From 47675d6d9615b23e161faed0d74e593605d542ad Mon Sep 17 00:00:00 2001 From: Anmol Nagpal Date: Thu, 8 Feb 2024 21:25:50 +0530 Subject: [PATCH 1/6] feat: add parameter for multi purpose usage in docDB --- example/secured/main.tf | 8 +++++++- main.tf | 42 ++++++++++++++++++++++++----------------- variables.tf | 16 ++++++++++------ 3 files changed, 42 insertions(+), 24 deletions(-) diff --git a/example/secured/main.tf b/example/secured/main.tf index e87ab78..a35dd76 100644 --- a/example/secured/main.tf +++ b/example/secured/main.tf @@ -90,11 +90,17 @@ module "documentdb" { skip_final_snapshot = var.skip_final_snapshot storage_encrypted = var.storage_encrypted kms_key_id = module.kms_key.key_arn - tls_enabled = var.tls_enabled instance_class = var.instance_class cluster_family = "docdb5.0" cluster_size = var.cluster_size deletion_protection = true preferred_backup_window = "07:00-07:30" ca_cert_identifier = "rds-ca-rsa2048-g1" + parameters = [ + { + apply_method = "immediate" + name = "tls" + value = "enabled" + } + ] } \ No newline at end of file diff --git a/main.tf b/main.tf index 8758d3a..24970b9 100644 --- a/main.tf +++ b/main.tf @@ -22,6 +22,28 @@ resource "random_password" "master" { special = false } +##----------------------------------------------------------------------------- +## AWS Document DB cluster parameter Group. +##----------------------------------------------------------------------------- + +resource "aws_docdb_cluster_parameter_group" "this" { + count = var.enable ? 1 : 0 + name = "parameter-group-${var.database_name}" + description = "DB cluster parameter group." + family = var.cluster_family + + dynamic "parameter" { + for_each = var.parameters + content { + apply_method = lookup(parameter.value, "apply_method", null) + name = parameter.value.name + value = parameter.value.value + } + } + + tags = module.labels.tags +} + ##----------------------------------------------------------------------------- ## AWS Document DB Cluster. ##----------------------------------------------------------------------------- @@ -47,6 +69,8 @@ resource "aws_docdb_cluster" "this" { engine_version = var.engine_version enabled_cloudwatch_logs_exports = var.enabled_cloudwatch_logs_exports tags = module.labels.tags + + depends_on = [aws_docdb_cluster_parameter_group.this] } ##----------------------------------------------------------------------------- @@ -74,20 +98,4 @@ resource "aws_docdb_subnet_group" "this" { description = "Allowed subnets for DB cluster instances." subnet_ids = var.subnet_list tags = module.labels.tags -} - -##----------------------------------------------------------------------------- -## AWS Document DB cluster parameter Group. -##----------------------------------------------------------------------------- - -resource "aws_docdb_cluster_parameter_group" "this" { - count = var.enable ? 1 : 0 - name = "parameter-group-${var.database_name}" - description = "DB cluster parameter group." - family = var.cluster_family - parameter { - name = "tls" - value = var.tls_enabled ? "enabled" : "disabled" - } - tags = module.labels.tags -} +} \ No newline at end of file diff --git a/variables.tf b/variables.tf index f70f2a6..79c8daf 100644 --- a/variables.tf +++ b/variables.tf @@ -104,12 +104,6 @@ variable "cluster_size" { description = "Number of DB instances to create in the cluster" } -variable "tls_enabled" { - type = bool - default = false - description = "When true than cluster using TLS for communication." -} - variable "vpc_security_group_ids" { type = set(string) default = null @@ -121,6 +115,16 @@ variable "ca_cert_identifier" { description = "The identifier of the certificate authority (CA) certificate for the DB instance." } +variable "parameters" { + type = list(object({ + apply_method = string + name = string + value = string + })) + default = [] + description = "A list of DocumentDB parameters to apply. Setting parameters to system default values may show a difference on imported resources." +} + ##----------------------------------------------------------------------------- ## Labels variables ##----------------------------------------------------------------------------- From f476a5b260e4f5fa603a3ca521dbb0a562031db6 Mon Sep 17 00:00:00 2001 From: Anmol Nagpal Date: Thu, 8 Feb 2024 21:48:57 +0530 Subject: [PATCH 2/6] feat: update readme workflow for shared action --- .github/workflows/readme.yml | 51 +++++------------------------------- 1 file changed, 6 insertions(+), 45 deletions(-) diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml index 1eb0243..ba4faf8 100644 --- a/.github/workflows/readme.yml +++ b/.github/workflows/readme.yml @@ -3,51 +3,12 @@ on: push: branches: - master + paths-ignore: + - 'README.md' jobs: readme-create: - name: 'readme-create' - runs-on: ubuntu-latest - steps: - - name: 'Checkout' - uses: actions/checkout@master - - - name: 'Set up Python 3.7' - uses: actions/setup-python@v5 - with: - python-version: '3.x' - - - name: 'create readme' - uses: 'clouddrove/github-actions@9.0.3' - with: - actions_subcommand: 'readme' - github_token: '${{ secrets.GITHUB }}' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: 'pre-commit check errors' - uses: pre-commit/action@v3.0.0 - continue-on-error: true - - - name: 'pre-commit fix erros' - uses: pre-commit/action@v3.0.0 - continue-on-error: true - - - name: 'push readme' - uses: 'clouddrove/github-actions@9.0.3' - continue-on-error: true - with: - actions_subcommand: 'push' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: 'Slack Notification' - uses: clouddrove/action-slack@v2 - with: - status: ${{ job.status }} - fields: repo,author - author_name: 'CloudDrove' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required - if: always() + uses: clouddrove/github-shared-workflows/.github/workflows/readme.yml@master + secrets: + TOKEN: ${{ secrets.GITHUB }} + SLACK_WEBHOOK_TERRAFORM: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} From 64e1dcdd641e190407fd42132349d28b02439803 Mon Sep 17 00:00:00 2001 From: Anmol Nagpal Date: Thu, 8 Feb 2024 23:13:04 +0530 Subject: [PATCH 3/6] fix: add optional for apply method of parameter --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 79c8daf..38007bb 100644 --- a/variables.tf +++ b/variables.tf @@ -117,7 +117,7 @@ variable "ca_cert_identifier" { variable "parameters" { type = list(object({ - apply_method = string + apply_method = optional(string) name = string value = string })) From 872695704ffe8f845f76ce4c491623de13591012 Mon Sep 17 00:00:00 2001 From: Anmol Nagpal Date: Thu, 8 Feb 2024 23:29:49 +0530 Subject: [PATCH 4/6] fix: add kms to basic example --- example/basic/main.tf | 29 +++++++++++++++++++++++++++++ example/secured/variable.tf | 6 ------ 2 files changed, 29 insertions(+), 6 deletions(-) diff --git a/example/basic/main.tf b/example/basic/main.tf index 26cdc8c..27b1900 100644 --- a/example/basic/main.tf +++ b/example/basic/main.tf @@ -31,6 +31,34 @@ module "subnets" { igw_id = module.vpc.igw_id } +module "kms_key" { + source = "clouddrove/kms/aws" + version = "1.3.0" + name = "kms" + environment = "test" + label_order = ["environment", "name"] + enabled = true + description = "KMS key for ec2" + deletion_window_in_days = 7 + enable_key_rotation = true + alias = "alias/ec3" + policy = data.aws_iam_policy_document.kms.json +} + +data "aws_iam_policy_document" "kms" { + version = "2012-10-17" + statement { + sid = "Enable IAM User Permissions" + effect = "Allow" + principals { + type = "AWS" + identifiers = ["*"] + } + actions = ["kms:*"] + resources = ["*"] + } +} + module "documentdb" { source = "../../" enable = true @@ -38,6 +66,7 @@ module "documentdb" { label_order = ["environment", "name"] subnet_list = module.subnets.private_subnet_id database_name = "test-db" + kms_key_id = module.kms_key.key_arn master_username = "test" master_password = var.master_password instance_class = var.instance_class diff --git a/example/secured/variable.tf b/example/secured/variable.tf index 286ae13..0768841 100644 --- a/example/secured/variable.tf +++ b/example/secured/variable.tf @@ -10,12 +10,6 @@ variable "storage_encrypted" { default = true } -variable "tls_enabled" { - type = bool - default = true - description = "When true than cluster using TLS for communication." -} - variable "instance_class" { type = string default = "db.t3.medium" From e643ed19a1f759fe37ad463e44d75b244e66f86f Mon Sep 17 00:00:00 2001 From: Anmol Nagpal Date: Thu, 8 Feb 2024 23:40:13 +0530 Subject: [PATCH 5/6] fix: add kms to instance --- main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/main.tf b/main.tf index 24970b9..486aa81 100644 --- a/main.tf +++ b/main.tf @@ -85,6 +85,7 @@ resource "aws_docdb_cluster_instance" "this" { instance_class = var.instance_class tags = module.labels.tags engine = var.engine + kms_key_id = var.kms_key_id ca_cert_identifier = var.ca_cert_identifier } From 8b4a76eece707ede0a552733605085c1e3dfa384 Mon Sep 17 00:00:00 2001 From: Anmol Nagpal Date: Fri, 9 Feb 2024 00:04:21 +0530 Subject: [PATCH 6/6] fix: fall back --- example/basic/main.tf | 29 ----------------------------- main.tf | 1 - variables.tf | 2 +- 3 files changed, 1 insertion(+), 31 deletions(-) diff --git a/example/basic/main.tf b/example/basic/main.tf index 27b1900..26cdc8c 100644 --- a/example/basic/main.tf +++ b/example/basic/main.tf @@ -31,34 +31,6 @@ module "subnets" { igw_id = module.vpc.igw_id } -module "kms_key" { - source = "clouddrove/kms/aws" - version = "1.3.0" - name = "kms" - environment = "test" - label_order = ["environment", "name"] - enabled = true - description = "KMS key for ec2" - deletion_window_in_days = 7 - enable_key_rotation = true - alias = "alias/ec3" - policy = data.aws_iam_policy_document.kms.json -} - -data "aws_iam_policy_document" "kms" { - version = "2012-10-17" - statement { - sid = "Enable IAM User Permissions" - effect = "Allow" - principals { - type = "AWS" - identifiers = ["*"] - } - actions = ["kms:*"] - resources = ["*"] - } -} - module "documentdb" { source = "../../" enable = true @@ -66,7 +38,6 @@ module "documentdb" { label_order = ["environment", "name"] subnet_list = module.subnets.private_subnet_id database_name = "test-db" - kms_key_id = module.kms_key.key_arn master_username = "test" master_password = var.master_password instance_class = var.instance_class diff --git a/main.tf b/main.tf index 486aa81..24970b9 100644 --- a/main.tf +++ b/main.tf @@ -85,7 +85,6 @@ resource "aws_docdb_cluster_instance" "this" { instance_class = var.instance_class tags = module.labels.tags engine = var.engine - kms_key_id = var.kms_key_id ca_cert_identifier = var.ca_cert_identifier } diff --git a/variables.tf b/variables.tf index 38007bb..e9da2d4 100644 --- a/variables.tf +++ b/variables.tf @@ -89,7 +89,7 @@ variable "engine_version" { variable "enabled_cloudwatch_logs_exports" { type = list(string) description = "List of log types to export to cloudwatch. The following log types are supported: audit, error, general, slowquery." - default = ["audit", "audit", "profiler"] + default = ["audit", "profiler"] } variable "instance_class" {