Merge pull request #798 from rickard-von-essen/redis-instance-conn

feat: redis instance - Store serverCaCerts.[].cert to connection details

Author: turkenf

config/cluster/redis/config.go

@@ -13,37 +13,53 @@ import (
 // Configure configures individual resources by adding custom
 // ResourceConfigurators.
 func Configure(p *config.Provider) {
-	p.AddResourceConfigurator("google_redis_instance", func(r *config.Resource) {
-		config.MarkAsRequired(r.TerraformResource, "region")
-		r.Sensitive.AdditionalConnectionDetailsFn = func(attr map[string]any) (map[string][]byte, error) {
-			conn := map[string][]byte{}
-			if a, ok := attr["host"].(string); ok {
-				conn["host"] = []byte(a)
+	p.AddResourceConfigurator("google_redis_instance", redisInstance)
+	p.AddResourceConfigurator("google_redis_cluster", redisCluster)
+}
+
+func redisInstance(r *config.Resource) {
+	config.MarkAsRequired(r.TerraformResource, "region")
+	r.Sensitive.AdditionalConnectionDetailsFn = func(attr map[string]any) (map[string][]byte, error) {
+		conn := map[string][]byte{}
+		if host, ok := attr["host"].(string); ok {
+			conn["host"] = []byte(host)
+		}
+		if port, ok := attr["port"].(float64); ok {
+			conn["port"] = []byte(fmt.Sprintf("%g", port))
+		}
+		if caCerts, ok := attr["server_ca_certs"].([]any); ok {
+			for i, ca := range caCerts {
+				if caCerts, ok := ca.(map[string]any); ok && len(caCerts) > 0 {
+					if cert, ok := caCerts["cert"].(string); ok {
+						key := fmt.Sprintf("server_ca_certs_%d_cert", i)
+						conn[key] = []byte(cert)
+					}
+				}
 			}
-			return conn, nil
 		}
-	})
+		return conn, nil
+	}
+}
 
-	p.AddResourceConfigurator("google_redis_cluster", func(r *config.Resource) {
-		r.MarkAsRequired("region")
-		r.UseAsync = true
-		r.Sensitive.AdditionalConnectionDetailsFn = func(attr map[string]any) (map[string][]byte, error) {
-			conn := map[string][]byte{}
-			if discoveryendpoints, ok := attr["discovery_endpoints"].([]any); ok {
-				for i, de := range discoveryendpoints {
-					if discoveryendpoints, ok := de.(map[string]any); ok && len(discoveryendpoints) > 0 {
-						if address, ok := discoveryendpoints["address"].(string); ok {
-							key := fmt.Sprintf("discovery_endpoints_%d_address", i)
-							conn[key] = []byte(address)
-						}
-						if port, ok := discoveryendpoints["port"].(float64); ok {
-							key := fmt.Sprintf("discovery_endpoints_%d_port", i)
-							conn[key] = []byte(fmt.Sprintf("%g", port))
-						}
+func redisCluster(r *config.Resource) {
+	r.MarkAsRequired("region")
+	r.UseAsync = true
+	r.Sensitive.AdditionalConnectionDetailsFn = func(attr map[string]any) (map[string][]byte, error) {
+		conn := map[string][]byte{}
+		if discoveryendpoints, ok := attr["discovery_endpoints"].([]any); ok {
+			for i, de := range discoveryendpoints {
+				if discoveryendpoints, ok := de.(map[string]any); ok && len(discoveryendpoints) > 0 {
+					if address, ok := discoveryendpoints["address"].(string); ok {
+						key := fmt.Sprintf("discovery_endpoints_%d_address", i)
+						conn[key] = []byte(address)
+					}
+					if port, ok := discoveryendpoints["port"].(float64); ok {
+						key := fmt.Sprintf("discovery_endpoints_%d_port", i)
+						conn[key] = []byte(fmt.Sprintf("%g", port))
 					}
 				}
 			}
-			return conn, nil
 		}
-	})
+		return conn, nil
+	}
 }

config/namespaced/redis/config.go

@@ -13,37 +13,53 @@ import (
 // Configure configures individual resources by adding custom
 // ResourceConfigurators.
 func Configure(p *config.Provider) {
-	p.AddResourceConfigurator("google_redis_instance", func(r *config.Resource) {
-		config.MarkAsRequired(r.TerraformResource, "region")
-		r.Sensitive.AdditionalConnectionDetailsFn = func(attr map[string]any) (map[string][]byte, error) {
-			conn := map[string][]byte{}
-			if a, ok := attr["host"].(string); ok {
-				conn["host"] = []byte(a)
+	p.AddResourceConfigurator("google_redis_instance", redisInstance)
+	p.AddResourceConfigurator("google_redis_cluster", redisCluster)
+}
+
+func redisInstance(r *config.Resource) {
+	config.MarkAsRequired(r.TerraformResource, "region")
+	r.Sensitive.AdditionalConnectionDetailsFn = func(attr map[string]any) (map[string][]byte, error) {
+		conn := map[string][]byte{}
+		if host, ok := attr["host"].(string); ok {
+			conn["host"] = []byte(host)
+		}
+		if port, ok := attr["port"].(float64); ok {
+			conn["port"] = []byte(fmt.Sprintf("%g", port))
+		}
+		if caCerts, ok := attr["server_ca_certs"].([]any); ok {
+			for i, ca := range caCerts {
+				if caCerts, ok := ca.(map[string]any); ok && len(caCerts) > 0 {
+					if cert, ok := caCerts["cert"].(string); ok {
+						key := fmt.Sprintf("server_ca_certs_%d_cert", i)
+						conn[key] = []byte(cert)
+					}
+				}
 			}
-			return conn, nil
 		}
-	})
+		return conn, nil
+	}
+}
 
-	p.AddResourceConfigurator("google_redis_cluster", func(r *config.Resource) {
-		r.MarkAsRequired("region")
-		r.UseAsync = true
-		r.Sensitive.AdditionalConnectionDetailsFn = func(attr map[string]any) (map[string][]byte, error) {
-			conn := map[string][]byte{}
-			if discoveryendpoints, ok := attr["discovery_endpoints"].([]any); ok {
-				for i, de := range discoveryendpoints {
-					if discoveryendpoints, ok := de.(map[string]any); ok && len(discoveryendpoints) > 0 {
-						if address, ok := discoveryendpoints["address"].(string); ok {
-							key := fmt.Sprintf("discovery_endpoints_%d_address", i)
-							conn[key] = []byte(address)
-						}
-						if port, ok := discoveryendpoints["port"].(float64); ok {
-							key := fmt.Sprintf("discovery_endpoints_%d_port", i)
-							conn[key] = []byte(fmt.Sprintf("%g", port))
-						}
+func redisCluster(r *config.Resource) {
+	r.MarkAsRequired("region")
+	r.UseAsync = true
+	r.Sensitive.AdditionalConnectionDetailsFn = func(attr map[string]any) (map[string][]byte, error) {
+		conn := map[string][]byte{}
+		if discoveryendpoints, ok := attr["discovery_endpoints"].([]any); ok {
+			for i, de := range discoveryendpoints {
+				if discoveryendpoints, ok := de.(map[string]any); ok && len(discoveryendpoints) > 0 {
+					if address, ok := discoveryendpoints["address"].(string); ok {
+						key := fmt.Sprintf("discovery_endpoints_%d_address", i)
+						conn[key] = []byte(address)
+					}
+					if port, ok := discoveryendpoints["port"].(float64); ok {
+						key := fmt.Sprintf("discovery_endpoints_%d_port", i)
+						conn[key] = []byte(fmt.Sprintf("%g", port))
 					}
 				}
 			}
-			return conn, nil
 		}
-	})
+		return conn, nil
+	}
 }

examples/cluster/redis/v1beta1/cluster.yaml

@@ -9,7 +9,7 @@ metadata:
   name: cluster-ha
 spec:
   forProvider:
-    authorizationMode: AUTH_MODE_DISABLED
+    authorizationMode: AUTH_MODE_IAM_AUTH
     deletionProtectionEnabled: false
     nodeType: REDIS_SHARED_CORE_NANO
     pscConfigs:
@@ -21,9 +21,12 @@ spec:
     region: us-central1
     replicaCount: 1
     shardCount: 3
-    transitEncryptionMode: TRANSIT_ENCRYPTION_MODE_DISABLED
+    transitEncryptionMode: TRANSIT_ENCRYPTION_MODE_SERVER_AUTHENTICATION
     zoneDistributionConfig:
       mode: MULTI_ZONE
+  writeConnectionSecretToRef:
+    name: example-redis-cluster-secret
+    namespace: upbound-system
 
 ---
 

examples/namespaced/redis/v1beta1/cluster.yaml

@@ -10,7 +10,7 @@ metadata:
   namespace: upbound-system
 spec:
   forProvider:
-    authorizationMode: AUTH_MODE_DISABLED
+    authorizationMode: AUTH_MODE_IAM_AUTH
     deletionProtectionEnabled: false
     nodeType: REDIS_SHARED_CORE_NANO
     pscConfigs:
@@ -22,9 +22,13 @@ spec:
     region: us-central1
     replicaCount: 1
     shardCount: 3
-    transitEncryptionMode: TRANSIT_ENCRYPTION_MODE_DISABLED
+    transitEncryptionMode: TRANSIT_ENCRYPTION_MODE_SERVER_AUTHENTICATION
     zoneDistributionConfig:
       mode: MULTI_ZONE
+  writeConnectionSecretToRef:
+    name: example-redis-cluster-secret
+    namespace: upbound-system
+      
 ---
 apiVersion: compute.gcp.m.upbound.io/v1beta1
 kind: Network