Skip to content

Commit

Permalink
Implemented:
Browse files Browse the repository at this point in the history
- master username and password
- make it possible to enable/disable SAML
  • Loading branch information
Alexander Verhaar committed Mar 21, 2024
1 parent f18addc commit 0fc1007
Show file tree
Hide file tree
Showing 4 changed files with 32 additions and 6 deletions.
6 changes: 5 additions & 1 deletion example/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,10 @@ provider "elasticsearch" {
module "opensearch" {
source = "../"

enabled = true

cluster_name = var.cluster_name
cluster_version = "OpenSearch_2.11"
cluster_version = "OpenSearch_2.7"

subnet_ids = var.subnet_ids
security_group_ids = var.security_group_ids
Expand All @@ -20,5 +22,7 @@ module "opensearch" {
ebs_enabled = true
ebs_volume_size = 50

saml_options_enabled = false

cloudwatch_log_enabled = true
}
10 changes: 7 additions & 3 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,9 @@ resource "aws_elasticsearch_domain" "opensearch" {
enabled = true
internal_user_database_enabled = var.internal_user_database_enabled
master_user_options {
master_user_arn = var.master_user_arn
master_user_arn = var.internal_user_database_enabled ? var.master_user_arn : null
master_user_name = var.internal_user_database_enabled ? var.master_user_name : null
master_user_password = var.internal_user_database_enabled ? var.master_user_password : null
}
}

Expand Down Expand Up @@ -95,8 +97,9 @@ resource "aws_elasticsearch_domain" "opensearch" {
}

auto_tune_options {
desired_state = var.autotune_options.desired_state
rollback_on_disable = var.autotune_options.rollback_on_disable
desired_state = var.autotune_enabled ? var.autotune_options.desired_state : "DISABLED"
rollback_on_disable = var.autotune_enabled ? var.autotune_options.rollback_on_disable : null

maintenance_schedule {
start_at = var.autotune_options.maintenance_schedule.start_at
duration {
Expand All @@ -112,6 +115,7 @@ resource "aws_elasticsearch_domain" "opensearch" {

resource "aws_elasticsearch_domain_saml_options" "opensearch_saml_options" {
domain_name = var.cluster_name
count = var.saml_options_enabled ? 1 : 0
saml_options {
enabled = var.saml_options_enabled
master_backend_role = var.saml_options_master_backend_role
Expand Down
2 changes: 1 addition & 1 deletion outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ output "cluster_endpoint" {

output "cluster_version" {
description = "The version of the OpenSearch cluster."
value = replace(aws_elasticsearch_domain.opensearch[*].elasticsearch_version, "OpenSearch_", "")
value = [for i in aws_elasticsearch_domain.opensearch[*] : replace(i.elasticsearch_version, "OpenSearch_", "")]
}

output "kibana_endpoint" {
Expand Down
20 changes: 19 additions & 1 deletion variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -164,6 +164,18 @@ variable "master_user_arn" {
default = null
}

variable "master_user_name" {
description = "Name of the main user."
type = string
default = null
}

variable "master_user_password" {
description = "Password of the main user."
type = string
default = null
}

variable "encrypt_kms_key_id" {
description = "KMS key id to encrypt OpenSearch domain with."
type = string
Expand Down Expand Up @@ -266,6 +278,12 @@ variable "saml_options_idp_metadata_content" {
default = null
}

variable "autotune_enabled" {
type = bool
description = "Enable autotune options"
default = false
}

variable "autotune_options" {
type = object({
desired_state = string
Expand All @@ -281,7 +299,7 @@ variable "autotune_options" {
rollback_on_disable = "NO_ROLLBACK"
maintenance_schedule = {
cron_expression = "value"
duration = 0
duration = 1
start_at = "2000-01-01T00:00:00.00Z"
}
}
Expand Down

0 comments on commit 0fc1007

Please sign in to comment.