Remove user creation from module (#32)

* adding tags support for root username password * adding tag support for rds instance * adding ignore changes to modules * adding ignore changes parameter * adding ignore changes value to ssm parameter * Now ignoring all changes to password values for the mysql module * Remove user creation from mysql_schema_configuration module * remove empty line from README * fixing typo * adding kms key id
coveo · Feb 25, 2020 · 37c7a94 · 37c7a94
1 parent 88c9384
commit 37c7a94
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 36 deletions.
diff --git a/README.md b/README.md
@@ -11,6 +11,10 @@ Table of content:
 
 This repository is a selection of Terraform modules we used at Coveo. We now support the following modules :
 
+### mysql_schema_configuration
+
+This module is now deprecated. It is only available for backward compatibility.
+
 ### rds_database_cluster
 
 This module creates a [RDS Cluster Resource](https://www.terraform.io/docs/providers/aws/r/rds_cluster.html), his [RDS Cluster Resource Instance](https://www.terraform.io/docs/providers/aws/r/rds_cluster_instance.html) and a [RDS DB subnet group ressource](https://www.terraform.io/docs/providers/aws/r/db_subnet_group.html). It also store the database username and password into the parameter store by creating two [SSM Parameter resource](https://www.terraform.io/docs/providers/aws/r/ssm_parameter.html). You have to provide it with minimally a list of subnet_ids, the database master password and a custom_identifier. This module outputs the cluster endpoint which is the DNS address of the RDS instance, the master username, the master password and the port used by the database.

diff --git a/mysql_schema_configuration/mysql_schema_configuration.tf b/mysql_schema_configuration/mysql_schema_configuration.tf
@@ -8,32 +8,10 @@ resource "mysql_database" "schema" {
   default_collation     = "${lookup(var.optional_parameters, "default_collation", "utf8_bin")}"
 }
 
-resource "mysql_user" "user" {
-  user = "${var.username}"
-
-  host               = "%"
-  plaintext_password = "${var.password}"
-  tls_option         = "${lookup(var.optional_parameters, "tls_option", "NONE")}"
-
-  lifecycle {
-    ignore_changes = ["plaintext_password"]
-  }
-}
-
-resource "mysql_grant" "grants" {
-  database = "${mysql_database.schema.name}"
-
-  user       = "${mysql_user.user.user}"
-  host       = "${mysql_user.user.host}"
-  privileges = "${var.user_privileges}"
-  table      = "${lookup(var.optional_parameters, "grants_table", "*")}"
-  tls_option = "${lookup(var.optional_parameters, "tls_option", "NONE")}"
-}
-
 resource "aws_ssm_parameter" "username" {
   name  = "${var.parameter_store_path}/Username"
   type  = "${lookup(var.optional_parameters, "username_aws_ssm_parameter_type", "String")}"
-  value = "${mysql_user.user.user}"
+  value = "PLACEHOLDER"
 
   key_id = "${lookup(var.optional_parameters, "username_kms_key_id", "")}"
 
@@ -47,7 +25,7 @@ resource "aws_ssm_parameter" "username" {
 resource "aws_ssm_parameter" "password" {
   name  = "${var.parameter_store_path}/Password"
   type  = "SecureString"
-  value = "${var.password}"
+  value = "PLACEHOLDER"
 
   key_id = "${var.password_kms_key_id}"
 

diff --git a/mysql_schema_configuration/outputs.tf b/mysql_schema_configuration/outputs.tf
@@ -2,14 +2,6 @@
  * Copyright (c) 2011 - 2019, Coveo Solutions Inc.
  */
 
-output "user" {
-  value = "${mysql_user.user.user}"
-}
-
-output "host" {
-  value = "${mysql_user.user.host}"
-}
-
 output "schema_name" {
   value = "${mysql_database.schema.name}"
 }

diff --git a/mysql_schema_configuration/variables.tf b/mysql_schema_configuration/variables.tf
@@ -6,10 +6,6 @@ variable "parameter_store_path" {}
 
 variable "schema_name" {}
 
-variable "username" {}
-
-variable "password" {}
-
 variable "password_kms_key_id" {
   default = ""
 }