diff --git a/README.md b/README.md index bbf6e9b..66c946d 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,9 @@ # Terraform modules for STACKIT resources +## Overview + +You can find general overview of Terraform in [ITDOC](https://itdoc.schwarz/display/STACKIT/Terraform+overview) + ## How to use You can find examples in README.md of each module folder, e.g. for [Redis](./redis/README.md) diff --git a/dns/providers.tf b/dns/providers.tf index 91238eb..96e3e65 100644 --- a/dns/providers.tf +++ b/dns/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { stackit = { source = "stackitcloud/stackit" - version = "0.74.0" + version = "~> 0.61.0" } } } diff --git a/grafana/contact-point-gchat/main.tf b/grafana/contact-point-gchat/main.tf index 6056258..bed73bf 100644 --- a/grafana/contact-point-gchat/main.tf +++ b/grafana/contact-point-gchat/main.tf @@ -1,6 +1,5 @@ resource "grafana_contact_point" "this" { name = var.contact_point_name - disable_provenance = true googlechat { url = var.gchat_url diff --git a/grafana/notification-policy/main.tf b/grafana/notification-policy/main.tf index 88df625..6ea9ebc 100644 --- a/grafana/notification-policy/main.tf +++ b/grafana/notification-policy/main.tf @@ -1,7 +1,6 @@ resource "grafana_notification_policy" "this" { contact_point = var.default_contact_point_uid group_by = var.group_by - disable_provenance = true dynamic "policy" { for_each = var.folder_policies diff --git a/mongodb/mongodb.tf b/mongodb/mongodb.tf index 010010c..5ee3a58 100644 --- a/mongodb/mongodb.tf +++ b/mongodb/mongodb.tf @@ -19,3 +19,30 @@ resource "stackit_mongodbflex_user" "this" { roles = var.mongodb_user_roles database = var.mongodb_user_database } + +# // Configure Secret Manager Provider +# provider "vault" { +# address = "https://prod.sm.eu01.stackit.cloud" +# skip_child_token = true +# auth_login_userpass { +# username = var.secret_manager_username +# password = var.secret_manager_password +# } +# } + +# // Store MongoDB Credentials in Secret Manager +# resource "vault_kv_secret_v2" "mongodb_cred_save" { +# mount = var.secret_manager_instance_id +# name = var.mongodb_secrets_path +# cas = 1 +# delete_all_versions = true +# data_json = jsonencode( +# { +# username = stackit_mongodbflex_user.mongodb_user.username, +# password = stackit_mongodbflex_user.mongodb_user.password, +# host = stackit_mongodbflex_user.mongodb_user.host, +# port = stackit_mongodbflex_user.mongodb_user.port, +# uri = stackit_mongodbflex_user.mongodb_user.uri +# } +# ) +# } diff --git a/mongodb/providers.tf b/mongodb/providers.tf index 91238eb..792bab1 100644 --- a/mongodb/providers.tf +++ b/mongodb/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { stackit = { source = "stackitcloud/stackit" - version = "0.74.0" + version = "~> 0.50.0" } } } diff --git a/mongodb/variables.tf b/mongodb/variables.tf index b3f127f..e69bd6f 100644 --- a/mongodb/variables.tf +++ b/mongodb/variables.tf @@ -30,9 +30,7 @@ variable "mongodb_instance_flavor" { variable "mongodb_instance_options" { description = "options for mongodb" type = object({ - type = string - snapshot_retention_days = number - point_in_time_window_hours = number + type = string }) } diff --git a/objectstorage/providers.tf b/objectstorage/providers.tf index 91238eb..792bab1 100644 --- a/objectstorage/providers.tf +++ b/objectstorage/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { stackit = { source = "stackitcloud/stackit" - version = "0.74.0" + version = "~> 0.50.0" } } } diff --git a/observability/providers.tf b/observability/providers.tf index 14b0fba..b96dabd 100644 --- a/observability/providers.tf +++ b/observability/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { stackit = { source = "stackitcloud/stackit" - version = "0.74.0" + version = "~> 0.50.0" } grafana = { source = "grafana/grafana" diff --git a/postgres/outputs.tf b/postgres/outputs.tf index bf89a2a..7e650ed 100644 --- a/postgres/outputs.tf +++ b/postgres/outputs.tf @@ -2,27 +2,40 @@ output "postgres_instance_id" { value = stackit_postgresflex_instance.this.instance_id } + + # Postgres Database Output + output "postgres_database_id" { + value = stackit_postgresflex_database.this.database_id + } -locals { - # Build a map: username => db_name - user_to_db = { - for db in var.postgres_databases : - db.user_name => db.db_name - } +# Postgres User Output +output "postgres_host" { + value = stackit_postgresflex_user.this.host } -# Postgres Credential Output -output "postgres_credentials" { - value = { - for k, u in stackit_postgresflex_user.this : - k => { - host = u.host - username = u.username - password = u.password - port = u.port - db_name = stackit_postgresflex_database.this[local.user_to_db[u.username]].name - uri = u.uri - } - } +output "postgres_password" { + value = stackit_postgresflex_user.this.password sensitive = true } + +output "postgres_user" { + value = stackit_postgresflex_user.this.username +} + +output "postgres_port" { + value = stackit_postgresflex_user.this.port +} + +output "postgres_db_name" { + value = stackit_postgresflex_database.this.name +} + +output "postgres_uri" { + value = stackit_postgresflex_user.this.uri + sensitive = true +} + +output "postgres_user_id" { + value = stackit_postgresflex_user.this.user_id +} + diff --git a/postgres/postgres.tf b/postgres/postgres.tf index ccdda26..22b1cd0 100644 --- a/postgres/postgres.tf +++ b/postgres/postgres.tf @@ -12,24 +12,18 @@ resource "stackit_postgresflex_instance" "this" { // Postgres User resource "stackit_postgresflex_user" "this" { - for_each = { - for db in var.postgres_databases : db.user_name => db - } depends_on = [ stackit_postgresflex_instance.this ] project_id = var.stackit_project_id instance_id = stackit_postgresflex_instance.this.instance_id - username = each.value.user_name - roles = each.value.user_roles + username = var.postgres_db_user_name + roles = var.postgres_db_user_roles } // Postgres Database resource "stackit_postgresflex_database" "this" { - for_each = { - for db in var.postgres_databases : db.db_name => db - } - depends_on = [stackit_postgresflex_user.this] + depends_on = [ stackit_postgresflex_user.this ] project_id = var.stackit_project_id instance_id = stackit_postgresflex_instance.this.instance_id - name = each.value.db_name - owner = each.value.user_name -} + name = var.postgres_db_name + owner = var.postgres_db_user_name +} \ No newline at end of file diff --git a/postgres/providers.tf b/postgres/providers.tf index 91238eb..792bab1 100644 --- a/postgres/providers.tf +++ b/postgres/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { stackit = { source = "stackitcloud/stackit" - version = "0.74.0" + version = "~> 0.50.0" } } } diff --git a/postgres/readme.md b/postgres/readme.md deleted file mode 100644 index d6635c0..0000000 --- a/postgres/readme.md +++ /dev/null @@ -1,67 +0,0 @@ -# Module for creating Postgres Flex Instance with Databases and Users - -## Example - -```main.tf - -# Postgres Flex Instance -module "postgres-flex" { - source = "git::https://commerce-platform.git.onstackit.cloud/commerce-platform-public/terraform-modules//postgres?ref=main - stackit_project_id = local.stackit_project_id - postgres_instance_name = "example-db" - postgres_instance_replicas = 1 - postgres_instance_storage = { - class = "premium-perf2-stackit" - size = 5 - } - - postgres_instance_flavor = { - cpu = 2 - ram = 4 - } - - postgres_instance_acl = [ - "193.148.160.0/19", - "45.129.40.0/21" - ] - - postgres_instance_backup_schedule = "00 02 * * *" - postgres_instance_version = "17" - postgres_instance_region = "eu01" - - postgres_databases = [ - { - db_name = "database-a" - user_name = "user-a" - user_roles = ["createdb", "login"] - }, - { - db_name = "database-b" - user_name = "user-b" - user_roles = ["createdb", "login"] - }, - ] -} - -# safe credentials -module "postgres-credentials-sm-a" { - source = "git::https://commerce-platform.git.onstackit.cloud/commerce-platform-public/terraform-modules//create-secret?ref=main" - secret_manager_instance_id = local.secret_manager_instance_id - secret_manager_username = var.secret_manager_username - secret_manager_password = var.secret_manager_password - - secrets_path = "service-a/postgres" - secret_data = module.postgres-flex.postgres_credentials["user-a"] -} - -module "postgres-credentials-sm-b" { - source = "git::https://commerce-platform.git.onstackit.cloud/commerce-platform-public/terraform-modules//create-secret?ref=main" - secret_manager_instance_id = local.secret_manager_instance_id - secret_manager_username = var.secret_manager_username - secret_manager_password = var.secret_manager_password - - secrets_path = "service-b/postgres" - secret_data = module.postgres-flex.postgres_credentials["user-b"] -} - -``` \ No newline at end of file diff --git a/postgres/variables.tf b/postgres/variables.tf index f1906fa..b29923d 100644 --- a/postgres/variables.tf +++ b/postgres/variables.tf @@ -10,6 +10,11 @@ variable "postgres_instance_name" { type = string } +# variable "postegres_instance_id" { +# description = "postgres instance id" +# type = string +# } + variable "postgres_instance_replicas" { description = "number of replicas for postgres instance" type = number @@ -53,28 +58,19 @@ variable "postgres_instance_region" { type = string } -# Postgres User and DB Configs -variable "postgres_databases" { - description = "list of users and databases" - type = list(object({ - db_name = string # db name inside the instance - user_name = string # username and owner for postgres db - user_roles = list(string) # List of database access levels for the user. Supported values are: login, createdb. - })) - - # ----------------------------------------------------------------- - # Validation: each db_name must be unique - # ----------------------------------------------------------------- - validation { - condition = length(distinct([for db in var.postgres_databases : db.db_name])) == length(var.postgres_databases) - error_message = "Each db_name must be unique." - } - - # ----------------------------------------------------------------- - # Validation: each user_name must be unique - # ----------------------------------------------------------------- - validation { - condition = length(distinct([for db in var.postgres_databases : db.user_name])) == length(var.postgres_databases) - error_message = "Each user_name must be unique." - } +# Postgres User Configs +variable "postgres_db_user_name" { + description = "username and owner for postgres db" + type = string } + +variable "postgres_db_user_roles" { + description = "List of database access levels for the user. Supported values are: login, createdb." + type = list(string) +} + +# Postgres Database Configs +variable "postgres_db_name" { + description = "db name inside the instance" + type = string +} \ No newline at end of file diff --git a/rabbitmq/providers.tf b/rabbitmq/providers.tf index 91238eb..792bab1 100644 --- a/rabbitmq/providers.tf +++ b/rabbitmq/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { stackit = { source = "stackitcloud/stackit" - version = "0.74.0" + version = "~> 0.50.0" } } } diff --git a/redis/providers.tf b/redis/providers.tf index 83a86da..1d527de 100644 --- a/redis/providers.tf +++ b/redis/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { stackit = { source = "stackitcloud/stackit" - version = "0.74.0" + version = "~> 0.50.0" } } diff --git a/secrets-manager/providers.tf b/secrets-manager/providers.tf index 636035d..419a151 100644 --- a/secrets-manager/providers.tf +++ b/secrets-manager/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { stackit = { source = "stackitcloud/stackit" - version = "0.74.0" + version = "0.43.3" } } } \ No newline at end of file diff --git a/service-account/providers.tf b/service-account/providers.tf index 91238eb..28dfab1 100644 --- a/service-account/providers.tf +++ b/service-account/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { stackit = { source = "stackitcloud/stackit" - version = "0.74.0" + version = "~> 0.59.0" } } } diff --git a/ske-cluster/README.md b/ske-cluster/README.md index 7c0f0ff..46c065b 100644 --- a/ske-cluster/README.md +++ b/ske-cluster/README.md @@ -16,7 +16,6 @@ module "ske-cluster" { machine_type = "c1.2" minimum = "2" maximum = "3" - os_version_min = "4230.2.0" availability_zones = ["eu01-3"] } ] diff --git a/ske-cluster/providers.tf b/ske-cluster/providers.tf index 91238eb..c3406cd 100644 --- a/ske-cluster/providers.tf +++ b/ske-cluster/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { stackit = { source = "stackitcloud/stackit" - version = "0.74.0" + version = "~> 0.62.0" } } } diff --git a/ske-cluster/variables.tf b/ske-cluster/variables.tf index 1db1f4c..7836271 100644 --- a/ske-cluster/variables.tf +++ b/ske-cluster/variables.tf @@ -15,7 +15,6 @@ variable "ske_node_pools" { machine_type = string minimum = number maximum = number - os_version_min = string availability_zones = list(string) })) }