Merge pull request #7 from ankur6405/custom-credentials

added variable to store secret and pass custom credentials

Author: RohitSquareops

README.md

@@ -14,25 +14,30 @@ This module creates a Redis master and one or more Redis slaves, depending on th
 
 |  Redis Helm Chart Version    |     K8s supported version   |  
 | :-----:                       |         :---                |
-| **16.13.2**                     |    **1.23,1.24,1.25**           |
+| **16.13.2**                     |    **1.23,1.24,1.25,1.26,1.27**           |
 
 ## Usage Example
 
 ```hcl
 module "redis" {
   source                = "squareops/redis/kubernetes"
   redis_config = {
-    name                = "redis"
-    values_yaml         = ""
-    environment         = "prod"
-    architecture        = "replication"
-    slave_volume_size   = "10Gi"
-    master_volume_size  = "10Gi"
-    storage_class_name  = "gp3"
-    slave_replica_count = 2
+    name                             = "redis"
+    values_yaml                      = ""
+    environment                      = "prod"
+    architecture                     = "replication"
+    slave_volume_size                = "10Gi"
+    master_volume_size               = "10Gi"
+    storage_class_name               = "gp3"
+    slave_replica_count              = 2
+    store_password_to_secret_manager = true
   }
   grafana_monitoring_enabled = true
   recovery_window_aws_secret = 0
+  custom_credentials_enabled = true
+  custom_credentials_config = {
+    password = "aajdhgduy3873683dh"
+  }
 }
 
 ```
@@ -85,18 +90,19 @@ No modules.
 | <a name="input_app_version"></a> [app\_version](#input\_app\_version) | Version of the Redis application that will be deployed. | `string` | `"6.2.7-debian-11-r11"` | no |
 | <a name="input_chart_version"></a> [chart\_version](#input\_chart\_version) | Version of the chart for the Redis application that will be deployed. | `string` | `"16.13.2"` | no |
 | <a name="input_create_namespace"></a> [create\_namespace](#input\_create\_namespace) | Specify whether or not to create the namespace if it does not already exist. Set it to true to create the namespace. | `string` | `true` | no |
+| <a name="input_custom_credentials_config"></a> [custom\_credentials\_config](#input\_custom\_credentials\_config) | Specify the configuration settings for Redis to pass custom credentials during creation. | `any` | <pre>{<br>  "password": ""<br>}</pre> | no |
+| <a name="input_custom_credentials_enabled"></a> [custom\_credentials\_enabled](#input\_custom\_credentials\_enabled) | Specifies whether to enable custom credentials for Redis. | `bool` | `false` | no |
 | <a name="input_grafana_monitoring_enabled"></a> [grafana\_monitoring\_enabled](#input\_grafana\_monitoring\_enabled) | Specify whether or not to deploy Redis exporter to collect Redis metrics for monitoring in Grafana. | `bool` | `false` | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | Namespace where the Redis resources will be deployed. | `string` | `"redis"` | no |
 | <a name="input_recovery_window_aws_secret"></a> [recovery\_window\_aws\_secret](#input\_recovery\_window\_aws\_secret) | Number of days that AWS Secrets Manager will wait before it can delete the secret. The value can be 0 to force deletion without recovery, or a range from 7 to 30 days. | `number` | `0` | no |
-| <a name="input_redis_config"></a> [redis\_config](#input\_redis\_config) | Specify the configuration settings for Redis, including the name, environment, storage options, replication settings, and custom YAML values. | `any` | <pre>{<br>  "architecture": "replication",<br>  "environment": "",<br>  "master_volume_size": "",<br>  "name": "",<br>  "slave_replica_count": 1,<br>  "slave_volume_size": "",<br>  "storage_class_name": "",<br>  "values_yaml": ""<br>}</pre> | no |
+| <a name="input_redis_config"></a> [redis\_config](#input\_redis\_config) | Specify the configuration settings for Redis, including the name, environment, storage options, replication settings, store password to secret manager and custom YAML values. | `any` | <pre>{<br>  "architecture": "replication",<br>  "environment": "",<br>  "master_volume_size": "",<br>  "name": "",<br>  "slave_replica_count": 1,<br>  "slave_volume_size": "",<br>  "storage_class_name": "",<br>  "store_password_to_secret_manager": "",<br>  "values_yaml": ""<br>}</pre> | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| <a name="output_redis_master_endpoint"></a> [redis\_master\_endpoint](#output\_redis\_master\_endpoint) | The endpoint for the Redis Master Service, which is the primary node in the Redis cluster responsible for handling read-write operations. |
-| <a name="output_redis_port"></a> [redis\_port](#output\_redis\_port) | The port number on which Redis is running. |
-| <a name="output_redis_slave_endpoint"></a> [redis\_slave\_endpoint](#output\_redis\_slave\_endpoint) | The endpoint for the Redis Slave Service, which is a secondary node in the Redis cluster responsible for handling read-only operations. |
+| <a name="output_redis_credential"></a> [redis\_credential](#output\_redis\_credential) | Redis credentials used for accessing the database. |
+| <a name="output_redis_endpoints"></a> [redis\_endpoints](#output\_redis\_endpoints) | Redis endpoints in the Kubernetes cluster. |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 ## Contribution & Issue Reporting

examples/complete/README.md

@@ -21,7 +21,7 @@ No requirements.
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_redis"></a> [redis](#module\_redis) | squareops/redis/kubernetes.git | n/a |
+| <a name="module_redis"></a> [redis](#module\_redis) | squareops/redis/kubernetes | n/a |
 
 ## Resources
 
@@ -38,7 +38,6 @@ No inputs.
 
 | Name | Description |
 |------|-------------|
-| <a name="output_redis_master_endpoint"></a> [redis\_master\_endpoint](#output\_redis\_master\_endpoint) | The endpoint for the Redis Master Service, which is the primary node in the Redis cluster responsible for handling read-write operations. |
-| <a name="output_redis_port"></a> [redis\_port](#output\_redis\_port) | The port number on which Redis is running. |
-| <a name="output_redis_slave_endpoint"></a> [redis\_slave\_endpoint](#output\_redis\_slave\_endpoint) | The endpoint for the Redis Slave Service, which is a secondary node in the Redis cluster responsible for handling read-only operations. |
+| <a name="output_redis_credential"></a> [redis\_credential](#output\_redis\_credential) | Redis credentials used for accessing the database. |
+| <a name="output_redis_endpoints"></a> [redis\_endpoints](#output\_redis\_endpoints) | Redis endpoints in the Kubernetes cluster. |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/complete/main.tf

@@ -7,20 +7,26 @@ locals {
     Expires    = "Never"
     Department = "Engineering"
   }
+  store_password_to_secret_manager = true
 }
 
 module "redis" {
   source = "squareops/redis/kubernetes"
   redis_config = {
-    name                = local.name
-    values_yaml         = file("./helm/values.yaml")
-    environment         = local.environment
-    architecture        = "replication"
-    slave_volume_size   = "10Gi"
-    master_volume_size  = "10Gi"
-    storage_class_name  = "gp3"
-    slave_replica_count = 2
+    name                             = local.name
+    values_yaml                      = file("./helm/values.yaml")
+    environment                      = local.environment
+    architecture                     = "replication"
+    slave_volume_size                = "10Gi"
+    master_volume_size               = "10Gi"
+    storage_class_name               = "gp3"
+    slave_replica_count              = 2
+    store_password_to_secret_manager = local.store_password_to_secret_manager
   }
   grafana_monitoring_enabled = true
   recovery_window_aws_secret = 0
+  custom_credentials_enabled = true
+  custom_credentials_config = {
+    password = "aajdhgduy3873683dh"
+  }
 }

examples/complete/output.tf

@@ -1,14 +1,9 @@
-output "redis_port" {
-  value       = "6379"
-  description = "The port number on which Redis is running."
+output "redis_endpoints" {
+  description = "Redis endpoints in the Kubernetes cluster."
+  value       = module.redis.redis_endpoints
 }
 
-output "redis_master_endpoint" {
-  value       = module.redis.redis_master_endpoint
-  description = "The endpoint for the Redis Master Service, which is the primary node in the Redis cluster responsible for handling read-write operations."
-}
-
-output "redis_slave_endpoint" {
-  value       = module.redis.redis_slave_endpoint
-  description = "The endpoint for the Redis Slave Service, which is a secondary node in the Redis cluster responsible for handling read-only operations."
+output "redis_credential" {
+  description = "Redis credentials used for accessing the database."
+  value       = local.store_password_to_secret_manager ? null : module.redis.redis_credential
 }

examples/complete/provider.tf

@@ -18,14 +18,12 @@ provider "kubernetes" {
   host                   = data.aws_eks_cluster.cluster.endpoint
   cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
   token                  = data.aws_eks_cluster_auth.cluster.token
-
 }
 
 provider "helm" {
   kubernetes {
     host                   = data.aws_eks_cluster.cluster.endpoint
     cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
     token                  = data.aws_eks_cluster_auth.cluster.token
-
   }
 }

main.tf

@@ -1,21 +1,28 @@
 resource "random_password" "redis_password" {
+  count   = var.custom_credentials_enabled ? 0 : 1
   length  = 20
   special = false
 }
 
 resource "aws_secretsmanager_secret" "redis_password" {
+  count                   = var.redis_config.store_password_to_secret_manager ? 1 : 0
   name                    = format("%s/%s/%s", var.redis_config.environment, var.redis_config.name, "redis")
   recovery_window_in_days = var.recovery_window_aws_secret
 }
 
 resource "aws_secretsmanager_secret_version" "redis_password" {
-  secret_id     = aws_secretsmanager_secret.redis_password.id
-  secret_string = <<EOF
-   {
-    "username": "root",
-    "password": "${random_password.redis_password.result}"
-   }
-EOF
+  count     = var.redis_config.store_password_to_secret_manager ? 1 : 0
+  secret_id = aws_secretsmanager_secret.redis_password[0].id
+  secret_string = var.custom_credentials_enabled ? jsonencode(
+    {
+      "redis_username" : "root",
+      "redis_password" : "${var.custom_credentials_config.password}"
+
+    }) : jsonencode(
+    {
+      "redis_username" : "root",
+      "redis_password" : "${random_password.redis_password[0].result}"
+  })
 }
 
 resource "kubernetes_namespace" "redis" {
@@ -38,7 +45,7 @@ resource "helm_release" "redis" {
     templatefile("${path.module}/helm/values/values.yaml", {
       app_version              = var.app_version,
       architecture             = var.redis_config.architecture,
-      redis_password           = random_password.redis_password.result,
+      redis_password           = var.custom_credentials_enabled ? var.custom_credentials_config.password : random_password.redis_password[0].result,
       slave_volume_size        = var.redis_config.slave_volume_size,
       slave_replicacount       = var.redis_config.slave_replica_count,
       storage_class_name       = var.redis_config.storage_class_name,

output.tf

@@ -1,14 +1,16 @@
-output "redis_port" {
-  value       = "6379"
-  description = "The port number on which Redis is running."
+output "redis_endpoints" {
+  description = "Redis endpoints in the Kubernetes cluster."
+  value = {
+    redis_port            = "6379",
+    redis_master_endpoint = "redis-master.${var.namespace}.svc.cluster.local",
+    redis_slave_endpoint  = "redis-replicas.${var.namespace}.svc.cluster.local"
+  }
 }
 
-output "redis_master_endpoint" {
-  value       = "redis-master.${var.namespace}.svc.cluster.local"
-  description = "The endpoint for the Redis Master Service, which is the primary node in the Redis cluster responsible for handling read-write operations."
-}
-
-output "redis_slave_endpoint" {
-  value       = "redis-replicas.${var.namespace}.svc.cluster.local"
-  description = "The endpoint for the Redis Slave Service, which is a secondary node in the Redis cluster responsible for handling read-only operations."
+output "redis_credential" {
+  description = "Redis credentials used for accessing the database."
+  value = var.redis_config.store_password_to_secret_manager ? null : {
+    redis_username = "root",
+    redis_password = var.custom_credentials_enabled ? var.custom_credentials_config.password : nonsensitive(random_password.redis_password[0].result)
+  }
 }

variables.tf

@@ -1,16 +1,17 @@
 variable "redis_config" {
   type = any
   default = {
-    name                = ""
-    environment         = ""
-    master_volume_size  = ""
-    architecture        = "replication"
-    slave_replica_count = 1
-    slave_volume_size   = ""
-    storage_class_name  = ""
-    values_yaml         = ""
+    name                             = ""
+    environment                      = ""
+    master_volume_size               = ""
+    architecture                     = "replication"
+    slave_replica_count              = 1
+    slave_volume_size                = ""
+    storage_class_name               = ""
+    store_password_to_secret_manager = ""
+    values_yaml                      = ""
   }
-  description = "Specify the configuration settings for Redis, including the name, environment, storage options, replication settings, and custom YAML values."
+  description = "Specify the configuration settings for Redis, including the name, environment, storage options, replication settings, store password to secret manager and custom YAML values."
 }
 
 variable "chart_version" {
@@ -48,3 +49,17 @@ variable "create_namespace" {
   description = "Specify whether or not to create the namespace if it does not already exist. Set it to true to create the namespace."
   default     = true
 }
+
+variable "custom_credentials_enabled" {
+  type        = bool
+  default     = false
+  description = "Specifies whether to enable custom credentials for Redis."
+}
+
+variable "custom_credentials_config" {
+  type = any
+  default = {
+    password = ""
+  }
+  description = "Specify the configuration settings for Redis to pass custom credentials during creation."
+}