From 3909eeab7bef34b84feb0978a5fffc2c47a94fe1 Mon Sep 17 00:00:00 2001 From: Stanislav Kopp Date: Wed, 15 Oct 2025 09:32:20 +0200 Subject: [PATCH 1/9] Bump stackit version to 0.68.0 --- dns/providers.tf | 2 +- mongodb/providers.tf | 2 +- objectstorage/providers.tf | 2 +- observability/providers.tf | 2 +- postgres/providers.tf | 2 +- rabbitmq/providers.tf | 2 +- redis/providers.tf | 2 +- ske-cluster/providers.tf | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/dns/providers.tf b/dns/providers.tf index 96e3e65..954cee6 100644 --- a/dns/providers.tf +++ b/dns/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { stackit = { source = "stackitcloud/stackit" - version = "~> 0.61.0" + version = "~> 0.68.0" } } } diff --git a/mongodb/providers.tf b/mongodb/providers.tf index 792bab1..954cee6 100644 --- a/mongodb/providers.tf +++ b/mongodb/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { stackit = { source = "stackitcloud/stackit" - version = "~> 0.50.0" + version = "~> 0.68.0" } } } diff --git a/objectstorage/providers.tf b/objectstorage/providers.tf index 792bab1..954cee6 100644 --- a/objectstorage/providers.tf +++ b/objectstorage/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { stackit = { source = "stackitcloud/stackit" - version = "~> 0.50.0" + version = "~> 0.68.0" } } } diff --git a/observability/providers.tf b/observability/providers.tf index b96dabd..f073db7 100644 --- a/observability/providers.tf +++ b/observability/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { stackit = { source = "stackitcloud/stackit" - version = "~> 0.50.0" + version = "~> 0.68.0" } grafana = { source = "grafana/grafana" diff --git a/postgres/providers.tf b/postgres/providers.tf index 792bab1..954cee6 100644 --- a/postgres/providers.tf +++ b/postgres/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { stackit = { source = "stackitcloud/stackit" - version = "~> 0.50.0" + version = "~> 0.68.0" } } } diff --git a/rabbitmq/providers.tf b/rabbitmq/providers.tf index 792bab1..954cee6 100644 --- a/rabbitmq/providers.tf +++ b/rabbitmq/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { stackit = { source = "stackitcloud/stackit" - version = "~> 0.50.0" + version = "~> 0.68.0" } } } diff --git a/redis/providers.tf b/redis/providers.tf index 1d527de..9596bbb 100644 --- a/redis/providers.tf +++ b/redis/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { stackit = { source = "stackitcloud/stackit" - version = "~> 0.50.0" + version = "~> 0.68.0" } } diff --git a/ske-cluster/providers.tf b/ske-cluster/providers.tf index c3406cd..954cee6 100644 --- a/ske-cluster/providers.tf +++ b/ske-cluster/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { stackit = { source = "stackitcloud/stackit" - version = "~> 0.62.0" + version = "~> 0.68.0" } } } From 68a6e7b5a8dbcf41f56b74d323a672f05204d27e Mon Sep 17 00:00:00 2001 From: Florian Heuer Date: Tue, 4 Nov 2025 13:14:40 +0100 Subject: [PATCH 2/9] add new option variables --- mongodb/variables.tf | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/mongodb/variables.tf b/mongodb/variables.tf index e69bd6f..b3f127f 100644 --- a/mongodb/variables.tf +++ b/mongodb/variables.tf @@ -30,7 +30,9 @@ variable "mongodb_instance_flavor" { variable "mongodb_instance_options" { description = "options for mongodb" type = object({ - type = string + type = string + snapshot_retention_days = number + point_in_time_window_hours = number }) } From c23b03d9c52ad5e94d2cf5f635101f6f87a87033 Mon Sep 17 00:00:00 2001 From: Florian Heuer Date: Tue, 4 Nov 2025 17:38:12 +0100 Subject: [PATCH 3/9] cleanup --- mongodb/mongodb.tf | 27 --------------------------- 1 file changed, 27 deletions(-) diff --git a/mongodb/mongodb.tf b/mongodb/mongodb.tf index 5ee3a58..010010c 100644 --- a/mongodb/mongodb.tf +++ b/mongodb/mongodb.tf @@ -19,30 +19,3 @@ resource "stackit_mongodbflex_user" "this" { roles = var.mongodb_user_roles database = var.mongodb_user_database } - -# // Configure Secret Manager Provider -# provider "vault" { -# address = "https://prod.sm.eu01.stackit.cloud" -# skip_child_token = true -# auth_login_userpass { -# username = var.secret_manager_username -# password = var.secret_manager_password -# } -# } - -# // Store MongoDB Credentials in Secret Manager -# resource "vault_kv_secret_v2" "mongodb_cred_save" { -# mount = var.secret_manager_instance_id -# name = var.mongodb_secrets_path -# cas = 1 -# delete_all_versions = true -# data_json = jsonencode( -# { -# username = stackit_mongodbflex_user.mongodb_user.username, -# password = stackit_mongodbflex_user.mongodb_user.password, -# host = stackit_mongodbflex_user.mongodb_user.host, -# port = stackit_mongodbflex_user.mongodb_user.port, -# uri = stackit_mongodbflex_user.mongodb_user.uri -# } -# ) -# } From 690920850522f9bad2b456d4afbc6240198612bc Mon Sep 17 00:00:00 2001 From: Stanislav Kopp Date: Wed, 26 Nov 2025 10:23:57 +0100 Subject: [PATCH 4/9] enable edits to contact-points --- grafana/contact-point-gchat/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/grafana/contact-point-gchat/main.tf b/grafana/contact-point-gchat/main.tf index bed73bf..6056258 100644 --- a/grafana/contact-point-gchat/main.tf +++ b/grafana/contact-point-gchat/main.tf @@ -1,5 +1,6 @@ resource "grafana_contact_point" "this" { name = var.contact_point_name + disable_provenance = true googlechat { url = var.gchat_url From d361fa8da99a185173eec9a0dd27e62c014d39c2 Mon Sep 17 00:00:00 2001 From: Stanislav Kopp Date: Wed, 26 Nov 2025 10:32:30 +0100 Subject: [PATCH 5/9] add edits to notification policy --- grafana/notification-policy/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/grafana/notification-policy/main.tf b/grafana/notification-policy/main.tf index 6ea9ebc..88df625 100644 --- a/grafana/notification-policy/main.tf +++ b/grafana/notification-policy/main.tf @@ -1,6 +1,7 @@ resource "grafana_notification_policy" "this" { contact_point = var.default_contact_point_uid group_by = var.group_by + disable_provenance = true dynamic "policy" { for_each = var.folder_policies From 010ac595c1bf217d84e1668de0a27dc3b6fd1a79 Mon Sep 17 00:00:00 2001 From: Florian Heuer Date: Tue, 16 Dec 2025 13:51:14 +0100 Subject: [PATCH 6/9] build and use local map of username to dbname --- postgres/outputs.tf | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/postgres/outputs.tf b/postgres/outputs.tf index e846bfb..bf89a2a 100644 --- a/postgres/outputs.tf +++ b/postgres/outputs.tf @@ -3,6 +3,14 @@ output "postgres_instance_id" { value = stackit_postgresflex_instance.this.instance_id } +locals { + # Build a map: username => db_name + user_to_db = { + for db in var.postgres_databases : + db.user_name => db.db_name + } +} + # Postgres Credential Output output "postgres_credentials" { value = { @@ -12,9 +20,9 @@ output "postgres_credentials" { username = u.username password = u.password port = u.port - db_name = stackit_postgresflex_database.this[u.username].name + db_name = stackit_postgresflex_database.this[local.user_to_db[u.username]].name uri = u.uri } } sensitive = true -} \ No newline at end of file +} From 4c5496879358ef8c8a961d92ec5658055bc46894 Mon Sep 17 00:00:00 2001 From: Florian Heuer Date: Tue, 16 Dec 2025 13:52:39 +0100 Subject: [PATCH 7/9] add validation for uniqueness of username and dbname --- postgres/variables.tf | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/postgres/variables.tf b/postgres/variables.tf index 886fd59..f1906fa 100644 --- a/postgres/variables.tf +++ b/postgres/variables.tf @@ -55,10 +55,26 @@ variable "postgres_instance_region" { # Postgres User and DB Configs variable "postgres_databases" { - description = "list of users and databases" - type = list(object({ - db_name = string # db name inside the instance - user_name = string # username and owner for postgres db - user_roles = list(string) # List of database access levels for the user. Supported values are: login, createdb. + description = "list of users and databases" + type = list(object({ + db_name = string # db name inside the instance + user_name = string # username and owner for postgres db + user_roles = list(string) # List of database access levels for the user. Supported values are: login, createdb. })) -} \ No newline at end of file + + # ----------------------------------------------------------------- + # Validation: each db_name must be unique + # ----------------------------------------------------------------- + validation { + condition = length(distinct([for db in var.postgres_databases : db.db_name])) == length(var.postgres_databases) + error_message = "Each db_name must be unique." + } + + # ----------------------------------------------------------------- + # Validation: each user_name must be unique + # ----------------------------------------------------------------- + validation { + condition = length(distinct([for db in var.postgres_databases : db.user_name])) == length(var.postgres_databases) + error_message = "Each user_name must be unique." + } +} From 4ecc7c67c8523043435c35793addba293b10a645 Mon Sep 17 00:00:00 2001 From: Stanislav Kopp Date: Mon, 2 Feb 2026 09:12:43 +0100 Subject: [PATCH 8/9] remove itdoc link --- README.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/README.md b/README.md index 66c946d..bbf6e9b 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,5 @@ # Terraform modules for STACKIT resources -## Overview - -You can find general overview of Terraform in [ITDOC](https://itdoc.schwarz/display/STACKIT/Terraform+overview) - ## How to use You can find examples in README.md of each module folder, e.g. for [Redis](./redis/README.md) From 527a67563418d339995bab2d78533039d69e0707 Mon Sep 17 00:00:00 2001 From: Stanislav Kopp Date: Thu, 5 Feb 2026 16:21:42 +0100 Subject: [PATCH 9/9] temporary pin provider version to 0.74.0 to avoid breaking changes --- dns/providers.tf | 2 +- mongodb/providers.tf | 2 +- objectstorage/providers.tf | 2 +- observability/providers.tf | 2 +- postgres/providers.tf | 2 +- rabbitmq/providers.tf | 2 +- redis/providers.tf | 2 +- secrets-manager/providers.tf | 2 +- service-account/providers.tf | 2 +- ske-cluster/providers.tf | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/dns/providers.tf b/dns/providers.tf index 954cee6..91238eb 100644 --- a/dns/providers.tf +++ b/dns/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { stackit = { source = "stackitcloud/stackit" - version = "~> 0.68.0" + version = "0.74.0" } } } diff --git a/mongodb/providers.tf b/mongodb/providers.tf index 954cee6..91238eb 100644 --- a/mongodb/providers.tf +++ b/mongodb/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { stackit = { source = "stackitcloud/stackit" - version = "~> 0.68.0" + version = "0.74.0" } } } diff --git a/objectstorage/providers.tf b/objectstorage/providers.tf index 954cee6..91238eb 100644 --- a/objectstorage/providers.tf +++ b/objectstorage/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { stackit = { source = "stackitcloud/stackit" - version = "~> 0.68.0" + version = "0.74.0" } } } diff --git a/observability/providers.tf b/observability/providers.tf index f073db7..14b0fba 100644 --- a/observability/providers.tf +++ b/observability/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { stackit = { source = "stackitcloud/stackit" - version = "~> 0.68.0" + version = "0.74.0" } grafana = { source = "grafana/grafana" diff --git a/postgres/providers.tf b/postgres/providers.tf index 954cee6..91238eb 100644 --- a/postgres/providers.tf +++ b/postgres/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { stackit = { source = "stackitcloud/stackit" - version = "~> 0.68.0" + version = "0.74.0" } } } diff --git a/rabbitmq/providers.tf b/rabbitmq/providers.tf index 954cee6..91238eb 100644 --- a/rabbitmq/providers.tf +++ b/rabbitmq/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { stackit = { source = "stackitcloud/stackit" - version = "~> 0.68.0" + version = "0.74.0" } } } diff --git a/redis/providers.tf b/redis/providers.tf index 9596bbb..83a86da 100644 --- a/redis/providers.tf +++ b/redis/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { stackit = { source = "stackitcloud/stackit" - version = "~> 0.68.0" + version = "0.74.0" } } diff --git a/secrets-manager/providers.tf b/secrets-manager/providers.tf index 419a151..636035d 100644 --- a/secrets-manager/providers.tf +++ b/secrets-manager/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { stackit = { source = "stackitcloud/stackit" - version = "0.43.3" + version = "0.74.0" } } } \ No newline at end of file diff --git a/service-account/providers.tf b/service-account/providers.tf index 28dfab1..91238eb 100644 --- a/service-account/providers.tf +++ b/service-account/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { stackit = { source = "stackitcloud/stackit" - version = "~> 0.59.0" + version = "0.74.0" } } } diff --git a/ske-cluster/providers.tf b/ske-cluster/providers.tf index 954cee6..91238eb 100644 --- a/ske-cluster/providers.tf +++ b/ske-cluster/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { stackit = { source = "stackitcloud/stackit" - version = "~> 0.68.0" + version = "0.74.0" } } }