postgres/outputs.tf

@@ -3,39 +3,18 @@ output "postgres_instance_id" {
   value = stackit_postgresflex_instance.this.instance_id
 }
 
- # Postgres Database Output
- output "postgres_database_id" {
-   value = stackit_postgresflex_database.this.database_id
+# Postgres Credential Output
+output "postgres_credentials" {
+  value = {
+    for k, u in stackit_postgresflex_user.this :
+    k => {
+      host     = u.host
+      username = u.username
+      password = u.password
+      port     = u.port
+      db_name  = stackit_postgresflex_database.this[u.username].name
+      uri      = u.uri
+    }
   }
-
-# Postgres User Output
-output "postgres_host" {
-  value = stackit_postgresflex_user.this.host
-}
-
-output "postgres_password" {
-  value     = stackit_postgresflex_user.this.password
   sensitive = true
 }
-
-output "postgres_user" {
-  value = stackit_postgresflex_user.this.username
-}
-
-output "postgres_port" {
-  value = stackit_postgresflex_user.this.port
-}
-
-output "postgres_db_name" {
-  value = stackit_postgresflex_database.this.name
-}
-
-output "postgres_uri" {
-  value     = stackit_postgresflex_user.this.uri
-  sensitive = true
-}
-
-output "postgres_user_id" {
-  value = stackit_postgresflex_user.this.user_id
-}
-

postgres/postgres.tf

@@ -12,18 +12,24 @@ resource "stackit_postgresflex_instance" "this" {
 
 // Postgres User 
 resource "stackit_postgresflex_user" "this" {
+  for_each = {
+    for db in var.postgres_databases : db.user_name => db
+  }
   depends_on = [ stackit_postgresflex_instance.this ]
   project_id  = var.stackit_project_id
   instance_id = stackit_postgresflex_instance.this.instance_id
-  username    = var.postgres_db_user_name
-  roles       = var.postgres_db_user_roles
+  username    = each.value.user_name
+  roles       = each.value.user_roles
 }
 
 // Postgres Database
 resource "stackit_postgresflex_database" "this" {
-  depends_on = [ stackit_postgresflex_user.this ]
+  for_each = {
+    for db in var.postgres_databases : db.db_name => db
+  }
+  depends_on = [stackit_postgresflex_user.this]
   project_id  = var.stackit_project_id
   instance_id = stackit_postgresflex_instance.this.instance_id
-  name        = var.postgres_db_name
-  owner       = var.postgres_db_user_name
+  name        = each.value.db_name
+  owner       = each.value.user_name
 }

postgres/readme.md

@@ -0,0 +1,67 @@
+# Module for creating Postgres Flex Instance with Databases and Users
+
+## Example
+
+```main.tf
+
+# Postgres Flex Instance
+module "postgres-flex" {
+  source                                = "git::https://commerce-platform.git.onstackit.cloud/commerce-platform-public/terraform-modules//postgres?ref=main
+  stackit_project_id                    = local.stackit_project_id
+  postgres_instance_name                = "example-db"
+  postgres_instance_replicas            = 1
+  postgres_instance_storage             = {
+    class = "premium-perf2-stackit"
+    size = 5
+  }
+
+  postgres_instance_flavor              = {
+    cpu = 2
+    ram = 4
+  }
+
+  postgres_instance_acl                 = [
+    "193.148.160.0/19",
+    "45.129.40.0/21"
+  ]
+
+  postgres_instance_backup_schedule     = "00 02 * * *"
+  postgres_instance_version             = "17"
+  postgres_instance_region              = "eu01"
+
+  postgres_databases = [
+  {
+    db_name  = "database-a"
+    user_name  = "user-a"
+    user_roles = ["createdb", "login"]
+  },
+  {
+    db_name  = "database-b"
+    user_name  = "user-b"
+    user_roles = ["createdb", "login"]
+  },
+  ]
+}
+
+# safe credentials 
+module "postgres-credentials-sm-a" {
+  source                     = "git::https://commerce-platform.git.onstackit.cloud/commerce-platform-public/terraform-modules//create-secret?ref=main"
+  secret_manager_instance_id = local.secret_manager_instance_id
+  secret_manager_username    = var.secret_manager_username
+  secret_manager_password    = var.secret_manager_password
+
+  secrets_path = "service-a/postgres"
+  secret_data  = module.postgres-flex.postgres_credentials["user-a"]
+}
+
+module "postgres-credentials-sm-b" {
+  source                     = "git::https://commerce-platform.git.onstackit.cloud/commerce-platform-public/terraform-modules//create-secret?ref=main"
+  secret_manager_instance_id = local.secret_manager_instance_id
+  secret_manager_username    = var.secret_manager_username
+  secret_manager_password    = var.secret_manager_password
+
+  secrets_path = "service-b/postgres"
+  secret_data  = module.postgres-flex.postgres_credentials["user-b"]
+}
+
+```

postgres/variables.tf

@@ -10,11 +10,6 @@ variable "postgres_instance_name" {
   type        = string
 }
 
-# variable "postegres_instance_id" {
-#   description = "postgres instance id"
-#   type = string  
-# }
-
 variable "postgres_instance_replicas" {
   description = "number of replicas for postgres instance"
   type        = number
@@ -58,19 +53,12 @@ variable "postgres_instance_region" {
   type        = string
 }
 
-# Postgres User Configs
-variable "postgres_db_user_name" {
-  description = "username and owner for postgres db"
-  type        = string
-}
-
-variable "postgres_db_user_roles" {
-  description = "List of database access levels for the user. Supported values are: login, createdb."
-  type        = list(string)
-}
-
-# Postgres Database Configs
-variable "postgres_db_name" {
-  description = "db name inside the instance"
-  type        = string
+# Postgres User and DB Configs
+variable "postgres_databases" {
+  description   = "list of users and databases"
+  type          = list(object({
+    db_name     = string       # db name inside the instance
+    user_name   = string       # username and owner for postgres db
+    user_roles  = list(string) # List of database access levels for the user. Supported values are: login, createdb.
+  }))
 }