upgrading the documentation for this module and removing user/pass inputs for the clone

apolloakora · apolloakora · commit 6431307b7d37 · 2019-08-08T17:56:11.000+01:00
diff --git a/README.md b/README.md
@@ -1,63 +1,81 @@
 
-# Create PostgreSQL RDS Database | Terraform Module
+# PostgreSQL RDS | Enterprise Grade | Terraform Module
 
-Create a simple 32G AWS PostgreSQL RDS database. This module suits rapid proof of concept development - it is not designed to provision a production quality enterprise database.
+Provision either a new **enterprise grade** PostgreSQL RDS database or **create a clone of another database from its snapshot**. In this context enterprise grade means
+- a 48 long password chosen from a set of 70 characters
+- a non predictable master database username string
+- a high redundancy multi-availability zone database
+- private subnet residency in a non-default VPC (if you so wish)
+- behind the scenes encryption at rest
+- robust options for backup (maintenance) windows and retention period
+- sensible descriptive resource tags
 
-The username is readwrite and the database listens on port 5432. Just provide a security group, private subnet ids, the database name and the ubiquitous tag information.
+## From Snapshot or New
 
-The only outputs needed are the out_database_hostname and the simple terraform generated out_database_password.
+This module will conditionally **instantiate from a snapshot** depending on a boolean variable that you provide.
 
-## Usage
+## integration test | Jenkinsfile
 
-    locals
-    {
-        ecosystem_name = "business-app"
-    }
+This module comes with an **[integraion test](integration/postgres.test-main.tf)** and a Jenkinsfile so you know that it has been validated day in, day out. It doesn't grow stale and stop working like many other Terraform modules.
 
-    module postgres_db
-    {
-        source     = "github.com/devops4me/terraform-aws-postgres-rds"
-        in_security_group_id = "${ module.security-group.out_security_group_id }"
-        in_db_subnet_ids = "${ module.vpc-network.out_private_subnet_ids }"
+## Test Drive | Create Two Databases
 
-        in_database_name = "businessdata"
+Why not test drive this PostgreSQL terraform module.
 
-        in_ecosystem_name  = "${ local.ecosystem_name }"
-        in_tag_timestamp   = "${ module.resource-tags.out_tag_timestamp }"
-        in_tag_description = "${ module.resource-tags.out_tag_description }"
-    }
+```
+git clone https://github.com/devops4me/terraform-aws-postgres-rds
+cd terraform-aws-postgres-rds/integration
+# Export your AWS Credentials and Region
+terraform init
+terraform deploy
+```
+
+## Usage | Creating New and Cloned Databases
 
-    module vpc-network
-    {
-        source                 = "github.com/devops4me/terraform-aws-vpc-network"
-        in_vpc_cidr            = "10.66.0.0/16"
-        in_num_public_subnets  = 3
-        in_num_private_subnets = 3
+This is a small insight 
 
-        in_ecosystem_name  = "${ local.ecosystem_name }"
-        in_tag_timestamp   = "${ module.resource-tags.out_tag_timestamp }"
-        in_tag_description = "${ module.resource-tags.out_tag_description }"
+```
+    locals {
+        ecosystem_name = "canary"
+        fresh_db_name  = "freshdb"
+        clone_db_name  = "clonedb"
     }
 
-    module security-group
-    {
-        source         = "github.com/devops4me/terraform-aws-security-group"
-        in_ingress     = [ "ssh", "https",  ]
-        in_vpc_id      = "${ module.vpc-network.out_vpc_id }"
+    module fresh_db {
+
+        source = "github.com/devops4me/terraform-aws-postgres-rds"
+
+        in_security_group_id = module.security-group.out_security_group_id
+        in_db_subnet_ids     = module.vpc-network.out_private_subnet_ids
+        in_database_name     = local.fresh_db_name
 
-        in_ecosystem_name  = "${ local.ecosystem_name }"
-        in_tag_timestamp   = "${ module.resource-tags.out_tag_timestamp }"
-        in_tag_description = "${ module.resource-tags.out_tag_description }"
+        in_ecosystem_name  = local.ecosystem_name
+        in_tag_timestamp   = module.resource-tags.out_tag_timestamp
+        in_tag_description = module.resource-tags.out_tag_description
     }
 
-    module resource-tags
-    {
-        source = "github.com/devops4me/terraform-aws-resource-tags"
+    module clone_db {
+
+        source = "github.com/devops4me/terraform-aws-postgres-rds"
+
+        in_security_group_id = module.security-group.out_security_group_id
+        in_db_subnet_ids     = module.vpc-network.out_private_subnet_ids
+        in_id_of_db_to_clone = var.in_id_of_db_to_clone
+        in_clone_snapshot = true
+
+        in_database_name = local.clone_db_name
+
+        in_ecosystem_name  = local.ecosystem_name
+        in_tag_timestamp   = module.resource-tags.out_tag_timestamp
+        in_tag_description = module.resource-tags.out_tag_description
     }
+```
 
+The important outputs are the **out_database_hostname**, **out_database_username** and the **out_database_password**.
 
-The important outputs are the **out_database_hostname** and the terraform generated **out_database_password**.
+Look at the integration test for the bells and whistles that terraform demands.
 
+---
 
 ## Inputs
 
diff --git a/integration/postgres.test-main.tf b/integration/postgres.test-main.tf
@@ -50,9 +50,7 @@ module fresh_db {
 
     in_security_group_id = module.security-group.out_security_group_id
     in_db_subnet_ids     = module.vpc-network.out_private_subnet_ids
-    in_id_of_db_to_clone = var.in_id_of_db_to_clone
-
-    in_database_name = local.fresh_db_name
+    in_database_name     = local.fresh_db_name
 
     in_ecosystem_name  = local.ecosystem_name
     in_tag_timestamp   = module.resource-tags.out_tag_timestamp
diff --git a/rds.postgres-main.tf b/rds.postgres-main.tf
@@ -68,6 +68,10 @@ resource aws_db_instance fresh {
  | -- Just providing the ID will not cause this cloning to happen, the
  | -- boolean variable in_clone_snapshot must also be set to true.
  | --
+ | -- Note that the username and password are absent. You are allowed to
+ | -- reset the database name, however you must know the username and
+ | -- password of the DB the snapshot was created from.
+ | --
 */
 resource aws_db_instance clone {
 
@@ -77,8 +81,6 @@ resource aws_db_instance clone {
     identifier = "${ var.in_database_name }-clone-${ var.in_ecosystem_name }-${ var.in_tag_timestamp }"
 
     name     = var.in_database_name
-    username = local.db_username
-    password = random_string.dbpassword.result
     port     = 5432
 
     engine         = "postgres"
@@ -147,14 +149,16 @@ resource aws_db_subnet_group me {
  | --
 */
 resource random_string dbpassword {
-    length  = 32
+    length  = 48
     upper   = true
     lower   = true
     number  = true
-    special = false
+    special = true
+    override_special = "()[]-_:="
 }
 
 
+
 /*
  | --
  | -- It is good practise for the database user name to be suffixed
diff --git a/rds.postgres-outputs.tf b/rds.postgres-outputs.tf
@@ -11,10 +11,10 @@
  | --
 */
 output out_fresh_db_hostname { value = length( aws_db_instance.fresh ) == 0 ? "n/a" : aws_db_instance.fresh[0].address  }
-output out_fresh_db_hostport { value = length( aws_db_instance.fresh ) == 0 ? "n/a" : aws_db_instance.fresh[0].endpoint }
+output out_fresh_db_endpoint { value = length( aws_db_instance.fresh ) == 0 ? "n/a" : aws_db_instance.fresh[0].endpoint }
 
 output out_clone_db_hostname { value = length( aws_db_instance.clone ) == 0 ? "n/a" : aws_db_instance.clone[0].address  }
-output out_clone_db_hostport { value = length( aws_db_instance.clone ) == 0 ? "n/a" : aws_db_instance.clone[0].endpoint }
+output out_clone_db_endpoint { value = length( aws_db_instance.clone ) == 0 ? "n/a" : aws_db_instance.clone[0].endpoint }
 
 output out_database_username { value = local.db_username }
 output out_database_password { value = random_string.dbpassword.result }
