From 1538d78abb60318989717dd3a4fb9c7d096e2acf Mon Sep 17 00:00:00 2001 From: samidbb Date: Wed, 27 Dec 2023 15:39:41 +0100 Subject: [PATCH] initial rename and cleanup --- locals.tf | 8 +-- main.tf | 18 +++--- tests/instance/main.tf | 12 ++-- tests/qa/main.tf | 6 +- variables.tf | 128 +++++++++++++++++++++-------------------- 5 files changed, 88 insertions(+), 84 deletions(-) diff --git a/locals.tf b/locals.tf index fde30945..48bc2765 100644 --- a/locals.tf +++ b/locals.tf @@ -36,7 +36,7 @@ locals { ######################################################################## # Subnet group ######################################################################## - create_db_subnet_group = true + # create_db_subnet_group = true ######################################################################## # Enhanced Monitoring @@ -54,12 +54,12 @@ locals { # DB Proxy configuration ######################################################################## proxy_name = var.proxy_name == null ? "${var.identifier}" : var.proxy_name - db_proxy_secret_arn = var.include_proxy ? (local.is_serverless ? try(module.db_cluster_serverless[0].cluster_master_user_secret_arn, null) : try(module.db_instance[0].db_instance_master_user_secret_arn, null)) : null - proxy_auth_config = var.include_proxy ? { + db_proxy_secret_arn = var.is_proxy_included ? (local.is_serverless ? try(module.db_cluster_serverless[0].cluster_master_user_secret_arn, null) : try(module.db_instance[0].db_instance_master_user_secret_arn, null)) : null + proxy_auth_config = var.is_proxy_included ? { (var.username) = { description = "Proxy user for ${var.username}" secret_arn = local.db_proxy_secret_arn # aws_secretsmanager_secret.superuser.arn - iam_auth = var.rds_proxy_iam_auth + iam_auth = var.proxy_iam_auth } } : {} diff --git a/main.tf b/main.tf index d2d58746..229a40c1 100644 --- a/main.tf +++ b/main.tf @@ -13,7 +13,7 @@ resource "random_id" "snapshot_identifier" { } resource "null_resource" "validate_instance_type_proxy" { # TODO: need to enforce dependency in proxy module - count = var.is_db_cluster && var.include_proxy ? 1 : 0 + count = var.is_db_cluster && var.is_proxy_included ? 1 : 0 provisioner "local-exec" { command = "Running a check" @@ -21,7 +21,7 @@ resource "null_resource" "validate_instance_type_proxy" { # TODO: need to enforc lifecycle { precondition { - condition = var.is_db_cluster && var.include_proxy + condition = var.is_db_cluster && var.is_proxy_included error_message = "Cannot create a proxy for a DB cluster" } } @@ -32,8 +32,8 @@ module "db_parameter_group" { source = "./modules/instance_parameter_group" count = local.create_db_parameter_group ? 1 : 0 name = var.identifier - use_name_prefix = var.parameter_group_use_name_prefix - description = var.parameter_group_description + use_name_prefix = var.parameter_group_use_name_prefix # TODO: Convert to local + description = var.parameter_group_description # TODO: Convert to local family = local.parameter_group_family parameters = local.instance_parameters tags = local.all_tags @@ -158,7 +158,7 @@ module "db_multi_az_cluster" { } -module "db_cluster_serverless" { # TODO: Revisit defaults +module "db_cluster_serverless" { # TODO: Revisit defaults and rename to aurora serverless source = "./modules/rds_aurora" count = local.is_serverless ? 1 : 0 name = var.identifier @@ -188,13 +188,13 @@ module "db_cluster_serverless" { # TODO: Revisit defaults module "db_proxy" { source = "./modules/rds_proxy" - count = var.include_proxy ? 1 : 0 + count = var.is_proxy_included ? 1 : 0 tags = local.all_tags name = var.identifier auth = local.proxy_auth_config - debug_logging = var.proxy_debug_logging + debug_logging = var.proxy_debug_logging_is_enabled engine_family = var.proxy_engine_family - idle_client_timeout = var.idle_client_timeout + idle_client_timeout = var.proxy_idle_client_timeout require_tls = var.proxy_require_tls role_arn = try(module.db_instance[0].iam_role_for_aws_services.arn, module.db_cluster_serverless[0].iam_role_for_aws_services.arn, null) # TODO: Fix iam_role_for_aws_services for db_cluster_serverless by adding required IAM resources vpc_security_group_ids = [module.security_group_proxy[0].security_group_id] @@ -230,7 +230,7 @@ module "security_group" { # TODO: update with another rule for public access module "security_group_proxy" { source = "./modules/security_group" - count = var.include_proxy ? 1 : 0 + count = var.is_proxy_included ? 1 : 0 name = var.identifier description = "RDS PostgreSQL security group for proxy" vpc_id = var.vpc_id diff --git a/tests/instance/main.tf b/tests/instance/main.tf index 076d1d1d..a94bd5e0 100644 --- a/tests/instance/main.tf +++ b/tests/instance/main.tf @@ -18,21 +18,20 @@ locals { } module "rds_instance_test" { - source = "../../" + source = "../../" create_db_instance = true - identifier = local.name + identifier = local.name - username = "instance_user" + username = "instance_user" apply_immediately = true publicly_accessible = true - subnet_ids = concat(module.vpc.public_subnets) enabled_cloudwatch_logs_exports = ["upgrade", "postgresql"] cloudwatch_log_group_retention_in_days = 1 - include_proxy = false - proxy_debug_logging = true + is_proxy_included = false + proxy_debug_logging_is_enabled = true # Group variables into maps vpc_id = module.vpc.vpc_id @@ -61,6 +60,7 @@ module "rds_instance_test" { data_classification = "public" enable_default_backup = true optional_tags = local.tags + is_kubernetes_app_enabled = true } ################################################################################ diff --git a/tests/qa/main.tf b/tests/qa/main.tf index 976e71d0..21b7ce81 100644 --- a/tests/qa/main.tf +++ b/tests/qa/main.tf @@ -17,7 +17,7 @@ locals { } -module "rds_instance_test" { +module "rds_instance_test" { # TODO: change to only use defaults and required variables source = "../../" identifier = local.name environment = "test" @@ -33,8 +33,8 @@ module "rds_instance_test" { subnet_ids = ["subnet-04d5d42ac21fd8e8f", "subnet-0e50a82dec5fc0272", "subnet-0a49d384ff2e8a580"] enabled_cloudwatch_logs_exports = ["upgrade", "postgresql"] cloudwatch_log_group_retention_in_days = 1 - include_proxy = true - proxy_debug_logging = true + is_proxy_included = true + proxy_debug_logging_is_enabled = true enhanced_monitoring_interval = 0 allow_major_version_upgrade = true engine_version = "16.1" diff --git a/variables.tf b/variables.tf index 61d1353a..59e19bcc 100644 --- a/variables.tf +++ b/variables.tf @@ -60,17 +60,17 @@ variable "replicate_source_db" { default = null } -variable "license_model" { - description = "License model information for this DB instance. Optional, but required for some DB engines, i.e. Oracle SE1" - type = string - default = null -} +# variable "license_model" { # TODO: Remove. It's Oracle specific +# description = "License model information for this DB instance. Optional, but required for some DB engines, i.e. Oracle SE1" +# type = string +# default = null +# } -variable "replica_mode" { - description = "Specifies whether the replica is in either mounted or open-read-only mode. This attribute is only supported by Oracle instances. Oracle replicas operate in open-read-only mode unless otherwise specified" - type = string - default = null -} +# variable "replica_mode" { # TODO: Remove. It's Oracle specific +# description = "Specifies whether the replica is in either mounted or open-read-only mode. This attribute is only supported by Oracle instances. Oracle replicas operate in open-read-only mode unless otherwise specified" +# type = string +# default = null +# } variable "iam_database_authentication_enabled" { description = "Specifies whether or not the mappings of AWS Identity and Access Management (IAM) accounts to database accounts are enabled" @@ -292,7 +292,7 @@ variable "restore_to_point_in_time" { default = null } -variable "s3_import" { +variable "s3_import" { # TODO: Remove if only MySQL is supported description = "Restore from a Percona Xtrabackup in S3 (only MySQL is supported)" type = map(string) default = null @@ -328,75 +328,77 @@ variable "subnet_ids" { type = list(string) } -# DB parameter group -variable "create_db_parameter_group" { # Test this - description = "Whether to create a database parameter group" - type = bool - default = true -} +# # DB parameter group +# variable "create_db_parameter_group" { # Test this +# description = "Whether to create a database parameter group" +# type = bool +# default = true +# } -variable "parameter_group_name" { - description = "Name of the DB parameter group to associate or create" - type = string - default = null -} +# variable "parameter_group_name" { +# description = "Name of the DB parameter group to associate or create" +# type = string +# default = null +# } +# TODO: Convert to local variable "parameter_group_use_name_prefix" { # It is good to have default value as true in case of upgrades as it results in new parameter group to be created with new engine version description = "Determines whether to use `parameter_group_name` as is or create a unique name beginning with the `parameter_group_name` as the prefix" type = bool default = true } +# TODO: Convert to local variable "parameter_group_description" { description = "Description of the DB parameter group to create" type = string default = null } -variable "parameter_group_family" { - description = "The family of the DB parameter group" - type = string - default = null # varies depending on engine and version and instance type -} +# variable "parameter_group_family" { +# description = "The family of the DB parameter group" +# type = string +# default = null # varies depending on engine and version and instance type +# } variable "instance_parameters" { - description = "A list of DB parameters (map) to apply" + description = "A list of DB parameters (map) to modify" type = list(map(string)) default = [] } -# DB option group -variable "create_db_option_group" { - description = "Create a database option group" - type = bool - default = true -} +# # DB option group # Not used by Postgres +# variable "create_db_option_group" { +# description = "Create a database option group" +# type = bool +# default = true +# } -variable "option_group_name" { - description = "Name of the option group" - type = string - default = null -} +# variable "option_group_name" { +# description = "Name of the option group" +# type = string +# default = null +# } -variable "option_group_use_name_prefix" { - description = "Determines whether to use `option_group_name` as is or create a unique name beginning with the `option_group_name` as the prefix" - type = bool - default = true -} +# variable "option_group_use_name_prefix" { +# description = "Determines whether to use `option_group_name` as is or create a unique name beginning with the `option_group_name` as the prefix" +# type = bool +# default = true +# } -variable "option_group_description" { - description = "The description of the option group" - type = string - default = null -} +# variable "option_group_description" { +# description = "The description of the option group" +# type = string +# default = null +# } -variable "options" { - description = "A list of Options to apply" - type = any - default = [] -} +# variable "options" { +# description = "A list of Options to apply" +# type = any +# default = [] +# } -variable "create_db_instance" { +variable "create_db_instance" { # TODO: Remove description = "Whether to create a database instance" type = bool default = true @@ -736,20 +738,22 @@ variable "cluster_engine_native_audit_fields_included" { # Proxy settings ################################################################################ -variable "include_proxy" { +variable "is_proxy_included" { description = "Optionally include proxy to help manage database connections" type = bool default = false } -variable "proxy_debug_logging" { +variable "proxy_debug_logging_is_enabled" { description = "Turn on debug logging for the proxy" default = false + type = bool } -variable "idle_client_timeout" { +variable "proxy_idle_client_timeout" { description = "Idle client timeout of the RDS proxy (keep connection alive)" default = 1800 + type = number } variable "proxy_require_tls" { @@ -784,12 +788,12 @@ variable "proxy_security_group_rules" { } } -variable "rds_proxy_iam_auth" { +variable "proxy_iam_auth" { type = string default = "DISABLED" validation { - condition = contains(["DISABLED", "REQUIRED"], var.rds_proxy_iam_auth) - error_message = "Invalid value for var.rds_proxy_iam_auth. Supported values: DISABLED, REQUIRED." + condition = contains(["DISABLED", "REQUIRED"], var.proxy_iam_auth) + error_message = "Invalid value for var.proxy_iam_auth. Supported values: DISABLED, REQUIRED." } } @@ -821,7 +825,7 @@ variable "rds_security_group_rules" { variable "is_kubernetes_app_enabled" { - description = "Determines whether to create needed resources to enable access from Kubernetes" + description = "Determines whether to create needed resources to enable access from Kubernetes. Set this to `true` if you want to access the RDS instance from Kubernetes pods" type = bool default = false }