Updated mysql to pass custom username and password

Author: ankur6405

README.md

@@ -61,7 +61,7 @@ The required IAM permissions to create resources from this module can be found [
   5. To deploy Prometheus/Grafana, please follow the installation instructions for each tool in their respective documentation.
   6. Once Prometheus and Grafana are deployed, the exporter can be configured to scrape metrics data from your application or system and send it to Prometheus.
   7. Finally, you can use Grafana to create custom dashboards and visualize the metrics data collected by Prometheus.
-  8. This module is compatible with EKS version 1.23, which is great news for users deploying the module on an EKS cluster running that version. Review the module's documentation, meet specific configuration requirements, and test thoroughly after deployment to ensure everything works as expected.
+  8. This module is compatible with EKS version 1.23,1.24,1.25,1.26 and 1.27, which is great news for users deploying the module on an EKS cluster running that version. Review the module's documentation, meet specific configuration requirements, and test thoroughly after deployment to ensure everything works as expected.
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 

examples/complete/main.tf

@@ -25,6 +25,17 @@ module "mysql" {
     secondary_db_replica_count       = 2
     store_password_to_secret_manager = local.store_password_to_secret_manager
   }
+  mysqldb_custom_credentials_enabled = false
+  mysqldb_custom_credentials_config = {
+    root_user            = ""
+    root_password        = ""
+    custom_username      = ""
+    custom_user_password = ""
+    replication_user     = ""
+    replication_password = ""
+    exporter_user        = ""
+    exporter_password    = ""
+  }
   mysqldb_backup_enabled = true
   mysqldb_backup_config = {
     s3_bucket_uri        = "s3://bucket_name"

examples/complete/output.tf

@@ -1,9 +1,9 @@
 output "mysql_endpoints" {
   value       = module.mysql.mysqldb_endpoints
-  description = "Mysql_Info"
+  description = "MySQL endpoints in the Kubernetes cluster."
 }
 
 output "mysql_credential" {
   value       = local.store_password_to_secret_manager ? null : module.mysql.mysqldb_credential
-  description = "Mysql_Info"
+  description = "MySQL credentials used for accessing the MySQL database."
 }

examples/complete/provider.tf

@@ -5,7 +5,6 @@ provider "aws" {
   }
 }
 
-
 data "aws_eks_cluster" "cluster" {
   name = ""
 }
@@ -14,19 +13,16 @@ data "aws_eks_cluster_auth" "cluster" {
   name = ""
 }
 
-
 provider "kubernetes" {
   host                   = data.aws_eks_cluster.cluster.endpoint
   cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
   token                  = data.aws_eks_cluster_auth.cluster.token
-
 }
 
 provider "helm" {
   kubernetes {
     host                   = data.aws_eks_cluster.cluster.endpoint
     cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
     token                  = data.aws_eks_cluster_auth.cluster.token
-
   }
 }

main.tf

@@ -13,21 +13,25 @@ data "aws_eks_cluster" "kubernetes_cluster" {
 }
 
 resource "random_password" "mysqldb_root_password" {
+  count   = var.mysqldb_custom_credentials_enabled ? 0 : 1
   length  = 20
   special = false
 }
 
 resource "random_password" "mysqldb_custom_user_password" {
+  count   = var.mysqldb_custom_credentials_enabled ? 0 : 1
   length  = 20
   special = false
 }
 
 resource "random_password" "mysqldb_replication_user_password" {
+  count   = var.mysqldb_custom_credentials_enabled ? 0 : 1
   length  = 20
   special = false
 }
 
 resource "random_password" "mysqldb_exporter_user_password" {
+  count   = var.mysqldb_custom_credentials_enabled ? 0 : 1
   length  = 20
   special = false
 }
@@ -39,20 +43,29 @@ resource "aws_secretsmanager_secret" "mysql_user_password" {
 }
 
 resource "aws_secretsmanager_secret_version" "mysql_user_password" {
-  count         = var.mysqldb_config.store_password_to_secret_manager ? 1 : 0
-  secret_id     = aws_secretsmanager_secret.mysql_user_password[0].id
-  secret_string = <<EOF
-   {
-    "root_user": "root",
-    "root_password": "${random_password.mysqldb_root_password.result}",
-    "custom_username": "${var.mysqldb_config.custom_user_username}",
-    "custom_user_password": "${random_password.mysqldb_custom_user_password.result}",
-    "replication_user": "replicator",
-    "replication_password": "${random_password.mysqldb_replication_user_password.result}",
-    "exporter_user": "mysqld_exporter",
-    "exporter_password": "${random_password.mysqldb_exporter_user_password.result}"
-   }
-EOF
+  count     = var.mysqldb_config.store_password_to_secret_manager ? 1 : 0
+  secret_id = aws_secretsmanager_secret.mysql_user_password[0].id
+  secret_string = var.mysqldb_custom_credentials_enabled ? jsonencode(
+    {
+      "root_user" : "${var.mysqldb_custom_credentials_config.root_user}",
+      "root_password" : "${var.mysqldb_custom_credentials_config.root_password}",
+      "custom_username" : "${var.mysqldb_custom_credentials_config.custom_username}",
+      "custom_user_password" : "${var.mysqldb_custom_credentials_config.custom_user_password}",
+      "replication_user" : "${var.mysqldb_custom_credentials_config.replication_user}",
+      "replication_password" : "${var.mysqldb_custom_credentials_config.replication_password}",
+      "exporter_user" : "${var.mysqldb_custom_credentials_config.exporter_user}",
+      "exporter_password" : "${var.mysqldb_custom_credentials_config.exporter_password}"
+    }) : jsonencode(
+    {
+      "root_user" : "root",
+      "root_password" : "${random_password.mysqldb_root_password[0].result}",
+      "custom_username" : "${var.mysqldb_config.custom_user_username}",
+      "custom_user_password" : "${random_password.mysqldb_custom_user_password[0].result}",
+      "replication_user" : "replicator",
+      "replication_password" : "${random_password.mysqldb_replication_user_password[0].result}",
+      "exporter_user" : "mysqld_exporter",
+      "exporter_password" : "${random_password.mysqldb_exporter_user_password[0].result}"
+  })
 }
 
 resource "kubernetes_namespace" "mysqldb" {
@@ -78,13 +91,13 @@ resource "helm_release" "mysqldb" {
       primary_pod_size            = var.mysqldb_config.primary_db_volume_size,
       secondary_pod_size          = var.mysqldb_config.secondary_db_volume_size,
       storage_class_name          = var.mysqldb_config.storage_class_name,
-      custom_user_username        = var.mysqldb_config.custom_user_username,
-      custom_user_password        = random_password.mysqldb_custom_user_password.result,
-      replication_password        = random_password.mysqldb_replication_user_password.result,
-      mysqldb_root_password       = random_password.mysqldb_root_password.result,
+      custom_user_username        = var.mysqldb_custom_credentials_enabled ? var.mysqldb_custom_credentials_config.custom_username : var.mysqldb_config.custom_user_username,
+      custom_user_password        = var.mysqldb_custom_credentials_enabled ? var.mysqldb_custom_credentials_config.custom_user_password : random_password.mysqldb_custom_user_password[0].result,
+      replication_password        = var.mysqldb_custom_credentials_enabled ? var.mysqldb_custom_credentials_config.replication_password : random_password.mysqldb_replication_user_password[0].result,
+      mysqldb_root_password       = var.mysqldb_custom_credentials_enabled ? var.mysqldb_custom_credentials_config.root_password : random_password.mysqldb_root_password[0].result,
       mysqldb_exporter_enabled    = var.mysqldb_exporter_enabled,
       service_monitor_namespace   = var.namespace
-      metrics_exporter_password   = random_password.mysqldb_exporter_user_password.result,
+      metrics_exporter_password   = var.mysqldb_custom_credentials_enabled ? var.mysqldb_custom_credentials_config.exporter_password : random_password.mysqldb_exporter_user_password[0].result,
       secondary_pod_replica_count = var.mysqldb_config.secondary_db_replica_count
     }),
     var.mysqldb_config.values_yaml

output.tf

@@ -1,5 +1,5 @@
 output "mysqldb_endpoints" {
-  description = "Mysql_Info"
+  description = "MySQL endpoints in the Kubernetes cluster."
   value = {
     mysqlport                         = "3306",
     mysql_primary_endpoint            = "mysqldb-primary.${var.namespace}.svc.cluster.local",
@@ -10,15 +10,15 @@ output "mysqldb_endpoints" {
 }
 
 output "mysqldb_credential" {
-  description = "Mysql_Info"
+  description = "MySQL credentials used for accessing the MySQL database."
   value = var.mysqldb_config.store_password_to_secret_manager ? null : {
-    root_user            = "root",
-    root_password        = nonsensitive(random_password.mysqldb_root_password.result),
-    custom_username      = var.mysqldb_config.custom_user_username,
-    custom_user_password = nonsensitive(random_password.mysqldb_custom_user_password.result),
-    replication_user     = "replicator",
-    replication_password = nonsensitive(random_password.mysqldb_replication_user_password.result),
-    exporter_user        = "mysqld_exporter",
-    exporter_password    = nonsensitive(random_password.mysqldb_exporter_user_password.result)
+    root_user            = var.mysqldb_custom_credentials_enabled ? var.mysqldb_custom_credentials_config.root_user : "root",
+    root_password        = var.mysqldb_custom_credentials_enabled ? var.mysqldb_custom_credentials_config.root_password : nonsensitive(random_password.mysqldb_root_password[0].result),
+    custom_username      = var.mysqldb_custom_credentials_enabled ? var.mysqldb_custom_credentials_config.custom_username : var.mysqldb_config.custom_user_username,
+    custom_user_password = var.mysqldb_custom_credentials_enabled ? var.mysqldb_custom_credentials_config.custom_user_password : nonsensitive(random_password.mysqldb_custom_user_password[0].result),
+    replication_user     = var.mysqldb_custom_credentials_enabled ? var.mysqldb_custom_credentials_config.replication_user : "replicator",
+    replication_password = var.mysqldb_custom_credentials_enabled ? var.mysqldb_custom_credentials_config.replication_password : nonsensitive(random_password.mysqldb_replication_user_password[0].result),
+    exporter_user        = var.mysqldb_custom_credentials_enabled ? var.mysqldb_custom_credentials_config.exporter_user : "mysqld_exporter",
+    exporter_password    = var.mysqldb_custom_credentials_enabled ? var.mysqldb_custom_credentials_config.exporter_password : nonsensitive(random_password.mysqldb_exporter_user_password[0].result)
   }
 }

variables.tf

@@ -15,6 +15,27 @@ variable "mysqldb_config" {
   description = "Specify the configuration settings for MySQL, including the name, environment, storage options, replication settings, and custom YAML values."
 }
 
+variable "mysqldb_custom_credentials_enabled" {
+  type        = bool
+  default     = false
+  description = "Specifies whether to enable custom for MySQL database."
+}
+
+variable "mysqldb_custom_credentials_config" {
+  type = any
+  default = {
+    root_user            = ""
+    root_password        = ""
+    custom_username      = ""
+    custom_user_password = ""
+    replication_user     = ""
+    replication_password = ""
+    exporter_user        = ""
+    exporter_password    = ""
+  }
+  description = "Specify the configuration settings for MySQL to pass custom credentials during creation"
+}
+
 variable "app_version" {
   type        = string
   default     = "8.0.29-debian-11-r9"