diff --git a/src/main.tf b/src/main.tf index 4c311e0..6085c22 100644 --- a/src/main.tf +++ b/src/main.tf @@ -1,10 +1,11 @@ locals { - enabled = module.this.enabled + enabled = module.this.enabled + create_password = local.enabled && (var.master_password == null || var.master_password == "") } module "documentdb_cluster" { source = "cloudposse/documentdb-cluster/aws" - version = "0.14.0" + version = "0.30.0" instance_class = var.instance_class cluster_size = var.cluster_size @@ -14,6 +15,7 @@ module "documentdb_cluster" { engine_version = var.engine_version deletion_protection = var.deletion_protection_enabled enabled_cloudwatch_logs_exports = var.enabled_cloudwatch_logs_exports + enable_performance_insights = var.enable_performance_insights storage_encrypted = var.encryption_enabled snapshot_identifier = var.snapshot_identifier @@ -26,8 +28,8 @@ module "documentdb_cluster" { auto_minor_version_upgrade = var.auto_minor_version_upgrade db_port = var.db_port - master_username = join("", aws_ssm_parameter.master_username[*].value) - master_password = join("", aws_ssm_parameter.master_password[*].value) + master_username = var.master_username + master_password = local.create_password ? one(random_password.master_password[*].result) : var.master_password vpc_id = module.vpc.outputs.vpc_id subnet_ids = module.vpc.outputs.private_subnet_ids diff --git a/src/ssm.tf b/src/ssm.tf index dde1284..ae66eb9 100644 --- a/src/ssm.tf +++ b/src/ssm.tf @@ -28,5 +28,5 @@ resource "aws_ssm_parameter" "master_password" { name = "/${module.this.name}/master_password" type = "SecureString" - value = join("", random_password.master_password[*].result) + value = one(random_password.master_password[*].result) } diff --git a/src/variables.tf b/src/variables.tf index f9f5222..991fe1c 100644 --- a/src/variables.tf +++ b/src/variables.tf @@ -34,6 +34,12 @@ variable "master_username" { description = "(Required unless a snapshot_identifier is provided) Username for the master DB user" } +variable "master_password" { + type = string + default = null + description = "(Required unless a snapshot_identifier is provided) Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file. Please refer to the DocumentDB Naming Constraints" +} + variable "retention_period" { type = number default = 5 @@ -116,6 +122,12 @@ variable "enabled_cloudwatch_logs_exports" { default = [] } +variable "enable_performance_insights" { + type = bool + description = "Specifies whether to enable Performance Insights for the DB Instance." + default = false +} + variable "eks_security_group_ingress_enabled" { type = bool description = "Whether to add the Security Group managed by the EKS cluster in the same regional stack to the ingress allowlist of the DocumentDB cluster." diff --git a/test/component_test.go b/test/component_test.go index 04e395e..1106683 100644 --- a/test/component_test.go +++ b/test/component_test.go @@ -2,6 +2,7 @@ package test import ( "context" + "fmt" "strings" "testing" @@ -18,16 +19,21 @@ type ComponentSuite struct { helper.TestSuite } +var ( + suffix = strings.ToLower(random.UniqueId()) + userName = "test_user" + password = random.UniqueId() + random.UniqueId()[:4] // Combine two IDs to ensure at least 8 characters +) + func (s *ComponentSuite) TestBasic() { const component = "documentdb/basic" const stack = "default-test" const awsRegion = "us-east-2" - name := strings.ToLower(random.UniqueId()) - userName := "test_user" - inputs := map[string]interface{}{ + inputs := map[string]any{ "master_username": userName, - "name": name, + "master_password": password, + "name": fmt.Sprintf("%s-docdb", suffix), } defer s.DestroyAtmosComponent(s.T(), component, stack, &inputs) @@ -55,8 +61,8 @@ func (s *ComponentSuite) TestBasic() { replicasHost := atmos.Output(s.T(), options, "replicas_host") assert.NotEmpty(s.T(), replicasHost) - securityGroupId := atmos.Output(s.T(), options, "security_group_id") - assert.NotEmpty(s.T(), securityGroupId) + securityGroupID := atmos.Output(s.T(), options, "security_group_id") + assert.NotEmpty(s.T(), securityGroupID) securityGroupArn := atmos.Output(s.T(), options, "security_group_arn") assert.NotEmpty(s.T(), securityGroupArn) @@ -72,11 +78,11 @@ func (s *ComponentSuite) TestBasic() { assert.Equal(s.T(), arn, *clusters.DBClusters[0].DBClusterArn) assert.Equal(s.T(), clusterName, *clusters.DBClusters[0].DBClusterIdentifier) assert.Equal(s.T(), readerEndpoint, *clusters.DBClusters[0].ReaderEndpoint) - assert.Equal(s.T(), securityGroupId, *clusters.DBClusters[0].VpcSecurityGroups[0].VpcSecurityGroupId) + assert.Equal(s.T(), securityGroupID, *clusters.DBClusters[0].VpcSecurityGroups[0].VpcSecurityGroupId) dnsDelegatedOptions := s.GetAtmosOptions("dns-delegated", "default-test", nil) - delegatedDnsZoneId := atmos.Output(s.T(), dnsDelegatedOptions, "default_dns_zone_id") - masterEndpointDNSRecord := aws.GetRoute53Record(s.T(), delegatedDnsZoneId, masterEndpoint, "CNAME", awsRegion) + delegatedDNSZoneID := atmos.Output(s.T(), dnsDelegatedOptions, "default_dns_zone_id") + masterEndpointDNSRecord := aws.GetRoute53Record(s.T(), delegatedDNSZoneID, masterEndpoint, "CNAME", awsRegion) assert.Equal(s.T(), *masterEndpointDNSRecord.ResourceRecords[0].Value, *clusters.DBClusters[0].Endpoint) s.DriftTest(component, stack, &inputs) @@ -87,9 +93,14 @@ func (s *ComponentSuite) TestEnabledFlag() { const stack = "default-test" const awsRegion = "us-east-2" - s.VerifyEnabledFlag(component, stack, nil) -} + inputs := map[string]any{ + "master_username": userName, + "master_password": password, + "name": fmt.Sprintf("%s-docdb", suffix), + } + s.VerifyEnabledFlag(component, stack, &inputs) +} func TestRunSuite(t *testing.T) { suite := new(ComponentSuite) @@ -97,8 +108,8 @@ func TestRunSuite(t *testing.T) { suite.AddDependency(t, "vpc", "default-test", nil) subdomain := strings.ToLower(random.UniqueId()) - inputs := map[string]interface{}{ - "zone_config": []map[string]interface{}{ + inputs := map[string]any{ + "zone_config": []map[string]any{ { "subdomain": subdomain, "zone_name": "components.cptest.test-automation.app",