From d3868b6ee3872ce0a278ccac06ac2df629b221ba Mon Sep 17 00:00:00 2001 From: Benjamin Smith Date: Mon, 12 Feb 2024 14:54:22 -0800 Subject: [PATCH] add new example, revert to join("" to avoid type changes during this update. --- elasticsearch_domain.tf | 4 ++-- examples/opensearch_basic/main.tf | 28 +++++++++++++++++++++++++++ examples/opensearch_basic/versions.tf | 10 ++++++++++ main.tf | 18 ++++++++--------- 4 files changed, 49 insertions(+), 11 deletions(-) create mode 100644 examples/opensearch_basic/main.tf create mode 100644 examples/opensearch_basic/versions.tf diff --git a/elasticsearch_domain.tf b/elasticsearch_domain.tf index a6cce34..a185a41 100644 --- a/elasticsearch_domain.tf +++ b/elasticsearch_domain.tf @@ -5,7 +5,7 @@ resource "aws_elasticsearch_domain_policy" "default" { count = local.elasticsearch_enabled && (length(var.iam_authorizing_role_arns) > 0 || length(var.iam_role_arns) > 0) ? 1 : 0 domain_name = module.this.id - access_policies = one(data.aws_iam_policy_document.default[*].json) + access_policies = join("", data.aws_iam_policy_document.default[*].json) } resource "aws_elasticsearch_domain" "default" { @@ -97,7 +97,7 @@ resource "aws_elasticsearch_domain" "default" { for_each = var.vpc_enabled ? [true] : [] content { - security_group_ids = var.create_security_group ? [one(aws_security_group.default[*].id)] : var.security_groups + security_group_ids = var.create_security_group ? [ join("", aws_security_group.default[*].id)] : var.security_groups subnet_ids = var.subnet_ids } } diff --git a/examples/opensearch_basic/main.tf b/examples/opensearch_basic/main.tf new file mode 100644 index 0000000..9bceee1 --- /dev/null +++ b/examples/opensearch_basic/main.tf @@ -0,0 +1,28 @@ +provider "aws" { + region = "us-east-2" +} + +module "opensearch" { + source = "../../" + namespace = "eg" + stage = "dev" + name = "es" + dns_zone_id = "Z14EN2YD427LRQ" + security_groups = ["sg-XXXXXXXXX", "sg-YYYYYYYY"] + vpc_id = "vpc-XXXXXXXXX" + subnet_ids = ["subnet-XXXXXXXXX", "subnet-YYYYYYYY"] + zone_awareness_enabled = "true" + aws_service_type = "opensearch" + elasticsearch_version = "OpenSearch_2.9" + instance_type = "t3.small.search" + instance_count = 4 + ebs_volume_size = 10 + iam_role_arns = ["arn:aws:iam::XXXXXXXXX:role/ops", "arn:aws:iam::XXXXXXXXX:role/dev"] + iam_actions = ["es:ESHttpGet", "es:ESHttpPut", "es:ESHttpPost"] + encrypt_at_rest_enabled = "true" + kibana_subdomain_name = "kibana-es" + + advanced_options = { + "rest.action.multi.allow_explicit_index" = "true" + } +} diff --git a/examples/opensearch_basic/versions.tf b/examples/opensearch_basic/versions.tf new file mode 100644 index 0000000..fe97db9 --- /dev/null +++ b/examples/opensearch_basic/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.3" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.0" + } + } +} diff --git a/main.tf b/main.tf index 53eb3e6..d0e193e 100644 --- a/main.tf +++ b/main.tf @@ -4,11 +4,11 @@ locals { service_linked_role_name = local.elasticsearch_enabled ? "AWSServiceRoleForAmazonElasticsearchService" : "AWSServiceRoleForAmazonOpenSearchService" - aws_service_domain_arn = coalesce(one(aws_elasticsearch_domain.default[*].arn), one(aws_opensearch_domain.default[*].arn)) - aws_service_domain_endpoint = coalesce(one(aws_elasticsearch_domain.default[*].endpoint), one(aws_opensearch_domain.default[*].endpoint)) - aws_service_domain_id = coalesce(one(aws_elasticsearch_domain.default[*].domain_id), one(aws_opensearch_domain.default[*].domain_id)) - aws_service_domain_name = coalesce(one(aws_elasticsearch_domain.default[*].domain_name), one(aws_opensearch_domain.default[*].domain_name)) - aws_service_domain_kibana_endpoint = coalesce(one(aws_elasticsearch_domain.default[*].kibana_endpoint), one(aws_opensearch_domain.default[*].kibana_endpoint)) + aws_service_domain_arn = coalesce(join("", aws_elasticsearch_domain.default[*].arn), join("", aws_opensearch_domain.default[*].arn)) + aws_service_domain_endpoint = coalesce(join("", aws_elasticsearch_domain.default[*].endpoint), join("", aws_opensearch_domain.default[*].endpoint)) + aws_service_domain_id = coalesce(join("", aws_elasticsearch_domain.default[*].domain_id), join("", aws_opensearch_domain.default[*].domain_id)) + aws_service_domain_name = coalesce(join("", aws_elasticsearch_domain.default[*].domain_name), join("", aws_opensearch_domain.default[*].domain_name)) + aws_service_domain_kibana_endpoint = coalesce(join("", aws_elasticsearch_domain.default[*].kibana_endpoint), join("", aws_opensearch_domain.default[*].kibana_endpoint)) } module "user_label" { @@ -49,7 +49,7 @@ resource "aws_security_group_rule" "ingress_security_groups" { to_port = var.ingress_port_range_end protocol = "tcp" source_security_group_id = var.security_groups[count.index] - security_group_id = one(aws_security_group.default[*].id) + security_group_id = join("", aws_security_group.default[*].id) } resource "aws_security_group_rule" "ingress_cidr_blocks" { @@ -60,7 +60,7 @@ resource "aws_security_group_rule" "ingress_cidr_blocks" { to_port = var.ingress_port_range_end protocol = "tcp" cidr_blocks = var.allowed_cidr_blocks - security_group_id = one(aws_security_group.default[*].id) + security_group_id = join("", aws_security_group.default[*].id) } resource "aws_security_group_rule" "egress" { @@ -71,7 +71,7 @@ resource "aws_security_group_rule" "egress" { to_port = 65535 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] - security_group_id = one(aws_security_group.default[*].id) + security_group_id = join("", aws_security_group.default[*].id) } # https://github.com/terraform-providers/terraform-provider-aws/issues/5218 @@ -85,7 +85,7 @@ resource "aws_iam_service_linked_role" "default" { resource "aws_iam_role" "elasticsearch_user" { count = module.this.enabled && var.create_elasticsearch_user_role && (length(var.iam_authorizing_role_arns) > 0 || length(var.iam_role_arns) > 0) ? 1 : 0 name = module.user_label.id - assume_role_policy = one(data.aws_iam_policy_document.assume_role[*].json) + assume_role_policy = join("", data.aws_iam_policy_document.assume_role[*].json) description = "IAM Role to assume to access the Elasticsearch ${module.this.id} cluster" tags = module.user_label.tags