From 3c3e5f14c23532154d2316e47dfcc62e2c23d252 Mon Sep 17 00:00:00 2001 From: Rodrigue Koffi Date: Wed, 8 May 2024 17:43:04 +0200 Subject: [PATCH 1/3] Randomize SSM parameter name for GF token --- modules/eks-monitoring/add-ons/external-secrets/README.md | 2 ++ modules/eks-monitoring/add-ons/external-secrets/main.tf | 5 ++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/eks-monitoring/add-ons/external-secrets/README.md b/modules/eks-monitoring/add-ons/external-secrets/README.md index 62d7a5cd..d284124f 100644 --- a/modules/eks-monitoring/add-ons/external-secrets/README.md +++ b/modules/eks-monitoring/add-ons/external-secrets/README.md @@ -18,6 +18,7 @@ This deploys an EKS Cluster with the External Secrets Operator. The cluster is p |------|---------| | [aws](#provider\_aws) | >= 3.72 | | [kubectl](#provider\_kubectl) | >= 2.0.3 | +| [random](#provider\_random) | n/a | ## Modules @@ -35,6 +36,7 @@ This deploys an EKS Cluster with the External Secrets Operator. The cluster is p | [aws_ssm_parameter.secret](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_parameter) | resource | | [kubectl_manifest.cluster_secretstore](https://registry.terraform.io/providers/alekc/kubectl/latest/docs/resources/manifest) | resource | | [kubectl_manifest.secret](https://registry.terraform.io/providers/alekc/kubectl/latest/docs/resources/manifest) | resource | +| [random_uuid.grafana_key_suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/uuid) | resource | | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | ## Inputs diff --git a/modules/eks-monitoring/add-ons/external-secrets/main.tf b/modules/eks-monitoring/add-ons/external-secrets/main.tf index dfd3669b..0f9fca43 100644 --- a/modules/eks-monitoring/add-ons/external-secrets/main.tf +++ b/modules/eks-monitoring/add-ons/external-secrets/main.tf @@ -76,8 +76,11 @@ YAML depends_on = [module.external_secrets] } +resource "random_uuid" "grafana_key_suffix" { +} + resource "aws_ssm_parameter" "secret" { - name = "/terraform-accelerator/grafana-api-key" + name = "/terraform-accelerator/grafana-api-key/${random_uuid.grafana_key_suffix.result}" description = "SSM Secret to store grafana API Key" type = "SecureString" value = jsonencode({ From 590b281cd8301720352c4536049e253dd622b8ac Mon Sep 17 00:00:00 2001 From: Rodrigue Koffi Date: Wed, 8 May 2024 17:44:00 +0200 Subject: [PATCH 2/3] Run pre-commit --- examples/existing-cluster-with-base-and-infra/cleanup.sh | 2 +- examples/existing-cluster-with-base-and-infra/install.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/existing-cluster-with-base-and-infra/cleanup.sh b/examples/existing-cluster-with-base-and-infra/cleanup.sh index 713b7b9f..1c9402ae 100755 --- a/examples/existing-cluster-with-base-and-infra/cleanup.sh +++ b/examples/existing-cluster-with-base-and-infra/cleanup.sh @@ -28,4 +28,4 @@ if [[ $? -eq 0 && $destroy_output == *"Destroy complete!"* ]]; then else echo "FAILED: Terraform destroy of all targets failed" exit 1 -fi \ No newline at end of file +fi diff --git a/examples/existing-cluster-with-base-and-infra/install.sh b/examples/existing-cluster-with-base-and-infra/install.sh index 270289c7..a94380b6 100755 --- a/examples/existing-cluster-with-base-and-infra/install.sh +++ b/examples/existing-cluster-with-base-and-infra/install.sh @@ -29,4 +29,4 @@ if [[ ${PIPESTATUS[0]} -eq 0 && $apply_output == *"Apply complete"* ]]; then else echo "FAILED: Terraform apply of all modules failed" exit 1 -fi \ No newline at end of file +fi From 47378f7203d6476983c7aa9d916513c2792feea8 Mon Sep 17 00:00:00 2001 From: Rodrigue Koffi Date: Fri, 10 May 2024 10:00:17 +0200 Subject: [PATCH 3/3] Add versions --- modules/eks-monitoring/add-ons/external-secrets/README.md | 3 ++- modules/eks-monitoring/add-ons/external-secrets/versions.tf | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/eks-monitoring/add-ons/external-secrets/README.md b/modules/eks-monitoring/add-ons/external-secrets/README.md index d284124f..2d8f32d3 100644 --- a/modules/eks-monitoring/add-ons/external-secrets/README.md +++ b/modules/eks-monitoring/add-ons/external-secrets/README.md @@ -11,6 +11,7 @@ This deploys an EKS Cluster with the External Secrets Operator. The cluster is p | [aws](#requirement\_aws) | >= 3.72 | | [kubectl](#requirement\_kubectl) | >= 2.0.3 | | [kubernetes](#requirement\_kubernetes) | >= 2.10 | +| [random](#requirement\_random) | >= 3.6.1 | ## Providers @@ -18,7 +19,7 @@ This deploys an EKS Cluster with the External Secrets Operator. The cluster is p |------|---------| | [aws](#provider\_aws) | >= 3.72 | | [kubectl](#provider\_kubectl) | >= 2.0.3 | -| [random](#provider\_random) | n/a | +| [random](#provider\_random) | >= 3.6.1 | ## Modules diff --git a/modules/eks-monitoring/add-ons/external-secrets/versions.tf b/modules/eks-monitoring/add-ons/external-secrets/versions.tf index 71b0a884..69b48d4b 100644 --- a/modules/eks-monitoring/add-ons/external-secrets/versions.tf +++ b/modules/eks-monitoring/add-ons/external-secrets/versions.tf @@ -14,5 +14,9 @@ terraform { source = "alekc/kubectl" version = ">= 2.0.3" } + random = { + source = "hashicorp/random" + version = ">= 3.6.1" + } } }