Skip to content

IND-5776 Postgres passwordless release test #188

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 8 commits into from
Closed

IND-5776 Postgres passwordless release test #188

wants to merge 8 commits into from

Conversation

@raviharshicorp
Copy link

@raviharshicorp raviharshicorp commented Sep 30, 2025
edited
Loading

@raviharshicorp
Add AWS IAM database authentication support
b5c3c41 
- Add database_passwordless_aws_use_iam and database_passwordless_aws_region variables to runtime_container_engine_config module
- Configure DATABASE_AUTH_USE_AWS_IAM and DATABASE_AUTH_AWS_DB_REGION environment variables in database config
- Enable AWS IAM database authentication when enabled
@raviharshicorp
Add AWS IAM database authentication support
e3e43dd 
- Add database_passwordless_aws_use_iam and database_passwordless_aws_region variables
- Configure DATABASE_AUTH_USE_AWS_IAM and DATABASE_AUTH_AWS_DB_REGION environment variables
- Enable AWS IAM passwordless authentication for TFE runtime containers
@hashicorp-cla-app
Copy link

hashicorp-cla-app bot commented Sep 30, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

@hashicorp-cla-app
Copy link

hashicorp-cla-app bot commented Sep 30, 2025

CLA assistant check

Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement

Learn more about why HashiCorp requires a CLA and what the CLA includes

Have you signed the CLA already but the status is still pending? Recheck it.

@raviharshicorp raviharshicorp changed the title postgres passwordless release test IND-5776 Postgres passwordless release test Oct 7, 2025
@raviharshicorp
Fix duplicate variable declarations for AWS IAM database authentication
a69de1c 
- Remove duplicate database_passwordless_aws_use_iam variable
- Remove duplicate database_passwordless_aws_region variable
- Variables are now declared only once as intended
tauhid621
tauhid621 reviewed Oct 8, 2025
View reviewed changes
modules/runtime_container_engine_config/database_config.tf Outdated
TFE_DATABASE_CLIENT_KEY_FILE = var.database_client_key_file
TFE_DATABASE_PASSWORDLESS_AZURE_USE_MSI = var.database_passwordless_azure_use_msi
TFE_DATABASE_PASSWORDLESS_AZURE_CLIENT_ID = var.database_passwordless_azure_client_id
DATABASE_AUTH_USE_AWS_IAM = var.database_passwordless_aws_use_iam
Copy link
Contributor

@tauhid621 tauhid621 Oct 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are the variables not starting with TFE here?.
We should have consistency with other variables

@raviharshicorp
Fix: Add missing TFE_DATABASE_PASSWORDLESS_AWS_USE_INSTANCE_PROFILE f…
86eec09 
…or postgres passwordless

This critical fix adds the missing TFE_ prefixed environment variables that
the Go config system requires to properly configure AWS RDS IAM authentication.

Without these variables, the terraform-enterprise Go application cannot
read the passwordless configuration via envconfig, causing 502 errors.

Added:
- TFE_DATABASE_PASSWORDLESS_AWS_USE_INSTANCE_PROFILE (for Go config system)
- TFE_DATABASE_PASSWORDLESS_AWS_REGION (for Go config system)

Kept existing:
- DATABASE_AUTH_USE_AWS_IAM (for Atlas Ruby application)
- DATABASE_AUTH_AWS_DB_REGION (for Atlas Ruby application)

This matches the pattern used in redis_config.tf and ensures both
configuration systems receive the required environment variables.
@raviharshicorp
Remove Redis AWS IAM passwordless variables from PostgreSQL-only branch
014a42f
@raviharshicorp
Remove all Redis AWS IAM passwordless configurations from PostgreSQL-…
7da773e 
…only branch

- Remove Redis AWS IAM variables from runtime_container_engine_config
- Remove Redis AWS IAM variables from settings module
- Remove Redis AWS IAM configuration from tfe_redis_config.tf
- Keep only Azure MSI Redis variables that were in main branch
- This branch should only contain PostgreSQL passwordless authentication
@raviharshicorp
Complete cleanup of Redis AWS IAM references from redis_config.tf
6c5ed8a
@raviharshicorp
Add GCP IAM database authentication support
f260178 
- Add database_passwordless_gcp_use_default_credentials variable
- Add DATABASE_AUTH_USE_GCP_IAM environment variable configuration
- Required for GCP postgres passwordless authentication in terraform-google-terraform-enterprise
@raviharshicorp raviharshicorp force-pushed the pravi-postgres-passwordless branch from 619a350 to f260178 Compare October 31, 2025 14:42
@raviharshicorp raviharshicorp deleted the pravi-postgres-passwordless branch October 31, 2025 14:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tauhid621 tauhid621 tauhid621 left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@raviharshicorp @tauhid621