Added variable to store credential at secret manager and pass custom credentials

Author: ankur6405

README.md

@@ -14,25 +14,30 @@ This module creates a Redis master and one or more Redis slaves, depending on th
 
 |  Redis Helm Chart Version    |     K8s supported version   |  
 | :-----:                       |         :---                |
-| **16.13.2**                     |    **1.23,1.24,1.25**           |
+| **16.13.2**                     |    **1.23,1.24,1.25,1.26,1.27**           |
 
 ## Usage Example
 
 ```hcl
 module "redis" {
   source                = "squareops/redis/kubernetes"
   redis_config = {
-    name                = "redis"
-    values_yaml         = ""
-    environment         = "prod"
-    architecture        = "replication"
-    slave_volume_size   = "10Gi"
-    master_volume_size  = "10Gi"
-    storage_class_name  = "gp3"
-    slave_replica_count = 2
+    name                             = "redis"
+    values_yaml                      = ""
+    environment                      = "prod"
+    architecture                     = "replication"
+    slave_volume_size                = "10Gi"
+    master_volume_size               = "10Gi"
+    storage_class_name               = "gp3"
+    slave_replica_count              = 2
+    store_password_to_secret_manager = true
   }
   grafana_monitoring_enabled = true
   recovery_window_aws_secret = 0
+  custom_credentials_enabled = true
+  custom_credentials_config = {
+    password = "aajdhgduy3873683dh"
+  }
 }
 
 ```

examples/complete/main.tf

@@ -7,20 +7,26 @@ locals {
     Expires    = "Never"
     Department = "Engineering"
   }
+  store_password_to_secret_manager = true
 }
 
 module "redis" {
   source = "squareops/redis/kubernetes"
   redis_config = {
-    name                = local.name
-    values_yaml         = file("./helm/values.yaml")
-    environment         = local.environment
-    architecture        = "replication"
-    slave_volume_size   = "10Gi"
-    master_volume_size  = "10Gi"
-    storage_class_name  = "gp3"
-    slave_replica_count = 2
+    name                             = local.name
+    values_yaml                      = file("./helm/values.yaml")
+    environment                      = local.environment
+    architecture                     = "replication"
+    slave_volume_size                = "10Gi"
+    master_volume_size               = "10Gi"
+    storage_class_name               = "gp3"
+    slave_replica_count              = 2
+    store_password_to_secret_manager = local.store_password_to_secret_manager
   }
   grafana_monitoring_enabled = true
   recovery_window_aws_secret = 0
+  custom_credentials_enabled = true
+  custom_credentials_config = {
+    password = "aajdhgduy3873683dh"
+  }
 }

examples/complete/output.tf

@@ -1,14 +1,9 @@
-output "redis_port" {
-  value       = "6379"
-  description = "The port number on which Redis is running."
+output "redis_endpoints" {
+  description = "Redis endpoints in the Kubernetes cluster."
+  value       = module.redis.redis_endpoints
 }
 
-output "redis_master_endpoint" {
-  value       = module.redis.redis_master_endpoint
-  description = "The endpoint for the Redis Master Service, which is the primary node in the Redis cluster responsible for handling read-write operations."
-}
-
-output "redis_slave_endpoint" {
-  value       = module.redis.redis_slave_endpoint
-  description = "The endpoint for the Redis Slave Service, which is a secondary node in the Redis cluster responsible for handling read-only operations."
+output "redis_credential" {
+  description = "Redis credentials used for accessing the database."
+  value       = local.store_password_to_secret_manager ? null : module.redis.redis_credential
 }

examples/complete/provider.tf

@@ -18,14 +18,12 @@ provider "kubernetes" {
   host                   = data.aws_eks_cluster.cluster.endpoint
   cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
   token                  = data.aws_eks_cluster_auth.cluster.token
-
 }
 
 provider "helm" {
   kubernetes {
     host                   = data.aws_eks_cluster.cluster.endpoint
     cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
     token                  = data.aws_eks_cluster_auth.cluster.token
-
   }
 }

main.tf

@@ -1,21 +1,28 @@
 resource "random_password" "redis_password" {
+  count   = var.custom_credentials_enabled ? 0 : 1
   length  = 20
   special = false
 }
 
 resource "aws_secretsmanager_secret" "redis_password" {
+  count                   = var.redis_config.store_password_to_secret_manager ? 1 : 0
   name                    = format("%s/%s/%s", var.redis_config.environment, var.redis_config.name, "redis")
   recovery_window_in_days = var.recovery_window_aws_secret
 }
 
 resource "aws_secretsmanager_secret_version" "redis_password" {
-  secret_id     = aws_secretsmanager_secret.redis_password.id
-  secret_string = <<EOF
-   {
-    "username": "root",
-    "password": "${random_password.redis_password.result}"
-   }
-EOF
+  count     = var.redis_config.store_password_to_secret_manager ? 1 : 0
+  secret_id = aws_secretsmanager_secret.redis_password[0].id
+  secret_string = var.custom_credentials_enabled ? jsonencode(
+    {
+      "redis_username" : "root",
+      "redis_password" : "${var.custom_credentials_config.password}"
+
+    }) : jsonencode(
+    {
+      "redis_username" : "root",
+      "redis_password" : "${random_password.redis_password[0].result}"
+  })
 }
 
 resource "kubernetes_namespace" "redis" {
@@ -38,7 +45,7 @@ resource "helm_release" "redis" {
     templatefile("${path.module}/helm/values/values.yaml", {
       app_version              = var.app_version,
       architecture             = var.redis_config.architecture,
-      redis_password           = random_password.redis_password.result,
+      redis_password           = var.custom_credentials_enabled ? var.custom_credentials_config.password : random_password.redis_password[0].result,
       slave_volume_size        = var.redis_config.slave_volume_size,
       slave_replicacount       = var.redis_config.slave_replica_count,
       storage_class_name       = var.redis_config.storage_class_name,

output.tf

@@ -1,14 +1,16 @@
-output "redis_port" {
-  value       = "6379"
-  description = "The port number on which Redis is running."
+output "redis_endpoints" {
+  description = "Redis endpoints in the Kubernetes cluster."
+  value = {
+    redis_port            = "6379",
+    redis_master_endpoint = "redis-master.${var.namespace}.svc.cluster.local",
+    redis_slave_endpoint  = "redis-replicas.${var.namespace}.svc.cluster.local"
+  }
 }
 
-output "redis_master_endpoint" {
-  value       = "redis-master.${var.namespace}.svc.cluster.local"
-  description = "The endpoint for the Redis Master Service, which is the primary node in the Redis cluster responsible for handling read-write operations."
-}
-
-output "redis_slave_endpoint" {
-  value       = "redis-replicas.${var.namespace}.svc.cluster.local"
-  description = "The endpoint for the Redis Slave Service, which is a secondary node in the Redis cluster responsible for handling read-only operations."
+output "redis_credential" {
+  description = "Redis credentials used for accessing the database."
+  value = var.redis_config.store_password_to_secret_manager ? null : {
+    redis_username = "root",
+    redis_password = var.custom_credentials_enabled ? var.custom_credentials_config.password : nonsensitive(random_password.redis_password[0].result)
+  }
 }

variables.tf

@@ -1,16 +1,17 @@
 variable "redis_config" {
   type = any
   default = {
-    name                = ""
-    environment         = ""
-    master_volume_size  = ""
-    architecture        = "replication"
-    slave_replica_count = 1
-    slave_volume_size   = ""
-    storage_class_name  = ""
-    values_yaml         = ""
+    name                             = ""
+    environment                      = ""
+    master_volume_size               = ""
+    architecture                     = "replication"
+    slave_replica_count              = 1
+    slave_volume_size                = ""
+    storage_class_name               = ""
+    store_password_to_secret_manager = ""
+    values_yaml                      = ""
   }
-  description = "Specify the configuration settings for Redis, including the name, environment, storage options, replication settings, and custom YAML values."
+  description = "Specify the configuration settings for Redis, including the name, environment, storage options, replication settings, store password to secret manager and custom YAML values."
 }
 
 variable "chart_version" {
@@ -48,3 +49,17 @@ variable "create_namespace" {
   description = "Specify whether or not to create the namespace if it does not already exist. Set it to true to create the namespace."
   default     = true
 }
+
+variable "custom_credentials_enabled" {
+  type        = bool
+  default     = false
+  description = "Specifies whether to enable custom credentials for Redis."
+}
+
+variable "custom_credentials_config" {
+  type = any
+  default = {
+    password = ""
+  }
+  description = "Specify the configuration settings for Redis to pass custom credentials during creation."
+}