rds-pg) | squareops/rds-postgresql/aws | n/a | +| [rds-pg](#module\_rds-pg) | ../../ | n/a | | [vpc](#module\_vpc) | squareops/vpc/aws | n/a | ## Resources diff --git a/main.tf b/main.tf index 9d6276d..30a8026 100644 --- a/main.tf +++ b/main.tf @@ -16,7 +16,7 @@ module "db" { port = var.port engine = var.engine username = var.master_username - password = var.custom_user_password != "" ? var.custom_user_password : var.manage_master_user_password ? null : length(random_password.master) > 0 ? random_password.master[0].result : null + password = var.custom_user_password != "" ? var.custom_user_password : var.manage_master_user_password ? null : length(random_password.master) > 0 ? random_password.master[0].result : null multi_az = var.multi_az subnet_ids = var.subnet_ids kms_key_id = var.kms_key_arn diff --git a/variables.tf b/variables.tf index 57ee912..6ecf7c4 100644 --- a/variables.tf +++ b/variables.tf @@ -311,4 +311,3 @@ variable "custom_user_password" { default = "" type = string } - From f44c9277277c6800c1244e286b1883f9d6a58d79 Mon Sep 17 00:00:00 2001 From: rachit89 <115970922+rachit89@users.noreply.github.com> Date: Fri, 24 Nov 2023 16:10:41 +0530 Subject: [PATCH 3/5] Changes done and verified --- main.tf | 56 +++++++++++++++++++++++++++----------------------------- 1 file changed, 27 insertions(+), 29 deletions(-) diff --git a/main.tf b/main.tf index 30a8026..0d8476c 100644 --- a/main.tf +++ b/main.tf @@ -152,6 +152,33 @@ module "security_group_rds" { ) } +resource "aws_secretsmanager_secret" "secret_master_db" { + name = format("%s/%s/%s", var.environment, var.name, "rds-postgresql-pass") + tags = merge( + { "Name" = format("%s/%s/%s", var.environment, var.name, "rds-mysql-pass") }, + local.tags, + ) +} + +resource "random_password" "master" { + count = var.manage_master_user_password && var.custom_user_password == "" ? 1 : 0 + length = var.random_password_length + special = false +} + +resource "aws_secretsmanager_secret_version" "rds_credentials" { + count = length(random_password.master) > 0 ? 1 : 0 + secret_id = aws_secretsmanager_secret.secret_master_db.id + secret_string = < 0 ? element(random_password.master, 0).result : var.custom_password, + "engine": "${var.engine}", + "host": "${module.db.db_instance_endpoint}" +} +EOF +} + # Cloudwatch alarms resource "aws_cloudwatch_metric_alarm" "cache_cpu" { count = var.cloudwatch_metric_alarms_enabled ? 1 : 0 @@ -290,32 +317,3 @@ resource "aws_lambda_permission" "sns_lambda_slack_invoke" { principal = "sns.amazonaws.com" source_arn = aws_sns_topic.slack_topic[0].arn } - - -resource "aws_secretsmanager_secret" "secret_master_db" { - name = format("%s/%s/%s", var.environment, var.name, "rds-postgresql-pass") - tags = merge( - { "Name" = format("%s/%s/%s", var.environment, var.name, "rds-mysql-pass") }, - local.tags, - ) -} - -resource "random_password" "master" { - count = var.manage_master_user_password && var.custom_user_password == "" ? 1 : 0 - length = var.random_password_length - special = false -} - -resource "aws_secretsmanager_secret_version" "rds_credentials" { - count = length(random_password.master) > 0 ? 1 : 0 - secret_id = aws_secretsmanager_secret.secret_master_db.id - secret_string = < 0 ? element(random_password.master, 0).result : var.custom_password, - "engine": "${var.engine}", - "host": "${module.db.db_instance_endpoint}" -} -EOF -} From 350128734b1ec8aa2d7fb9411155ca0412fd0db9 Mon Sep 17 00:00:00 2001 From: rachit89 <115970922+rachit89@users.noreply.github.com> Date: Fri, 24 Nov 2023 17:00:31 +0530 Subject: [PATCH 4/5] Update main.tf --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 0d8476c..bc343f3 100644 --- a/main.tf +++ b/main.tf @@ -161,7 +161,7 @@ resource "aws_secretsmanager_secret" "secret_master_db" { } resource "random_password" "master" { - count = var.manage_master_user_password && var.custom_user_password == "" ? 1 : 0 + count = var.manage_master_user_password ? 0 : var.custom_user_password == "" ? 1 : 0 length = var.random_password_length special = false } From 1ddd52ff9403c7656cbdb146ea0578f71f3cc07a Mon Sep 17 00:00:00 2001 From: rachit89 <115970922+rachit89@users.noreply.github.com> Date: Fri, 24 Nov 2023 17:03:53 +0530 Subject: [PATCH 5/5] Update main.tf --- examples/complete/main.tf | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index bd2e792..3223e4c 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -97,8 +97,7 @@ module "vpc" { } module "rds-pg" { - source = "../../" - #source = "squareops/rds-postgresql/aws" + source = "squareops/rds-postgresql/aws" name = local.name db_name = "postgres" multi_az = "true"