Refactor to use util::identity
This commit is contained in:
parent
2a55a95d1b
commit
760b2c1057
GPG key ID:
DDB392AE64B32D89
8 changed files with 25 additions and 59 deletions
cloud/aws/rds
|
|
@ -1,21 +0,0 @@
|
|||
variable "admin_username" {
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
resource "random_pet" "admin_user" {
|
||||
count = var.admin_username == null ? 1 : 0
|
||||
separator = "_"
|
||||
}
|
||||
variable "admin_password" {
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
resource "random_password" "admin_pass" {
|
||||
count = var.admin_username == null ? 1 : 0
|
||||
special = false
|
||||
length = 32
|
||||
}
|
||||
locals {
|
||||
admin_username = coalesce(var.admin_username, random_pet.admin_user[0].id)
|
||||
admin_password = nonsensitive(coalesce(var.admin_password, random_password.admin_pass[0].result))
|
||||
}
|
||||
|
|
@ -20,10 +20,7 @@ resource "local_file" "debug" {
|
|||
# write = aws_rds_cluster_endpoint.endpoint["write"].endpoint,
|
||||
# read = aws_rds_cluster_endpoint.endpoint["read"].endpoint
|
||||
#}
|
||||
admin = {
|
||||
username = local.admin_username
|
||||
password = local.admin_password
|
||||
}
|
||||
admin = module.admin_identity
|
||||
}
|
||||
tenants = var.tenants
|
||||
}))
|
||||
|
|
@ -54,8 +51,8 @@ resource "local_file" "debug_result" {
|
|||
}
|
||||
}
|
||||
tenants = merge({ admin = {
|
||||
username = local.admin_username
|
||||
password = local.admin_password
|
||||
username = module.admin_identity.username
|
||||
password = nonsensitive(module.admin_identity.password)
|
||||
} }, local.output_tenants)
|
||||
|
||||
}))
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ variable "instance_name" {
|
|||
default = "serverless-multitennant"
|
||||
}
|
||||
locals {
|
||||
sanitised_name = lower(replace(var.instance_name, "[^a-zA-Z0-9]", "-"))
|
||||
sanitised_name = lower(replace(var.instance_name, "[^a-zA-Z0-9_ ]", "-"))
|
||||
}
|
||||
variable "tenants" {
|
||||
type = map(object({
|
||||
|
|
@ -75,9 +75,9 @@ variable "engine_version" {
|
|||
locals {
|
||||
engine_version = (
|
||||
local.is_mysql
|
||||
? (var.engine_version != null ? element(local.supported_mysql, length(local.supported_mysql)-1) : false)
|
||||
? (var.engine_version != null ? element(local.supported_mysql, length(local.supported_mysql) - 1) : false)
|
||||
: (local.is_postgres
|
||||
? (var.engine_version != null ? element(local.supported_postgres, length(local.supported_postgres)-1) : false)
|
||||
? (var.engine_version != null ? element(local.supported_postgres, length(local.supported_postgres) - 1) : false)
|
||||
: false
|
||||
)
|
||||
)
|
||||
|
|
|
|||
|
|
@ -12,8 +12,5 @@ output "tenants" {
|
|||
value = local.output_tenants
|
||||
}
|
||||
output "admin" {
|
||||
value = {
|
||||
username = local.admin_username
|
||||
password = local.admin_password
|
||||
}
|
||||
value = module.admin_identity
|
||||
}
|
||||
|
|
@ -17,14 +17,17 @@ resource "aws_kms_key" "db_key" {
|
|||
}
|
||||
)
|
||||
}
|
||||
module "admin_identity" {
|
||||
source = "../../../../utils/identity"
|
||||
}
|
||||
resource "aws_rds_cluster" "cluster" {
|
||||
cluster_identifier = local.sanitised_name
|
||||
engine_mode = "provisioned"
|
||||
engine = data.aws_rds_engine_version.latest[var.engine_version].engine
|
||||
engine_version = data.aws_rds_engine_version.latest[var.engine_version].version
|
||||
database_name = local.admin_username
|
||||
master_username = local.admin_username
|
||||
master_password = local.admin_password
|
||||
database_name = module.admin_identity.username
|
||||
master_username = module.admin_identity.username
|
||||
master_password = module.admin_identity.password
|
||||
storage_encrypted = true
|
||||
enable_local_write_forwarding = local.supports_local_write_forwarding
|
||||
backup_retention_period = var.backup_retention_period_days
|
||||
|
|
@ -93,7 +96,6 @@ resource "aws_rds_cluster_endpoint" "endpoint" {
|
|||
)
|
||||
}
|
||||
|
||||
|
||||
output "endpoints" {
|
||||
value = aws_rds_cluster_endpoint.endpoint
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,13 +7,5 @@ module "tenants" {
|
|||
vpc_id = data.aws_vpc.current.id
|
||||
cluster_id = aws_rds_cluster.cluster.id
|
||||
engine = aws_rds_cluster.cluster.engine
|
||||
admin_username = local.admin_username
|
||||
admin_password = local.admin_password
|
||||
tags = merge(
|
||||
try(var.application.application_tag, {}),
|
||||
{
|
||||
"TerraformRDSClusterName" = var.instance_name
|
||||
"TerraformRDSTenantName" = each.value.username
|
||||
}
|
||||
)
|
||||
admin_identity = module.admin_identity
|
||||
}
|
||||
|
|
@ -3,11 +3,11 @@ locals {
|
|||
host = data.aws_rds_cluster.cluster.endpoint
|
||||
port = local.is_mysql ? 3306 : 5432
|
||||
}
|
||||
mysql_command = try("${var.mysql_binary} -h ${data.ssh_tunnel.db.local.host} -P ${data.ssh_tunnel.db.local.port} -u ${var.admin_username}", "")
|
||||
postgres_command = try("${var.postgres_binary} -h ${data.ssh_tunnel.db.local.host} -p ${data.ssh_tunnel.db.local.port} -U ${var.admin_username} -d ${var.admin_username}", "")
|
||||
mysql_command = try("${var.mysql_binary} -h ${data.ssh_tunnel.db.local.host} -P ${data.ssh_tunnel.db.local.port} -u ${var.admin_identity.username}", "")
|
||||
postgres_command = try("${var.postgres_binary} -h ${data.ssh_tunnel.db.local.host} -p ${data.ssh_tunnel.db.local.port} -U ${var.admin_identity.username} -d ${var.admin_identity.username}", "")
|
||||
database_environment_variables = {
|
||||
PGPASSWORD = !local.is_mysql ? var.admin_password : null,
|
||||
MYSQL_PWD = local.is_mysql ? var.admin_password : null,
|
||||
PGPASSWORD = !local.is_mysql ? nonsensitive(var.admin_identity.password) : null,
|
||||
MYSQL_PWD = local.is_mysql ? nonsensitive(var.admin_identity.password) : null,
|
||||
}
|
||||
}
|
||||
resource "local_file" "debug" {
|
||||
|
|
@ -30,7 +30,7 @@ resource "terraform_data" "db" {
|
|||
cluster_id = data.aws_rds_cluster.cluster.id
|
||||
}
|
||||
provisioner "local-exec" {
|
||||
command = "echo 'Connecting to \"${local.db_tunnel_remote.host}:${local.db_tunnel_remote.port}\" as \"${var.admin_username}\" via \"${data.ssh_tunnel.db.connection_name}\"'"
|
||||
command = "echo 'Connecting to \"${local.db_tunnel_remote.host}:${local.db_tunnel_remote.port}\" as \"${var.admin_identity.username}\" via \"${data.ssh_tunnel.db.connection_name}\"'"
|
||||
}
|
||||
provisioner "local-exec" {
|
||||
command = (local.is_mysql
|
||||
|
|
|
|||
|
|
@ -59,11 +59,10 @@ variable "postgres_binary" {
|
|||
description = "The path to the postgres binary"
|
||||
default = "psql"
|
||||
}
|
||||
variable "admin_username" {
|
||||
type = string
|
||||
description = "The admin user for the database"
|
||||
}
|
||||
variable "admin_password" {
|
||||
type = string
|
||||
description = "The admin password for the database"
|
||||
variable "admin_identity" {
|
||||
type = object({
|
||||
username = string
|
||||
password = string
|
||||
})
|
||||
description = "The admin identity for the database"
|
||||
}
|
||||
Loading…
Reference in a new issue