divyanshujainSquareops · divyanshujainSquareops · Nov 18, 2024 · Nov 18, 2024 · Nov 18, 2024 · Nov 18, 2024
diff --git a/.gitignore b/.gitignore
@@ -6,4 +6,4 @@
 *.tfvars
 *.pem
 vars
-.helmignore
+.helmignore
diff --git a/README.md b/README.md
@@ -166,9 +166,9 @@ The required IAM permissions to create resources from this module can be found [
 | <a name="input_performance_insights_enabled"></a> [performance\_insights\_enabled](#input\_performance\_insights\_enabled) | Specifies whether Performance Insights are enabled | `bool` | `false` | no |
 | <a name="input_performance_insights_retention_period"></a> [performance\_insights\_retention\_period](#input\_performance\_insights\_retention\_period) | The amount of time in days to retain Performance Insights data. Valid values are `7`, `731` (2 years) or a multiple of `31` | `number` | `7` | no |
 | <a name="input_port"></a> [port](#input\_port) | The port number for the database | `number` | `5432` | no |
-| <a name="input_postgresdb_backup_config"></a> [postgresdb\_backup\_config](#input\_postgresdb\_backup\_config) | configuration options for MySQL database backups. It includes properties such as the S3 bucket URI, the S3 bucket region, and the cron expression for full backups. | `map(string)` | <pre>{<br/>  "bucket_uri": "",<br/>  "cron_for_full_backup": "",<br/>  "postgres_database_name": "",<br/>  "s3_bucket_region": ""<br/>}</pre> | no |
+| <a name="input_postgresdb_backup_config"></a> [postgresdb\_backup\_config](#input\_postgresdb\_backup\_config) | configuration options for MySQL database backups. It includes properties such as the S3 bucket URI, the S3 bucket region, and the cron expression for full backups. | `map(string)` | <pre>{<br/>  "bucket_uri": "",<br/>  "cron_for_full_backup": "",<br/>  "postgres_database_name": ""<br/>}</pre> | no |
 | <a name="input_postgresdb_backup_enabled"></a> [postgresdb\_backup\_enabled](#input\_postgresdb\_backup\_enabled) | Specifies whether to enable backups for MySQL database. | `bool` | `false` | no |
-| <a name="input_postgresdb_restore_config"></a> [postgresdb\_restore\_config](#input\_postgresdb\_restore\_config) | Configuration options for restoring dump to the MySQL database. | `any` | <pre>{<br/>  "bucket_uri": "",<br/>  "file_name": "",<br/>  "s3_bucket_region": ""<br/>}</pre> | no |
+| <a name="input_postgresdb_restore_config"></a> [postgresdb\_restore\_config](#input\_postgresdb\_restore\_config) | Configuration options for restoring dump to the MySQL database. | `any` | <pre>{<br/>  "bucket_uri": "",<br/>  "file_name": ""<br/>}</pre> | no |
 | <a name="input_postgresdb_restore_enabled"></a> [postgresdb\_restore\_enabled](#input\_postgresdb\_restore\_enabled) | Specifies whether to enable restoring dump to the MySQL database. | `bool` | `false` | no |
 | <a name="input_publicly_accessible"></a> [publicly\_accessible](#input\_publicly\_accessible) | Specifies whether the RDS instance is publicly accessible over the internet | `bool` | `false` | no |
 | <a name="input_random_password_length"></a> [random\_password\_length](#input\_random\_password\_length) | The length of the randomly generated password for the RDS primary cluster (default: 16) | `number` | `16` | no |

diff --git a/examples/complete-psql-replica/main.tf b/examples/complete-psql-replica/main.tf
@@ -115,16 +115,16 @@ module "rds-pg" {
   slack_channel                    = "postgresql-notification"
   slack_webhook_url                = "https://hooks/xxxxxxxx"
   custom_user_password             = local.custom_user_password
-  #if you want backup and restore then you have to create your cluster with rds vpc , subnet, key_arn. 
+  #if you want backup and restore then you have to create your cluster with rds vpc , subnet, key_arn.
   #And allow cluster security group in rds security group
-  # cluster_name                     = "cluster-name" 
+  # cluster_name                     = "cluster-name"
   # namespace                        = local.namespace
   # create_namespace                 = local.create_namespace
   # postgresdb_backup_enabled = false
   # postgresdb_backup_config = {
   #   postgres_database_name  = "" # which database backup you want
   #   s3_bucket_region     = "" #s3 bucket region
-  #   cron_for_full_backup = "*/3 * * * *" 
+  #   cron_for_full_backup = "*/3 * * * *"
   #   bucket_uri           = "s3://xyz" #s3 bucket uri
   # }
   # postgresdb_restore_enabled = false

diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -112,7 +112,7 @@ module "rds-pg" {
   storage_type                     = local.storage_type
   engine_version                   = local.engine_version
   instance_class                   = local.instance_class
-  master_username                  = "admin"
+  master_username                  = "pguser"
   allocated_storage                = "20"
   max_allocated_storage            = 120
   publicly_accessible              = false

diff --git a/helm/values/backup/values.yaml b/helm/values/backup/values.yaml
@@ -1,7 +1,6 @@
 ## Enable Full backup
 backup:
   bucket_uri: ${bucket_uri}
-  aws_default_region: ${s3_bucket_region}
   cron_for_full_backup: "${cron_for_full_backup}"
   postgres_database_name: "${postgres_database_name}"
   database_endpoint: "${db_endpoint}"

diff --git a/helm/values/restore/values.yaml b/helm/values/restore/values.yaml
@@ -1,10 +1,8 @@
 restore:
   bucket_uri: ${bucket_uri}
-  aws_default_region: ${s3_bucket_region}
   db_endpoint: "${db_endpoint}"
   db_password: "${db_password}"
   db_username: "${db_username}"
-  DB_NAME: "${DB_NAME}"
   backup_file_name: "${backup_file_name}"
 
 auth:

diff --git a/main.tf b/main.tf
@@ -2,6 +2,11 @@ data "aws_region" "current" {}
 data "aws_availability_zones" "available" {}
 
 locals {
+
+  db_password = var.custom_user_password != "" ? var.custom_user_password : (
+    length(random_password.master) > 0 ? element(random_password.master, 0).result : var.custom_user_password
+  )
+
   tags = {
     Automation  = "true"
     Environment = var.environment
@@ -167,16 +172,13 @@ resource "random_password" "master" {
 }
 
 resource "aws_secretsmanager_secret_version" "rds_credentials" {
-  count         = length(random_password.master) > 0 ? 1 : 0
-  secret_id     = aws_secretsmanager_secret.secret_master_db.id
-  secret_string = <<EOF
-{
-  "username": "${module.db.db_instance_username}",
-  "password": length(random_password.master) > 0 ? element(random_password.master, 0).result : var.custom_password,
-  "engine": "${var.engine}",
-  "host": "${module.db.db_instance_endpoint}"
-}
-EOF
+  secret_id = aws_secretsmanager_secret.secret_master_db.id
+  secret_string = jsonencode({
+    username = module.db.db_instance_username
+    password = local.db_password
+    engine   = var.engine
+    host     = module.db.db_instance_endpoint
+  })
 }
 
 # Cloudwatch alarms
@@ -319,30 +321,30 @@ resource "aws_lambda_permission" "sns_lambda_slack_invoke" {
 }
 
 module "backup_restore" {
-  depends_on             = [module.db]
-  source                 = "./modules/db-backup-restore"
-  cluster_name           = var.cluster_name
-  namespace              = var.namespace
-  create_namespace       = var.create_namespace
+  depends_on                = [module.db]
+  source                    = "./modules/db-backup-restore"
+  cluster_name              = var.cluster_name
+  namespace                 = var.namespace
+  create_namespace          = var.create_namespace
   postgresdb_backup_enabled = var.postgresdb_backup_enabled
   postgresdb_backup_config = {
-    db_username          = var.master_username
-    db_password          = var.custom_user_password != "" ? var.custom_user_password : nonsensitive(random_password.master[0].result)
-    postgres_database_name  = var.postgresdb_backup_config.postgres_database_name
-    s3_bucket_region     = var.postgresdb_backup_config.s3_bucket_region            
-    cron_for_full_backup = var.postgresdb_backup_config.cron_for_full_backup            
+    db_username            = var.master_username
+    db_password            = var.custom_user_password != "" ? var.custom_user_password : nonsensitive(random_password.master[0].result)
+    postgres_database_name = var.postgresdb_backup_config.postgres_database_name
+    # s3_bucket_region     = var.postgresdb_backup_config.s3_bucket_region
+    cron_for_full_backup = var.postgresdb_backup_config.cron_for_full_backup
     bucket_uri           = var.postgresdb_backup_config.bucket_uri
     db_endpoint          = replace(var.replica_enable ? module.db_replica[0].db_instance_endpoint : module.db.db_instance_endpoint, ":5432", "")
   }
 
   postgresdb_restore_enabled = var.postgresdb_restore_enabled
-  postgresdb_restore_config  = {
-    db_endpoint      = replace(var.replica_enable ? module.db_replica[0].db_instance_endpoint : module.db.db_instance_endpoint, ":5432", "")
-    db_username      = var.master_username
-    db_password      = var.custom_user_password != "" ? var.custom_user_password : nonsensitive(random_password.master[0].result)
-    bucket_uri       = var.postgresdb_restore_config.bucket_uri                    
-    s3_bucket_region = var.postgresdb_restore_config.s3_bucket_region 
-    DB_NAME          = var.postgresdb_restore_config.DB_NAME,  
-    backup_file_name = var.postgresdb_restore_config.backup_file_name,                              
+  postgresdb_restore_config = {
+    db_endpoint = replace(var.replica_enable ? module.db_replica[0].db_instance_endpoint : module.db.db_instance_endpoint, ":5432", "")
+    db_username = var.master_username
+    db_password = var.custom_user_password != "" ? var.custom_user_password : nonsensitive(random_password.master[0].result)
+    bucket_uri  = var.postgresdb_restore_config.bucket_uri
+    # s3_bucket_region = var.postgresdb_restore_config.s3_bucket_region
+    # DB_NAME          = var.postgresdb_restore_config.DB_NAME,
+    backup_file_name = var.postgresdb_restore_config.backup_file_name,
   }
 }
diff --git a/modules/db-backup-restore/backup/templates/cronjob.yaml b/modules/db-backup-restore/backup/templates/cronjob.yaml
@@ -18,20 +18,20 @@ spec:
           serviceAccountName: sa-postgres-backup
           containers:
           - name: backup-postgresdb
-            image: divyanshujain11/rds:postgres-backup-restore
+            image: amanravi12/postgresql-backup:v5
             imagePullPolicy: Always
-            command: ["./backup.sh"]
+            command: ["/backup/backup_script.sh"]
             env:
-            - name: db_endpoint
+            - name: DB_HOST
               value: {{ .Values.backup.database_endpoint }}
-            - name: db_username
+            - name: DB_USER
               value: {{ .Values.backup.database_user }}
-            - name: db_password
+            - name: DB_PASSWORD
               value: {{ .Values.backup.database_password }}
-            - name: bucket_uri
+            - name: S3_BUCKET
               value: {{ .Values.backup.bucket_uri }}
-            - name: AWS_DEFAULT_REGION
-              value: {{ .Values.backup.aws_default_region}}
-            - name: postgres_database_name
+            - name: DB_PORT
+              value: "5432"
+            - name: DB_NAME
               value: {{ .Values.backup.postgres_database_name }}
             resources: {{ .Values.backupjob.resources | toYaml | nindent 12 }}
diff --git a/modules/db-backup-restore/main.tf b/modules/db-backup-restore/main.tf
@@ -8,42 +8,42 @@ resource "kubernetes_namespace" "postgresdb" {
 
 resource "helm_release" "postgresdb_backup" {
   count      = var.postgresdb_backup_enabled ? 1 : 0
+  depends_on = [kubernetes_namespace.postgresdb]
   name       = "postgresdb-backup"
   chart      = "../../modules/db-backup-restore/backup"
   timeout    = 600
   namespace  = var.namespace
   values = [
     templatefile("../../helm/values/backup/values.yaml", {
-      bucket_uri                 = var.postgresdb_backup_config.bucket_uri,
-      postgres_database_name     = var.postgresdb_backup_config.postgres_database_name,
-      db_endpoint                = var.postgresdb_backup_config.db_endpoint,
-      db_password                = var.postgresdb_backup_config.db_password ,
-      db_username                = var.postgresdb_backup_config.db_username ,
-      s3_bucket_region           = var.postgresdb_backup_config.s3_bucket_region ,
-      cron_for_full_backup       = var.postgresdb_backup_config.cron_for_full_backup,
-      annotations                = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn: ${aws_iam_role.postgres_backup_role.arn}" : "iam.gke.io/gcp-service-account: ${var.service_account_backup}"
-     })
+      bucket_uri             = var.postgresdb_backup_config.bucket_uri,
+      postgres_database_name = var.postgresdb_backup_config.postgres_database_name,
+      db_endpoint            = var.postgresdb_backup_config.db_endpoint,
+      db_password            = var.postgresdb_backup_config.db_password,
+      db_username            = var.postgresdb_backup_config.db_username,
+      # s3_bucket_region           = var.postgresdb_backup_config.s3_bucket_region ,
+      cron_for_full_backup = var.postgresdb_backup_config.cron_for_full_backup,
+      annotations          = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn: ${aws_iam_role.postgres_backup_role.arn}" : "iam.gke.io/gcp-service-account: ${var.service_account_backup}"
+    })
   ]
 }
 
 
 ## DB dump restore
 resource "helm_release" "postgresdb_restore" {
   count      = var.postgresdb_restore_enabled ? 1 : 0
+  depends_on = [kubernetes_namespace.postgresdb]
   name       = "postgresdb-restore"
   chart      = "../../modules/db-backup-restore/restore"
   timeout    = 600
   namespace  = var.namespace
   values = [
     templatefile("../../helm/values/restore/values.yaml", {
-      bucket_uri                 = var.postgresdb_restore_config.bucket_uri,
-      db_endpoint                = var.postgresdb_restore_config.db_endpoint ,
-      db_password                = var.postgresdb_restore_config.db_password,
-      s3_bucket_region           = var.postgresdb_backup_config.s3_bucket_region ,
-      db_username                = var.postgresdb_restore_config.db_username ,
-      DB_NAME                    = var.postgresdb_restore_config.DB_NAME,
-      backup_file_name           = var.postgresdb_restore_config.backup_file_name,
-      annotations                = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn: ${aws_iam_role.postgres_restore_role.arn}" : "iam.gke.io/gcp-service-account: ${var.service_account_restore}"
+      bucket_uri       = var.postgresdb_restore_config.bucket_uri,
+      db_endpoint      = var.postgresdb_restore_config.db_endpoint,
+      db_password      = var.postgresdb_restore_config.db_password,
+      db_username      = var.postgresdb_restore_config.db_username,
+      backup_file_name = var.postgresdb_restore_config.backup_file_name,
+      annotations      = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn: ${aws_iam_role.postgres_restore_role.arn}" : "iam.gke.io/gcp-service-account: ${var.service_account_restore}"
     })
   ]
-}
+}
diff --git a/modules/db-backup-restore/restore/templates/job.yaml b/modules/db-backup-restore/restore/templates/job.yaml
@@ -9,22 +9,24 @@ spec:
       serviceAccountName: sa-postgres-restore
       containers:
         - name: restore-postgresdb
-          image: divyanshujain11/rds:postgres-backup-restore
+          image: amanravi12/postgresql-restore:v6
           imagePullPolicy: Always
-          command: ["./restore.sh"]
+          command: ["/restore/restore_script.sh"]
           env:
             - name: DB_HOST
               value: {{ .Values.restore.db_endpoint }}
             - name: DB_USER
               value: {{ .Values.restore.db_username }}
             - name: DB_PASSWORD
               value: {{ .Values.restore.db_password }}
-            - name: bucket_uri
+            - name: POSTGRESQL_BUCKET_RESTORE_URI
               value: {{ .Values.restore.bucket_uri }}
-            - name: DB_NAME
-              value: {{ .Values.restore.DB_NAME }}
-            - name: backup_file_name
+            - name: DB_PORT
+              value: "5432"
+            # - name: DB_NAME
+            #   value: {{ .Values.restore.DB_NAME }}
+            - name: RESTORE_FILE_NAME
               value: {{ .Values.restore.backup_file_name }}
           resources: {{ .Values.restorejob.resources | toYaml | nindent 12 }}
       restartPolicy: Never
-  backoffLimit: 4
+  backoffLimit: 4
diff --git a/modules/db-backup-restore/roles.tf b/modules/db-backup-restore/roles.tf
@@ -95,4 +95,4 @@ resource "aws_iam_role" "postgres_restore_role" {
       ]
     })
   }
-}
+}
diff --git a/modules/db-backup-restore/variables.tf b/modules/db-backup-restore/variables.tf
@@ -66,9 +66,9 @@ variable "cluster_name" {
 }
 
 variable "postgresdb_permission" {
-  default = false
+  default     = false
   description = "access"
-  type = bool
+  type        = bool
 }
 
 variable "bucket_provider_type" {
@@ -93,10 +93,10 @@ variable "postgresdb_restore_enabled" {
 variable "postgresdb_backup_config" {
   type = map(string)
   default = {
-    bucket_uri           = ""
-    s3_bucket_region     = ""
-    cron_for_full_backup = ""
-    postgres_database_name  = ""
+    bucket_uri             = ""
+    s3_bucket_region       = ""
+    cron_for_full_backup   = ""
+    postgres_database_name = ""
     # db_endpoint=""
   }
   description = "configuration options for MySQL database backups. It includes properties such as the S3 bucket URI, the S3 bucket region, and the cron expression for full backups."
@@ -105,10 +105,10 @@ variable "postgresdb_backup_config" {
 variable "postgresdb_restore_config" {
   type = any
   default = {
-    bucket_uri       = ""
-    file_name        = ""
-    s3_bucket_region = ""
-    DB_NAME         = ""
+    bucket_uri = ""
+    file_name  = ""
+    # s3_bucket_region = ""
+    DB_NAME          = ""
     backup_file_name = ""
   }
   description = "Configuration options for restoring dump to the MySQL database."

diff --git a/variables.tf b/variables.tf
@@ -346,10 +346,10 @@ variable "bucket_provider_type" {
 variable "postgresdb_backup_config" {
   type = map(string)
   default = {
-    bucket_uri           = ""
-    s3_bucket_region     = ""
-    cron_for_full_backup = ""
-    postgres_database_name  = ""
+    bucket_uri = ""
+    # s3_bucket_region     = ""
+    cron_for_full_backup   = ""
+    postgres_database_name = ""
     # db_endpoint=""
   }
   description = "configuration options for MySQL database backups. It includes properties such as the S3 bucket URI, the S3 bucket region, and the cron expression for full backups."
@@ -358,9 +358,9 @@ variable "postgresdb_backup_config" {
 variable "postgresdb_restore_config" {
   type = any
   default = {
-    bucket_uri       = ""
-    file_name        = ""
-    s3_bucket_region = ""
+    bucket_uri = ""
+    file_name  = ""
+    # s3_bucket_region = ""
   }
   description = "Configuration options for restoring dump to the MySQL database."
 }
@@ -369,4 +369,4 @@ variable "cluster_name" {
   type        = string
   default     = ""
   description = "Specifies the name of the EKS cluster to deploy the MySQL application on."
-}
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -95,4 +95,4 @@ resource "aws_iam_role" "postgres_restore_role" { @@
           ]
         })
       }
-    }
+    }