Skip to content

Release test for AWS IAM Redis passwordless #189

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 15 commits into
base: main
Choose a base branch
from
Open

Release test for AWS IAM Redis passwordless #189

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
1c05e19
Add AWS IAM Redis passwordless authentication variables
raviharshicorp Sep 30, 2025
3ffea3a
feat: add Sidekiq Redis connection support for passwordless auth
raviharshicorp Nov 4, 2025
3bcad9f
debug: Add Redis environment variables debugging outputs
raviharshicorp Nov 6, 2025
61183c0
fix: Add missing AWS IAM Redis passwordless authentication variables
raviharshicorp Nov 6, 2025
0040135
Merge branch 'main' into pravi/IND-5861
raviharshicorp Nov 7, 2025
4bbb56e
fix: Apply terraform fmt to debug outputs in runtime_container_engine…
raviharshicorp Nov 7, 2025
6b5c497
Merge branch 'pravi/IND-5861' of github.com:hashicorp/terraform-rando…
raviharshicorp Nov 7, 2025
8cd7f92
fix: correct Redis AWS IAM variable names and add database AWS IAM su…
raviharshicorp Nov 18, 2025
73e4c53
cleanup: remove unnecessary PostgreSQL AWS IAM variables
raviharshicorp Nov 18, 2025
b8e6901
Add missing Redis passwordless AWS variables and TFE environment vari…
raviharshicorp Nov 18, 2025
945c81a
Add missing TFE Redis Sidekiq environment variables per documentation
raviharshicorp Nov 19, 2025
bfe735f
Fix Redis username and password for IAM authentication
raviharshicorp Nov 19, 2025
e3d8379
Update Redis config to use custom IAM user for testing
raviharshicorp Nov 19, 2025
0bc3c8e
Temporarily revert to 'default' user to test Redis IAM auth works
raviharshicorp Nov 20, 2025
42c91b4
Revert Redis config to use custom IAM user
raviharshicorp Nov 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 25 additions & 17 deletions modules/runtime_container_engine_config/redis_config.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,23 +3,31 @@

locals {
redis = {
TFE_REDIS_HOST = var.redis_use_tls != null ? var.redis_use_tls ? "${var.redis_host}:6380" : var.redis_host : null
TFE_REDIS_USER = var.redis_user
TFE_REDIS_PASSWORD = var.redis_password
TFE_REDIS_USE_TLS = var.redis_use_tls
TFE_REDIS_USE_AUTH = var.redis_use_auth
TFE_REDIS_SENTINEL_ENABLED = var.redis_use_sentinel
TFE_REDIS_SENTINEL_HOSTS = join(",", var.redis_sentinel_hosts)
TFE_REDIS_SENTINEL_LEADER_NAME = var.redis_sentinel_leader_name
TFE_REDIS_SENTINEL_PASSWORD = var.redis_sentinel_password
TFE_REDIS_SENTINEL_USERNAME = var.redis_sentinel_user
TFE_REDIS_CA_CERT_PATH = var.redis_ca_cert_path
TFE_REDIS_CLIENT_CERT_PATH = var.redis_client_cert_path
TFE_REDIS_CLIENT_KEY_PATH = var.redis_client_key_path
TFE_REDIS_USE_MTLS = var.redis_use_mtls ? "true" : var.enable_sentinel_mtls ? "true" : "false"
TFE_REDIS_PASSWORDLESS_AZURE_USE_MSI = var.redis_passwordless_azure_use_msi
TFE_REDIS_SIDEKIQ_PASSWORDLESS_AZURE_USE_MSI = var.redis_passwordless_azure_use_msi
TFE_REDIS_PASSWORDLESS_AZURE_CLIENT_ID = var.redis_passwordless_azure_client_id
TFE_REDIS_HOST = var.redis_use_tls != null ? var.redis_use_tls ? "${var.redis_host}:6380" : var.redis_host : null
TFE_REDIS_USER = var.redis_passwordless_aws_use_instance_profile ? var.redis_passwordless_aws_iam_user : var.redis_user
TFE_REDIS_PASSWORD = var.redis_passwordless_aws_use_instance_profile ? null : var.redis_password
TFE_REDIS_USE_TLS = var.redis_use_tls
TFE_REDIS_USE_AUTH = var.redis_use_auth
TFE_REDIS_SENTINEL_ENABLED = var.redis_use_sentinel
TFE_REDIS_SENTINEL_HOSTS = join(",", var.redis_sentinel_hosts)
TFE_REDIS_SENTINEL_LEADER_NAME = var.redis_sentinel_leader_name
TFE_REDIS_SENTINEL_PASSWORD = var.redis_sentinel_password
TFE_REDIS_SENTINEL_USERNAME = var.redis_sentinel_user
TFE_REDIS_CA_CERT_PATH = var.redis_ca_cert_path
TFE_REDIS_CLIENT_CERT_PATH = var.redis_client_cert_path
TFE_REDIS_CLIENT_KEY_PATH = var.redis_client_key_path
TFE_REDIS_USE_MTLS = var.redis_use_mtls ? "true" : var.enable_sentinel_mtls ? "true" : "false"
TFE_REDIS_PASSWORDLESS_AZURE_USE_MSI = var.redis_passwordless_azure_use_msi
TFE_REDIS_SIDEKIQ_PASSWORDLESS_AZURE_USE_MSI = var.redis_passwordless_azure_use_msi
TFE_REDIS_PASSWORDLESS_AZURE_CLIENT_ID = var.redis_passwordless_azure_client_id
TFE_REDIS_PASSWORDLESS_AWS_USE_INSTANCE_PROFILE = var.redis_passwordless_aws_use_instance_profile
TFE_REDIS_SIDEKIQ_PASSWORDLESS_AWS_USE_INSTANCE_PROFILE = var.redis_passwordless_aws_use_instance_profile
TFE_REDIS_PASSWORDLESS_AWS_REGION = var.redis_passwordless_aws_region
TFE_REDIS_SIDEKIQ_PASSWORDLESS_AWS_REGION = var.redis_passwordless_aws_region
TFE_REDIS_PASSWORDLESS_AWS_HOST_NAME = var.redis_passwordless_aws_host_name
TFE_REDIS_SIDEKIQ_PASSWORDLESS_AWS_HOST_NAME = var.redis_passwordless_aws_host_name
TFE_REDIS_SIDEKIQ_USER = var.redis_passwordless_aws_use_instance_profile ? var.redis_passwordless_aws_iam_user : var.redis_user
TFE_REDIS_SIDEKIQ_USE_TLS = var.redis_use_tls
}
redis_configuration = local.active_active ? local.redis : {}
}
24 changes: 24 additions & 0 deletions modules/runtime_container_engine_config/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -369,6 +369,30 @@ variable "redis_passwordless_azure_client_id" {
description = "Azure Managed Service Identity (MSI) Client ID to be used for redis authentication. If not set, System Assigned Managed Identity will be used."
}

variable "redis_passwordless_aws_use_instance_profile" {
type = bool
description = "Boolean to use AWS instance profile for Redis IAM authentication."
default = false
}

variable "redis_passwordless_aws_region" {
type = string
description = "AWS Region of the AWS ElastiCache resource for Redis passwordless authentication."
default = null
}

variable "redis_passwordless_aws_host_name" {
type = string
description = "The name of the Redis instance on AWS for passwordless authentication."
default = null
}

variable "redis_passwordless_aws_iam_user" {
type = string
description = "The IAM username for Redis IAM authentication."
default = null
}

variable "run_pipeline_image" {
type = string
description = "Container image used to execute Terraform runs. Leave blank to use the default image that comes with Terraform Enterprise. Defaults to \"\" if no value is given."
Expand Down
Loading