diff --git a/postgres/outputs.tf b/postgres/outputs.tf index 7e650ed..e846bfb 100644 --- a/postgres/outputs.tf +++ b/postgres/outputs.tf @@ -2,40 +2,19 @@ output "postgres_instance_id" { value = stackit_postgresflex_instance.this.instance_id } - - # Postgres Database Output - output "postgres_database_id" { - value = stackit_postgresflex_database.this.database_id - } -# Postgres User Output -output "postgres_host" { - value = stackit_postgresflex_user.this.host -} - -output "postgres_password" { - value = stackit_postgresflex_user.this.password +# Postgres Credential Output +output "postgres_credentials" { + value = { + for k, u in stackit_postgresflex_user.this : + k => { + host = u.host + username = u.username + password = u.password + port = u.port + db_name = stackit_postgresflex_database.this[u.username].name + uri = u.uri + } + } sensitive = true -} - -output "postgres_user" { - value = stackit_postgresflex_user.this.username -} - -output "postgres_port" { - value = stackit_postgresflex_user.this.port -} - -output "postgres_db_name" { - value = stackit_postgresflex_database.this.name -} - -output "postgres_uri" { - value = stackit_postgresflex_user.this.uri - sensitive = true -} - -output "postgres_user_id" { - value = stackit_postgresflex_user.this.user_id -} - +} \ No newline at end of file diff --git a/postgres/postgres.tf b/postgres/postgres.tf index 22b1cd0..ccdda26 100644 --- a/postgres/postgres.tf +++ b/postgres/postgres.tf @@ -12,18 +12,24 @@ resource "stackit_postgresflex_instance" "this" { // Postgres User resource "stackit_postgresflex_user" "this" { + for_each = { + for db in var.postgres_databases : db.user_name => db + } depends_on = [ stackit_postgresflex_instance.this ] project_id = var.stackit_project_id instance_id = stackit_postgresflex_instance.this.instance_id - username = var.postgres_db_user_name - roles = var.postgres_db_user_roles + username = each.value.user_name + roles = each.value.user_roles } // Postgres Database resource "stackit_postgresflex_database" "this" { - depends_on = [ stackit_postgresflex_user.this ] + for_each = { + for db in var.postgres_databases : db.db_name => db + } + depends_on = [stackit_postgresflex_user.this] project_id = var.stackit_project_id instance_id = stackit_postgresflex_instance.this.instance_id - name = var.postgres_db_name - owner = var.postgres_db_user_name -} \ No newline at end of file + name = each.value.db_name + owner = each.value.user_name +} diff --git a/postgres/readme.md b/postgres/readme.md new file mode 100644 index 0000000..d6635c0 --- /dev/null +++ b/postgres/readme.md @@ -0,0 +1,67 @@ +# Module for creating Postgres Flex Instance with Databases and Users + +## Example + +```main.tf + +# Postgres Flex Instance +module "postgres-flex" { + source = "git::https://commerce-platform.git.onstackit.cloud/commerce-platform-public/terraform-modules//postgres?ref=main + stackit_project_id = local.stackit_project_id + postgres_instance_name = "example-db" + postgres_instance_replicas = 1 + postgres_instance_storage = { + class = "premium-perf2-stackit" + size = 5 + } + + postgres_instance_flavor = { + cpu = 2 + ram = 4 + } + + postgres_instance_acl = [ + "193.148.160.0/19", + "45.129.40.0/21" + ] + + postgres_instance_backup_schedule = "00 02 * * *" + postgres_instance_version = "17" + postgres_instance_region = "eu01" + + postgres_databases = [ + { + db_name = "database-a" + user_name = "user-a" + user_roles = ["createdb", "login"] + }, + { + db_name = "database-b" + user_name = "user-b" + user_roles = ["createdb", "login"] + }, + ] +} + +# safe credentials +module "postgres-credentials-sm-a" { + source = "git::https://commerce-platform.git.onstackit.cloud/commerce-platform-public/terraform-modules//create-secret?ref=main" + secret_manager_instance_id = local.secret_manager_instance_id + secret_manager_username = var.secret_manager_username + secret_manager_password = var.secret_manager_password + + secrets_path = "service-a/postgres" + secret_data = module.postgres-flex.postgres_credentials["user-a"] +} + +module "postgres-credentials-sm-b" { + source = "git::https://commerce-platform.git.onstackit.cloud/commerce-platform-public/terraform-modules//create-secret?ref=main" + secret_manager_instance_id = local.secret_manager_instance_id + secret_manager_username = var.secret_manager_username + secret_manager_password = var.secret_manager_password + + secrets_path = "service-b/postgres" + secret_data = module.postgres-flex.postgres_credentials["user-b"] +} + +``` \ No newline at end of file diff --git a/postgres/variables.tf b/postgres/variables.tf index b29923d..886fd59 100644 --- a/postgres/variables.tf +++ b/postgres/variables.tf @@ -10,11 +10,6 @@ variable "postgres_instance_name" { type = string } -# variable "postegres_instance_id" { -# description = "postgres instance id" -# type = string -# } - variable "postgres_instance_replicas" { description = "number of replicas for postgres instance" type = number @@ -58,19 +53,12 @@ variable "postgres_instance_region" { type = string } -# Postgres User Configs -variable "postgres_db_user_name" { - description = "username and owner for postgres db" - type = string -} - -variable "postgres_db_user_roles" { - description = "List of database access levels for the user. Supported values are: login, createdb." - type = list(string) -} - -# Postgres Database Configs -variable "postgres_db_name" { - description = "db name inside the instance" - type = string +# Postgres User and DB Configs +variable "postgres_databases" { + description = "list of users and databases" + type = list(object({ + db_name = string # db name inside the instance + user_name = string # username and owner for postgres db + user_roles = list(string) # List of database access levels for the user. Supported values are: login, createdb. + })) } \ No newline at end of file