feat(DMVP-elasticsearch): Added Advance Security Option

modules/elastic-search/README.md

@@ -50,6 +50,13 @@ module "elastic-search" {
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_access_policies"></a> [access\_policies](#input\_access\_policies) | Custom access policies, if not provided one being generated automatically | `string` | `""` | no |
+| <a name="input_advanced_security_options_create_random_master_password"></a> [advanced\_security\_options\_create\_random\_master\_password](#input\_advanced\_security\_options\_create\_random\_master\_password) | Whether to create random master password for Elasticsearch master user | `bool` | `false` | no |
+| <a name="input_advanced_security_options_enabled"></a> [advanced\_security\_options\_enabled](#input\_advanced\_security\_options\_enabled) | Whether advanced security is enabled (Forces new resource) | `bool` | `false` | no |
+| <a name="input_advanced_security_options_internal_user_database_enabled"></a> [advanced\_security\_options\_internal\_user\_database\_enabled](#input\_advanced\_security\_options\_internal\_user\_database\_enabled) | Whether the internal user database is enabled. If not set, defaults to false by the AWS API. | `bool` | `false` | no |
+| <a name="input_advanced_security_options_master_user_arn"></a> [advanced\_security\_options\_master\_user\_arn](#input\_advanced\_security\_options\_master\_user\_arn) | ARN for the master user. Only specify if `internal_user_database_enabled` is not set or set to `false`) | `string` | `null` | no |
+| <a name="input_advanced_security_options_master_user_password"></a> [advanced\_security\_options\_master\_user\_password](#input\_advanced\_security\_options\_master\_user\_password) | The master user's password, which is stored in the Amazon Elasticsearch Service domain's internal database. Only specify if `internal_user_database_enabled` is set to `true`. | `string` | `null` | no |
+| <a name="input_advanced_security_options_master_user_username"></a> [advanced\_security\_options\_master\_user\_username](#input\_advanced\_security\_options\_master\_user\_username) | The master user's username, which is stored in the Amazon Elasticsearch Service domain's internal database. Only specify if `internal_user_database_enabled` is set to `true`. | `string` | `null` | no |
+| <a name="input_advanced_security_options_random_master_password_length"></a> [advanced\_security\_options\_random\_master\_password\_length](#input\_advanced\_security\_options\_random\_master\_password\_length) | Length of random master password to create | `number` | `16` | no |
 | <a name="input_availability_zone_count"></a> [availability\_zone\_count](#input\_availability\_zone\_count) | The number of availability zones of ES | `number` | `2` | no |
 | <a name="input_create_service_link_role"></a> [create\_service\_link\_role](#input\_create\_service\_link\_role) | Create service link role for AWS Elasticsearch Service | `bool` | `true` | no |
 | <a name="input_dedicated_master_enabled"></a> [dedicated\_master\_enabled](#input\_dedicated\_master\_enabled) | Have dedicated master or not for ES | `bool` | `false` | no |

modules/elastic-search/main.tf

@@ -39,6 +39,16 @@ module "elastic_search" {
 
   timeouts_update          = var.timeouts_update
   create_service_link_role = var.create_service_link_role
+
+
+  advanced_security_options_enabled                        = var.advanced_security_options_enabled
+  advanced_security_options_internal_user_database_enabled = var.advanced_security_options_internal_user_database_enabled
+  advanced_security_options_master_user_arn                = var.advanced_security_options_master_user_arn
+  advanced_security_options_master_user_username           = var.advanced_security_options_master_user_username
+  advanced_security_options_master_user_password           = var.advanced_security_options_master_user_password
+  advanced_security_options_create_random_master_password  = var.advanced_security_options_create_random_master_password
+  advanced_security_options_random_master_password_length  = var.advanced_security_options_random_master_password_length
+
 }
 
 

modules/elastic-search/tests/basic/0-setup.tf

@@ -0,0 +1,16 @@
+terraform {
+  required_providers {
+    test = {
+      source = "terraform.io/builtin/test"
+    }
+
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.33"
+    }
+  }
+}
+
+provider "aws" {
+  region = "eu-central-1"
+}

modules/elastic-search/tests/basic/1-example.tf

@@ -0,0 +1,15 @@
+module "this" {
+  source = "../../"
+
+
+  domain_name                               = "dev"
+  vpc_options_subnet_ids                    = ["subnet-id1", "subnet-id2"]
+  vpc_options_security_group_whitelist_cidr = ["10.16.0.0/16"]
+  ebs_options_volume_size                   = 10
+
+  advanced_security_options_enabled                        = true
+  advanced_security_options_internal_user_database_enabled = true
+  advanced_security_options_master_user_username           = "admin"
+  advanced_security_options_create_random_master_password  = true
+  // Or you can use advanced_security_options_master_user_password variable
+}

modules/elastic-search/tests/basic/2-assert.tf

@@ -0,0 +1,9 @@
+resource "test_assertions" "dummy" {
+  component = "monitoring-modules-cloudwatch-alarm-actions"
+
+  equal "scheme" {
+    description = "As module does not have any output and data just make sure the case runs. Probably can be thrown away."
+    got         = "all good"
+    want        = "all good"
+  }
+}

modules/elastic-search/tests/basic/README.md

@@ -0,0 +1,35 @@
+# basic
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 4.33 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_test"></a> [test](#provider\_test) | n/a |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_this"></a> [this](#module\_this) | ../../ | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| test_assertions.dummy | resource |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

modules/elastic-search/variables.tf

@@ -109,3 +109,46 @@ variable "create_service_link_role" {
   type        = bool
   default     = true
 }
+
+
+variable "advanced_security_options_enabled" {
+  description = "Whether advanced security is enabled (Forces new resource)"
+  type        = bool
+  default     = false
+}
+
+variable "advanced_security_options_internal_user_database_enabled" {
+  description = "Whether the internal user database is enabled. If not set, defaults to false by the AWS API."
+  type        = bool
+  default     = false
+}
+
+variable "advanced_security_options_master_user_arn" {
+  description = "ARN for the master user. Only specify if `internal_user_database_enabled` is not set or set to `false`)"
+  type        = string
+  default     = null
+}
+
+variable "advanced_security_options_master_user_username" {
+  description = "The master user's username, which is stored in the Amazon Elasticsearch Service domain's internal database. Only specify if `internal_user_database_enabled` is set to `true`."
+  type        = string
+  default     = null
+}
+
+variable "advanced_security_options_master_user_password" {
+  description = "The master user's password, which is stored in the Amazon Elasticsearch Service domain's internal database. Only specify if `internal_user_database_enabled` is set to `true`."
+  type        = string
+  default     = null
+}
+
+variable "advanced_security_options_create_random_master_password" {
+  description = "Whether to create random master password for Elasticsearch master user"
+  type        = bool
+  default     = false
+}
+
+variable "advanced_security_options_random_master_password_length" {
+  description = "Length of random master password to create"
+  type        = number
+  default     = 16
+}