fix: Randomize SSM parameter name for Grafana token (#272)

bonclay7 · web-flow · commit 71006497c3c5 · 2024-05-10T11:10:47.000+02:00
* Randomize SSM parameter name for GF token

* Run pre-commit

* Add versions
diff --git a/examples/existing-cluster-with-base-and-infra/cleanup.sh b/examples/existing-cluster-with-base-and-infra/cleanup.sh
@@ -28,4 +28,4 @@ if [[ $? -eq 0 && $destroy_output == *"Destroy complete!"* ]]; then
 else
   echo "FAILED: Terraform destroy of all targets failed"
   exit 1
-fi
+fi
diff --git a/examples/existing-cluster-with-base-and-infra/install.sh b/examples/existing-cluster-with-base-and-infra/install.sh
@@ -29,4 +29,4 @@ if [[ ${PIPESTATUS[0]} -eq 0 && $apply_output == *"Apply complete"* ]]; then
 else
   echo "FAILED: Terraform apply of all modules failed"
   exit 1
-fi
+fi
diff --git a/modules/eks-monitoring/add-ons/external-secrets/README.md b/modules/eks-monitoring/add-ons/external-secrets/README.md
@@ -11,13 +11,15 @@ This deploys an EKS Cluster with the External Secrets Operator. The cluster is p
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
 | <a name="requirement_kubectl"></a> [kubectl](#requirement\_kubectl) | >= 2.0.3 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.10 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >= 3.6.1 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
 | <a name="provider_kubectl"></a> [kubectl](#provider\_kubectl) | >= 2.0.3 |
+| <a name="provider_random"></a> [random](#provider\_random) | >= 3.6.1 |
 
 ## Modules
 
@@ -35,6 +37,7 @@ This deploys an EKS Cluster with the External Secrets Operator. The cluster is p
 | [aws_ssm_parameter.secret](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_parameter) | resource |
 | [kubectl_manifest.cluster_secretstore](https://registry.terraform.io/providers/alekc/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.secret](https://registry.terraform.io/providers/alekc/kubectl/latest/docs/resources/manifest) | resource |
+| [random_uuid.grafana_key_suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/uuid) | resource |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
 ## Inputs
diff --git a/modules/eks-monitoring/add-ons/external-secrets/main.tf b/modules/eks-monitoring/add-ons/external-secrets/main.tf
@@ -76,8 +76,11 @@ YAML
   depends_on = [module.external_secrets]
 }
 
+resource "random_uuid" "grafana_key_suffix" {
+}
+
 resource "aws_ssm_parameter" "secret" {
-  name        = "/terraform-accelerator/grafana-api-key"
+  name        = "/terraform-accelerator/grafana-api-key/${random_uuid.grafana_key_suffix.result}"
   description = "SSM Secret to store grafana API Key"
   type        = "SecureString"
   value = jsonencode({
diff --git a/modules/eks-monitoring/add-ons/external-secrets/versions.tf b/modules/eks-monitoring/add-ons/external-secrets/versions.tf
@@ -14,5 +14,9 @@ terraform {
       source  = "alekc/kubectl"
       version = ">= 2.0.3"
     }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 3.6.1"
+    }
   }
 }

-Original file line number
+Diff line change
 else
   echo "FAILED: Terraform destroy of all targets failed"
   exit 1
 -fi
 +fi
Original file line number	Diff line number	Diff line change
`@@ -14,5 +14,9 @@ terraform {`
`14`	`14`	`source = "alekc/kubectl"`
`15`	`15`	`version = ">= 2.0.3"`
`16`	`16`	`}`
	`17`	`+ random = {`
	`18`	`+ source = "hashicorp/random"`
	`19`	`+ version = ">= 3.6.1"`
	`20`	`+ }`
`17`	`21`	`}`
`18`	`22`	`}`