feat: Enable passing admin username for Postgres

Similar to MySQL this is required in order to be able to migrate instances from the legacy broker to CSB
cloudfoundry · Sep 2, 2024 · e00f019 · e00f019
1 parent 5b3d157
commit e00f019
Show file tree

Hide file tree

Showing 4 changed files with 52 additions and 2 deletions.
diff --git a/integration-tests/postgresql_test.go b/integration-tests/postgresql_test.go
@@ -214,6 +214,7 @@ var _ = Describe("Postgresql", Label("Postgresql"), func() {
 				"enable_export_upgrade_logs":                        true,
 				"cloudwatch_upgrade_log_group_retention_in_days":    1,
 				"cloudwatch_log_groups_kms_key_id":                  "arn:aws:kms:us-west-2:xxxxxxxxxxxx:key/xxxxxxxx-80b9-4afd-98c0-xxxxxxxxxxxx",
+				"admin_username":                                    "some-other-username",
 			})
 			Expect(err).NotTo(HaveOccurred())
 
@@ -255,6 +256,7 @@ var _ = Describe("Postgresql", Label("Postgresql"), func() {
 					HaveKeyWithValue("enable_export_upgrade_logs", true),
 					HaveKeyWithValue("cloudwatch_upgrade_log_group_retention_in_days", BeNumerically("==", 1)),
 					HaveKeyWithValue("cloudwatch_log_groups_kms_key_id", "arn:aws:kms:us-west-2:xxxxxxxxxxxx:key/xxxxxxxx-80b9-4afd-98c0-xxxxxxxxxxxx"),
+					HaveKeyWithValue("admin_username", "some-other-username"),
 				),
 			)
 		})
@@ -301,6 +303,7 @@ var _ = Describe("Postgresql", Label("Postgresql"), func() {
 				const initialProvisionInvocation = 1
 				Expect(mockTerraform.ApplyInvocations()).To(HaveLen(initialProvisionInvocation))
 			},
+			Entry("admin_username", "admin_username", "new-username"),
 			Entry("update region", "region", "no-matter-what-region"),
 			Entry("update kms_key_id", "kms_key_id", "no-matter-what-key"),
 			Entry("update db_name", "db_name", "no-matter-what-name"),

diff --git a/terraform-tests/postgres_test.go b/terraform-tests/postgres_test.go
@@ -67,6 +67,7 @@ var _ = Describe("postgres", Label("postgres-terraform"), Ordered, func() {
 			"enable_export_upgrade_logs":                        false,
 			"cloudwatch_upgrade_log_group_retention_in_days":    30,
 			"cloudwatch_log_groups_kms_key_id":                  "",
+			"admin_username":                                    "",
 		}
 	})
 
@@ -75,6 +76,50 @@ var _ = Describe("postgres", Label("postgres-terraform"), Ordered, func() {
 		Init(terraformProvisionDir)
 	})
 
+	Context("admin username", func() {
+		When("admin username has been passed", func() {
+			BeforeAll(func() {
+				plan = ShowPlan(terraformProvisionDir, buildVars(defaultVars, map[string]any{
+					"admin_username": "test-name",
+				}))
+			})
+
+			It("should use that admin username", func() {
+				Expect(ResourceChangesTypes(plan)).To(ConsistOf(
+					"aws_db_instance",
+					"random_password",
+					"aws_db_parameter_group",
+					"aws_db_subnet_group",
+					"aws_security_group",
+					"aws_security_group_rule",
+				))
+
+				Expect(AfterValuesForType(plan, "aws_db_instance")).To(
+					MatchKeys(IgnoreExtras, Keys{
+						"username": Equal("test-name"),
+					}))
+			})
+		})
+
+		When("admin username has not been passed", func() {
+			BeforeAll(func() {
+				plan = ShowPlan(terraformProvisionDir, buildVars(defaultVars, map[string]any{}))
+			})
+
+			It("should create a new random admin username", func() {
+				Expect(ResourceChangesTypes(plan)).To(ConsistOf(
+					"aws_db_instance",
+					"random_password",
+					"random_string",
+					"aws_db_parameter_group",
+					"aws_db_subnet_group",
+					"aws_security_group",
+					"aws_security_group_rule",
+				))
+			})
+		})
+	})
+
 	Context("cloud watch log groups", func() {
 		When("no parameters passed", func() {
 			BeforeAll(func() {

diff --git a/terraform/postgresql/provision/main.tf b/terraform/postgresql/provision/main.tf
@@ -38,6 +38,7 @@ resource "random_string" "username" {
   length  = 16
   special = false
   numeric = false
+  count   = length(var.admin_username) == 0 ? 1 : 0
 }
 
 resource "random_password" "password" {
@@ -57,7 +58,7 @@ resource "aws_db_instance" "db_instance" {
   instance_class                        = local.instance_class
   identifier                            = var.instance_name
   db_name                               = var.db_name
-  username                              = random_string.username.result
+  username                              = length(var.admin_username) == 0 ? random_string.username[0].result : var.admin_username
   password                              = random_password.password.result
   parameter_group_name                  = length(var.parameter_group_name) == 0 ? aws_db_parameter_group.db_parameter_group[0].name : var.parameter_group_name
   tags                                  = var.labels

diff --git a/terraform/postgresql/provision/variables.tf b/terraform/postgresql/provision/variables.tf
@@ -63,4 +63,5 @@ variable "enable_export_postgresql_logs" { type = bool }
 variable "enable_export_upgrade_logs" { type = bool }
 variable "cloudwatch_postgresql_log_group_retention_in_days" { type = number }
 variable "cloudwatch_upgrade_log_group_retention_in_days" { type = number }
-variable "cloudwatch_log_groups_kms_key_id" { type = string }
+variable "cloudwatch_log_groups_kms_key_id" { type = string }
+variable "admin_username" { type = string }