Replace make_primary_cluster with better named cluster_type (#109)

cloudposse · Feb 21, 2021 · 7218e7a · 7218e7a
1 parent 5851f2d
commit 7218e7a
Show file tree

Hide file tree

Showing 6 changed files with 34 additions and 22 deletions.
diff --git a/README.md b/README.md
@@ -378,13 +378,13 @@ Available targets:
 | [aws_db_parameter_group](https://registry.terraform.io/providers/hashicorp/aws/3.1.15/docs/resources/db_parameter_group) |
 | [aws_db_subnet_group](https://registry.terraform.io/providers/hashicorp/aws/3.1.15/docs/resources/db_subnet_group) |
 | [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/3.1.15/docs/data-sources/iam_policy_document) |
-| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/3.1.15/docs/resources/iam_role) |
 | [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/3.1.15/docs/resources/iam_role_policy_attachment) |
-| [aws_rds_cluster](https://registry.terraform.io/providers/hashicorp/aws/3.1.15/docs/resources/rds_cluster) |
+| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/3.1.15/docs/resources/iam_role) |
 | [aws_rds_cluster_instance](https://registry.terraform.io/providers/hashicorp/aws/3.1.15/docs/resources/rds_cluster_instance) |
 | [aws_rds_cluster_parameter_group](https://registry.terraform.io/providers/hashicorp/aws/3.1.15/docs/resources/rds_cluster_parameter_group) |
-| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/3.1.15/docs/resources/security_group) |
+| [aws_rds_cluster](https://registry.terraform.io/providers/hashicorp/aws/3.1.15/docs/resources/rds_cluster) |
 | [aws_security_group_rule](https://registry.terraform.io/providers/hashicorp/aws/3.1.15/docs/resources/security_group_rule) |
+| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/3.1.15/docs/resources/security_group) |
 
 ## Inputs
 
@@ -412,6 +412,7 @@ Available targets:
 | cluster\_identifier | The RDS Cluster Identifier. Will use generated label ID if not supplied | `string` | `""` | no |
 | cluster\_parameters | List of DB cluster parameters to apply | <pre>list(object({<br>    apply_method = string<br>    name         = string<br>    value        = string<br>  }))</pre> | `[]` | no |
 | cluster\_size | Number of DB instances to create in the cluster | `number` | `2` | no |
+| cluster\_type | Either `regional` or `global`.<br>If `regional` will be created as a normal, standalone DB.<br>If `global`, will be made part of a Global cluster (requires `global_cluster_identifier`). | `string` | `"regional"` | no |
 | context | Single object for setting entire context at once.<br>See description of individual variables for details.<br>Leave string and numeric variables as `null` to use default value.<br>Individual variable settings (non-null) override settings in context object,<br>except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | <pre>{<br>  "additional_tag_map": {},<br>  "attributes": [],<br>  "delimiter": null,<br>  "enabled": true,<br>  "environment": null,<br>  "id_length_limit": null,<br>  "label_key_case": null,<br>  "label_order": [],<br>  "label_value_case": null,<br>  "name": null,<br>  "namespace": null,<br>  "regex_replace_chars": null,<br>  "stage": null,<br>  "tags": {}<br>}</pre> | no |
 | copy\_tags\_to\_snapshot | Copy tags to backup snapshots | `bool` | `false` | no |
 | db\_name | Database name (default is not to create a database) | `string` | `""` | no |
@@ -438,7 +439,6 @@ Available targets:
 | label\_order | The naming order of the id output and Name tag.<br>Defaults to ["namespace", "environment", "stage", "name", "attributes"].<br>You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no |
 | label\_value\_case | The letter case of output label values (also used in `tags` and `id`).<br>Possible values: `lower`, `title`, `upper` and `none` (no transformation).<br>Default value: `lower`. | `string` | `null` | no |
 | maintenance\_window | Weekly time range during which system maintenance can occur, in UTC | `string` | `"wed:03:00-wed:04:00"` | no |
-| make\_primary\_cluster | Set true or false to force the cluster to be created as primary or secondary. Leave null to set automatically based on global\_cluster\_identifier. | `bool` | `null` | no |
 | name | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no |
 | namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no |
 | performance\_insights\_enabled | Whether to enable Performance Insights | `bool` | `false` | no |

diff --git a/docs/terraform.md b/docs/terraform.md
@@ -31,13 +31,13 @@
 | [aws_db_parameter_group](https://registry.terraform.io/providers/hashicorp/aws/3.1.15/docs/resources/db_parameter_group) |
 | [aws_db_subnet_group](https://registry.terraform.io/providers/hashicorp/aws/3.1.15/docs/resources/db_subnet_group) |
 | [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/3.1.15/docs/data-sources/iam_policy_document) |
-| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/3.1.15/docs/resources/iam_role) |
 | [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/3.1.15/docs/resources/iam_role_policy_attachment) |
-| [aws_rds_cluster](https://registry.terraform.io/providers/hashicorp/aws/3.1.15/docs/resources/rds_cluster) |
+| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/3.1.15/docs/resources/iam_role) |
 | [aws_rds_cluster_instance](https://registry.terraform.io/providers/hashicorp/aws/3.1.15/docs/resources/rds_cluster_instance) |
 | [aws_rds_cluster_parameter_group](https://registry.terraform.io/providers/hashicorp/aws/3.1.15/docs/resources/rds_cluster_parameter_group) |
-| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/3.1.15/docs/resources/security_group) |
+| [aws_rds_cluster](https://registry.terraform.io/providers/hashicorp/aws/3.1.15/docs/resources/rds_cluster) |
 | [aws_security_group_rule](https://registry.terraform.io/providers/hashicorp/aws/3.1.15/docs/resources/security_group_rule) |
+| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/3.1.15/docs/resources/security_group) |
 
 ## Inputs
 
@@ -65,6 +65,7 @@
 | cluster\_identifier | The RDS Cluster Identifier. Will use generated label ID if not supplied | `string` | `""` | no |
 | cluster\_parameters | List of DB cluster parameters to apply | <pre>list(object({<br>    apply_method = string<br>    name         = string<br>    value        = string<br>  }))</pre> | `[]` | no |
 | cluster\_size | Number of DB instances to create in the cluster | `number` | `2` | no |
+| cluster\_type | Either `regional` or `global`.<br>If `regional` will be created as a normal, standalone DB.<br>If `global`, will be made part of a Global cluster (requires `global_cluster_identifier`). | `string` | `"regional"` | no |
 | context | Single object for setting entire context at once.<br>See description of individual variables for details.<br>Leave string and numeric variables as `null` to use default value.<br>Individual variable settings (non-null) override settings in context object,<br>except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | <pre>{<br>  "additional_tag_map": {},<br>  "attributes": [],<br>  "delimiter": null,<br>  "enabled": true,<br>  "environment": null,<br>  "id_length_limit": null,<br>  "label_key_case": null,<br>  "label_order": [],<br>  "label_value_case": null,<br>  "name": null,<br>  "namespace": null,<br>  "regex_replace_chars": null,<br>  "stage": null,<br>  "tags": {}<br>}</pre> | no |
 | copy\_tags\_to\_snapshot | Copy tags to backup snapshots | `bool` | `false` | no |
 | db\_name | Database name (default is not to create a database) | `string` | `""` | no |
@@ -91,7 +92,6 @@
 | label\_order | The naming order of the id output and Name tag.<br>Defaults to ["namespace", "environment", "stage", "name", "attributes"].<br>You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no |
 | label\_value\_case | The letter case of output label values (also used in `tags` and `id`).<br>Possible values: `lower`, `title`, `upper` and `none` (no transformation).<br>Default value: `lower`. | `string` | `null` | no |
 | maintenance\_window | Weekly time range during which system maintenance can occur, in UTC | `string` | `"wed:03:00-wed:04:00"` | no |
-| make\_primary\_cluster | Set true or false to force the cluster to be created as primary or secondary. Leave null to set automatically based on global\_cluster\_identifier. | `bool` | `null` | no |
 | name | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no |
 | namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no |
 | performance\_insights\_enabled | Whether to enable Performance Insights | `bool` | `false` | no |

diff --git a/enhanced-monitoring.tf b/enhanced-monitoring.tf
@@ -6,7 +6,7 @@ module "enhanced_monitoring_label" {
   version = "0.24.1"
 
   enabled    = module.this.enabled && var.enhanced_monitoring_role_enabled
-  attributes = concat(module.this.attributes, ["enhanced-monitoring"])
+  attributes = ["enhanced-monitoring"]
 
   context = module.this.context
 }
@@ -16,6 +16,7 @@ resource "aws_iam_role" "enhanced_monitoring" {
   count              = module.this.enabled && var.enhanced_monitoring_role_enabled ? 1 : 0
   name               = module.enhanced_monitoring_label.id
   assume_role_policy = join("", data.aws_iam_policy_document.enhanced_monitoring.*.json)
+  tags               = module.enhanced_monitoring_label.tags
 }
 
 # Attach Amazon's managed policy for RDS enhanced monitoring

diff --git a/main.tf b/main.tf
@@ -1,6 +1,6 @@
 locals {
   cluster_instance_count = module.this.enabled ? var.cluster_size : 0
-  is_primary_cluster     = var.make_primary_cluster != null ? var.make_primary_cluster : var.global_cluster_identifier == null || var.global_cluster_identifier == "" ? true : false
+  is_regional_cluster    = var.cluster_type == "regional"
 }
 
 resource "aws_security_group" "default" {
@@ -44,8 +44,10 @@ resource "aws_security_group_rule" "egress" {
   security_group_id = join("", aws_security_group.default.*.id)
 }
 
+# The name "primary" is poorly chosen. We actually mean standalone or regional.
+# The primary cluster of a global database is actually created with the "secondary" cluster resource below.
 resource "aws_rds_cluster" "primary" {
-  count                               = module.this.enabled && local.is_primary_cluster ? 1 : 0
+  count                               = module.this.enabled && local.is_regional_cluster ? 1 : 0
   cluster_identifier                  = var.cluster_identifier == "" ? module.this.id : var.cluster_identifier
   database_name                       = var.db_name
   master_username                     = var.admin_user
@@ -120,7 +122,7 @@ resource "aws_rds_cluster" "primary" {
 
 # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster#replication_source_identifier
 resource "aws_rds_cluster" "secondary" {
-  count                               = module.this.enabled && ! local.is_primary_cluster ? 1 : 0
+  count                               = module.this.enabled && ! local.is_regional_cluster ? 1 : 0
   cluster_identifier                  = var.cluster_identifier == "" ? module.this.id : var.cluster_identifier
   database_name                       = var.db_name
   master_username                     = var.admin_user

diff --git a/outputs.tf b/outputs.tf
@@ -4,27 +4,27 @@ output "database_name" {
 }
 
 output "master_username" {
-  value       = local.is_primary_cluster ? join("", aws_rds_cluster.primary.*.master_username) : join("", aws_rds_cluster.secondary.*.master_username)
+  value       = local.is_regional_cluster ? join("", aws_rds_cluster.primary.*.master_username) : join("", aws_rds_cluster.secondary.*.master_username)
   description = "Username for the master DB user"
 }
 
 output "cluster_identifier" {
-  value       = local.is_primary_cluster ? join("", aws_rds_cluster.primary.*.cluster_identifier) : join("", aws_rds_cluster.secondary.*.cluster_identifier)
+  value       = local.is_regional_cluster ? join("", aws_rds_cluster.primary.*.cluster_identifier) : join("", aws_rds_cluster.secondary.*.cluster_identifier)
   description = "Cluster Identifier"
 }
 
 output "arn" {
-  value       = local.is_primary_cluster ? join("", aws_rds_cluster.primary.*.arn) : join("", aws_rds_cluster.secondary.*.arn)
+  value       = local.is_regional_cluster ? join("", aws_rds_cluster.primary.*.arn) : join("", aws_rds_cluster.secondary.*.arn)
   description = "Amazon Resource Name (ARN) of the cluster"
 }
 
 output "endpoint" {
-  value       = local.is_primary_cluster ? join("", aws_rds_cluster.primary.*.endpoint) : join("", aws_rds_cluster.secondary.*.endpoint)
+  value       = local.is_regional_cluster ? join("", aws_rds_cluster.primary.*.endpoint) : join("", aws_rds_cluster.secondary.*.endpoint)
   description = "The DNS address of the RDS instance"
 }
 
 output "reader_endpoint" {
-  value       = local.is_primary_cluster ? join("", aws_rds_cluster.primary.*.reader_endpoint) : join("", aws_rds_cluster.secondary.*.reader_endpoint)
+  value       = local.is_regional_cluster ? join("", aws_rds_cluster.primary.*.reader_endpoint) : join("", aws_rds_cluster.secondary.*.reader_endpoint)
   description = "A read-only endpoint for the Aurora cluster, automatically load-balanced across replicas"
 }
 
@@ -44,7 +44,7 @@ output "dbi_resource_ids" {
 }
 
 output "cluster_resource_id" {
-  value       = local.is_primary_cluster ? join("", aws_rds_cluster.primary.*.cluster_resource_id) : join("", aws_rds_cluster.secondary.*.cluster_resource_id)
+  value       = local.is_regional_cluster ? join("", aws_rds_cluster.primary.*.cluster_resource_id) : join("", aws_rds_cluster.secondary.*.cluster_resource_id)
   description = "The region-unique, immutable identifie of the cluster"
 }
 

diff --git a/variables.tf b/variables.tf
@@ -342,10 +342,19 @@ variable "reader_dns_name" {
   default     = ""
 }
 
-variable "make_primary_cluster" {
-  type        = bool
-  description = "Set true or false to force the cluster to be created as primary or secondary. Leave null to set automatically based on global_cluster_identifier."
-  default     = null
+variable "cluster_type" {
+  type        = string
+  description = <<-EOT
+    Either `regional` or `global`.
+    If `regional` will be created as a normal, standalone DB.
+    If `global`, will be made part of a Global cluster (requires `global_cluster_identifier`).
+    EOT
+  default     = "regional"
+
+  validation {
+    condition     = contains(["regional", "global"], var.cluster_type)
+    error_message = "Allowed values: `regional` (standalone), `global` (part of global cluster)."
+  }
 }
 
 variable "global_cluster_identifier" {