refactor: kms config + da SKIP UPGRADE TESTS

Author: Jordan-Williams2

modules/fscloud/README.md

@@ -59,11 +59,14 @@ No resources.
 | Name | Description |
 |------|-------------|
 | <a name="output_adminuser"></a> [adminuser](#output\_adminuser) | Database admin user name |
+| <a name="output_cbr_rule_ids"></a> [cbr\_rule\_ids](#output\_cbr\_rule\_ids) | CBR rule ids created to restrict MySQL |
 | <a name="output_certificate_base64"></a> [certificate\_base64](#output\_certificate\_base64) | Database connection certificate |
 | <a name="output_crn"></a> [crn](#output\_crn) | MySQL instance crn |
 | <a name="output_guid"></a> [guid](#output\_guid) | MySQL instance guid |
 | <a name="output_hostname"></a> [hostname](#output\_hostname) | Database connection hostname |
 | <a name="output_id"></a> [id](#output\_id) | MySQL instance id |
 | <a name="output_port"></a> [port](#output\_port) | Database connection port |
+| <a name="output_service_credentials_json"></a> [service\_credentials\_json](#output\_service\_credentials\_json) | Service credentials json map |
+| <a name="output_service_credentials_object"></a> [service\_credentials\_object](#output\_service\_credentials\_object) | Service credentials object |
 | <a name="output_version"></a> [version](#output\_version) | MySQL instance version |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

modules/fscloud/outputs.tf

@@ -42,3 +42,20 @@ output "certificate_base64" {
   value       = module.mysql_db.certificate_base64
   sensitive   = true
 }
+
+output "cbr_rule_ids" {
+  description = "CBR rule ids created to restrict MySQL"
+  value       = module.mysql_db.cbr_rule_ids
+}
+
+output "service_credentials_json" {
+  description = "Service credentials json map"
+  value       = module.mysql_db.service_credentials_json
+  sensitive   = true
+}
+
+output "service_credentials_object" {
+  description = "Service credentials object"
+  value       = module.mysql_db.service_credentials_object
+  sensitive   = true
+}

solutions/standard/DA-types.md

@@ -70,7 +70,7 @@ The following example includes all the configuration options for four service cr
   {
     "secret_group_name": "sg-1"
     "existing_secret_group": true
-    "service_credentials": [
+    "service_credentials": [                                          # pragma: allowlist secret
       {
         "secret_name": "cred-1"
         "service_credentials_source_service_role":  "Writer"
@@ -89,7 +89,7 @@ The following example includes all the configuration options for four service cr
   },
   {
     "secret_group_name": "sg-2"
-    "service_credentials": [
+    "service_credentials": [                                          # pragma: allowlist secret
       {
         "secret_name": "cred-3"
         "service_credentials_source_service_role": "Editor"
@@ -127,12 +127,12 @@ If you can't use the IAM-enabled `service_credential_names` input variable for a
 [
   {
     "name": "es_admin",
-    "password": "securepassword123",
+    "password": "securepassword123",  # pragma: allowlist secret
     "type": "database",
   },
   {
     "name": "es_reader",
-    "password": "readpassword123",
+    "password": "readpassword123",  # pragma: allowlist secret
     "type": "ops_manager"
   }
 ]

solutions/standard/main.tf

@@ -258,14 +258,14 @@ module "mysql" {
   use_same_kms_key_for_backups      = local.use_same_kms_key_for_backups
   use_default_backup_encryption_key = var.use_default_backup_encryption_key
   access_tags                       = var.access_tags
-  resource_tags                              = var.tags
+  resource_tags                     = var.tags
   admin_pass                        = local.admin_pass
   users                             = var.users
   members                           = var.members
   member_host_flavor                = var.member_host_flavor
-  member_memory_mb                         = var.member_memory_mb
-  member_disk_mb                           = var.member_disk_mb
-  member_cpu_count                         = var.member_cpu_count
+  member_memory_mb                  = var.member_memory_mb
+  member_disk_mb                    = var.member_disk_mb
+  member_cpu_count                  = var.member_cpu_count
   auto_scaling                      = var.auto_scaling
   service_credential_names          = var.service_credential_names
   backup_crn                        = var.backup_crn
@@ -333,4 +333,4 @@ module "secrets_manager_service_credentials" {
   existing_sm_instance_region = local.existing_secrets_manager_instance_region
   endpoint_type               = var.existing_secrets_manager_endpoint_type
   secrets                     = local.service_credential_secrets
-}
+}