From d72ae6a5da95fe7d4aa0246a913bdcf3bf87a8b3 Mon Sep 17 00:00:00 2001 From: Gavin Williams <109519102+fatmcgav-depop@users.noreply.github.com> Date: Tue, 9 Aug 2022 16:17:04 +0100 Subject: [PATCH 1/3] Fix issue when attempting to set `create_proxy = false` Spotted this issue whilst trying to integrate this module into some existing code where we don't always want to create a RDS Proxy instance, but when we are creating a proxy we want a default set of endpoints. Setting `create_proxy = false` works for the majority of resources, however the `aws_db_proxy_endpoint` resource uses a `for_each` which will try and create endpoints against a non-existent DB proxy. So switch to using a `local` which gets set to an empty map if `var.create_proxy` is false. --- main.tf | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/main.tf b/main.tf index 656d23a..d7aa171 100644 --- a/main.tf +++ b/main.tf @@ -1,7 +1,8 @@ locals { - role_arn = var.create_proxy && var.create_iam_role ? aws_iam_role.this[0].arn : var.role_arn - role_name = coalesce(var.iam_role_name, var.name) - policy_name = coalesce(var.iam_policy_name, var.name) + role_arn = var.create_proxy && var.create_iam_role ? aws_iam_role.this[0].arn : var.role_arn + role_name = coalesce(var.iam_role_name, var.name) + policy_name = coalesce(var.iam_policy_name, var.name) + db_proxy_endpoints = var.create_proxy ? var.db_proxy_endpoints : {} } data "aws_region" "current" {} @@ -68,7 +69,7 @@ resource "aws_db_proxy_target" "db_cluster" { } resource "aws_db_proxy_endpoint" "this" { - for_each = var.db_proxy_endpoints + for_each = local.db_proxy_endpoints db_proxy_name = aws_db_proxy.this[0].name db_proxy_endpoint_name = each.value.name From 2a76143c5cd33b029653dc2d07efc3d46b459d93 Mon Sep 17 00:00:00 2001 From: Gavin Williams Date: Wed, 10 Aug 2022 17:29:26 +0100 Subject: [PATCH 2/3] Remove the un-necessary `local`. Instead add the conditional to the `for_each` statement. Thanks for the suggestion @bryantbiggs. --- main.tf | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/main.tf b/main.tf index d7aa171..fb4d0f0 100644 --- a/main.tf +++ b/main.tf @@ -1,8 +1,7 @@ locals { - role_arn = var.create_proxy && var.create_iam_role ? aws_iam_role.this[0].arn : var.role_arn - role_name = coalesce(var.iam_role_name, var.name) - policy_name = coalesce(var.iam_policy_name, var.name) - db_proxy_endpoints = var.create_proxy ? var.db_proxy_endpoints : {} + role_arn = var.create_proxy && var.create_iam_role ? aws_iam_role.this[0].arn : var.role_arn + role_name = coalesce(var.iam_role_name, var.name) + policy_name = coalesce(var.iam_policy_name, var.name) } data "aws_region" "current" {} @@ -69,7 +68,7 @@ resource "aws_db_proxy_target" "db_cluster" { } resource "aws_db_proxy_endpoint" "this" { - for_each = local.db_proxy_endpoints + for_each = { for k, v in var.db_proxy_endpoints : k => v if var.create_proxy } db_proxy_name = aws_db_proxy.this[0].name db_proxy_endpoint_name = each.value.name From 65d636632d12fc52cc680457617e0f7c0342f194 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Wed, 10 Aug 2022 14:29:20 -0400 Subject: [PATCH 3/3] fix: Correct lint checks to pass --- .pre-commit-config.yaml | 4 ++-- examples/mysql_iam_cluster/main.tf | 2 +- examples/mysql_iam_instance/main.tf | 2 +- examples/postgresql_iam_cluster/main.tf | 2 +- examples/postgresql_iam_instance/main.tf | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index a0925b0..727e21c 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.68.1 + rev: v1.74.1 hooks: - id: terraform_fmt - id: terraform_validate @@ -23,7 +23,7 @@ repos: - '--args=--only=terraform_standard_module_structure' - '--args=--only=terraform_workspace_remote' - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.2.0 + rev: v4.3.0 hooks: - id: check-merge-conflict - id: end-of-file-fixer diff --git a/examples/mysql_iam_cluster/main.tf b/examples/mysql_iam_cluster/main.tf index 4a45909..ef274d6 100644 --- a/examples/mysql_iam_cluster/main.tf +++ b/examples/mysql_iam_cluster/main.tf @@ -47,7 +47,7 @@ module "rds_proxy" { } secrets = { - "${local.db_username}" = { + (local.db_username) = { description = aws_secretsmanager_secret.superuser.description arn = aws_secretsmanager_secret.superuser.arn kms_key_id = aws_secretsmanager_secret.superuser.kms_key_id diff --git a/examples/mysql_iam_instance/main.tf b/examples/mysql_iam_instance/main.tf index 77aef11..53348a4 100644 --- a/examples/mysql_iam_instance/main.tf +++ b/examples/mysql_iam_instance/main.tf @@ -47,7 +47,7 @@ module "rds_proxy" { } secrets = { - "${local.db_username}" = { + (local.db_username) = { description = aws_secretsmanager_secret.superuser.description arn = aws_secretsmanager_secret.superuser.arn kms_key_id = aws_secretsmanager_secret.superuser.kms_key_id diff --git a/examples/postgresql_iam_cluster/main.tf b/examples/postgresql_iam_cluster/main.tf index 9847c5e..26f85f1 100644 --- a/examples/postgresql_iam_cluster/main.tf +++ b/examples/postgresql_iam_cluster/main.tf @@ -47,7 +47,7 @@ module "rds_proxy" { } secrets = { - "${local.db_username}" = { + (local.db_username) = { description = aws_secretsmanager_secret.superuser.description arn = aws_secretsmanager_secret.superuser.arn kms_key_id = aws_secretsmanager_secret.superuser.kms_key_id diff --git a/examples/postgresql_iam_instance/main.tf b/examples/postgresql_iam_instance/main.tf index 4f3014e..7dc47c9 100644 --- a/examples/postgresql_iam_instance/main.tf +++ b/examples/postgresql_iam_instance/main.tf @@ -47,7 +47,7 @@ module "rds_proxy" { } secrets = { - "${local.db_username}" = { + (local.db_username) = { description = aws_secretsmanager_secret.superuser.description arn = aws_secretsmanager_secret.superuser.arn kms_key_id = aws_secretsmanager_secret.superuser.kms_key_id