Added option to upload secret to secret mannager

Author: ankur6405

README.md

@@ -21,15 +21,16 @@ module "mysql" {
   source                   = "squareops/mysql/kubernetes"
   cluster_name             = "dev-cluster"
   mysqldb_config = {
-    name                       = "mysql"
-    values_yaml                = ""
-    environment                = "prod"
-    architecture               = "replication"
-    storage_class_name         = "gp3"
-    custom_user_username       = "admin"
-    primary_db_volume_size     = "10Gi"
-    secondary_db_volume_size   = "10Gi"
-    secondary_db_replica_count = 2
+    name                             = "mysql"
+    values_yaml                      = ""
+    environment                      = "prod"
+    architecture                     = "replication"
+    storage_class_name               = "gp3"
+    custom_user_username             = "admin"
+    primary_db_volume_size           = "10Gi"
+    secondary_db_volume_size         = "10Gi"
+    secondary_db_replica_count       = 2
+    store_password_to_secret_manager = true
   }
   mysqldb_backup_enabled   = true
   mysqldb_backup_config = {

examples/complete/main.tf

@@ -7,21 +7,23 @@ locals {
     Expires    = "Never"
     Department = "Engineering"
   }
+  store_password_to_secret_manager = true
 }
 
 module "mysql" {
   source       = "squareops/mysql/kubernetes"
   cluster_name = ""
   mysqldb_config = {
-    name                       = local.name
-    values_yaml                = file("./helm/values.yaml")
-    environment                = local.environment
-    architecture               = "replication"
-    storage_class_name         = "gp3"
-    custom_user_username       = "admin"
-    primary_db_volume_size     = "10Gi"
-    secondary_db_volume_size   = "10Gi"
-    secondary_db_replica_count = 2
+    name                             = local.name
+    values_yaml                      = file("./helm/values.yaml")
+    environment                      = local.environment
+    architecture                     = "replication"
+    storage_class_name               = "gp3"
+    custom_user_username             = "admin"
+    primary_db_volume_size           = "10Gi"
+    secondary_db_volume_size         = "10Gi"
+    secondary_db_replica_count       = 2
+    store_password_to_secret_manager = local.store_password_to_secret_manager
   }
   mysqldb_backup_enabled = true
   mysqldb_backup_config = {

examples/complete/output.tf

@@ -1,4 +1,9 @@
 output "mysql_configuration" {
-  value       = module.mysql.mysqldb
+  value       = module.mysql.mysqldb_endpoints
+  description = "Mysql_Info"
+}
+
+output "mysql_credential" {
+  value       = local.store_password_to_secret_manager ? null : module.mysql.mysqldb_credential
   description = "Mysql_Info"
 }

main.tf

@@ -33,12 +33,14 @@ resource "random_password" "mysqldb_exporter_user_password" {
 }
 
 resource "aws_secretsmanager_secret" "mysql_user_password" {
+  count                   = var.mysqldb_config.store_password_to_secret_manager ? 1 : 0
   name                    = format("%s/%s/%s", var.mysqldb_config.environment, var.mysqldb_config.name, "mysql")
   recovery_window_in_days = var.recovery_window_aws_secret
 }
 
 resource "aws_secretsmanager_secret_version" "mysql_user_password" {
-  secret_id     = aws_secretsmanager_secret.mysql_user_password.id
+  count         = var.mysqldb_config.store_password_to_secret_manager ? 1 : 0
+  secret_id     = aws_secretsmanager_secret.mysql_user_password[0].id
   secret_string = <<EOF
    {
     "root_user": "root",

output.tf

@@ -1,10 +1,24 @@
-output "mysqldb" {
+output "mysqldb_endpoints" {
   description = "Mysql_Info"
   value = {
     mysqlport                         = "3306",
     mysql_primary_endpoint            = "mysqldb-primary.${var.namespace}.svc.cluster.local",
     mysql_primary_headless_endpoint   = "mysqldb-primary-headless.${var.namespace}.svc.cluster.local",
     mysql_secondary_endpoint          = "mysqldb-secondary.${var.namespace}.svc.cluster.local",
-    mysql_secondary_headless_endpoint = "mysqldb-secondary-headless.${var.namespace}.svc.cluster.local"
+    mysql_secondary_headless_endpoint = "mysqldb-secondary-headless.${var.namespace}.svc.cluster.local",
+  }
+}
+
+output "mysqldb_credential" {
+  description = "Mysql_Info"
+  value = var.mysqldb_config.store_password_to_secret_manager ? null : {
+    root_user            = "root",
+    root_password        = nonsensitive(random_password.mysqldb_root_password.result),
+    custom_username      = var.mysqldb_config.custom_user_username,
+    custom_user_password = nonsensitive(random_password.mysqldb_custom_user_password.result),
+    replication_user     = "replicator",
+    replication_password = nonsensitive(random_password.mysqldb_replication_user_password.result),
+    exporter_user        = "mysqld_exporter",
+    exporter_password    = nonsensitive(random_password.mysqldb_exporter_user_password.result)
   }
 }

variables.tf

@@ -1,15 +1,16 @@
 variable "mysqldb_config" {
   type = any
   default = {
-    name                       = ""
-    environment                = ""
-    values_yaml                = ""
-    architecture               = ""
-    storage_class_name         = ""
-    custom_user_username       = ""
-    primary_db_volume_size     = ""
-    secondary_db_volume_size   = ""
-    secondary_db_replica_count = 1
+    name                             = ""
+    environment                      = ""
+    values_yaml                      = ""
+    architecture                     = ""
+    storage_class_name               = ""
+    custom_user_username             = ""
+    primary_db_volume_size           = ""
+    secondary_db_volume_size         = ""
+    secondary_db_replica_count       = 1
+    store_password_to_secret_manager = true
   }
   description = "Specify the configuration settings for MySQL, including the name, environment, storage options, replication settings, and custom YAML values."
 }