[aurora-postgres] fix tflint and markdownlint (#872)

Co-authored-by: cloudpossebot <[email protected]> Co-authored-by: Dan Miller <[email protected]>
cloudposse · Oct 18, 2023 · 0910272 · 0910272
1 parent 5fb307b
commit 0910272
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 41 deletions.
diff --git a/modules/aurora-postgres/README.md b/modules/aurora-postgres/README.md
@@ -109,7 +109,7 @@ Generally there are three different engine configurations for Aurora: provisione
 
 ### Provisioned Aurora Postgres
 
-[See the default usage example above](#Usage)
+[See the default usage example above](#usage)
 
 ### Serverless v1 Aurora Postgres
 
@@ -272,13 +272,11 @@ components:
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_iam_policy_document.kms_key_rds](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
-| [aws_ssm_parameter.password](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_additional_databases"></a> [additional\_databases](#input\_additional\_databases) | Additional databases to be created with the cluster | `set(string)` | `[]` | no |
 | <a name="input_additional_tag_map"></a> [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.<br>This is for some rare cases where resources want additional configuration of tags<br>and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no |
 | <a name="input_admin_password"></a> [admin\_password](#input\_admin\_password) | Postgres password for the admin user | `string` | `""` | no |
 | <a name="input_admin_user"></a> [admin\_user](#input\_admin\_user) | Postgres admin user name | `string` | `""` | no |
@@ -318,7 +316,6 @@ components:
 | <a name="input_id_length_limit"></a> [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).<br>Set to `0` for unlimited length.<br>Set to `null` for keep the existing setting, which defaults to `0`.<br>Does not affect `id_full`. | `number` | `null` | no |
 | <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | EC2 instance type for Postgres cluster | `string` | n/a | yes |
 | <a name="input_intra_security_group_traffic_enabled"></a> [intra\_security\_group\_traffic\_enabled](#input\_intra\_security\_group\_traffic\_enabled) | Whether to allow traffic between resources inside the database's security group. | `bool` | `false` | no |
-| <a name="input_kms_alias_name_ssm"></a> [kms\_alias\_name\_ssm](#input\_kms\_alias\_name\_ssm) | KMS alias name for SSM | `string` | `"alias/aws/ssm"` | no |
 | <a name="input_label_key_case"></a> [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.<br>Does not affect keys of tags passed in via the `tags` input.<br>Possible values: `lower`, `title`, `upper`.<br>Default value: `title`. | `string` | `null` | no |
 | <a name="input_label_order"></a> [label\_order](#input\_label\_order) | The order in which the labels (ID elements) appear in the `id`.<br>Defaults to ["namespace", "environment", "stage", "name", "attributes"].<br>You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | `list(string)` | `null` | no |
 | <a name="input_label_value_case"></a> [label\_value\_case](#input\_label\_value\_case) | Controls the letter case of ID elements (labels) as included in `id`,<br>set as tag values, and output by this module individually.<br>Does not affect values of tags passed in via the `tags` input.<br>Possible values: `lower`, `title`, `upper` and `none` (no transformation).<br>Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.<br>Default value: `lower`. | `string` | `null` | no |
@@ -336,7 +333,6 @@ components:
 | <a name="input_serverlessv2_scaling_configuration"></a> [serverlessv2\_scaling\_configuration](#input\_serverlessv2\_scaling\_configuration) | Nested attribute with scaling properties for ServerlessV2. Only valid when `engine_mode` is set to `provisioned.` This is required for Serverless v2 | <pre>object({<br>    min_capacity = number<br>    max_capacity = number<br>  })</pre> | `null` | no |
 | <a name="input_skip_final_snapshot"></a> [skip\_final\_snapshot](#input\_skip\_final\_snapshot) | Normally AWS makes a snapshot of the database before deleting it. Set this to `true` in order to skip this.<br>NOTE: The final snapshot has a name derived from the cluster name. If you delete a cluster, get a final snapshot,<br>then create a cluster of the same name, its final snapshot will fail with a name collision unless you delete<br>the previous final snapshot first. | `bool` | `false` | no |
 | <a name="input_snapshot_identifier"></a> [snapshot\_identifier](#input\_snapshot\_identifier) | Specifies whether or not to create this cluster from a snapshot | `string` | `null` | no |
-| <a name="input_ssm_password_source"></a> [ssm\_password\_source](#input\_ssm\_password\_source) | If `var.ssm_passwords_enabled` is `true`, DB user passwords will be retrieved from SSM using<br>`var.ssm_password_source` and the database username. If this value is not set,<br>a default path will be created using the SSM path prefix and ID of the associated Aurora Cluster. | `string` | `""` | no |
 | <a name="input_ssm_path_prefix"></a> [ssm\_path\_prefix](#input\_ssm\_path\_prefix) | Top level SSM path prefix (without leading or trailing slash) | `string` | `"aurora-postgres"` | no |
 | <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
 | <a name="input_storage_encrypted"></a> [storage\_encrypted](#input\_storage\_encrypted) | Specifies whether the DB cluster is encrypted | `bool` | `true` | no |

diff --git a/modules/aurora-postgres/main.tf b/modules/aurora-postgres/main.tf
@@ -12,9 +12,9 @@ locals {
 
   zone_id = module.dns_gbl_delegated.outputs.default_dns_zone_id
 
-  admin_user     = length(var.admin_user) > 0 ? var.admin_user : join("", random_pet.admin_user.*.id)
-  admin_password = length(var.admin_password) > 0 ? var.admin_password : join("", random_password.admin_password.*.result)
-  database_name  = length(var.database_name) > 0 ? var.database_name : join("", random_pet.database_name.*.id)
+  admin_user     = length(var.admin_user) > 0 ? var.admin_user : join("", random_pet.admin_user[*].id)
+  admin_password = length(var.admin_password) > 0 ? var.admin_password : join("", random_password.admin_password[*].result)
+  database_name  = length(var.database_name) > 0 ? var.database_name : join("", random_pet.database_name[*].id)
 
   cluster_dns_name_prefix = format("%v%v%v%v", module.this.name, module.this.delimiter, var.cluster_name, module.this.delimiter)
   cluster_dns_name        = format("%v%v", local.cluster_dns_name_prefix, var.cluster_dns_name_part)

diff --git a/modules/aurora-postgres/ssm.tf b/modules/aurora-postgres/ssm.tf
@@ -1,6 +1,4 @@
 locals {
-  fetch_admin_password = length(var.ssm_password_source) > 0
-
   ssm_path_prefix = format("/%s/%s", var.ssm_path_prefix, module.cluster.id)
 
   admin_user_key     = format("%s/%s/%s", local.ssm_path_prefix, "admin", "user")
@@ -67,14 +65,6 @@ locals {
   parameter_write = concat(local.default_parameters, local.cluster_parameters, local.admin_user_parameters)
 }
 
-data "aws_ssm_parameter" "password" {
-  count = local.fetch_admin_password ? 1 : 0
-
-  name = format(var.ssm_password_source, local.admin_user)
-
-  with_decryption = true
-}
-
 module "parameter_store_write" {
   source  = "cloudposse/ssm-parameter-store/aws"
   version = "0.11.0"

diff --git a/modules/aurora-postgres/variables.tf b/modules/aurora-postgres/variables.tf
@@ -66,13 +66,6 @@ variable "cluster_family" {
   default     = "aurora-postgresql13"
 }
 
-# AWS KMS alias used for encryption/decryption of SSM secure strings
-variable "kms_alias_name_ssm" {
-  type        = string
-  default     = "alias/aws/ssm"
-  description = "KMS alias name for SSM"
-}
-
 variable "database_port" {
   type        = number
   description = "Database port"
@@ -146,12 +139,6 @@ variable "reader_dns_name_part" {
   default     = "reader"
 }
 
-variable "additional_databases" {
-  type        = set(string)
-  default     = []
-  description = "Additional databases to be created with the cluster"
-}
-
 variable "ssm_path_prefix" {
   type        = string
   default     = "aurora-postgres"
@@ -293,16 +280,6 @@ variable "allow_ingress_from_vpc_accounts" {
   EOF
 }
 
-variable "ssm_password_source" {
-  type        = string
-  default     = ""
-  description = <<-EOT
-    If `var.ssm_passwords_enabled` is `true`, DB user passwords will be retrieved from SSM using
-    `var.ssm_password_source` and the database username. If this value is not set,
-    a default path will be created using the SSM path prefix and ID of the associated Aurora Cluster.
-    EOT
-}
-
 variable "vpc_component_name" {
   type        = string
   default     = "vpc"