Skip to content

[Automated Preview][terraform-aws-data-storage] Add test coverage for Redshift manage_master_password feature #2998

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
docs-sourcer wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Automated Preview][terraform-aws-data-storage] Add test coverage for Redshift manage_master_password feature #2998

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
76 changes: 66 additions & 10 deletions docs/reference/modules/terraform-aws-data-storage/redshift/redshift.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,11 @@ workaround, you can re-run the destroy command once the workspace gets deleted c

# ------------------------------------------------------------------------------------------------------
# DEPLOY GRUNTWORK'S REDSHIFT MODULE
#
# NOTE: This module uses some sensitive variables marked inline with "# SENSITIVE".
# When using values other than defaults for these variables, set them through environment variables or
# another secure method.
#
# ------------------------------------------------------------------------------------------------------

module "redshift" {
Expand Down Expand Up @@ -224,11 +229,21 @@ module "redshift" {
# there may even be a downtime during maintenance windows.
maintenance_window = "sun:07:00-sun:08:00"

# Whether to automatically manage the cluster admin credentials with AWS
# SecretsManager. When true, AWS will auto-generate and rotate the master
# password. Conflicts with master_password. See
# https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-secrets-manager-integration.html.
manage_master_password = null

# The password for the master user. If var.snapshot_identifier is non-empty,
# this value is ignored. Required unless var.replicate_source_db is set.
master_password = null
# this value is ignored. Conflicts with manage_master_password.
master_password = null # SENSITIVE

# KMS key ID for encrypting the managed master password secret. Only used when
# manage_master_password is true.
master_password_secret_kms_key_id = null

# The username for the master user. Required unless var.replicate_source_db is
# The username for the master user. Required unless var.snapshot_identifier is
# set.
master_username = null

Expand Down Expand Up @@ -298,6 +313,11 @@ module "redshift" {

# ------------------------------------------------------------------------------------------------------
# DEPLOY GRUNTWORK'S REDSHIFT MODULE
#
# NOTE: This module uses some sensitive variables marked inline with "# SENSITIVE".
# When using values other than defaults for these variables, set them through environment variables or
# another secure method.
#
# ------------------------------------------------------------------------------------------------------

terraform {
Expand Down Expand Up @@ -468,11 +488,21 @@ inputs = {
# there may even be a downtime during maintenance windows.
maintenance_window = "sun:07:00-sun:08:00"

# Whether to automatically manage the cluster admin credentials with AWS
# SecretsManager. When true, AWS will auto-generate and rotate the master
# password. Conflicts with master_password. See
# https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-secrets-manager-integration.html.
manage_master_password = null

# The password for the master user. If var.snapshot_identifier is non-empty,
# this value is ignored. Required unless var.replicate_source_db is set.
master_password = null
# this value is ignored. Conflicts with manage_master_password.
master_password = null # SENSITIVE

# The username for the master user. Required unless var.replicate_source_db is
# KMS key ID for encrypting the managed master password secret. Only used when
# manage_master_password is true.
master_password_secret_kms_key_id = null

# The username for the master user. Required unless var.snapshot_identifier is
# set.
master_username = null

Expand Down Expand Up @@ -628,7 +658,7 @@ A list of IPv6 CIDR-formatted IP address ranges that this DB can connect. Use th
<HclListItemDefaultValue defaultValue="[]"/>
</HclListItem>

<HclListItem name="apply_immediately" requirement="optional" type="string">
<HclListItem name="apply_immediately" requirement="optional" type="bool">
<HclListItemDescription>

Specifies whether any cluster modifications are applied immediately, or during the next maintenance window.
Expand Down Expand Up @@ -871,10 +901,28 @@ The weekly day and time range during which system maintenance can occur (e.g. we
<HclListItemDefaultValue defaultValue="&quot;sun:07:00-sun:08:00&quot;"/>
</HclListItem>

<HclListItem name="manage_master_password" requirement="optional" type="bool">
<HclListItemDescription>

Whether to automatically manage the cluster admin credentials with AWS SecretsManager. When true, AWS will auto-generate and rotate the master password. Conflicts with master_password. See https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-secrets-manager-integration.html.

</HclListItemDescription>
<HclListItemDefaultValue defaultValue="null"/>
</HclListItem>

<HclListItem name="master_password" requirement="optional" type="string">
<HclListItemDescription>

The password for the master user. If <a href="#snapshot_identifier"><code>snapshot_identifier</code></a> is non-empty, this value is ignored. Required unless <a href="#replicate_source_db"><code>replicate_source_db</code></a> is set.
The password for the master user. If <a href="#snapshot_identifier"><code>snapshot_identifier</code></a> is non-empty, this value is ignored. Conflicts with manage_master_password.

</HclListItemDescription>
<HclListItemDefaultValue defaultValue="null"/>
</HclListItem>

<HclListItem name="master_password_secret_kms_key_id" requirement="optional" type="string">
<HclListItemDescription>

KMS key ID for encrypting the managed master password secret. Only used when manage_master_password is true.

</HclListItemDescription>
<HclListItemDefaultValue defaultValue="null"/>
Expand All @@ -883,7 +931,7 @@ The password for the master user. If <a href="#snapshot_identifier"><code>snapsh
<HclListItem name="master_username" requirement="optional" type="string">
<HclListItemDescription>

The username for the master user. Required unless <a href="#replicate_source_db"><code>replicate_source_db</code></a> is set.
The username for the master user. Required unless <a href="#snapshot_identifier"><code>snapshot_identifier</code></a> is set.

</HclListItemDescription>
<HclListItemDefaultValue defaultValue="null"/>
Expand Down Expand Up @@ -1061,6 +1109,14 @@ The Redshift Cluster ID
</HclListItemDescription>
</HclListItem>

<HclListItem name="master_password_secret_arn">
<HclListItemDescription>

ARN of the auto-generated Secrets Manager secret containing admin credentials. Only populated when manage_master_password is true.

</HclListItemDescription>
</HclListItem>

<HclListItem name="name">
<HclListItemDescription>

Expand Down Expand Up @@ -1104,6 +1160,6 @@ The ID of the Security Group that controls access to the cluster
"https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.46.1/modules/redshift/outputs.tf"
],
"sourcePlugin": "module-catalog-api",
"hash": "e1f14be18ac31a63293d2b10da5bbef5"
"hash": "5f022bb029154c8cb7cd1d3f22dc933c"
}
##DOCS-SOURCER-END -->