squareops
diff --git a/‎IAM.md‎
Lines changed: 8 additions & 8 deletions b/‎IAM.md‎
Lines changed: 8 additions & 8 deletions
diff --git a/‎README.md‎
Lines changed: 22 additions & 17 deletions b/‎README.md‎
Lines changed: 22 additions & 17 deletions
diff --git a/‎examples/complete/README.md‎
Lines changed: 6 additions & 28 deletions b/‎examples/complete/README.md‎
Lines changed: 6 additions & 28 deletions
diff --git a/‎examples/complete/helm/values.yaml‎
Lines changed: 2 additions & 2 deletions b/‎examples/complete/helm/values.yaml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎examples/complete/main.tf‎
Lines changed: 24 additions & 20 deletions b/‎examples/complete/main.tf‎
Lines changed: 24 additions & 20 deletions
diff --git a/‎examples/complete/provider.tf‎
Lines changed: 2 additions & 2 deletions b/‎examples/complete/provider.tf‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎helm/values/restore/values.yaml‎
Lines changed: 9 additions & 0 deletions b/‎helm/values/restore/values.yaml‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎main.tf‎
Lines changed: 73 additions & 16 deletions b/‎main.tf‎
Lines changed: 73 additions & 16 deletions
@@ -19,14 +19,14 @@ The Policy required to deploy this module:
             "Sid": "VisualEditor1",
             "Effect": "Allow",
             "Action": [
-                "iam:CreateRole",
-                "iam:DeleteRole",
                 "iam:GetRole",
+                "iam:CreateRole",
+                "iam:DeleteRole",  
                 "iam:GetRolePolicy",
-                "iam:ListAttachedRolePolicies",
-                "iam:ListInstanceProfilesForRole",
+                "iam:PutRolePolicy",
                 "iam:ListRolePolicies",
-                "iam:PutRolePolicy"
+                "iam:ListAttachedRolePolicies",
+                "iam:ListInstanceProfilesForRole"  
             ],
             "Resource": [
                 "*"
@@ -38,10 +38,10 @@ The Policy required to deploy this module:
             "Action": [
                 "secretsmanager:CreateSecret",
                 "secretsmanager:DeleteSecret",
-                "secretsmanager:DescribeSecret",
-                "secretsmanager:GetResourcePolicy",
+                "secretsmanager:DescribeSecret",  
                 "secretsmanager:GetSecretValue",
-                "secretsmanager:PutSecretValue"
+                "secretsmanager:PutSecretValue",
+                "secretsmanager:GetResourcePolicy"
             ],
             "Resource": [
                 "*"
 
@@ -11,25 +11,25 @@
 ```hcl
 module "mysql" {
   source                   = "../.."
-  mysqldb_backup_enabled   = false
-  mysqldb_exporter_enabled = false
-  cluster_name             = "cluster-name"
+  cluster_name             = "dev-skaf"
   mysqldb_config = {
-    name                        = "skaf"
-    environment                 = "prod"
-    architecture                = "replication"
-    custom_user_username        = "admin"
-    primary_pod_volume_size     = "10Gi"
-    secondary_pod_replica_count = 1
-    secondary_pod_volume_size   = "10Gi"
-    storage_class_name          = "infra-service-sc"
-    values_yaml = file("./helm/values.yaml")
+    name                       = "skaf"
+    values_yaml                = ""
+    environment                = "prod"
+    architecture               = "replication"
+    storage_class_name         = "infra-service-sc"
+    custom_user_username       = "admin"
+    primary_db_volume_size     = "10Gi"
+    secondary_db_volume_size   = "10Gi"
+    secondary_db_replica_count = 2
   }
+  mysqldb_backup_enabled   = true
   mysqldb_backup_config = {
-    s3_bucket_uri         = "s3://bucketname"
-    s3_bucket_region      = "bucket-region"
-    cron_for_full_backup  = "* * * * *"
+    s3_bucket_uri        = "s3://bucket-name"
+    s3_bucket_region     = "bucket-region"
+    cron_for_full_backup = "*/2 * * * *"
   }
+  mysqldb_exporter_enabled = true
 }
 
 
@@ -71,10 +71,12 @@ No modules.
 | Name | Type |
 |------|------|
 | [aws_iam_role.mysql_backup_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_iam_role.mysql_restore_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
 | [aws_secretsmanager_secret.mysql_user_password](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |
 | [aws_secretsmanager_secret_version.mysql_user_password](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
 | [helm_release.mysqldb](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.mysqldb_backup](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.mysqldb_restore](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [kubernetes_namespace.mysqldb](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [random_password.mysqldb_custom_user_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
 | [random_password.mysqldb_exporter_user_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
@@ -90,10 +92,13 @@ No modules.
 | <a name="input_app_version"></a> [app\_version](#input\_app\_version) | App version | `string` | `"8.0.29-debian-11-r9"` | no |
 | <a name="input_chart_version"></a> [chart\_version](#input\_chart\_version) | Chart version | `string` | `"9.2.0"` | no |
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster | `string` | `""` | no |
-| <a name="input_mysqldb_backup_config"></a> [mysqldb\_backup\_config](#input\_mysqldb\_backup\_config) | Mysql Backup configurations | `any` | <pre>{<br>  "cron_for_full_backup": "*/5 * * * *",<br>  "s3_bucket_region": "us-east-2",<br>  "s3_bucket_uri": "s3://mysqlbackupp"<br>}</pre> | no |
+| <a name="input_create_namespace"></a> [create\_namespace](#input\_create\_namespace) | Set it to true to create given namespace | `string` | `true` | no |
+| <a name="input_mysqldb_backup_config"></a> [mysqldb\_backup\_config](#input\_mysqldb\_backup\_config) | Mysql Backup configurations | `any` | <pre>{<br>  "cron_for_full_backup": "",<br>  "s3_bucket_region": "",<br>  "s3_bucket_uri": ""<br>}</pre> | no |
 | <a name="input_mysqldb_backup_enabled"></a> [mysqldb\_backup\_enabled](#input\_mysqldb\_backup\_enabled) | Set true to enable mysql backups | `bool` | `false` | no |
-| <a name="input_mysqldb_config"></a> [mysqldb\_config](#input\_mysqldb\_config) | Mysql configurations | `any` | <pre>{<br>  "architecture": "",<br>  "custom_user_username": "",<br>  "environment": "",<br>  "name": "",<br>  "primary_pod_volume_size": "",<br>  "secondary_pod_replica_count": 1,<br>  "secondary_pod_volume_size": "",<br>  "storage_class_name": "",<br>  "values_yaml": ""<br>}</pre> | no |
+| <a name="input_mysqldb_config"></a> [mysqldb\_config](#input\_mysqldb\_config) | Mysql configurations | `any` | <pre>{<br>  "architecture": "",<br>  "custom_user_username": "",<br>  "environment": "",<br>  "name": "",<br>  "primary_db_volume_size": "",<br>  "secondary_db_replica_count": 1,<br>  "secondary_db_volume_size": "",<br>  "storage_class_name": "",<br>  "values_yaml": ""<br>}</pre> | no |
 | <a name="input_mysqldb_exporter_enabled"></a> [mysqldb\_exporter\_enabled](#input\_mysqldb\_exporter\_enabled) | Set true to deploy mysqldb exporters to get metrics in grafana | `bool` | `false` | no |
+| <a name="input_mysqldb_restore_config"></a> [mysqldb\_restore\_config](#input\_mysqldb\_restore\_config) | Mysql Restore configurations | `any` | <pre>{<br>  "s3_bucket_region": "",<br>  "s3_bucket_uri": ""<br>}</pre> | no |
+| <a name="input_mysqldb_restore_enabled"></a> [mysqldb\_restore\_enabled](#input\_mysqldb\_restore\_enabled) | Set true to enable mysql restore | `bool` | `true` | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | Namespace name | `string` | `"mysqldb"` | no |
 | <a name="input_recovery_window_aws_secret"></a> [recovery\_window\_aws\_secret](#input\_recovery\_window\_aws\_secret) | Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. | `number` | `0` | no |
 
 
@@ -16,44 +16,23 @@ No requirements.
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
-| <a name="provider_helm"></a> [helm](#provider\_helm) | n/a |
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | n/a |
-| <a name="provider_random"></a> [random](#provider\_random) | n/a |
 
 ## Modules
 
-No modules.
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_mysql"></a> [mysql](#module\_mysql) | ../../ | n/a |
 
 ## Resources
 
 | Name | Type |
 |------|------|
-| [aws_iam_role.mysql_backup_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
-| [aws_secretsmanager_secret.mysql_user_password](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |
-| [aws_secretsmanager_secret_version.mysql_user_password](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
-| [helm_release.mysqldb](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.mysqldb_backup](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [kubernetes_namespace.mysqldb](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [random_password.mysqldb_custom_user_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
-| [random_password.mysqldb_exporter_user_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
-| [random_password.mysqldb_replication_user_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
-| [random_password.mysqldb_root_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
-| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
-| [aws_eks_cluster.kubernetes_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
+| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
+| [aws_eks_cluster_auth.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source |
 
 ## Inputs
 
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_app_version"></a> [app\_version](#input\_app\_version) | App version | `string` | `"8.0.29-debian-11-r9"` | no |
-| <a name="input_chart_version"></a> [chart\_version](#input\_chart\_version) | Chart version | `string` | `"9.2.0"` | no |
-| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster | `string` | `""` | no |
-| <a name="input_mysqldb_backup_config"></a> [mysqldb\_backup\_config](#input\_mysqldb\_backup\_config) | Mysql Backup configurations | `any` | <pre>{<br>  "aws_access_key_id": "AKIAT6J7AJ7XMR7TDC7R",<br>  "aws_secret_access_key": "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",<br>  "cron_for_full_backup": "*/5 * * * *",<br>  "s3_bucket_region": "us-east-2",<br>  "s3_bucket_uri": "s3://mysqlbackupp"<br>}</pre> | no |
-| <a name="input_mysqldb_backup_enabled"></a> [mysqldb\_backup\_enabled](#input\_mysqldb\_backup\_enabled) | Set true to enable mysql backups | `bool` | `false` | no |
-| <a name="input_mysqldb_config"></a> [mysqldb\_config](#input\_mysqldb\_config) | Mysql configurations | `any` | <pre>{<br>  "architecture": "",<br>  "custom_user_username": "",<br>  "environment": "",<br>  "name": "",<br>  "primary_pod_volume_size": "",<br>  "secondary_pod_replica_count": 1,<br>  "secondary_pod_volume_size": "",<br>  "storage_class_name": "",<br>  "values_yaml": ""<br>}</pre> | no |
-| <a name="input_mysqldb_exporter_enabled"></a> [mysqldb\_exporter\_enabled](#input\_mysqldb\_exporter\_enabled) | Set true to deploy mysqldb exporters to get metrics in grafana | `bool` | `false` | no |
-| <a name="input_namespace"></a> [namespace](#input\_namespace) | Namespace name | `string` | `"mysqldb"` | no |
-| <a name="input_recovery_window_aws_secret"></a> [recovery\_window\_aws\_secret](#input\_recovery\_window\_aws\_secret) | Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. | `number` | `0` | no |
+No inputs.
 
 ## Outputs
 
@@ -65,4 +44,3 @@ No modules.
 | <a name="output_mysql_secondary_endpoint"></a> [mysql\_secondary\_endpoint](#output\_mysql\_secondary\_endpoint) | n/a |
 | <a name="output_mysql_secondary_headless_endpoint"></a> [mysql\_secondary\_headless\_endpoint](#output\_mysql\_secondary\_headless\_endpoint) | n/a |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-
@@ -1,5 +1,5 @@
 primary:
-    affinity: 
+    affinity:
         nodeAffinity:
             requiredDuringSchedulingIgnoredDuringExecution:
                 nodeSelectorTerms:
@@ -10,7 +10,7 @@ primary:
                       - "true"
 
 secondary:
-    affinity: 
+    affinity:
         nodeAffinity:
             requiredDuringSchedulingIgnoredDuringExecution:
                 nodeSelectorTerms:
 
@@ -1,30 +1,34 @@
 locals {
-  region      = "us-east-2"
-  name        = "skaf"
-  environment = "prod"
+  name        = "test"
+  region      = "ap-south-1"
+  environment = "squareops"
 }
 
 module "mysql" {
-  source                   = "../.."
-  mysqldb_backup_enabled   = true
-  mysqldb_exporter_enabled = false
-  cluster_name             = "cluster-name"
+  source       = "../../"
+  cluster_name = "test-squareops"
   mysqldb_config = {
-    name                        = local.name
-    environment                 = local.environment
-    architecture                = "replication"
-    custom_user_username        = "admin"
-    primary_pod_volume_size     = "10Gi"
-    secondary_pod_replica_count = 1
-    secondary_pod_volume_size   = "10Gi"
-    storage_class_name          = "infra-service-sc"
-    values_yaml                 = file("./helm/values.yaml")
+    name                       = local.name
+    values_yaml                = file("./helm/values.yaml")
+    environment                = local.environment
+    architecture               = "replication"
+    storage_class_name         = "infra-service-sc"
+    custom_user_username       = "admin"
+    primary_db_volume_size     = "10Gi"
+    secondary_db_volume_size   = "10Gi"
+    secondary_db_replica_count = 2
   }
+  mysqldb_backup_enabled = true
   mysqldb_backup_config = {
-    s3_bucket_uri        = "s3://bucketname"
-    s3_bucket_region     = "bucket_region"
+    s3_bucket_uri        = "s3://mysqlbackupp"
+    s3_bucket_region     = "us-east-2"
     cron_for_full_backup = "*/2 * * * *"
   }
+  mysqldb_restore_enabled = true
+  mysqldb_restore_config = {
+    s3_bucket_uri    = "s3://mysqldumprestore/20-ratings.sql"
+    s3_bucket_region = "us-east-2"
 
-
-}
+  }
+  mysqldb_exporter_enabled = false
+}
@@ -4,11 +4,11 @@ provider "aws" {
 
 
 data "aws_eks_cluster" "cluster" {
-  name = ""
+  name = "dev-skaf"
 }
 
 data "aws_eks_cluster_auth" "cluster" {
-  name = ""
+  name = "dev-skaf"
 }
 
 
 
@@ -0,0 +1,9 @@
+restore:
+  bucket_uri: ${s3_bucket_uri}
+  aws_default_region: ${s3_bucket_region}
+
+auth:
+  username: "${custom_user_username}"
+
+s3:
+  role_arn: "${s3_role_arn}"
@@ -57,35 +57,32 @@ resource "kubernetes_namespace" "mysqldb" {
   count = var.create_namespace ? 1 : 0
   metadata {
     annotations = {}
-
-    name = var.namespace
+    name        = var.namespace
   }
 }
 
 resource "helm_release" "mysqldb" {
   depends_on = [kubernetes_namespace.mysqldb]
-
   name       = "mysqldb"
-  repository = "https://charts.bitnami.com/bitnami"
   chart      = "mysql"
-  namespace  = var.namespace
   version    = var.chart_version
   timeout    = 600
-
+  namespace  = var.namespace
+  repository = "https://charts.bitnami.com/bitnami"
   values = [
     templatefile("${path.module}/helm/values/mysqldb/values.yaml", {
       app_version                 = var.app_version,
       architecture                = var.mysqldb_config.architecture,
-      mysqldb_root_password       = random_password.mysqldb_root_password.result,
+      primary_pod_size            = var.mysqldb_config.primary_db_volume_size,
+      secondary_pod_size          = var.mysqldb_config.secondary_db_volume_size,
+      storage_class_name          = var.mysqldb_config.storage_class_name,
       custom_user_username        = var.mysqldb_config.custom_user_username,
       custom_user_password        = random_password.mysqldb_custom_user_password.result,
       replication_password        = random_password.mysqldb_replication_user_password.result,
-      primary_pod_size            = var.mysqldb_config.primary_pod_volume_size,
-      secondary_pod_replica_count = var.mysqldb_config.secondary_pod_replica_count,
-      secondary_pod_size          = var.mysqldb_config.secondary_pod_volume_size,
-      metrics_exporter_password   = random_password.mysqldb_exporter_user_password.result,
+      mysqldb_root_password       = random_password.mysqldb_root_password.result,
       mysqldb_exporter_enabled    = var.mysqldb_exporter_enabled,
-      storage_class_name          = var.mysqldb_config.storage_class_name
+      metrics_exporter_password   = random_password.mysqldb_exporter_user_password.result,
+      secondary_pod_replica_count = var.mysqldb_config.secondary_db_replica_count
     }),
     var.mysqldb_config.values_yaml
   ]
@@ -96,15 +93,15 @@ resource "helm_release" "mysqldb_backup" {
   count      = var.mysqldb_backup_enabled ? 1 : 0
   name       = "mysqldb-backup"
   chart      = "${path.module}/backup"
-  namespace  = var.namespace
   timeout    = 600
+  namespace  = var.namespace
   values = [
     templatefile("${path.module}/helm/values/backup/values.yaml", {
+      s3_role_arn          = aws_iam_role.mysql_backup_role.arn
       s3_bucket_uri        = var.mysqldb_backup_config.s3_bucket_uri,
       s3_bucket_region     = var.mysqldb_backup_config.s3_bucket_region,
       cron_for_full_backup = var.mysqldb_backup_config.cron_for_full_backup,
-      custom_user_username = "root",
-      s3_role_arn          = aws_iam_role.mysql_backup_role.arn
+      custom_user_username = "root"
     })
   ]
 }
@@ -136,10 +133,70 @@ resource "aws_iam_role" "mysql_backup_role" {
       Statement = [
         {
           Action = [
-            "s3:ListBucket",
             "s3:GetObject",
+            "s3:PutObject",
             "s3:DeleteObject",
+            "s3:ListBucket",
+            "s3:AbortMultipartUpload",
+            "s3:ListMultipartUploadParts"
+          ]
+          Effect   = "Allow"
+          Resource = "*"
+        }
+      ]
+    })
+  }
+}
+
+## DB dump restore
+resource "helm_release" "mysqldb_restore" {
+  depends_on = [helm_release.mysqldb]
+  count      = var.mysqldb_restore_enabled ? 1 : 0
+  name       = "mysqldb-restore"
+  chart      = "${path.module}/restore"
+  timeout    = 600
+  namespace  = var.namespace
+  values = [
+    templatefile("${path.module}/helm/values/restore/values.yaml", {
+      s3_role_arn          = aws_iam_role.mysql_restore_role.arn
+      s3_bucket_uri        = var.mysqldb_restore_config.s3_bucket_uri,
+      s3_bucket_region     = var.mysqldb_restore_config.s3_bucket_region,
+      custom_user_username = "root"
+    })
+  ]
+}
+
+resource "aws_iam_role" "mysql_restore_role" {
+  name = format("%s-%s-%s", var.cluster_name, var.mysqldb_config.name, "mysql-restore")
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Effect = "Allow",
+        Principal = {
+          Federated = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:oidc-provider/${local.oidc_provider}"
+        },
+        Action = "sts:AssumeRoleWithWebIdentity",
+        Condition = {
+          StringEquals = {
+            "${local.oidc_provider}:aud" = "sts.amazonaws.com",
+            "${local.oidc_provider}:sub" = "system:serviceaccount:${var.namespace}:sa-mysql-restore"
+          }
+        }
+      }
+    ]
+  })
+  inline_policy {
+    name = "AllowS3PutObject"
+    policy = jsonencode({
+      Version = "2012-10-17"
+      Statement = [
+        {
+          Action = [
+            "s3:GetObject",
             "s3:PutObject",
+            "s3:DeleteObject",
+            "s3:ListBucket",
             "s3:AbortMultipartUpload",
             "s3:ListMultipartUploadParts"
           ]
Original file line number	Diff line number	Diff line change
`@@ -4,11 +4,11 @@ provider "aws" {`
`4`	`4`
`5`	`5`
`6`	`6`	`data "aws_eks_cluster" "cluster" {`
`7`		`- name = ""`
	`7`	`+ name = "dev-skaf"`
`8`	`8`	`}`
`9`	`9`
`10`	`10`	`data "aws_eks_cluster_auth" "cluster" {`
`11`		`- name = ""`
	`11`	`+ name = "dev-skaf"`
`12`	`12`	`}`
`13`	`13`
`14`	`14`