From 3bb8f4611e7b9e8b3fed20bc11426f41ba30c77c Mon Sep 17 00:00:00 2001 From: Rohit Singh Date: Thu, 23 Nov 2023 14:34:19 +0530 Subject: [PATCH] updated ref architecture , fix password issue --- README.md | 4 ++-- examples/complete/aws/README.md | 4 ++-- examples/complete/aws/main.tf | 10 +++++++--- modules/resources/aws/outputs.tf | 4 ++-- modules/resources/aws/variables.tf | 12 ------------ modules/resources/azure/outputs.tf | 10 +++++----- modules/resources/gcp/outputs.tf | 12 ++++++------ variable.tf | 4 ++-- 8 files changed, 26 insertions(+), 34 deletions(-) diff --git a/README.md b/README.md index c74fd84..4d5cd3d 100644 --- a/README.md +++ b/README.md @@ -111,13 +111,13 @@ No modules. | [cluster\_name](#input\_cluster\_name) | Name of eks cluster | `string` | `""` | no | | [custom\_credentials\_config](#input\_custom\_credentials\_config) | Specify the configuration settings for Postgresql to pass custom credentials during creation. | `any` | 
{
  "postgres_password": "",
  "repmgr_password": ""
}
| no | | [custom\_credentials\_enabled](#input\_custom\_credentials\_enabled) | Specifies whether to enable custom credentials for PostgreSQL database. | `bool` | `false` | no | -| [postgres\_password](#input\_postgres\_password) | PostgresQL password | `string` | `""` | no | +| [postgres\_password](#input\_postgres\_password) | PostgresQL password | `any` | `""` | no | | [postgresql\_config](#input\_postgresql\_config) | Configuration options for the postgresql such as number of replica,chart version, storage class and store password at secret manager. | `map(string)` | 
{
  "environment": "",
  "name": "",
  "postgresql_values": "",
  "replicaCount": 3,
  "storage_class": "gp2",
  "store_password_to_secret_manager": true
}
| no | | [postgresql\_enabled](#input\_postgresql\_enabled) | Whether or not to deploy postgresql | `bool` | `true` | no | | [postgresql\_exporter\_enabled](#input\_postgresql\_exporter\_enabled) | Whether or not to deploy postgresql exporter | `bool` | `false` | no | | [postgresql\_namespace](#input\_postgresql\_namespace) | Name of the Kubernetes namespace where the postgresql will be deployed. | `string` | `"postgresql"` | no | | [recovery\_window\_aws\_secret](#input\_recovery\_window\_aws\_secret) | Number of days that AWS Secrets Manager will wait before deleting a secret. This value can be set to 0 to force immediate deletion, or to a value between 7 and 30 days to allow for recovery. | `number` | `0` | no | -| [repmgr\_password](#input\_repmgr\_password) | Replication manager password | `string` | `""` | no | +| [repmgr\_password](#input\_repmgr\_password) | Replication manager password | `any` | `""` | no | ## Outputs diff --git a/examples/complete/aws/README.md b/examples/complete/aws/README.md index a0f30cd..4ec345e 100644 --- a/examples/complete/aws/README.md +++ b/examples/complete/aws/README.md @@ -21,8 +21,8 @@ No requirements. | Name | Source | Version | |------|--------|---------| -| [aws](#module\_aws) | git@github.com:sq-ia/terraform-kubernetes-postgresql.git//modules/resources/aws | n/a | -| [postgresql](#module\_postgresql) | git@github.com:sq-ia/terraform-kubernetes-postgresql.git | n/a | +| [aws](#module\_aws) | ../../../modules/resources/aws | n/a | +| [postgresql](#module\_postgresql) | ../../../ | n/a | ## Resources diff --git a/examples/complete/aws/main.tf b/examples/complete/aws/main.tf index 3afe4f6..f4354e1 100644 --- a/examples/complete/aws/main.tf +++ b/examples/complete/aws/main.tf @@ -1,14 +1,14 @@ locals { name = "postgresql" region = "us-east-2" - environment = "prod" + environment = "prodd" additional_tags = { Owner = "organization_name" Expires = "Never" Department = "Engineering" } store_password_to_secret_manager = true - custom_credentials_enabled = false + custom_credentials_enabled = true custom_credentials_config = { postgres_password = "60rbJs901a6Oa9hzUM5x7s8Q" repmgr_password = "IWHLlEYOt25jL4Io7pancB" @@ -19,7 +19,7 @@ module "aws" { source = "git@github.com:sq-ia/terraform-kubernetes-postgresql.git//modules/resources/aws" name = local.name environment = local.environment - cluster_name = "cluster-name" + cluster_name = "" store_password_to_secret_manager = local.store_password_to_secret_manager custom_credentials_enabled = local.custom_credentials_enabled custom_credentials_config = local.custom_credentials_config @@ -28,6 +28,10 @@ module "aws" { module "postgresql" { source = "git@github.com:sq-ia/terraform-kubernetes-postgresql.git" postgresql_exporter_enabled = true + custom_credentials_enabled = local.custom_credentials_enabled + custom_credentials_config = local.custom_credentials_config + repmgr_password = module.aws.postgresql_credential.repmgr_password + postgres_password = module.aws.postgresql_credential.postgres_password postgresql_config = { name = local.name environment = local.environment diff --git a/modules/resources/aws/outputs.tf b/modules/resources/aws/outputs.tf index 0ad0cd4..cb5475c 100644 --- a/modules/resources/aws/outputs.tf +++ b/modules/resources/aws/outputs.tf @@ -1,9 +1,9 @@ output "postgresql_credential" { description = "PostgreSQL credentials used for accessing the database." - value = var.postgresql_config.store_password_to_secret_manager ? null : { + value = { posgresql_username = "postgres", postgres_password = var.custom_credentials_enabled ? var.custom_credentials_config.postgres_password : nonsensitive(random_password.postgresql_password[0].result), repmgr_username = "repmgr", repmgr_password = var.custom_credentials_enabled ? var.custom_credentials_config.repmgr_password : nonsensitive(random_password.repmgrPassword[0].result), } -} +} diff --git a/modules/resources/aws/variables.tf b/modules/resources/aws/variables.tf index 5b24df0..aebd79b 100644 --- a/modules/resources/aws/variables.tf +++ b/modules/resources/aws/variables.tf @@ -39,15 +39,3 @@ variable "store_password_to_secret_manager" { type = bool default = false } - -variable "postgresql_config" { - description = "Custom credentials configuration." - default = { - name = "" - environment = "" - replicaCount = 3 - storage_class = "gp2" - postgresql_values = "" - store_password_to_secret_manager = true - } -} diff --git a/modules/resources/azure/outputs.tf b/modules/resources/azure/outputs.tf index cefba7c..e20f8c0 100644 --- a/modules/resources/azure/outputs.tf +++ b/modules/resources/azure/outputs.tf @@ -1,10 +1,10 @@ output "postgresql_credential" { description = "PostgreSQL credentials used for accessing the database." - value = var.postgresql_config.store_password_to_secret_manager ? null : { - postgresql_username = "postgres", - postgres_password = var.custom_credentials_enabled ? var.custom_credentials_config.postgres_password : nonsensitive(random_password.postgresql_password[0].result), - repmgr_username = "repmgr", - repmgr_password = var.custom_credentials_enabled ? var.custom_credentials_config.repmgr_password : nonsensitive(random_password.repmgrPassword[0].result), + value = { + posgresql_username = "postgres", + postgres_password = var.custom_credentials_enabled ? var.custom_credentials_config.postgres_password : nonsensitive(random_password.postgresql_password[0].result), + repmgr_username = "repmgr", + repmgr_password = var.custom_credentials_enabled ? var.custom_credentials_config.repmgr_password : nonsensitive(random_password.repmgrPassword[0].result), } } diff --git a/modules/resources/gcp/outputs.tf b/modules/resources/gcp/outputs.tf index 10e4468..e20f8c0 100644 --- a/modules/resources/gcp/outputs.tf +++ b/modules/resources/gcp/outputs.tf @@ -1,10 +1,10 @@ output "postgresql_credential" { description = "PostgreSQL credentials used for accessing the database." - value = var.postgresql_config.store_password_to_secret_manager ? null : { - postgresql_username = "postgres", - postgres_password = var.custom_credentials_enabled ? var.custom_credentials_config.postgres_password : nonsensitive(random_password.postgresql_password[0].result), - repmgr_username = "repmgr", - repmgr_password = var.custom_credentials_enabled ? var.custom_credentials_config.repmgr_password : nonsensitive(random_password.repmgrPassword[0].result), + value = { + posgresql_username = "postgres", + postgres_password = var.custom_credentials_enabled ? var.custom_credentials_config.postgres_password : nonsensitive(random_password.postgresql_password[0].result), + repmgr_username = "repmgr", + repmgr_password = var.custom_credentials_enabled ? var.custom_credentials_config.repmgr_password : nonsensitive(random_password.repmgrPassword[0].result), } } @@ -16,4 +16,4 @@ output "postgres_password" { output "repmgr_password" { description = "Replication manager password" value = var.custom_credentials_enabled ? var.custom_credentials_config.repmgr_password : nonsensitive(random_password.repmgrPassword[0].result) -} +} diff --git a/variable.tf b/variable.tf index 9ecbc91..1ee2667 100644 --- a/variable.tf +++ b/variable.tf @@ -65,11 +65,11 @@ variable "custom_credentials_config" { variable "postgres_password" { description = "PostgresQL password" default = "" - type = string + type = any } variable "repmgr_password" { description = "Replication manager password" default = "" - type = string + type = any }