IND-5776 Postgres passwordless release test

modules/runtime_container_engine_config/database_config.tf

@@ -3,25 +3,33 @@
 
 locals {
   database = {
-    TFE_DATABASE_USER                         = var.database_user
-    TFE_DATABASE_PASSWORD                     = var.database_password
-    TFE_DATABASE_HOST                         = var.database_host
-    TFE_DATABASE_NAME                         = var.database_name
-    TFE_DATABASE_PARAMETERS                   = var.database_parameters
-    TFE_DATABASE_USE_MTLS                     = var.database_use_mtls
-    TFE_DATABASE_CA_CERT_FILE                 = var.database_ca_cert_file
-    TFE_DATABASE_CLIENT_CERT_FILE             = var.database_client_cert_file
-    TFE_DATABASE_CLIENT_KEY_FILE              = var.database_client_key_file
-    TFE_DATABASE_PASSWORDLESS_AZURE_USE_MSI   = var.database_passwordless_azure_use_msi
-    TFE_DATABASE_PASSWORDLESS_AZURE_CLIENT_ID = var.database_passwordless_azure_client_id
+    TFE_DATABASE_USER                                        = var.database_user
+    TFE_DATABASE_PASSWORD                                    = var.database_password
+    TFE_DATABASE_HOST                                        = var.database_host
+    TFE_DATABASE_NAME                                        = var.database_name
+    TFE_DATABASE_PARAMETERS                                  = var.database_parameters
+    TFE_DATABASE_USE_MTLS                                    = var.database_use_mtls
+    TFE_DATABASE_CA_CERT_FILE                                = var.database_ca_cert_file
+    TFE_DATABASE_CLIENT_CERT_FILE                            = var.database_client_cert_file
+    TFE_DATABASE_CLIENT_KEY_FILE                             = var.database_client_key_file
+    TFE_DATABASE_PASSWORDLESS_AZURE_USE_MSI                  = var.database_passwordless_azure_use_msi
+    TFE_DATABASE_PASSWORDLESS_AZURE_CLIENT_ID                = var.database_passwordless_azure_client_id
+    TFE_DATABASE_PASSWORDLESS_AWS_USE_INSTANCE_PROFILE       = var.database_passwordless_aws_use_iam
+    TFE_DATABASE_PASSWORDLESS_AWS_REGION                     = var.database_passwordless_aws_region
+    TFE_DATABASE_PASSWORDLESS_GCP_USE_DEFAULT_CREDENTIALS    = var.database_passwordless_gcp_use_default_credentials
+    DATABASE_AUTH_USE_AWS_IAM                                = var.database_passwordless_aws_use_iam
+    DATABASE_AUTH_AWS_DB_REGION                              = var.database_passwordless_aws_region
+    DATABASE_AUTH_USE_GCP_IAM                                = var.database_passwordless_gcp_use_default_credentials
   }
   database_configuration = local.disk ? {} : local.database
   explorer_database = {
-    TFE_EXPLORER_DATABASE_HOST       = var.explorer_database_host
-    TFE_EXPLORER_DATABASE_NAME       = var.explorer_database_name
-    TFE_EXPLORER_DATABASE_USER       = var.explorer_database_user
-    TFE_EXPLORER_DATABASE_PASSWORD   = var.explorer_database_password
-    TFE_EXPLORER_DATABASE_PARAMETERS = var.explorer_database_parameters
+    TFE_EXPLORER_DATABASE_HOST                         = var.explorer_database_host
+    TFE_EXPLORER_DATABASE_NAME                         = var.explorer_database_name
+    TFE_EXPLORER_DATABASE_USER                         = var.explorer_database_user
+    TFE_EXPLORER_DATABASE_PASSWORD                     = var.explorer_database_password
+    TFE_EXPLORER_DATABASE_PARAMETERS                   = var.explorer_database_parameters
+    TFE_EXPLORER_DATABASE_PASSWORDLESS_AZURE_USE_MSI   = var.explorer_database_passwordless_azure_use_msi
+    TFE_EXPLORER_DATABASE_PASSWORDLESS_AZURE_CLIENT_ID = var.explorer_database_passwordless_azure_client_id
   }
   explorer_database_configuration = var.explorer_database_host == null ? {} : local.explorer_database
 }

modules/runtime_container_engine_config/redis_config.tf

@@ -20,6 +20,12 @@ locals {
     TFE_REDIS_PASSWORDLESS_AZURE_USE_MSI         = var.redis_passwordless_azure_use_msi
     TFE_REDIS_SIDEKIQ_PASSWORDLESS_AZURE_USE_MSI = var.redis_passwordless_azure_use_msi
     TFE_REDIS_PASSWORDLESS_AZURE_CLIENT_ID       = var.redis_passwordless_azure_client_id
+    # Additional legacy variables that TFE might expect
+    REDIS_HOST = var.redis_use_tls != null ? var.redis_use_tls ? "${var.redis_host}:6380" : var.redis_host : null
+    REDIS_USER = var.redis_user
+    REDIS_PASSWORD = var.redis_password
+    REDIS_USE_TLS = var.redis_use_tls ? "true" : "false"
+    REDIS_USE_AUTH = var.redis_use_auth ? "true" : "false"
   }
   redis_configuration = local.active_active ? local.redis : {}
 }

modules/runtime_container_engine_config/variables.tf

@@ -106,6 +106,24 @@ variable "database_passwordless_azure_client_id" {
   description = "Azure Managed Service Identity (MSI) Client ID. If not set, System Assigned Managed Identity will be used."
 }
 
+variable "database_passwordless_aws_use_iam" {
+  default     = false
+  type        = bool
+  description = "Whether or not to use AWS IAM authentication to connect to the PostgreSQL database. Defaults to false if no value is given."
+}
+
+variable "database_passwordless_aws_region" {
+  default     = ""
+  type        = string
+  description = "AWS region for IAM database authentication. Required when database_passwordless_aws_use_iam is true."
+}
+
+variable "database_passwordless_gcp_use_default_credentials" {
+  default     = false
+  type        = bool
+  description = "Whether or not to use Google Cloud default credentials (IAM) to connect to the PostgreSQL database. Defaults to false if no value is given."
+}
+
 variable "explorer_database_host" {
   type        = string
   default     = null
@@ -136,6 +154,18 @@ variable "explorer_database_user" {
   description = "PostgreSQL user. Required when TFE_OPERATIONAL_MODE is external or active-active."
 }
 
+variable "explorer_database_passwordless_azure_use_msi" {
+  default     = false
+  type        = bool
+  description = "Whether or not to use Azure Managed Service Identity (MSI) to connect to the explorer PostgreSQL database. Defaults to false if no value is given."
+}
+
+variable "explorer_database_passwordless_azure_client_id" {
+  default     = ""
+  type        = string
+  description = "Azure Managed Service Identity (MSI) Client ID for explorer database. If not set, System Assigned Managed Identity will be used."
+}
+
 variable "disk_path" {
   default     = null
   description = "The pathname of the directory in which Terraform Enterprise will store data in Mounted Disk mode. Required when var.operational_mode is 'disk'."
@@ -345,18 +375,6 @@ variable "redis_sentinel_password" {
   default     = null
 }
 
-variable "redis_passwordless_azure_use_msi" {
-  default     = false
-  type        = bool
-  description = "Whether or not to use Azure Managed Service Identity (MSI) to connect to the Redis server. Defaults to false if no value is given."
-}
-
-variable "redis_passwordless_azure_client_id" {
-  default     = ""
-  type        = string
-  description = "Azure Managed Service Identity (MSI) Client ID to be used for redis authentication. If not set, System Assigned Managed Identity will be used."
-}
-
 variable "run_pipeline_image" {
   type        = string
   description = "Container image used to execute Terraform runs. Leave blank to use the default image that comes with Terraform Enterprise. Defaults to \"\" if no value is given."