Skip to content

Add VPC Connectivity SASL Scram and IAM #129

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Add VPC Connectivity SASL Scram and IAM #129

wants to merge 8 commits into from

Conversation

PlexusLoganPope
Copy link

@PlexusLoganPope PlexusLoganPope commented Oct 8, 2024
edited
Loading

what

  • Added support for VPC connectivity client authentication using SASL/IAM and SASL/SCRAM.
  • Updated resource configuration to include the necessary properties for enabling VPC connectivity client authentication IAM and SCRAM.
  • Added variables to configure VPC connectivity client authentication IAM and SCRAM.
  • Updated module documentation to include the new VPC connectivity client authentication configuration options.

why

  • This module does not currently support configuration VPC connectivity for private link functionality.
  • This enhancement provides ability to configure VPC connectivity and enables the usage of private link.

references

@PlexusLoganPope PlexusLoganPope requested review from a team as code owners October 8, 2024 00:22
@mergify mergify bot added the triage Needs triage label Oct 8, 2024
@mergify Mergify
Copy link

mergify bot commented Oct 14, 2024

Important

Cloud Posse Engineering Team Review Required

This pull request modifies files that require Cloud Posse's review. Please be patient, and a core maintainer will review your changes.

To expedite this process, reach out to us on Slack in the #pr-reviews channel.

@mergify mergify bot added the needs-cloudposse Needs Cloud Posse assistance label Oct 14, 2024
@RoseSecurity
Copy link

/terratest

Benbentwo
Benbentwo requested changes Sep 5, 2025
View reviewed changes
Copy link
Member

@Benbentwo Benbentwo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar to #136 my only fears are if the block does not work when no value is supplied.

We also need to get tests working.

main.tf
Comment on lines +155 to +162
vpc_connectivity {
client_authentication {
sasl {
iam = var.vpc_connectivity_client_authentication_sasl_iam_enabled
scram = var.vpc_connectivity_client_authentication_sasl_scram_enabled
}
}
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
vpc_connectivity {
client_authentication {
sasl {
iam = var.vpc_connectivity_client_authentication_sasl_iam_enabled
scram = var.vpc_connectivity_client_authentication_sasl_scram_enabled
}
}
}
dynamic "vpc_connectivity" {
for_each = var.vpc_connectivity == null ? [] : [var.vpc_connectivity]
content {
client_authentication {
dynamic "sasl" {
for_each = (
try(vpc_connectivity.value.sasl_iam_enabled, null) != null ||
try(vpc_connectivity.value.sasl_scram_enabled, null) != null
) ? [1] : []
content {
iam = try(vpc_connectivity.value.sasl_iam_enabled, null)
scram = try(vpc_connectivity.value.sasl_scram_enabled, null)
}
}
}
}
}

variables.tf
Comment on lines +251 to +263
variable "vpc_connectivity_client_authentication_sasl_iam_enabled" {
type = bool
default = false
description = "Enables SASL/IAM authentication for VPC connectivity"
nullable = false
}

variable "vpc_connectivity_client_authentication_sasl_scram_enabled" {
type = bool
default = false
description = "Enables SASL/SCRAM authentication for VPC connectivity."
nullable = false
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
variable "vpc_connectivity_client_authentication_sasl_iam_enabled" {
type = bool
default = false
description = "Enables SASL/IAM authentication for VPC connectivity"
nullable = false
}
variable "vpc_connectivity_client_authentication_sasl_scram_enabled" {
type = bool
default = false
description = "Enables SASL/SCRAM authentication for VPC connectivity."
nullable = false
}
variable "vpc_connectivity" {
description = <<-EOT
Optional VPC connectivity settings. Set to null to omit the entire `vpc_connectivity` block.
Provide booleans for SASL IAM and/or SCRAM.
Example:
vpc_connectivity = {
sasl_iam_enabled = true
sasl_scram_enabled = true
}
EOT
type = object({
sasl_iam_enabled = optional(bool)
sasl_scram_enabled = optional(bool)
})
default = null
nullable = true
validation {
condition = var.vpc_connectivity == null
|| try(var.vpc_connectivity.sasl_iam_enabled, false)
|| try(var.vpc_connectivity.sasl_scram_enabled, false)
error_message = "When vpc_connectivity is set, enable at least one of sasl_iam_enabled or sasl_scram_enabled."
}
}

@Benbentwo
Copy link
Member

/terratest

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Benbentwo Benbentwo Benbentwo requested changes

@jamengual jamengual Awaiting requested review from jamengual jamengual is a code owner automatically assigned from cloudposse/contributors

@joe-niland joe-niland Awaiting requested review from joe-niland joe-niland is a code owner automatically assigned from cloudposse/contributors

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
needs-cloudposse Needs Cloud Posse assistance triage Needs triage
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@PlexusLoganPope @RoseSecurity @Benbentwo