From 9539b43f7d3bcc9bd74285bf2d45d46b705cf47f Mon Sep 17 00:00:00 2001 From: Michael Messmer Date: Mon, 8 Sep 2025 09:30:45 +0200 Subject: [PATCH 1/5] dafine list for user and db in postgbres module --- postgres/postgres.tf | 18 ++++++++++++------ postgres/variables.tf | 28 ++++++++-------------------- 2 files changed, 20 insertions(+), 26 deletions(-) diff --git a/postgres/postgres.tf b/postgres/postgres.tf index 22b1cd0..ccdda26 100644 --- a/postgres/postgres.tf +++ b/postgres/postgres.tf @@ -12,18 +12,24 @@ resource "stackit_postgresflex_instance" "this" { // Postgres User resource "stackit_postgresflex_user" "this" { + for_each = { + for db in var.postgres_databases : db.user_name => db + } depends_on = [ stackit_postgresflex_instance.this ] project_id = var.stackit_project_id instance_id = stackit_postgresflex_instance.this.instance_id - username = var.postgres_db_user_name - roles = var.postgres_db_user_roles + username = each.value.user_name + roles = each.value.user_roles } // Postgres Database resource "stackit_postgresflex_database" "this" { - depends_on = [ stackit_postgresflex_user.this ] + for_each = { + for db in var.postgres_databases : db.db_name => db + } + depends_on = [stackit_postgresflex_user.this] project_id = var.stackit_project_id instance_id = stackit_postgresflex_instance.this.instance_id - name = var.postgres_db_name - owner = var.postgres_db_user_name -} \ No newline at end of file + name = each.value.db_name + owner = each.value.user_name +} diff --git a/postgres/variables.tf b/postgres/variables.tf index b29923d..886fd59 100644 --- a/postgres/variables.tf +++ b/postgres/variables.tf @@ -10,11 +10,6 @@ variable "postgres_instance_name" { type = string } -# variable "postegres_instance_id" { -# description = "postgres instance id" -# type = string -# } - variable "postgres_instance_replicas" { description = "number of replicas for postgres instance" type = number @@ -58,19 +53,12 @@ variable "postgres_instance_region" { type = string } -# Postgres User Configs -variable "postgres_db_user_name" { - description = "username and owner for postgres db" - type = string -} - -variable "postgres_db_user_roles" { - description = "List of database access levels for the user. Supported values are: login, createdb." - type = list(string) -} - -# Postgres Database Configs -variable "postgres_db_name" { - description = "db name inside the instance" - type = string +# Postgres User and DB Configs +variable "postgres_databases" { + description = "list of users and databases" + type = list(object({ + db_name = string # db name inside the instance + user_name = string # username and owner for postgres db + user_roles = list(string) # List of database access levels for the user. Supported values are: login, createdb. + })) } \ No newline at end of file From d928465802bdcc5c04f6ddb6ead3f8305a18cefa Mon Sep 17 00:00:00 2001 From: Michael Messmer Date: Mon, 8 Sep 2025 14:03:42 +0200 Subject: [PATCH 2/5] add credential handling for multiple user/dbs --- postgres/outputs.tf | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/postgres/outputs.tf b/postgres/outputs.tf index 7e650ed..771bd13 100644 --- a/postgres/outputs.tf +++ b/postgres/outputs.tf @@ -39,3 +39,17 @@ output "postgres_user_id" { value = stackit_postgresflex_user.this.user_id } +output "postgres_credentials" { + value = { + for k, u in stackit_postgresflex_user.this : + k => { + host = u.host + username = u.username + password = u.password + port = u.port + db_name = stackit_postgresflex_database.this[u.owner].name + uri = u.uri + } + } + sensitive = true +} \ No newline at end of file From 09bff53f309b20ed085e6b09ba3ba07d7551307c Mon Sep 17 00:00:00 2001 From: Michael Messmer Date: Mon, 8 Sep 2025 14:27:49 +0200 Subject: [PATCH 3/5] test output --- postgres/outputs.tf | 60 ++++++++++++++++++++++----------------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/postgres/outputs.tf b/postgres/outputs.tf index 771bd13..7e8f64f 100644 --- a/postgres/outputs.tf +++ b/postgres/outputs.tf @@ -1,43 +1,43 @@ # Postgres Instance Output -output "postgres_instance_id" { - value = stackit_postgresflex_instance.this.instance_id -} +# output "postgres_instance_id" { +# value = stackit_postgresflex_instance.this.instance_id +# } - # Postgres Database Output - output "postgres_database_id" { - value = stackit_postgresflex_database.this.database_id - } +# Postgres Database Output +# output "postgres_database_id" { +# value = stackit_postgresflex_database.this.database_id +# } # Postgres User Output -output "postgres_host" { - value = stackit_postgresflex_user.this.host -} +# output "postgres_host" { +# value = stackit_postgresflex_user.this.host +# } -output "postgres_password" { - value = stackit_postgresflex_user.this.password - sensitive = true -} +# output "postgres_password" { +# value = stackit_postgresflex_user.this.password +# sensitive = true +# } -output "postgres_user" { - value = stackit_postgresflex_user.this.username -} +# output "postgres_user" { +# value = stackit_postgresflex_user.this.username +# } -output "postgres_port" { - value = stackit_postgresflex_user.this.port -} +# output "postgres_port" { +# value = stackit_postgresflex_user.this.port +# } -output "postgres_db_name" { - value = stackit_postgresflex_database.this.name -} +# output "postgres_db_name" { +# value = stackit_postgresflex_database.this.name +# } -output "postgres_uri" { - value = stackit_postgresflex_user.this.uri - sensitive = true -} +# output "postgres_uri" { +# value = stackit_postgresflex_user.this.uri +# sensitive = true +# } -output "postgres_user_id" { - value = stackit_postgresflex_user.this.user_id -} +# output "postgres_user_id" { +# value = stackit_postgresflex_user.this.user_id +# } output "postgres_credentials" { value = { From 3eed77d451a4140c7ec91df0db3fa583c89a1bc8 Mon Sep 17 00:00:00 2001 From: Michael Messmer Date: Mon, 8 Sep 2025 14:35:40 +0200 Subject: [PATCH 4/5] fix attribute --- postgres/outputs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/postgres/outputs.tf b/postgres/outputs.tf index 7e8f64f..aa7b509 100644 --- a/postgres/outputs.tf +++ b/postgres/outputs.tf @@ -47,7 +47,7 @@ output "postgres_credentials" { username = u.username password = u.password port = u.port - db_name = stackit_postgresflex_database.this[u.owner].name + db_name = stackit_postgresflex_database.this[u.username].name uri = u.uri } } From 2cade4eba27bc2e4a3873f59d551428afff50c58 Mon Sep 17 00:00:00 2001 From: Michael Messmer Date: Mon, 8 Sep 2025 16:00:13 +0200 Subject: [PATCH 5/5] finalize changes --- postgres/outputs.tf | 43 +++-------------------------- postgres/readme.md | 67 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+), 39 deletions(-) create mode 100644 postgres/readme.md diff --git a/postgres/outputs.tf b/postgres/outputs.tf index aa7b509..e846bfb 100644 --- a/postgres/outputs.tf +++ b/postgres/outputs.tf @@ -1,44 +1,9 @@ # Postgres Instance Output -# output "postgres_instance_id" { -# value = stackit_postgresflex_instance.this.instance_id -# } - -# Postgres Database Output -# output "postgres_database_id" { -# value = stackit_postgresflex_database.this.database_id -# } - -# Postgres User Output -# output "postgres_host" { -# value = stackit_postgresflex_user.this.host -# } - -# output "postgres_password" { -# value = stackit_postgresflex_user.this.password -# sensitive = true -# } - -# output "postgres_user" { -# value = stackit_postgresflex_user.this.username -# } - -# output "postgres_port" { -# value = stackit_postgresflex_user.this.port -# } - -# output "postgres_db_name" { -# value = stackit_postgresflex_database.this.name -# } - -# output "postgres_uri" { -# value = stackit_postgresflex_user.this.uri -# sensitive = true -# } - -# output "postgres_user_id" { -# value = stackit_postgresflex_user.this.user_id -# } +output "postgres_instance_id" { + value = stackit_postgresflex_instance.this.instance_id +} +# Postgres Credential Output output "postgres_credentials" { value = { for k, u in stackit_postgresflex_user.this : diff --git a/postgres/readme.md b/postgres/readme.md new file mode 100644 index 0000000..d6635c0 --- /dev/null +++ b/postgres/readme.md @@ -0,0 +1,67 @@ +# Module for creating Postgres Flex Instance with Databases and Users + +## Example + +```main.tf + +# Postgres Flex Instance +module "postgres-flex" { + source = "git::https://commerce-platform.git.onstackit.cloud/commerce-platform-public/terraform-modules//postgres?ref=main + stackit_project_id = local.stackit_project_id + postgres_instance_name = "example-db" + postgres_instance_replicas = 1 + postgres_instance_storage = { + class = "premium-perf2-stackit" + size = 5 + } + + postgres_instance_flavor = { + cpu = 2 + ram = 4 + } + + postgres_instance_acl = [ + "193.148.160.0/19", + "45.129.40.0/21" + ] + + postgres_instance_backup_schedule = "00 02 * * *" + postgres_instance_version = "17" + postgres_instance_region = "eu01" + + postgres_databases = [ + { + db_name = "database-a" + user_name = "user-a" + user_roles = ["createdb", "login"] + }, + { + db_name = "database-b" + user_name = "user-b" + user_roles = ["createdb", "login"] + }, + ] +} + +# safe credentials +module "postgres-credentials-sm-a" { + source = "git::https://commerce-platform.git.onstackit.cloud/commerce-platform-public/terraform-modules//create-secret?ref=main" + secret_manager_instance_id = local.secret_manager_instance_id + secret_manager_username = var.secret_manager_username + secret_manager_password = var.secret_manager_password + + secrets_path = "service-a/postgres" + secret_data = module.postgres-flex.postgres_credentials["user-a"] +} + +module "postgres-credentials-sm-b" { + source = "git::https://commerce-platform.git.onstackit.cloud/commerce-platform-public/terraform-modules//create-secret?ref=main" + secret_manager_instance_id = local.secret_manager_instance_id + secret_manager_username = var.secret_manager_username + secret_manager_password = var.secret_manager_password + + secrets_path = "service-b/postgres" + secret_data = module.postgres-flex.postgres_credentials["user-b"] +} + +``` \ No newline at end of file