New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Initial Implementation #1
Merged
Merged
Changes from all commits
Commits
Show all changes
22 commits
Select commit
Hold shift + click to select a range
9ebb9a6
+ added initial elasticache redis implementation
maxcoulombe 1ad98a1
Merge branch 'main' into vault-7720-ElastiCacheRedisBootstrap
maxcoulombe 7a03f33
+ added acceptance tests
maxcoulombe fb64bc5
Merge remote-tracking branch 'origin/main' into vault-7720-ElastiCach…
maxcoulombe 110ab66
* go mod tidy
maxcoulombe 0b39bfd
* fix tests
maxcoulombe ecb43aa
Vault 7721 ElastiCache Acceptance Tests (#3)
maxcoulombe 950f372
Merge branch 'main' into vault-7720-ElastiCacheRedisBootstrap
maxcoulombe bced1df
* update jira action
maxcoulombe 28c410c
* review refactoring
maxcoulombe e84347d
* refactored package
maxcoulombe bdc5375
* typo
maxcoulombe 78aef98
* forbid off users
maxcoulombe 681e221
* supporting user groups
maxcoulombe 65e1059
* refactor
maxcoulombe 2f3a01e
* switched to static-role support only
maxcoulombe 23a967c
Vault 7916 user group support (#10)
maxcoulombe 0efd193
* change readme for static creds only
maxcoulombe 385357c
* clean-up
maxcoulombe 284933b
Merge branch 'vault-7916-userGroupSupport' into vault-7720-ElastiCach…
maxcoulombe 575ab78
* fmt
maxcoulombe e22fb44
* fix go.mod conflict
maxcoulombe File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,104 @@ | ||
provider "aws" { | ||
// Credentials and configuration derived from the environment | ||
// Uncomment if you wish to configure the provider explicitly | ||
|
||
// access_key = "" | ||
// secret_key = "" | ||
// region = "" | ||
} | ||
|
||
resource "random_password" "vault_plugin_elasticache_test" { | ||
length = 16 | ||
} | ||
|
||
resource "aws_elasticache_replication_group" "vault_plugin_elasticache_test" { | ||
replication_group_id = "vault-plugin-elasticache-test" | ||
description = "vault elasticache plugin generated test cluster" | ||
engine = "REDIS" | ||
engine_version = "6.2" | ||
node_type = "cache.t4g.micro" | ||
num_cache_clusters = 1 | ||
parameter_group_name = "default.redis6.x" | ||
transit_encryption_enabled = true | ||
user_group_ids = [aws_elasticache_user_group.vault_plugin_elasticache_test.id] | ||
|
||
tags = { | ||
"description" : "vault elasticache plugin generated test cluster" | ||
} | ||
} | ||
|
||
resource "aws_elasticache_user_group" "vault_plugin_elasticache_test" { | ||
engine = "REDIS" | ||
user_group_id = "vault-test-user-group" | ||
user_ids = ["default", aws_elasticache_user.vault_plugin_elasticache_test.user_id] | ||
} | ||
|
||
resource "aws_elasticache_user" "vault_plugin_elasticache_test" { | ||
user_id = "vault-test" | ||
user_name = "vault-test" | ||
access_string = "on ~* +@all" | ||
engine = "REDIS" | ||
passwords = [random_password.vault_plugin_elasticache_test.result] | ||
} | ||
|
||
resource "aws_iam_user" "vault_plugin_elasticache_test" { | ||
name = "vault-plugin-elasticache-user-test" | ||
|
||
tags = { | ||
"description" : "vault elasticache plugin generated test user" | ||
} | ||
} | ||
|
||
resource "aws_iam_access_key" "vault_plugin_elasticache_test" { | ||
user = aws_iam_user.vault_plugin_elasticache_test.name | ||
} | ||
|
||
resource "aws_iam_user_policy" "vault_plugin_elasticache_test" { | ||
name = "vault-plugin-elasticache-policy-test" | ||
user = aws_iam_user.vault_plugin_elasticache_test.name | ||
|
||
policy = data.aws_iam_policy_document.vault_plugin_elasticache_test.json | ||
} | ||
|
||
data "aws_iam_policy_document" "vault_plugin_elasticache_test" { | ||
statement { | ||
actions = [ | ||
"elasticache:DescribeUsers", | ||
"elasticache:ModifyUser", | ||
] | ||
resources = [ | ||
"arn:aws:elasticache:*.*:user:*", | ||
] | ||
} | ||
} | ||
|
||
// export TEST_ELASTICACHE_USERNAME=${username} | ||
output "username" { | ||
value = aws_iam_access_key.vault_plugin_elasticache_test.id | ||
} | ||
|
||
// export TEST_ELASTICACHE_PASSWORD=${password} | ||
// Use `terraform output password` to access the value | ||
output "password" { | ||
sensitive = true | ||
value = aws_iam_access_key.vault_plugin_elasticache_test.secret | ||
} | ||
|
||
// export TEST_ELASTICACHE_URL=${url} | ||
output "url" { | ||
value = format( | ||
"%s:%s", | ||
aws_elasticache_replication_group.vault_plugin_elasticache_test.primary_endpoint_address, | ||
aws_elasticache_replication_group.vault_plugin_elasticache_test.port) | ||
} | ||
|
||
// export TEST_ELASTICACHE_REGION=${region} | ||
data "aws_region" "current" {} | ||
output "region" { | ||
value = data.aws_region.current.name | ||
} | ||
|
||
// export TEST_ELASTICACHE_USER=${user} | ||
output "user" { | ||
value = aws_elasticache_user.vault_plugin_elasticache_test.user_name | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
package main | ||
|
||
import ( | ||
"log" | ||
"os" | ||
|
||
"github.com/hashicorp/vault-plugin-database-redis-elasticache" | ||
"github.com/hashicorp/vault/sdk/database/dbplugin/v5" | ||
) | ||
|
||
func main() { | ||
if err := Run(); err != nil { | ||
log.Println(err) | ||
os.Exit(1) | ||
} | ||
} | ||
|
||
// Run starts serving the plugin | ||
func Run() error { | ||
dbplugin.ServeMultiplex(rediselasticache.New) | ||
|
||
return nil | ||
} |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice! 👍