feat: Support additional security group ingress for rds (#3267)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: czi-github-helper[bot] <czi-github-helper[bot]@users.noreply.github.com>

terraform/modules/happy-env-eks/README.md

@@ -62,7 +62,7 @@ https://docs.google.com/drawings/d/1AsJts2qCmw7685A6WZPDb5ApkXyuPRc27Lg3zzWuPaA/
 | <a name="input_oidc_config"></a> [oidc\_config](#input\_oidc\_config) | OIDC configuration for the happy stacks in this environment. | <pre>object({<br>    login_uri                  = optional(string, ""),<br>    grant_types                = optional(set(string), ["authorization_code", "refresh_token"])<br>    redirect_uris              = optional(set(string), []),<br>    teams                      = optional(set(string), []),<br>    app_type                   = optional(string, "web"),<br>    token_endpoint_auth_method = optional(string, "client_secret_basic"),<br>  })</pre> | `{}` | no |
 | <a name="input_okta_teams"></a> [okta\_teams](#input\_okta\_teams) | The set of Okta teams to give access to the Okta app | `set(string)` | `null` | no |
 | <a name="input_ops_genie_owner_team"></a> [ops\_genie\_owner\_team](#input\_ops\_genie\_owner\_team) | The name of the Opsgenie team that will own the alerts for this happy environment | `string` | `"Core Infra Eng"` | no |
-| <a name="input_rds_dbs"></a> [rds\_dbs](#input\_rds\_dbs) | Map of DB's to create for your happy applications. If an engine\_version is not provided, the default\_db\_engine\_version is used | <pre>map(object({<br>    engine_version : string,<br>    instance_class : string,<br>    username : string,<br>    name : string,<br>    rds_cluster_parameters : optional(list(<br>      map(any)), []<br>    ),<br>  }))</pre> | `{}` | no |
+| <a name="input_rds_dbs"></a> [rds\_dbs](#input\_rds\_dbs) | Map of DB's to create for your happy applications. If an engine\_version is not provided, the default\_db\_engine\_version is used | <pre>map(object({<br>    engine_version : string,<br>    instance_class : string,<br>    username : string,<br>    name : string,<br>    rds_cluster_parameters : optional(list(<br>      map(any)), []<br>    ),<br>    additional_ingress_security_groups : optional(list(string), []),<br>  }))</pre> | `{}` | no |
 | <a name="input_s3_buckets"></a> [s3\_buckets](#input\_s3\_buckets) | Map of S3 buckets to create for your happy applications | <pre>map(object(<br>    {<br>      name   = string<br>      policy = optional(string, "")<br>  }))</pre> | `{}` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Standard tags. Typically generated by fogg | <pre>object({<br>    env : string,<br>    owner : string,<br>    project : string,<br>    service : string,<br>    managedBy : string,<br>  })</pre> | n/a | yes |
 | <a name="input_waf_arn"></a> [waf\_arn](#input\_waf\_arn) | A regional WAF ARN to attach to the happy ingress. | `string` | `null` | no |

terraform/modules/happy-env-eks/db.tf

@@ -21,7 +21,7 @@ module "dbs" {
   database_username          = each.value["username"]
   database_subnet_group      = var.cloud-env.database_subnet_group
   engine_version             = coalesce(each.value["engine_version"], var.default_db_engine_version)
-  ingress_security_groups    = [var.eks-cluster.worker_security_group]
+  ingress_security_groups    = concat([var.eks-cluster.worker_security_group], each.value["additional_ingress_security_groups"])
   instance_class             = each.value.instance_class
   instance_count             = 1
   vpc_id                     = var.cloud-env.vpc_id

terraform/modules/happy-env-eks/variables.tf

@@ -37,6 +37,7 @@ variable "rds_dbs" {
     rds_cluster_parameters : optional(list(
       map(any)), []
     ),
+    additional_ingress_security_groups : optional(list(string), []),
   }))
   default = {}
 }