From 0910272ee5e682272e6bd6d0dae1b2082d974fb9 Mon Sep 17 00:00:00 2001 From: Kevin Mahoney Date: Wed, 18 Oct 2023 23:31:02 +0200 Subject: [PATCH] [aurora-postgres] fix tflint and markdownlint (#872) Co-authored-by: cloudpossebot Co-authored-by: Dan Miller --- modules/aurora-postgres/README.md | 6 +----- modules/aurora-postgres/main.tf | 6 +++--- modules/aurora-postgres/ssm.tf | 10 ---------- modules/aurora-postgres/variables.tf | 23 ----------------------- 4 files changed, 4 insertions(+), 41 deletions(-) diff --git a/modules/aurora-postgres/README.md b/modules/aurora-postgres/README.md index 5934bccb5..b6f461c45 100644 --- a/modules/aurora-postgres/README.md +++ b/modules/aurora-postgres/README.md @@ -109,7 +109,7 @@ Generally there are three different engine configurations for Aurora: provisione ### Provisioned Aurora Postgres -[See the default usage example above](#Usage) +[See the default usage example above](#usage) ### Serverless v1 Aurora Postgres @@ -272,13 +272,11 @@ components: | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | | [aws_iam_policy_document.kms_key_rds](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source | -| [aws_ssm_parameter.password](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [additional\_databases](#input\_additional\_databases) | Additional databases to be created with the cluster | `set(string)` | `[]` | no | | [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no | | [admin\_password](#input\_admin\_password) | Postgres password for the admin user | `string` | `""` | no | | [admin\_user](#input\_admin\_user) | Postgres admin user name | `string` | `""` | no | @@ -318,7 +316,6 @@ components: | [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no | | [instance\_type](#input\_instance\_type) | EC2 instance type for Postgres cluster | `string` | n/a | yes | | [intra\_security\_group\_traffic\_enabled](#input\_intra\_security\_group\_traffic\_enabled) | Whether to allow traffic between resources inside the database's security group. | `bool` | `false` | no | -| [kms\_alias\_name\_ssm](#input\_kms\_alias\_name\_ssm) | KMS alias name for SSM | `string` | `"alias/aws/ssm"` | no | | [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.
Does not affect keys of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | | [label\_order](#input\_label\_order) | The order in which the labels (ID elements) appear in the `id`.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | `list(string)` | `null` | no | | [label\_value\_case](#input\_label\_value\_case) | Controls the letter case of ID elements (labels) as included in `id`,
set as tag values, and output by this module individually.
Does not affect values of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.
Default value: `lower`. | `string` | `null` | no | @@ -336,7 +333,6 @@ components: | [serverlessv2\_scaling\_configuration](#input\_serverlessv2\_scaling\_configuration) | Nested attribute with scaling properties for ServerlessV2. Only valid when `engine_mode` is set to `provisioned.` This is required for Serverless v2 | 
object({
    min_capacity = number
    max_capacity = number
  })
| `null` | no | | [skip\_final\_snapshot](#input\_skip\_final\_snapshot) | Normally AWS makes a snapshot of the database before deleting it. Set this to `true` in order to skip this.
NOTE: The final snapshot has a name derived from the cluster name. If you delete a cluster, get a final snapshot,
then create a cluster of the same name, its final snapshot will fail with a name collision unless you delete
the previous final snapshot first. | `bool` | `false` | no | | [snapshot\_identifier](#input\_snapshot\_identifier) | Specifies whether or not to create this cluster from a snapshot | `string` | `null` | no | -| [ssm\_password\_source](#input\_ssm\_password\_source) | If `var.ssm_passwords_enabled` is `true`, DB user passwords will be retrieved from SSM using
`var.ssm_password_source` and the database username. If this value is not set,
a default path will be created using the SSM path prefix and ID of the associated Aurora Cluster. | `string` | `""` | no | | [ssm\_path\_prefix](#input\_ssm\_path\_prefix) | Top level SSM path prefix (without leading or trailing slash) | `string` | `"aurora-postgres"` | no | | [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | | [storage\_encrypted](#input\_storage\_encrypted) | Specifies whether the DB cluster is encrypted | `bool` | `true` | no | diff --git a/modules/aurora-postgres/main.tf b/modules/aurora-postgres/main.tf index ea99b06cd..77191700a 100644 --- a/modules/aurora-postgres/main.tf +++ b/modules/aurora-postgres/main.tf @@ -12,9 +12,9 @@ locals { zone_id = module.dns_gbl_delegated.outputs.default_dns_zone_id - admin_user = length(var.admin_user) > 0 ? var.admin_user : join("", random_pet.admin_user.*.id) - admin_password = length(var.admin_password) > 0 ? var.admin_password : join("", random_password.admin_password.*.result) - database_name = length(var.database_name) > 0 ? var.database_name : join("", random_pet.database_name.*.id) + admin_user = length(var.admin_user) > 0 ? var.admin_user : join("", random_pet.admin_user[*].id) + admin_password = length(var.admin_password) > 0 ? var.admin_password : join("", random_password.admin_password[*].result) + database_name = length(var.database_name) > 0 ? var.database_name : join("", random_pet.database_name[*].id) cluster_dns_name_prefix = format("%v%v%v%v", module.this.name, module.this.delimiter, var.cluster_name, module.this.delimiter) cluster_dns_name = format("%v%v", local.cluster_dns_name_prefix, var.cluster_dns_name_part) diff --git a/modules/aurora-postgres/ssm.tf b/modules/aurora-postgres/ssm.tf index 20619ddb6..9b74979dd 100644 --- a/modules/aurora-postgres/ssm.tf +++ b/modules/aurora-postgres/ssm.tf @@ -1,6 +1,4 @@ locals { - fetch_admin_password = length(var.ssm_password_source) > 0 - ssm_path_prefix = format("/%s/%s", var.ssm_path_prefix, module.cluster.id) admin_user_key = format("%s/%s/%s", local.ssm_path_prefix, "admin", "user") @@ -67,14 +65,6 @@ locals { parameter_write = concat(local.default_parameters, local.cluster_parameters, local.admin_user_parameters) } -data "aws_ssm_parameter" "password" { - count = local.fetch_admin_password ? 1 : 0 - - name = format(var.ssm_password_source, local.admin_user) - - with_decryption = true -} - module "parameter_store_write" { source = "cloudposse/ssm-parameter-store/aws" version = "0.11.0" diff --git a/modules/aurora-postgres/variables.tf b/modules/aurora-postgres/variables.tf index e3cae7258..0f2e465f9 100644 --- a/modules/aurora-postgres/variables.tf +++ b/modules/aurora-postgres/variables.tf @@ -66,13 +66,6 @@ variable "cluster_family" { default = "aurora-postgresql13" } -# AWS KMS alias used for encryption/decryption of SSM secure strings -variable "kms_alias_name_ssm" { - type = string - default = "alias/aws/ssm" - description = "KMS alias name for SSM" -} - variable "database_port" { type = number description = "Database port" @@ -146,12 +139,6 @@ variable "reader_dns_name_part" { default = "reader" } -variable "additional_databases" { - type = set(string) - default = [] - description = "Additional databases to be created with the cluster" -} - variable "ssm_path_prefix" { type = string default = "aurora-postgres" @@ -293,16 +280,6 @@ variable "allow_ingress_from_vpc_accounts" { EOF } -variable "ssm_password_source" { - type = string - default = "" - description = <<-EOT - If `var.ssm_passwords_enabled` is `true`, DB user passwords will be retrieved from SSM using - `var.ssm_password_source` and the database username. If this value is not set, - a default path will be created using the SSM path prefix and ID of the associated Aurora Cluster. - EOT -} - variable "vpc_component_name" { type = string default = "vpc"