Skip to content

Commit

Permalink
feat: add redis TLS support
Browse files Browse the repository at this point in the history
  • Loading branch information
Jonathan Meyers committed Jul 14, 2021
1 parent 5586231 commit 1f76876
Show file tree
Hide file tree
Showing 9 changed files with 31 additions and 3 deletions.
3 changes: 2 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ module "memorystore" {
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| alternative\_location\_id | The alternative zone where the instance will be provisioned. | `string` | `null` | no |
| auth\_enabled | Indicates whether OSS Redis AUTH is enabled for the instance. If set to true AUTH is enabled on the instance. | `bool` | `false` | no |
| auth\_enabled | Indicates whether OSS Redis AUTH is enabled for the instance. If set to true AUTH is enabled on the instance. | `bool` | `true` | no |
| authorized\_network | The full name of the Google Compute Engine network to which the instance is connected. If left unspecified, the default network will be used. | `string` | `null` | no |
| connect\_mode | The connection mode of the Redis instance. Can be either DIRECT\_PEERING or PRIVATE\_SERVICE\_ACCESS. The default connect mode if not provided is DIRECT\_PEERING. | `string` | `null` | no |
| display\_name | An arbitrary and optional user-provided name for the instance. | `string` | `null` | no |
Expand All @@ -43,6 +43,7 @@ module "memorystore" {
| region | The GCP region to use. | `string` | `null` | no |
| reserved\_ip\_range | The CIDR range of internal addresses that are reserved for this instance. | `string` | `null` | no |
| tier | The service tier of the instance. https://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Tier | `string` | `"STANDARD_HA"` | no |
| transit\_encryption\_mode | The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance. | `string` | `"SERVER_AUTHENTICATION"` | no |

## Outputs

Expand Down
2 changes: 2 additions & 0 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,8 @@ resource "google_redis_instance" "default" {
labels = var.labels

auth_enabled = var.auth_enabled

transit_encryption_mode = var.transit_encryption_mode
}

module "enable_apis" {
Expand Down
2 changes: 2 additions & 0 deletions test/fixtures/redis/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ This test will create a new redis instance.
| name | Name of redis instance. | `string` | `"test-redis"` | no |
| project\_id | Google cloud project id to create redis instance. | `string` | n/a | yes |
| region | Region to create test instance. | `string` | `"us-east1"` | no |
| transit\_encryption\_mode | The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance. | `string` | `"SERVER_AUTHENTICATION"` | no |

## Outputs

Expand All @@ -32,5 +33,6 @@ This test will create a new redis instance.
| output\_region | n/a |
| project\_id | n/a |
| region | n/a |
| transit\_encryption\_mode | n/a |

<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
1 change: 1 addition & 0 deletions test/fixtures/redis/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ module "memstore" {
alternative_location_id = var.alternative_location_id
enable_apis = true
auth_enabled = var.auth_enabled
transit_encryption_mode = var.transit_encryption_mode

memory_size_gb = var.memory_size_gb
}
4 changes: 4 additions & 0 deletions test/fixtures/redis/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,10 @@ output "auth_string" {
value = var.auth_string
}

output "transit_encryption_mode" {
value = var.transit_encryption_mode
}

output "output_id" {
value = module.memstore.id
}
Expand Down
6 changes: 6 additions & 0 deletions test/fixtures/redis/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -60,3 +60,9 @@ variable "auth_string" {
type = string
default = null
}

variable "transit_encryption_mode" {
description = "The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance."
type = string
default = "SERVER_AUTHENTICATION"
}
5 changes: 4 additions & 1 deletion test/integration/redis/controls/gcloud.rb
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
alternative_location_id = attribute('alternative_location_id')
memory_size_gb = attribute('memory_size_gb')
auth_enabled = attribute('auth_enabled')
transit_encryption_mode = attribute('transit_encryption_mode')

output_id = attribute('output_id')
output_region = attribute('output_region')
Expand Down Expand Up @@ -60,6 +61,8 @@
it "authEnabled matches var.auth_enabled" do
expect(metadata).to include(authEnabled: auth_enabled)
end

it "transitEncryptionMode matches var.transit_encryption_mode" do
expect(metadata).to include(transitEncryptionMode: transit_encryption_mode)
end
end
end
3 changes: 3 additions & 0 deletions test/integration/redis/inspec.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,3 +33,6 @@ attributes:
- name: auth_enabled
required: true
type: boolean
- name: transit_encryption_mode
required: true
type: string
8 changes: 7 additions & 1 deletion variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -105,5 +105,11 @@ variable "labels" {
variable "auth_enabled" {
description = "Indicates whether OSS Redis AUTH is enabled for the instance. If set to true AUTH is enabled on the instance."
type = bool
default = false
default = true
}

variable "transit_encryption_mode" {
description = "The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance."
type = string
default = "SERVER_AUTHENTICATION"
}

0 comments on commit 1f76876

Please sign in to comment.