Merge pull request #10 from ankur6405/main

RohitSquareops · web-flow · commit 581d5d71f2fb · 2023-08-03T19:42:25.000+05:30
Added option to upload secret to secret manager
diff --git a/README.md b/README.md
@@ -12,7 +12,7 @@ This module is for deploying a highly available MongoDB cluster on Kubernetes us
 
 |  MongoDB Helm Chart Version    |     K8s supported version   |  
 | :-----:                       |         :---                |
-| **13.1.5**                     |    **1.23,1.24,1.25**           |
+| **13.1.5**                     |    **1.23,1.24,1.25,1.26,1.27**           |
 
 
 ## Usage Example
@@ -22,13 +22,21 @@ module "mongodb" {
   source                   = "squareops/mongodb/kubernetes"
   cluster_name             = "prod-cluster"
   mongodb_config = {
-  name               = "mongo"
-  values_yaml        = ""
-  environment        = "prod"
-  volume_size        = "10Gi"
-  architecture       = "replicaset"
-  replica_count      = 2
-  storage_class_name = "gp3"  
+  name                             = "mongo"
+  values_yaml                      = ""
+  environment                      = "prod"
+  volume_size                      = "10Gi"
+  architecture                     = "replicaset"
+  replica_count                    = 2
+  storage_class_name               = "gp3"
+  store_password_to_secret_manager = true
+  }
+  mongodb_custom_credentials_enabled = true
+  mongodb_custom_credentials_config = {
+    root_user                = "root"
+    root_password            = "NCPFUKEMd7rrWuvMAa73"
+    metric_exporter_user     = "mongodb_exporter"
+    metric_exporter_password = "nvAHhm1uGQNYWVw6ZyAH"
   }
   mongodb_backup_enabled   = true
   mongodb_backup_config = {
@@ -64,7 +72,7 @@ The required IAM permissions to create resources from this module can be found [
   5. To deploy Prometheus/Grafana, please follow the installation instructions for each tool in their respective documentation.
   6. Once Prometheus and Grafana are deployed, the exporter can be configured to scrape metrics data from your application or system and send it to Prometheus.
   7. Finally, you can use Grafana to create custom dashboards and visualize the metrics data collected by Prometheus.
-  8. This module is compatible with EKS version 1.23, which is great news for users deploying the module on an EKS cluster running that version. Review the module's documentation, meet specific configuration requirements, and test thoroughly after deployment to ensure everything works as expected.
+  8. This module is compatible with EKS version 1.23,1.24,1.25,1.26 and 1.27 which is great news for users deploying the module on an EKS cluster running that version. Review the module's documentation, meet specific configuration requirements, and test thoroughly after deployment to ensure everything works as expected.
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
@@ -111,7 +119,9 @@ No modules.
 | <a name="input_create_namespace"></a> [create\_namespace](#input\_create\_namespace) | Specify whether or not to create the namespace if it does not already exist. Set it to true to create the namespace. | `string` | `true` | no |
 | <a name="input_mongodb_backup_config"></a> [mongodb\_backup\_config](#input\_mongodb\_backup\_config) | Configuration options for Mongodb database backups. It includes properties such as the S3 bucket URI, the S3 bucket region, and the cron expression for full backups. | `any` | <pre>{<br>  "cron_for_full_backup": "*/5 * * * *",<br>  "s3_bucket_region": "us-east-2",<br>  "s3_bucket_uri": ""<br>}</pre> | no |
 | <a name="input_mongodb_backup_enabled"></a> [mongodb\_backup\_enabled](#input\_mongodb\_backup\_enabled) | Specifies whether to enable backups for Mongodb database. | `bool` | `false` | no |
-| <a name="input_mongodb_config"></a> [mongodb\_config](#input\_mongodb\_config) | Specify the configuration settings for Mongodb, including the name, environment, storage options, replication settings, and custom YAML values. | `any` | <pre>{<br>  "architecture": "",<br>  "environment": "",<br>  "name": "",<br>  "replica_count": 2,<br>  "storage_class_name": "",<br>  "values_yaml": "",<br>  "volume_size": ""<br>}</pre> | no |
+| <a name="input_mongodb_config"></a> [mongodb\_config](#input\_mongodb\_config) | Specify the configuration settings for Mongodb, including the name, environment, storage options, replication settings, and custom YAML values. | `any` | <pre>{<br>  "architecture": "",<br>  "environment": "",<br>  "name": "",<br>  "replica_count": 2,<br>  "storage_class_name": "",<br>  "store_password_to_secret_manager": true,<br>  "values_yaml": "",<br>  "volume_size": ""<br>}</pre> | no |
+| <a name="input_mongodb_custom_credentials_config"></a> [mongodb\_custom\_credentials\_config](#input\_mongodb\_custom\_credentials\_config) | Specify the configuration settings for Mongodb to pass custom credentials during creation. | `any` | <pre>{<br>  "metric_exporter_password": "",<br>  "metric_exporter_user": "",<br>  "root_password": "",<br>  "root_user": ""<br>}</pre> | no |
+| <a name="input_mongodb_custom_credentials_enabled"></a> [mongodb\_custom\_credentials\_enabled](#input\_mongodb\_custom\_credentials\_enabled) | Specifies whether to enable custom credentials for MongoDB database. | `bool` | `false` | no |
 | <a name="input_mongodb_exporter_config"></a> [mongodb\_exporter\_config](#input\_mongodb\_exporter\_config) | Specify whether or not to deploy Mongodb exporter to collect Mongodb metrics for monitoring in Grafana. | `any` | <pre>{<br>  "version": "2.9.0"<br>}</pre> | no |
 | <a name="input_mongodb_exporter_enabled"></a> [mongodb\_exporter\_enabled](#input\_mongodb\_exporter\_enabled) | Specify whether or not to deploy Mongodb exporter to collect Mongodb metrics for monitoring in Grafana. | `bool` | `false` | no |
 | <a name="input_mongodb_restore_config"></a> [mongodb\_restore\_config](#input\_mongodb\_restore\_config) | Configuration options for restoring dump to the Mongodb database. | `any` | <pre>{<br>  "file_name_full": "",<br>  "file_name_incremental": "",<br>  "full_restore_enable": false,<br>  "incremental_restore_enable": false,<br>  "s3_bucket_region": "us-east-2",<br>  "s3_bucket_uri": "s3://mymongo/mongodumpfull_20230424_112501.gz"<br>}</pre> | no |
@@ -123,7 +133,8 @@ No modules.
 
 | Name | Description |
 |------|-------------|
-| <a name="output_mongodb"></a> [mongodb](#output\_mongodb) | MongoDB\_Info |
+| <a name="output_mongodb_credential"></a> [mongodb\_credential](#output\_mongodb\_credential) | MongoDB credentials used for accessing the MongoDB database. |
+| <a name="output_mongodb_endpoints"></a> [mongodb\_endpoints](#output\_mongodb\_endpoints) | MongoDB endpoints in the Kubernetes cluster. |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 ## Contribution & Issue Reporting
diff --git a/example/complete/README.md b/example/complete/README.md
@@ -38,5 +38,6 @@ No inputs.
 
 | Name | Description |
 |------|-------------|
-| <a name="output_mongodb_configuration"></a> [mongodb\_configuration](#output\_mongodb\_configuration) | Mongodb\_Info |
+| <a name="output_mongodb_credential"></a> [mongodb\_credential](#output\_mongodb\_credential) | MongoDB credentials used for accessing the MongoDB database. |
+| <a name="output_mongodb_endpoints"></a> [mongodb\_endpoints](#output\_mongodb\_endpoints) | MongoDB endpoints in the Kubernetes cluster. |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/example/complete/main.tf b/example/complete/main.tf
@@ -7,19 +7,28 @@ locals {
     Expires    = "Never"
     Department = "Engineering"
   }
+  store_password_to_secret_manager = true
 }
 
 module "mongodb" {
   source       = "squareops/mongodb/kubernetes"
   cluster_name = "dev-cluster"
   mongodb_config = {
-    name               = local.name
-    values_yaml        = file("./helm/values.yaml")
-    environment        = local.environment
-    volume_size        = "10Gi"
-    architecture       = "replicaset"
-    replica_count      = 2
-    storage_class_name = "gp3"
+    name                             = local.name
+    values_yaml                      = file("./helm/values.yaml")
+    environment                      = local.environment
+    volume_size                      = "10Gi"
+    architecture                     = "replicaset"
+    replica_count                    = 2
+    storage_class_name               = "gp3"
+    store_password_to_secret_manager = local.store_password_to_secret_manager
+  }
+  mongodb_custom_credentials_enabled = true
+  mongodb_custom_credentials_config = {
+    root_user                = "root"
+    root_password            = "NCPFUKEMd7rrWuvMAa73"
+    metric_exporter_user     = "mongodb_exporter"
+    metric_exporter_password = "nvAHhm1uGQNYWVw6ZyAH"
   }
   mongodb_backup_enabled = true
   mongodb_backup_config = {
diff --git a/example/complete/output.tf b/example/complete/output.tf
@@ -1,4 +1,9 @@
-output "mongodb_configuration" {
-  value       = module.mongodb.mongodb
-  description = "Mongodb_Info"
+output "mongodb_endpoints" {
+  value       = module.mongodb.mongodb_endpoints
+  description = "MongoDB endpoints in the Kubernetes cluster."
+}
+
+output "mongodb_credential" {
+  value       = local.store_password_to_secret_manager ? null : module.mongodb.mongodb_credential
+  description = "MongoDB credentials used for accessing the MongoDB database."
 }
diff --git a/example/complete/provider.tf b/example/complete/provider.tf
@@ -17,14 +17,12 @@ provider "kubernetes" {
   host                   = data.aws_eks_cluster.cluster.endpoint
   cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
   token                  = data.aws_eks_cluster_auth.cluster.token
-
 }
 
 provider "helm" {
   kubernetes {
     host                   = data.aws_eks_cluster.cluster.endpoint
     cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
     token                  = data.aws_eks_cluster_auth.cluster.token
-
   }
 }
diff --git a/main.tf b/main.tf
@@ -13,30 +13,39 @@ data "aws_eks_cluster" "kubernetes_cluster" {
   name = var.cluster_name
 }
 resource "random_password" "mongodb_root_password" {
+  count   = var.mongodb_custom_credentials_enabled ? 0 : 1
   length  = 20
   special = false
 }
 
 resource "random_password" "mongodb_exporter_password" {
+  count   = var.mongodb_custom_credentials_enabled ? 0 : 1
   length  = 20
   special = false
 }
 
 resource "aws_secretsmanager_secret" "mongodb_user_password" {
+  count                   = var.mongodb_config.store_password_to_secret_manager ? 1 : 0
   name                    = format("%s/%s/%s", var.mongodb_config.environment, var.mongodb_config.name, "mongodb")
   recovery_window_in_days = var.recovery_window_aws_secret
 }
 
 resource "aws_secretsmanager_secret_version" "mongodb_root_password" {
-  secret_id     = aws_secretsmanager_secret.mongodb_user_password.id
-  secret_string = <<EOF
-   {
-    "root_user": "root",
-    "root_password": "${random_password.mongodb_root_password.result}",
-    "metric_exporter_user": "mongodb_exporter",
-    "metric_exporter_password": "${random_password.mongodb_exporter_password.result}"
-   }
-EOF
+  count     = var.mongodb_config.store_password_to_secret_manager ? 1 : 0
+  secret_id = aws_secretsmanager_secret.mongodb_user_password[0].id
+  secret_string = var.mongodb_custom_credentials_enabled ? jsonencode(
+    {
+      "root_user" : "${var.mongodb_custom_credentials_config.root_user}",
+      "root_password" : "${var.mongodb_custom_credentials_config.root_password}",
+      "metric_exporter_user" : "${var.mongodb_custom_credentials_config.metric_exporter_user}",
+      "metric_exporter_password" : "${var.mongodb_custom_credentials_config.metric_exporter_password}"
+    }) : jsonencode(
+    {
+      "root_user" : "root",
+      "root_password" : "${random_password.mongodb_root_password[0].result}",
+      "metric_exporter_user" : "mongodb_exporter",
+      "metric_exporter_password" : "${random_password.mongodb_exporter_password[0].result}"
+  })
 }
 
 resource "kubernetes_namespace" "mongodb" {
@@ -64,8 +73,8 @@ resource "helm_release" "mongodb" {
       replicacount               = var.mongodb_config.replica_count,
       arbiterValue               = local.arbiterValue,
       storage_class_name         = var.mongodb_config.storage_class_name,
-      mongodb_exporter_password  = random_password.mongodb_exporter_password.result,
-      mongodb_root_user_password = random_password.mongodb_root_password.result
+      mongodb_exporter_password  = var.mongodb_custom_credentials_enabled ? var.mongodb_custom_credentials_config.metric_exporter_password : random_password.mongodb_exporter_password[0].result,
+      mongodb_root_user_password = var.mongodb_custom_credentials_enabled ? var.mongodb_custom_credentials_config.root_password : random_password.mongodb_root_password[0].result
     }),
     var.mongodb_config.values_yaml
   ]
@@ -84,7 +93,7 @@ resource "helm_release" "mongodb_backup" {
       s3_bucket_uri              = var.mongodb_backup_config.s3_bucket_uri,
       s3_bucket_region           = var.mongodb_backup_config.s3_bucket_region,
       cron_for_full_backup       = var.mongodb_backup_config.cron_for_full_backup,
-      mongodb_root_user_password = random_password.mongodb_root_password.result
+      mongodb_root_user_password = var.mongodb_custom_credentials_enabled ? var.mongodb_custom_credentials_config.root_password : random_password.mongodb_root_password[0].result
     })
   ]
 }
@@ -100,7 +109,7 @@ resource "helm_release" "mongodb_exporter" {
   repository = "https://prometheus-community.github.io/helm-charts"
   values = [
     templatefile("${path.module}/helm/values/exporter/values.yaml", {
-      mongodb_exporter_password = "${random_password.mongodb_exporter_password.result}"
+      mongodb_exporter_password = var.mongodb_custom_credentials_enabled ? var.mongodb_custom_credentials_config.metric_exporter_password : "${random_password.mongodb_exporter_password[0].result}"
       service_monitor_namespace = var.namespace
     }),
     var.mongodb_config.values_yaml
@@ -166,7 +175,7 @@ resource "helm_release" "mongodb_restore" {
       full_restore_enable        = var.mongodb_restore_config.full_restore_enable,
       file_name_incremental      = var.mongodb_restore_config.file_name_incremental,
       incremental_restore_enable = var.mongodb_restore_config.incremental_restore_enable,
-      mongodb_root_user_password = random_password.mongodb_root_password.result
+      mongodb_root_user_password = var.mongodb_custom_credentials_enabled ? var.mongodb_custom_credentials_config.root_password : random_password.mongodb_root_password[0].result
     })
   ]
 }
diff --git a/output.tf b/output.tf
@@ -1,7 +1,17 @@
-output "mongodb" {
-  description = "MongoDB_Info"
+output "mongodb_endpoints" {
+  description = "MongoDB endpoints in the Kubernetes cluster."
   value = {
     mongoport        = "27017",
     mongodb_endpoint = "mongodb-headless.${var.namespace}.svc.cluster.local"
   }
 }
+
+output "mongodb_credential" {
+  description = "MongoDB credentials used for accessing the MongoDB database."
+  value = var.mongodb_config.store_password_to_secret_manager ? null : {
+    root_user                = var.mongodb_custom_credentials_enabled ? var.mongodb_custom_credentials_config.root_user : "root",
+    root_password            = var.mongodb_custom_credentials_enabled ? var.mongodb_custom_credentials_config.root_password : nonsensitive(random_password.mongodb_root_password[0].result),
+    metric_exporter_user     = var.mongodb_custom_credentials_enabled ? var.mongodb_custom_credentials_config.metric_exporter_user : "mongodb_exporter",
+    metric_exporter_password = var.mongodb_custom_credentials_enabled ? var.mongodb_custom_credentials_config.metric_exporter_password : nonsensitive(random_password.mongodb_exporter_password[0].result)
+  }
+}
diff --git a/variables.tf b/variables.tf
@@ -1,17 +1,35 @@
 variable "mongodb_config" {
   type = any
   default = {
-    name               = ""
-    environment        = ""
-    volume_size        = ""
-    architecture       = ""
-    replica_count      = 2
-    values_yaml        = ""
-    storage_class_name = ""
+    name                             = ""
+    environment                      = ""
+    volume_size                      = ""
+    architecture                     = ""
+    replica_count                    = 2
+    values_yaml                      = ""
+    storage_class_name               = ""
+    store_password_to_secret_manager = true
   }
   description = "Specify the configuration settings for Mongodb, including the name, environment, storage options, replication settings, and custom YAML values."
 }
 
+variable "mongodb_custom_credentials_enabled" {
+  type        = bool
+  default     = false
+  description = "Specifies whether to enable custom credentials for MongoDB database."
+}
+
+variable "mongodb_custom_credentials_config" {
+  type = any
+  default = {
+    root_user                = ""
+    root_password            = ""
+    metric_exporter_user     = ""
+    metric_exporter_password = ""
+  }
+  description = "Specify the configuration settings for Mongodb to pass custom credentials during creation."
+}
+
 variable "chart_version" {
   type        = string
   default     = "13.1.5"

Original file line number	Diff line number	Diff line change
`@@ -17,14 +17,12 @@ provider "kubernetes" {`
`17`	`17`	`host = data.aws_eks_cluster.cluster.endpoint`
`18`	`18`	`cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)`
`19`	`19`	`token = data.aws_eks_cluster_auth.cluster.token`
`20`		`-`
`21`	`20`	`}`
`22`	`21`
`23`	`22`	`provider "helm" {`
`24`	`23`	`kubernetes {`
`25`	`24`	`host = data.aws_eks_cluster.cluster.endpoint`
`26`	`25`	`cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)`
`27`	`26`	`token = data.aws_eks_cluster_auth.cluster.token`
`28`		`-`
`29`	`27`	`}`
`30`	`28`	`}`