fix(aws, stack): elasticache_transit_encryption_mode (#366)

swiknaba · web-flow · commit a7def452b8ed · 2024-08-31T19:12:25.000+02:00
* fix(aws, stack): elasticache_transit_encryption_mode

* fix: allow null for transit encryption mode

* fix: allow null

* stack: default to null

* Update variables.tf

* make nullable

* not nullable?

* do not use buggy contains
diff --git a/aws/elasticache/variables.tf b/aws/elasticache/variables.tf
@@ -84,10 +84,11 @@ variable "transit_encryption_enabled" {
 variable "transit_encryption_mode" {
   type        = string
   default     = "required"
+  nullable    = true
   description = "when migrating from no encryption to encryption, this must be set to 'preferred', then apply changes, then set to 'required'"
 
   validation {
-    condition     = contains(["required", "preferred"], var.transit_encryption_mode)
+    condition     = var.transit_encryption_mode == null || var.transit_encryption_mode == "required" || var.transit_encryption_mode == "preferred"
     error_message = "transit_encryption_mode must be either 'required' or 'preferred'"
   }
 }
@@ -116,6 +117,7 @@ variable "maxmemory_policy" {
   type        = string
   default     = null
   description = "Only effective, when NOT passing a custom parameter group name"
+
   validation {
     condition     = var.maxmemory_policy == null || contains(["volatile-lru", "allkeys-lru", "volatile-lfu", "allkeys-lfu", "volatile-random", "allkeys-random", "volatile-ttl", "noeviction"], var.maxmemory_policy)
     error_message = "maxmemory_policy must be one of volatile-lru, allkeys-lru, volatile-lfu, allkeys-lfu, volatile-random, allkeys-random, volatile-ttl, noeviction"
diff --git a/aws/stack/app/elasticache.tf b/aws/stack/app/elasticache.tf
@@ -29,4 +29,5 @@ module "elasticache" {
   cluster_mode               = var.elasticache_cluster_mode
   maxmemory_policy           = var.elasticache_maxmemory_policy == null ? (var.elasticache_cluster_mode ? "volatile-lru" : "noeviction") : var.elasticache_maxmemory_policy
   transit_encryption_enabled = var.elasticache_transit_encryption_enabled
+  transit_encryption_mode    = var.elasticache_transit_encryption_mode
 }
diff --git a/aws/stack/app/variables.tf b/aws/stack/app/variables.tf
@@ -397,6 +397,18 @@ variable "rds_ca_cert_identifier" {
 # =============== ECS ================ #
 variable "health_check_path" { default = "/livez" }
 
+variable "elasticache_transit_encryption_mode" {
+  type        = string
+  default     = null
+  nullable    = true
+  description = "when migrating from no encryption to encryption, this must be set to 'preferred', then apply changes, then set to 'required'"
+
+  validation {
+    condition     = var.elasticache_transit_encryption_mode == null || var.elasticache_transit_encryption_mode == "required" || var.elasticache_transit_encryption_mode == "preferred"
+    error_message = "elasticache_transit_encryption_mode must be either 'required' or 'preferred'"
+  }
+}
+
 variable "enable_container_insights" {
   type    = bool
   default = null

Original file line number	Diff line number	Diff line change
`@@ -29,4 +29,5 @@ module "elasticache" {`
`29`	`29`	`cluster_mode = var.elasticache_cluster_mode`
`30`	`30`	`maxmemory_policy = var.elasticache_maxmemory_policy == null ? (var.elasticache_cluster_mode ? "volatile-lru" : "noeviction") : var.elasticache_maxmemory_policy`
`31`	`31`	`transit_encryption_enabled = var.elasticache_transit_encryption_enabled`
	`32`	`+ transit_encryption_mode = var.elasticache_transit_encryption_mode`
`32`	`33`	`}`