Skip to content
This repository was archived by the owner on Nov 26, 2025. It is now read-only.

Add AWS IAM PostgreSQL passwordless authentication support#379

Closed
raviharshicorp wants to merge 15 commits intomainfrom
pravi/IND-5776
Closed

Add AWS IAM PostgreSQL passwordless authentication support#379
raviharshicorp wants to merge 15 commits intomainfrom
pravi/IND-5776

Conversation

@raviharshicorp
Copy link

@raviharshicorp raviharshicorp commented Oct 7, 2025

  • Add postgres-passwordless module with IAM authentication
  • Update database module to support IAM authentication options
  • Add variables for enabling postgres passwordless mode
  • Update main module integration for postgres passwordless

Background

This enables PostgreSQL database authentication using AWS IAM instead of traditional username/password authentication.

Relates OR Closes https://github.com/hashicorp/terraform-enterprise/pull/3079

How Has This Been Tested

CI/CD: https://github.com/hashicorp/terraform-enterprise/actions/runs/18079265431/job/51440243884

@raviharshicorp
Add AWS IAM PostgreSQL passwordless authentication support
4e414ca 
- Add postgres-passwordless module with IAM authentication
- Update database module to support IAM authentication options
- Add variables for enabling postgres passwordless mode
- Update main module integration for postgres passwordless

This enables PostgreSQL database authentication using AWS IAM instead of traditional username/password authentication.
@hashicorp-cla-app
Copy link

hashicorp-cla-app bot commented Oct 7, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

@hashicorp-cla-app
Copy link

hashicorp-cla-app bot commented Oct 7, 2025

CLA assistant check

Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement

Learn more about why HashiCorp requires a CLA and what the CLA includes

Have you signed the CLA already but the status is still pending? Recheck it.

@raviharshicorp raviharshicorp mentioned this pull request Oct 7, 2025
Closed
@raviharshicorp
Fix terraform formatting issues
43ba0e2 
- Apply terraform fmt to align with CI/CD formatting requirements
- Fix alignment in locals.tf for database module references
- Fix alignment in main.tf for database module parameters
- Fix alignment in modules/database/main.tf
@raviharshicorp raviharshicorp mentioned this pull request Oct 7, 2025
Closed
@raviharshicorp
Remove documentation files from commit
ad4c7a8 
Documentation will be added separately in future PR
tauhid621
tauhid621 suggested changes Oct 9, 2025
View reviewed changes
Copy link

@tauhid621 tauhid621 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The postgres-passwordless module does not seem to be used here. We are just deploying normal postgres in this.
The approach is also not similar to general use case. Look like we are creating an VM and running postgres using docker.

We should use a RDS instance for this.

@raviharshicorp raviharshicorp force-pushed the pravi/IND-5776 branch 2 times, most recently from 2ebf76b to f36dc79 Compare October 29, 2025 22:12
@raviharshicorp
Add PostgreSQL IAM policy output and database outputs for passwordles…
b7ecd6f 
…s authentication

- Add postgres_iam_policy_arn output to service_accounts module
- Add database_endpoint, database_name, database_username, database_password outputs to root module
- Remove all Redis IAM authentication code to keep this branch PostgreSQL-only
@raviharshicorp
Remove Redis AWS IAM references from runtime_container_engine_config …
d1dd131 
…module call

This fixes the module reference errors by removing Redis AWS IAM variables that no longer exist in the PostgreSQL-only terraform-random-tfe-utility branch.
@raviharshicorp
Add missing IAM authentication support to service_accounts module
a20025a 
- Add IAM authentication variables to service_accounts/variables.tf
- Add PostgreSQL IAM policy resource and attachment to service_accounts/main.tf
- Fixes PostgreSQL passwordless authentication support for FDO tests
@raviharshicorp
Add redis_enable_iam_auth variable to redis module
364737a 
- Fixes missing variable support for Redis IAM authentication
- Required for PostgreSQL passwordless authentication tests
@raviharshicorp
Revert terraform-random-tfe-utility module sources to git references
b0f4325 
- Change local file paths back to git::https:// URLs for CI compatibility
- Ensures modules can be downloaded in CI environment
- Fixes 'no such file or directory' errors in release tests
@raviharshicorp
Add missing IAM authentication variables to root module
d261b43 
- Add redis_enable_iam_auth variable for Redis IAM authentication control
- Add db_iam_username variable for PostgreSQL IAM username specification
- Required for PostgreSQL passwordless authentication tests
@raviharshicorp
Add Azure MSI Redis variables for passwordless authentication
ba49680
@raviharshicorp
Pass Azure MSI Redis variables to runtime container engine config
89200d4
@raviharshicorp
Remove duplicate IAM authentication variables
472e220
@raviharshicorp
Fix variables.tf syntax after removing duplicates
ccc2e95
@raviharshicorp
Remove Azure MSI Redis variables (not needed for AWS testing)
16943ef
@raviharshicorp
Re-add db_iam_username variable that was accidentally removed
36709ca
@raviharshicorp raviharshicorp force-pushed the pravi/IND-5776 branch 2 times, most recently from 93770b3 to 36709ca Compare October 30, 2025 11:32
@raviharshicorp
Copy link
Author

raviharshicorp commented Nov 19, 2025

Closing this as opening new PR: #381

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@tauhid621 tauhid621 tauhid621 requested changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@raviharshicorp @tauhid621