updated custom credentials

Author: ShibraAmin18

README.md

@@ -11,7 +11,7 @@ This module allows you to easily deploy a MySQL database on Kubernetes using Hel
 
 |  MysqlDB Helm Chart Version    |     K8s supported version   |  
 | :-----:                       |         :---                |
-| **9.2.0**                     |    **1.23,1.24,1.25**           |
+| **9.2.0**                     |    **1.23,1.24,1.25,1.26,1.27**           |
 
 
 ## Usage Example
@@ -21,15 +21,27 @@ module "mysql" {
   source                   = "squareops/mysql/kubernetes"
   cluster_name             = "dev-cluster"
   mysqldb_config = {
-    name                       = "mysql"
-    values_yaml                = ""
-    environment                = "prod"
-    architecture               = "replication"
-    storage_class_name         = "gp3"
-    custom_user_username       = "admin"
-    primary_db_volume_size     = "10Gi"
-    secondary_db_volume_size   = "10Gi"
-    secondary_db_replica_count = 2
+    name                             = "mysql"
+    values_yaml                      = ""
+    environment                      = "prod"
+    architecture                     = "replication"
+    storage_class_name               = "gp3"
+    custom_user_username             = "admin"
+    primary_db_volume_size           = "10Gi"
+    secondary_db_volume_size         = "10Gi"
+    secondary_db_replica_count       = 2
+    store_password_to_secret_manager = true
+  }
+  mysqldb_custom_credentials_enabled = true
+  mysqldb_custom_credentials_config = {
+    root_user            = "root"
+    root_password        = "RJDRIFsYC8ZS1WQuV0ps"
+    custom_username      = "admin"
+    custom_user_password = "NCPFUKEMd7rrWuvMAa73"
+    replication_user     = "replicator"
+    replication_password = "nvAHhm1uGQNYWVw6ZyAH"
+    exporter_user        = "mysqld_exporter"
+    exporter_password    = "ZawhvpueAehRdKFlbjaq"
   }
   mysqldb_backup_enabled   = true
   mysqldb_backup_config = {
@@ -61,7 +73,7 @@ The required IAM permissions to create resources from this module can be found [
   5. To deploy Prometheus/Grafana, please follow the installation instructions for each tool in their respective documentation.
   6. Once Prometheus and Grafana are deployed, the exporter can be configured to scrape metrics data from your application or system and send it to Prometheus.
   7. Finally, you can use Grafana to create custom dashboards and visualize the metrics data collected by Prometheus.
-  8. This module is compatible with EKS version 1.23, which is great news for users deploying the module on an EKS cluster running that version. Review the module's documentation, meet specific configuration requirements, and test thoroughly after deployment to ensure everything works as expected.
+  8. This module is compatible with EKS version 1.23,1.24,1.25,1.26 and 1.27, which is great news for users deploying the module on an EKS cluster running that version. Review the module's documentation, meet specific configuration requirements, and test thoroughly after deployment to ensure everything works as expected.
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
@@ -71,6 +83,7 @@ No requirements.
 
 | Name | Version |
 |------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
 | <a name="provider_helm"></a> [helm](#provider\_helm) | n/a |
 | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | n/a |
 | <a name="provider_random"></a> [random](#provider\_random) | n/a |
@@ -86,6 +99,8 @@ No requirements.
 
 | Name | Type |
 |------|------|
+| [aws_secretsmanager_secret.mysql_user_password](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |
+| [aws_secretsmanager_secret_version.mysql_user_password](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
 | [helm_release.mysqldb](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.mysqldb_backup](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.mysqldb_restore](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
@@ -106,7 +121,9 @@ No requirements.
 | <a name="input_create_namespace"></a> [create\_namespace](#input\_create\_namespace) | Specify whether or not to create the namespace if it does not already exist. Set it to true to create the namespace. | `string` | `true` | no |
 | <a name="input_mysqldb_backup_config"></a> [mysqldb\_backup\_config](#input\_mysqldb\_backup\_config) | configuration options for MySQL database backups. It includes properties such as the S3 bucket URI, the S3 bucket region, and the cron expression for full backups. | `any` | <pre>{<br>  "bucket_uri": "",<br>  "cron_for_full_backup": "",<br>  "s3_bucket_region": ""<br>}</pre> | no |
 | <a name="input_mysqldb_backup_enabled"></a> [mysqldb\_backup\_enabled](#input\_mysqldb\_backup\_enabled) | Specifies whether to enable backups for MySQL database. | `bool` | `false` | no |
-| <a name="input_mysqldb_config"></a> [mysqldb\_config](#input\_mysqldb\_config) | Specify the configuration settings for MySQL, including the name, environment, storage options, replication settings, and custom YAML values. | `any` | <pre>{<br>  "architecture": "",<br>  "custom_user_username": "",<br>  "environment": "",<br>  "name": "",<br>  "primary_db_volume_size": "",<br>  "secondary_db_replica_count": 1,<br>  "secondary_db_volume_size": "",<br>  "storage_class_name": "",<br>  "values_yaml": ""<br>}</pre> | no |
+| <a name="input_mysqldb_config"></a> [mysqldb\_config](#input\_mysqldb\_config) | Specify the configuration settings for MySQL, including the name, environment, storage options, replication settings, and custom YAML values. | `any` | <pre>{<br>  "architecture": "",<br>  "custom_user_username": "",<br>  "environment": "",<br>  "name": "",<br>  "primary_db_volume_size": "",<br>  "secondary_db_replica_count": 1,<br>  "secondary_db_volume_size": "",<br>  "storage_class_name": "",<br>  "store_password_to_secret_manager": true,<br>  "values_yaml": ""<br>}</pre> | no |
+| <a name="input_mysqldb_custom_credentials_config"></a> [mysqldb\_custom\_credentials\_config](#input\_mysqldb\_custom\_credentials\_config) | Specify the configuration settings for MySQL to pass custom credentials during creation | `any` | <pre>{<br>  "custom_user_password": "",<br>  "custom_username": "",<br>  "exporter_password": "",<br>  "exporter_user": "",<br>  "replication_password": "",<br>  "replication_user": "",<br>  "root_password": "",<br>  "root_user": ""<br>}</pre> | no |
+| <a name="input_mysqldb_custom_credentials_enabled"></a> [mysqldb\_custom\_credentials\_enabled](#input\_mysqldb\_custom\_credentials\_enabled) | Specifies whether to enable custom credentials for MySQL database. | `bool` | `false` | no |
 | <a name="input_mysqldb_exporter_enabled"></a> [mysqldb\_exporter\_enabled](#input\_mysqldb\_exporter\_enabled) | Specify whether or not to deploy Mysql exporter to collect Mysql metrics for monitoring in Grafana. | `bool` | `false` | no |
 | <a name="input_mysqldb_restore_config"></a> [mysqldb\_restore\_config](#input\_mysqldb\_restore\_config) | Configuration options for restoring dump to the MySQL database. | `any` | <pre>{<br>  "bucket_uri": "",<br>  "file_name": "",<br>  "s3_bucket_region": ""<br>}</pre> | no |
 | <a name="input_mysqldb_restore_enabled"></a> [mysqldb\_restore\_enabled](#input\_mysqldb\_restore\_enabled) | Specifies whether to enable restoring dump to the MySQL database. | `bool` | `false` | no |
@@ -118,7 +135,8 @@ No requirements.
 
 | Name | Description |
 |------|-------------|
-| <a name="output_mysqldb"></a> [mysqldb](#output\_mysqldb) | Mysql\_Info |
+| <a name="output_mysqldb_credential"></a> [mysqldb\_credential](#output\_mysqldb\_credential) | MySQL credentials used for accessing the MySQL database. |
+| <a name="output_mysqldb_endpoints"></a> [mysqldb\_endpoints](#output\_mysqldb\_endpoints) | MySQL endpoints in the Kubernetes cluster. |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 ## Contribution & Issue Reporting

examples/complete/README.md

@@ -47,5 +47,6 @@ No inputs.
 
 | Name | Description |
 |------|-------------|
-| <a name="output_mysql_configuration"></a> [mysql\_configuration](#output\_mysql\_configuration) | Mysql\_Info |
+| <a name="output_mysql_credential"></a> [mysql\_credential](#output\_mysql\_credential) | MySQL credentials used for accessing the MySQL database. |
+| <a name="output_mysql_endpoints"></a> [mysql\_endpoints](#output\_mysql\_endpoints) | MySQL endpoints in the Kubernetes cluster. |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/complete/main.tf

@@ -7,22 +7,35 @@ locals {
     Expires    = "Never"
     Department = "Engineering"
   }
+  store_password_to_secret_manager = true
 }
 
 module "mysql" {
   source       = "squareops/mysql/kubernetes"
   cluster_name = ""
   project_id   = "" #for gcp
   mysqldb_config = {
-    name                       = local.name
-    values_yaml                = file("./helm/values.yaml")
-    environment                = local.environment
-    architecture               = "replication"
-    storage_class_name         = "standard"
-    custom_user_username       = "admin"
-    primary_db_volume_size     = "10Gi"
-    secondary_db_volume_size   = "10Gi"
-    secondary_db_replica_count = 2
+    name                             = local.name
+    values_yaml                      = file("./helm/values.yaml")
+    environment                      = local.environment
+    architecture                     = "replication"
+    storage_class_name               = "gp3"
+    custom_user_username             = "admin"
+    primary_db_volume_size           = "10Gi"
+    secondary_db_volume_size         = "10Gi"
+    secondary_db_replica_count       = 2
+    store_password_to_secret_manager = local.store_password_to_secret_manager
+  }
+  mysqldb_custom_credentials_enabled = true
+  mysqldb_custom_credentials_config = {
+    root_user            = "root"
+    root_password        = "RJDRIFsYC8ZS1WQuV0ps"
+    custom_username      = "admin"
+    custom_user_password = "NCPFUKEMd7rrWuvMAa73"
+    replication_user     = "replicator"
+    replication_password = "nvAHhm1uGQNYWVw6ZyAH"
+    exporter_user        = "mysqld_exporter"
+    exporter_password    = "ZawhvpueAehRdKFlbjaq"
   }
   bucket_provider_type   = "gcs"
   mysqldb_backup_enabled = true

examples/complete/output.tf

@@ -1,4 +1,9 @@
-output "mysql_configuration" {
-  value       = module.mysql.mysqldb
-  description = "Mysql_Info"
+output "mysql_endpoints" {
+  value       = module.mysql.mysqldb_endpoints
+  description = "MySQL endpoints in the Kubernetes cluster."
+}
+
+output "mysql_credential" {
+  value       = local.store_password_to_secret_manager ? null : module.mysql.mysqldb_credential
+  description = "MySQL credentials used for accessing the MySQL database."
 }

examples/complete/provider-aws.tf

@@ -5,7 +5,6 @@ provider "s3" {
   }
 }
 
-
 data "aws_eks_cluster" "cluster" {
   name = ""
 }
@@ -14,19 +13,16 @@ data "aws_eks_cluster_auth" "cluster" {
   name = ""
 }
 
-
 provider "kubernetes" {
   host                   = data.aws_eks_cluster.cluster.endpoint
   cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
   token                  = data.aws_eks_cluster_auth.cluster.token
-
 }
 
 provider "helm" {
   kubernetes {
     host                   = data.aws_eks_cluster.cluster.endpoint
     cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
     token                  = data.aws_eks_cluster_auth.cluster.token
-
   }
 }

examples/complete/provider-gcp.tf

@@ -18,4 +18,4 @@ provider "helm" {
     token                  = data.google_client_config.default.access_token
     cluster_ca_certificate = base64decode(data.google_container_cluster.primary.master_auth.0.cluster_ca_certificate)
   }
-}
+}

main.tf

@@ -1,25 +1,60 @@
 
 
 resource "random_password" "mysqldb_root_password" {
+  count   = var.mysqldb_custom_credentials_enabled ? 0 : 1
   length  = 20
   special = false
 }
 
 resource "random_password" "mysqldb_custom_user_password" {
+  count   = var.mysqldb_custom_credentials_enabled ? 0 : 1
   length  = 20
   special = false
 }
 
 resource "random_password" "mysqldb_replication_user_password" {
+  count   = var.mysqldb_custom_credentials_enabled ? 0 : 1
   length  = 20
   special = false
 }
 
 resource "random_password" "mysqldb_exporter_user_password" {
+  count   = var.mysqldb_custom_credentials_enabled ? 0 : 1
   length  = 20
   special = false
 }
 
+resource "aws_secretsmanager_secret" "mysql_user_password" {
+  count                   = var.mysqldb_config.store_password_to_secret_manager ? 1 : 0
+  name                    = format("%s/%s/%s", var.mysqldb_config.environment, var.mysqldb_config.name, "mysql")
+  recovery_window_in_days = var.recovery_window_aws_secret
+}
+
+resource "aws_secretsmanager_secret_version" "mysql_user_password" {
+  count     = var.mysqldb_config.store_password_to_secret_manager ? 1 : 0
+  secret_id = aws_secretsmanager_secret.mysql_user_password[0].id
+  secret_string = var.mysqldb_custom_credentials_enabled ? jsonencode(
+    {
+      "root_user" : "${var.mysqldb_custom_credentials_config.root_user}",
+      "root_password" : "${var.mysqldb_custom_credentials_config.root_password}",
+      "custom_username" : "${var.mysqldb_custom_credentials_config.custom_username}",
+      "custom_user_password" : "${var.mysqldb_custom_credentials_config.custom_user_password}",
+      "replication_user" : "${var.mysqldb_custom_credentials_config.replication_user}",
+      "replication_password" : "${var.mysqldb_custom_credentials_config.replication_password}",
+      "exporter_user" : "${var.mysqldb_custom_credentials_config.exporter_user}",
+      "exporter_password" : "${var.mysqldb_custom_credentials_config.exporter_password}"
+    }) : jsonencode(
+    {
+      "root_user" : "root",
+      "root_password" : "${random_password.mysqldb_root_password[0].result}",
+      "custom_username" : "${var.mysqldb_config.custom_user_username}",
+      "custom_user_password" : "${random_password.mysqldb_custom_user_password[0].result}",
+      "replication_user" : "replicator",
+      "replication_password" : "${random_password.mysqldb_replication_user_password[0].result}",
+      "exporter_user" : "mysqld_exporter",
+      "exporter_password" : "${random_password.mysqldb_exporter_user_password[0].result}"
+  })
+}
 
 resource "kubernetes_namespace" "mysqldb" {
   count = var.create_namespace ? 1 : 0
@@ -44,41 +79,39 @@ resource "helm_release" "mysqldb" {
       primary_pod_size            = var.mysqldb_config.primary_db_volume_size,
       secondary_pod_size          = var.mysqldb_config.secondary_db_volume_size,
       storage_class_name          = var.mysqldb_config.storage_class_name,
-      custom_user_username        = var.mysqldb_config.custom_user_username,
-      custom_user_password        = random_password.mysqldb_custom_user_password.result,
-      replication_password        = random_password.mysqldb_replication_user_password.result,
-      mysqldb_root_password       = random_password.mysqldb_root_password.result,
+      custom_user_username        = var.mysqldb_custom_credentials_enabled ? var.mysqldb_custom_credentials_config.custom_username : var.mysqldb_config.custom_user_username,
+      custom_user_password        = var.mysqldb_custom_credentials_enabled ? var.mysqldb_custom_credentials_config.custom_user_password : random_password.mysqldb_custom_user_password[0].result,
+      replication_password        = var.mysqldb_custom_credentials_enabled ? var.mysqldb_custom_credentials_config.replication_password : random_password.mysqldb_replication_user_password[0].result,
+      mysqldb_root_password       = var.mysqldb_custom_credentials_enabled ? var.mysqldb_custom_credentials_config.root_password : random_password.mysqldb_root_password[0].result,
       mysqldb_exporter_enabled    = var.mysqldb_exporter_enabled,
       service_monitor_namespace   = var.namespace
-      metrics_exporter_password   = random_password.mysqldb_exporter_user_password.result,
+      metrics_exporter_password   = var.mysqldb_custom_credentials_enabled ? var.mysqldb_custom_credentials_config.exporter_password : random_password.mysqldb_exporter_user_password[0].result,
       secondary_pod_replica_count = var.mysqldb_config.secondary_db_replica_count
     }),
     var.mysqldb_config.values_yaml
   ]
 }
 
 module "aws" {
-  source                     = "./provider/aws"
-  count                      = var.bucket_provider_type == "s3" ? 1 : 0
-  mysqldb_config             = var.mysqldb_config
-  recovery_window_aws_secret = var.recovery_window_aws_secret
-  cluster_name               = var.cluster_name
-  root_password              = random_password.mysqldb_root_password.result
-  custom_user_password       = random_password.mysqldb_custom_user_password.result
-  replication_password       = random_password.mysqldb_replication_user_password.result
-  exporter_password          = random_password.mysqldb_exporter_user_password.result
+  source                             = "./provider/aws"
+  count                              = var.bucket_provider_type == "s3" ? 1 : 0
+  mysqldb_config                     = var.mysqldb_config
+  recovery_window_aws_secret         = var.recovery_window_aws_secret
+  cluster_name                       = var.cluster_name
+  store_password_to_secret_manager   = var.store_password_to_secret_manager
+  mysqldb_custom_credentials_enabled = var.mysqldb_custom_credentials_enabled
+  mysqldb_custom_credentials_config  = var.mysqldb_custom_credentials_config
 }
 
 module "gcp" {
-  source               = "./provider/gcp"
-  count                = var.bucket_provider_type == "gcs" ? 1 : 0
-  project_id           = var.project_id
-  environment          = var.mysqldb_config.environment
-  mysqldb_config       = var.mysqldb_config
-  root_password        = random_password.mysqldb_root_password.result
-  custom_user_password = random_password.mysqldb_custom_user_password.result
-  replication_password = random_password.mysqldb_replication_user_password.result
-  exporter_password    = random_password.mysqldb_exporter_user_password.result
+  source                             = "./provider/gcp"
+  count                              = var.bucket_provider_type == "gcs" ? 1 : 0
+  project_id                         = var.project_id
+  environment                        = var.mysqldb_config.environment
+  mysqldb_config                     = var.mysqldb_config
+  store_password_to_secret_manager   = var.store_password_to_secret_manager
+  mysqldb_custom_credentials_enabled = var.mysqldb_custom_credentials_enabled
+  mysqldb_custom_credentials_config  = var.mysqldb_custom_credentials_config
 }
 
 resource "helm_release" "mysqldb_backup" {