diff --git a/README.md b/README.md index c4fa3c9c..41a97575 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ module "memorystore" { | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | alternative\_location\_id | The alternative zone where the instance will be provisioned. | `string` | `null` | no | -| auth\_enabled | Indicates whether OSS Redis AUTH is enabled for the instance. If set to true AUTH is enabled on the instance. | `bool` | `false` | no | +| auth\_enabled | Indicates whether OSS Redis AUTH is enabled for the instance. If set to true AUTH is enabled on the instance. | `bool` | `true` | no | | authorized\_network | The full name of the Google Compute Engine network to which the instance is connected. If left unspecified, the default network will be used. | `string` | `null` | no | | connect\_mode | The connection mode of the Redis instance. Can be either DIRECT\_PEERING or PRIVATE\_SERVICE\_ACCESS. The default connect mode if not provided is DIRECT\_PEERING. | `string` | `null` | no | | display\_name | An arbitrary and optional user-provided name for the instance. | `string` | `null` | no | @@ -43,6 +43,7 @@ module "memorystore" { | region | The GCP region to use. | `string` | `null` | no | | reserved\_ip\_range | The CIDR range of internal addresses that are reserved for this instance. | `string` | `null` | no | | tier | The service tier of the instance. https://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Tier | `string` | `"STANDARD_HA"` | no | +| transit\_encryption\_mode | The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance. | `string` | `"SERVER_AUTHENTICATION"` | no | ## Outputs diff --git a/main.tf b/main.tf index b7f35d99..e825f0a6 100644 --- a/main.tf +++ b/main.tf @@ -37,6 +37,8 @@ resource "google_redis_instance" "default" { labels = var.labels auth_enabled = var.auth_enabled + + transit_encryption_mode = var.transit_encryption_mode } module "enable_apis" { diff --git a/test/fixtures/redis/README.md b/test/fixtures/redis/README.md index 75bc444d..4f64a712 100644 --- a/test/fixtures/redis/README.md +++ b/test/fixtures/redis/README.md @@ -15,6 +15,7 @@ This test will create a new redis instance. | name | Name of redis instance. | `string` | `"test-redis"` | no | | project\_id | Google cloud project id to create redis instance. | `string` | n/a | yes | | region | Region to create test instance. | `string` | `"us-east1"` | no | +| transit\_encryption\_mode | The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance. | `string` | `"SERVER_AUTHENTICATION"` | no | ## Outputs @@ -32,5 +33,6 @@ This test will create a new redis instance. | output\_region | n/a | | project\_id | n/a | | region | n/a | +| transit\_encryption\_mode | n/a | diff --git a/test/fixtures/redis/main.tf b/test/fixtures/redis/main.tf index fd11762a..105274a6 100644 --- a/test/fixtures/redis/main.tf +++ b/test/fixtures/redis/main.tf @@ -25,6 +25,7 @@ module "memstore" { alternative_location_id = var.alternative_location_id enable_apis = true auth_enabled = var.auth_enabled + transit_encryption_mode = var.transit_encryption_mode memory_size_gb = var.memory_size_gb } diff --git a/test/fixtures/redis/outputs.tf b/test/fixtures/redis/outputs.tf index 3aadee71..c74b62f4 100644 --- a/test/fixtures/redis/outputs.tf +++ b/test/fixtures/redis/outputs.tf @@ -46,6 +46,10 @@ output "auth_string" { value = var.auth_string } +output "transit_encryption_mode" { + value = var.transit_encryption_mode +} + output "output_id" { value = module.memstore.id } diff --git a/test/fixtures/redis/variables.tf b/test/fixtures/redis/variables.tf index ea369b74..92f7fe1e 100644 --- a/test/fixtures/redis/variables.tf +++ b/test/fixtures/redis/variables.tf @@ -60,3 +60,9 @@ variable "auth_string" { type = string default = null } + +variable "transit_encryption_mode" { + description = "The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance." + type = string + default = "SERVER_AUTHENTICATION" +} diff --git a/test/integration/redis/controls/gcloud.rb b/test/integration/redis/controls/gcloud.rb index 8b8cd438..28610ce4 100644 --- a/test/integration/redis/controls/gcloud.rb +++ b/test/integration/redis/controls/gcloud.rb @@ -19,6 +19,7 @@ alternative_location_id = attribute('alternative_location_id') memory_size_gb = attribute('memory_size_gb') auth_enabled = attribute('auth_enabled') +transit_encryption_mode = attribute('transit_encryption_mode') output_id = attribute('output_id') output_region = attribute('output_region') @@ -60,6 +61,8 @@ it "authEnabled matches var.auth_enabled" do expect(metadata).to include(authEnabled: auth_enabled) end - + it "transitEncryptionMode matches var.transit_encryption_mode" do + expect(metadata).to include(transitEncryptionMode: transit_encryption_mode) + end end end diff --git a/test/integration/redis/inspec.yml b/test/integration/redis/inspec.yml index b6141a49..8e609b2f 100644 --- a/test/integration/redis/inspec.yml +++ b/test/integration/redis/inspec.yml @@ -33,3 +33,6 @@ attributes: - name: auth_enabled required: true type: boolean + - name: transit_encryption_mode + required: true + type: string diff --git a/variables.tf b/variables.tf index b8e6132d..5b87f070 100644 --- a/variables.tf +++ b/variables.tf @@ -105,5 +105,11 @@ variable "labels" { variable "auth_enabled" { description = "Indicates whether OSS Redis AUTH is enabled for the instance. If set to true AUTH is enabled on the instance." type = bool - default = false + default = true +} + +variable "transit_encryption_mode" { + description = "The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance." + type = string + default = "SERVER_AUTHENTICATION" }