Merge pull request #17 from ganesh-arkalgud/main

Adding support for providing sensitive file contents for upload

Author: prashantkalkar

CHANGELOG.md

@@ -1,4 +1,31 @@
 ## Unreleased
+Upgrade notes:
+* node_files argument added: Due to possible terraform `sensitive` issues, the files that are to be uploaded to a node will need to be specified separately. 
+  For existing code change as follows:
+    ```terraform
+      nodes         = [{
+        node_ip             = "172.31.140.18"
+        node_id             = "00"
+        node_subnet_id      = data.aws_subnet.subnet1.id
+        node_files_toupload = []
+      }]
+    ```
+  To new code
+    ```terraform
+      nodes         = [{
+        node_ip             = "172.31.140.18"
+        node_id             = "00"
+        node_subnet_id      = data.aws_subnet.subnet1.id
+      }]
+      node_files    = [{
+        node_id             = "00"
+        node_files_toupload = []
+      }]
+    ```
+  Note, the node_id can be any string but if you want to retain the node names use the 2 digit node_id (eg. 00, 01, 05, 10 etc) during the upgrades.
+
+Breaking Changes: 
+* added node_files argument by @ganesh-arkalgud in [#17](https://github.com/prashantkalkar/stateful_application_module/pull/17)
 
 ## v0.4.0
 

README.md

@@ -24,18 +24,29 @@ module "cluster" {
       node_ip             = "<InstanceIPToBeAllocated>"
       node_id             = "<NodeId>" # should be unique
       node_subnet_id      = "<subnet_id>"
-      node_files_toupload = [filebase64("${path.module}/config_file.cfg")]
     },
     {
       node_ip        = "<InstanceIPToBeAllocated>"
       node_id        = "<NodeId>"
       node_subnet_id = "<subnet_id>"
-      node_files_toupload = [filebase64("${path.module}/config_file.cfg")]
     },
     {
       node_ip        = "<InstanceIPToBeAllocated>"
       node_id        = "<NodeId>"
       node_subnet_id = "<subnet_id>"
+    }
+  ]
+  node_files         = [
+    {
+      node_id             = "<NodeId>" # should be unique
+      node_files_toupload = [filebase64("${path.module}/config_file.cfg")]
+    },
+    {
+      node_id        = "<NodeId>"
+      node_files_toupload = [filebase64("${path.module}/config_file.cfg")]
+    },
+    {
+      node_id        = "<NodeId>"
       node_files_toupload = [filebase64("${path.module}/config_file.cfg")]
     }
   ]
@@ -183,9 +194,10 @@ https://aws.amazon.com/premiumsupport/knowledge-center/ec2-ubuntu-secondary-netw
 | <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | n/a | `string` | n/a | yes |
 | <a name="input_jq_download_url"></a> [jq\_download\_url](#input\_jq\_download\_url) | n/a | `string` | `"https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64"` | no |
 | <a name="input_node_config_script"></a> [node\_config\_script](#input\_node\_config\_script) | Base64 encoded node configuration shell script.<br>  Must include configure\_cluster\_node and wait\_for\_healthy\_cluster function. Check documentation for more details about the contract | `string` | n/a | yes |
+| <a name="input_node_files"></a> [node\_files](#input\_node\_files) | node\_id = node identifier (this is not a index and need not in any specific ordered).<br>    node\_files\_toupload = list of file to be uploaded per node. These can be cluster config files etc.<br>    node\_files\_toupload.contents = Base64 encoded contents of the file to be uploaded on the node.<br>    node\_files\_toupload.destination = File destination on the node. This will be the file path and name on the node. The file ownership should be changed by node\_config\_script. | <pre>set(object({<br>    node_id = string<br>    node_files_toupload = optional(list(object({<br>      contents = string<br>      destination = string<br>    })), [])<br>  }))</pre> | n/a | yes |
 | <a name="input_node_image"></a> [node\_image](#input\_node\_image) | n/a | `string` | n/a | yes |
 | <a name="input_node_key_name"></a> [node\_key\_name](#input\_node\_key\_name) | n/a | `string` | n/a | yes |
-| <a name="input_nodes"></a> [nodes](#input\_nodes) | node\_id = node identifier (this is not a index and need not in any specific ordered).<br>    node\_ip = IP address of the cluster node. This should be available within the subnet.<br>    node\_image = image for node of the cluster node.<br>    node\_subnet\_id = Id of the subnet where node should be created.<br>    node\_files\_toupload = list of file to be uploaded per node. These can be cluster confi files etc.<br>    node\_files\_toupload.contents = Base64 encoded contents of the file to be uploaded on the node.<br>    node\_files\_toupload.destination = File destination on the node. This will be the file path and name on the node. The file ownership should be changed by node\_config\_script. | <pre>set(object({<br>    node_id = string<br>    node_ip = string<br>    node_image = optional(string)<br>    node_subnet_id = string<br>    node_files_toupload = optional(list(object({<br>      contents = string<br>      destination = string<br>    })), [])<br>  }))</pre> | n/a | yes |
+| <a name="input_nodes"></a> [nodes](#input\_nodes) | node\_id = node identifier (this is not a index and need not in any specific ordered).<br>    node\_ip = IP address of the cluster node. This should be available within the subnet.<br>    node\_image = image for node of the cluster node.<br>    node\_subnet\_id = Id of the subnet where node should be created. | <pre>set(object({<br>    node_id = string<br>    node_ip = string<br>    node_image = optional(string)<br>    node_subnet_id = string<br>  }))</pre> | n/a | yes |
 | <a name="input_root_volume"></a> [root\_volume](#input\_root\_volume) | n/a | <pre>object({<br>    device_name = string<br>    size_in_gibs = number<br>    type = string<br>  })</pre> | <pre>{<br>  "device_name": "/dev/xvda",<br>  "size_in_gibs": 16,<br>  "type": "gp3"<br>}</pre> | no |
 | <a name="input_security_groups"></a> [security\_groups](#input\_security\_groups) | n/a | `list(string)` | n/a | yes |
 

main.tf

@@ -1,5 +1,6 @@
 locals {
   node_id_to_node_map = {for node in var.nodes : node.node_id => node}
+  node_id_to_node_files_map = {for node in var.node_files : node.node_id => node}
 }
 
 module "cluster_nodes" {
@@ -12,7 +13,7 @@ module "cluster_nodes" {
   node_ip                              = each.value.node_ip
   node_key_name                        = var.node_key_name
   node_subnet_id                       = each.value.node_subnet_id
-  node_files_toupload                  = each.value.node_files_toupload
+  node_files_toupload                 = lookup(local.node_id_to_node_files_map, each.key).node_files_toupload
   node_config_script                   = var.node_config_script
   security_groups                      = var.security_groups
   node_image                           = each.value.node_image != null ? each.value.node_image : var.node_image

variables.tf

@@ -4,17 +4,26 @@ variable "nodes" {
     node_ip = string
     node_image = optional(string)
     node_subnet_id = string
+  }))
+  description = <<EOT
+    node_id = node identifier (this is not a index and need not in any specific ordered).
+    node_ip = IP address of the cluster node. This should be available within the subnet.
+    node_image = image for node of the cluster node.
+    node_subnet_id = Id of the subnet where node should be created.
+  EOT
+}
+
+variable "node_files" {
+  type = set(object({
+    node_id = string
     node_files_toupload = optional(list(object({
       contents = string
       destination = string
     })), [])
   }))
   description = <<EOT
     node_id = node identifier (this is not a index and need not in any specific ordered).
-    node_ip = IP address of the cluster node. This should be available within the subnet.
-    node_image = image for node of the cluster node.
-    node_subnet_id = Id of the subnet where node should be created.
-    node_files_toupload = list of file to be uploaded per node. These can be cluster confi files etc.
+    node_files_toupload = list of file to be uploaded per node. These can be cluster config files etc.
     node_files_toupload.contents = Base64 encoded contents of the file to be uploaded on the node.
     node_files_toupload.destination = File destination on the node. This will be the file path and name on the node. The file ownership should be changed by node_config_script.
   EOT