From 642f2a9e70d99c29d549e64dcf00f9585df3699f Mon Sep 17 00:00:00 2001
From: Benjamin Edwards <edwards.benw@gmail.com>
Date: Mon, 20 May 2024 23:19:32 -0400
Subject: [PATCH] read replica support in external vuln scan module (#19166)

closes https://github.com/fleetdm/fleet/issues/18926
---
 terraform/addons/external-vuln-scans/main.tf | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/terraform/addons/external-vuln-scans/main.tf b/terraform/addons/external-vuln-scans/main.tf
index 1693667820..5d29d4dccd 100644
--- a/terraform/addons/external-vuln-scans/main.tf
+++ b/terraform/addons/external-vuln-scans/main.tf
@@ -14,7 +14,8 @@ locals {
   ]
   secrets = [
     for k, v in merge(var.fleet_config.extra_secrets, {
-      FLEET_MYSQL_PASSWORD = var.fleet_config.database.password_secret_arn
+      FLEET_MYSQL_PASSWORD              = var.fleet_config.database.password_secret_arn
+      FLEET_MYSQL_READ_REPLICA_PASSWORD = var.fleet_config.database.password_secret_arn
       }) : {
       name      = k
       valueFrom = v
@@ -83,6 +84,18 @@ resource "aws_ecs_task_definition" "vuln-processing" {
           name  = "FLEET_MYSQL_ADDRESS"
           value = var.fleet_config.database.address
         },
+        {
+          name  = "FLEET_MYSQL_READ_REPLICA_USERNAME"
+          value = var.fleet_config.database.user
+        },
+        {
+          name  = "FLEET_MYSQL_READ_REPLICA_DATABASE"
+          value = var.fleet_config.database.database
+        },
+        {
+          name  = "FLEET_MYSQL_READ_REPLICA_ADDRESS"
+          value = var.fleet_config.database.rr_address == null ? var.fleet_config.database.address : var.fleet_config.database.rr_address
+        },
         {
           name  = "FLEET_REDIS_ADDRESS"
           value = var.fleet_config.redis.address