refacto: moved db password gen away from top level

artefactory · May 21, 2021 · 585a8a2 · 585a8a2
1 parent 1f3155a
commit 585a8a2
Show file tree

Hide file tree

Showing 6 changed files with 7 additions and 20 deletions.
diff --git a/IaC/main.tf b/IaC/main.tf
@@ -36,10 +36,6 @@ resource "random_id" "artifacts_bucket_name_suffix" {
   byte_length = 5
 }
 
-resource "random_password" "password" {
-  length = 16
-}
-
 module "network" {
   source       = "./modules/network"
   network_name = var.network_name
@@ -49,7 +45,6 @@ module "mlflow" {
   source                       = "./modules/mlflow"
   mlflow_server                = var.mlflow_server
   artifacts_bucket_name        = "${var.artifacts_bucket}-${random_id.artifacts_bucket_name_suffix.hex}"
-  db_password_value            = random_password.password.result
   server_docker_image          = var.mlflow_docker_image
   project_id                   = var.project_id
   consent_screen_support_email = var.consent_screen_support_email

diff --git a/IaC/modules/mlflow/main.tf b/IaC/modules/mlflow/main.tf
@@ -15,6 +15,7 @@
 # You should have received a copy of the GNU Lesser General Public License
 # along with this program; if not, write to the Free Software Foundation,
 # Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
 module "artifacts" {
   source            = "./artifacts"
   bucket_name       = var.artifacts_bucket_name
@@ -26,7 +27,6 @@ module "artifacts" {
 module "db_secret" {
   source       = "./secret_manager"
   secret_id    = var.db_password_name
-  secret_value = var.db_password_value
 }
 
 module "database" {

diff --git a/IaC/modules/mlflow/secret_manager/main.tf b/IaC/modules/mlflow/secret_manager/main.tf
@@ -15,6 +15,11 @@
 # You should have received a copy of the GNU Lesser General Public License
 # along with this program; if not, write to the Free Software Foundation,
 # Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+resource "random_password" "password" {
+  length = 16
+}
+
 resource "google_secret_manager_secret" "secret" {
   provider = google-beta
 
@@ -25,12 +30,11 @@ resource "google_secret_manager_secret" "secret" {
   }
 }
 
-
 resource "google_secret_manager_secret_version" "secret-version" {
   provider = google-beta
 
   secret = google_secret_manager_secret.secret.id
 
-  secret_data = var.secret_value
+  secret_data = random_password.password.result
   depends_on  = [google_secret_manager_secret.secret]
 }
diff --git a/IaC/modules/mlflow/secret_manager/variables.tf b/IaC/modules/mlflow/secret_manager/variables.tf
@@ -19,10 +19,6 @@ variable "secret_id" {
   type        = string
   description = "Name of the secret you want to create"
 }
-variable "secret_value" {
-  type        = string
-  description = "value of the secret you want to create"
-}
 variable "module_depends_on" {
   type    = any
   default = null

diff --git a/IaC/modules/mlflow/variables.tf b/IaC/modules/mlflow/variables.tf
@@ -39,10 +39,6 @@ variable "db_password_name" {
   type        = string
   default     = "mlflow-db-pwd"
 }
-variable "db_password_value" {
-  description = "Value of the database password stored in secret manager"
-  type        = string
-}
 variable "db_username" {
   description = "Value of the database username"
   type        = string

diff --git a/IaC/variables.tf b/IaC/variables.tf
@@ -24,10 +24,6 @@ variable "artifacts_bucket" {
   type        = string
   default     = "oneclick-mlflow-store"
 }
-variable "db_password_value" {
-  description = "Database password to connect to your instance"
-  type        = string
-}
 variable "mlflow_docker_image" {
   description = "Docker image used in container registry"
   type        = string