From 0e7f549f9038ad2a6f9fa35909cda302ac19d27f Mon Sep 17 00:00:00 2001 From: Sebastian Wolschke Date: Mon, 22 Jan 2024 14:46:25 +0100 Subject: [PATCH 1/4] add postgresql flexible server --- main.tf | 100 +++++++++++++++++++++++++++++++++++++++++++++++ outputs.tf | 60 +++++++++++++++++++++++++++++ variables.tf | 107 +++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 267 insertions(+) diff --git a/main.tf b/main.tf index 645697d..457d512 100644 --- a/main.tf +++ b/main.tf @@ -106,3 +106,103 @@ resource "azurerm_mysql_flexible_server_firewall_rule" "mysql_flexible_server_fi start_ip_address = local.mysql_flexible_server_firewall_rule[each.key].start_ip_address end_ip_address = local.mysql_flexible_server_firewall_rule[each.key].end_ip_address } + +resource "azurerm_postgresql_flexible_server" "postgresql_flexible_server" { + for_each = var.postgresql_flexible_server + + name = local.postgresql_flexible_server[each.key].name == "" ? each.key : local.postgresql_flexible_server[each.key].name + resource_group_name = local.postgresql_flexible_server[each.key].resource_group_name + location = local.postgresql_flexible_server[each.key].location + administrator_login = local.postgresql_flexible_server[each.key].administrator_login + administrator_password = local.postgresql_flexible_server[each.key].administrator_password + backup_retention_days = local.postgresql_flexible_server[each.key].backup_retention_days + create_mode = local.postgresql_flexible_server[each.key].create_mode + delegated_subnet_id = local.postgresql_flexible_server[each.key].delegated_subnet_id + geo_redundant_backup_enabled = local.postgresql_flexible_server[each.key].geo_redundant_backup_enabled + point_in_time_restore_time_in_utc = local.postgresql_flexible_server[each.key].point_in_time_restore_time_in_utc + private_dns_zone_id = local.postgresql_flexible_server[each.key].private_dns_zone_id + replication_role = local.postgresql_flexible_server[each.key].replication_role + sku_name = local.postgresql_flexible_server[each.key].sku_name + source_server_id = local.postgresql_flexible_server[each.key].source_server_id + auto_grow_enabled = local.postgresql_flexible_server[each.key].auto_grow_enabled_id + storage_mb = local.postgresql_flexible_server[each.key].storage_mb_id + version = local.postgresql_flexible_server[each.key].version + zone = local.postgresql_flexible_server[each.key].zone + + + dynamic "authentication" { + for_each = length(compact(values(local.postgresql_flexible_server[each.key].authentication))) > 0 ? [0] : [] + + content { + active_directory_auth_enabled = local.postgresql_flexible_server[each.key].authentication_key.active_directory_auth_enabled + password_auth_enabled = local.postgresql_flexible_server[each.key].authentication_key.password_auth_enabled + tenant_id = local.postgresql_flexible_server[each.key].authentication_key.tenant_id + } + } + + dynamic "customer_managed_key" { + for_each = length(compact(values(local.postgresql_flexible_server[each.key].customer_managed_key))) > 0 ? [0] : [] + + content { + key_vault_key_id = local.postgresql_flexible_server[each.key].customer_managed_key.key_vault_key_id + primary_user_assigned_identity_id = local.postgresql_flexible_server[each.key].customer_managed_key.primary_user_assigned_identity_id + geo_backup_key_vault_key_id = local.postgresql_flexible_server[each.key].customer_managed_key.geo_backup_key_vault_key_id + geo_backup_user_assigned_identity_id = local.postgresql_flexible_server[each.key].customer_managed_key.geo_backup_user_assigned_identity_id + } + } + + dynamic "high_availability" { + for_each = length(compact(values(local.postgresql_flexible_server[each.key].high_availability))) > 0 ? [0] : [] + + content { + mode = local.postgresql_flexible_server[each.key].high_availability.mode + standby_availability_zone = local.postgresql_flexible_server[each.key].high_availability.standby_availability_zone + } + } + + dynamic "identity" { + for_each = local.postgresql_flexible_server[each.key].identity == {} ? [] : [0] + + content { + type = local.postgresql_flexible_server[each.key].identity.type + identity_ids = local.postgresql_flexible_server[each.key].identity.identity_ids + } + } + + dynamic "maintenance_window" { + for_each = length(compact(values(local.postgresql_flexible_server[each.key].maintenance_window))) > 0 ? [0] : [] + + content { + day_of_week = local.postgresql_flexible_server[each.key].maintenance_window.day_of_week + start_hour = local.postgresql_flexible_server[each.key].maintenance_window.start_hour + start_minute = local.postgresql_flexible_server[each.key].maintenance_window.start_minute + } + } + tags = local.postgresql_flexible_server[each.key].tags +} + +resource "azurerm_postgresql_flexible_server_configuration" "postgresql_flexible_server_configuration" { + for_each = var.postgresql_flexible_server_configuration + + name = local.postgresql_flexible_server_configuration[each.key].name == "" ? each.key : local.postgresql_flexible_server_configuration[each.key].name + server_id = local.postgresql_flexible_server_configuration[each.key].server_id + value = local.postgresql_flexible_server_configuration[each.key].value +} + +resource "azurerm_postgresql_flexible_server_database" "postgresql_flexible_server_database" { + for_each = var.postgresql_flexible_server_database + + name = local.postgresql_flexible_server_database[each.key].name == "" ? each.key : local.postgresql_flexible_server_database[each.key].name + server_id = local.postgresql_flexible_server_database[each.key].server_id + charset = local.postgresql_flexible_server_database[each.key].charset + collation = local.postgresql_flexible_server_database[each.key].collation +} + +resource "azurerm_postgresql_flexible_server_firewall_rule" "postgresql_flexible_server_firewall_rule" { + for_each = var.postgresql_flexible_server_firewall_rule + + name = local.postgresql_flexible_server_firewall_rule[each.key].name == "" ? each.key : local.postgresql_flexible_server_firewall_rule[each.key].name + server_id = local.postgresql_flexible_server_firewall_rule[each.key].server_name + start_ip_address = local.postgresql_flexible_server_firewall_rule[each.key].start_ip_address + end_ip_address = local.postgresql_flexible_server_firewall_rule[each.key].end_ip_address +} diff --git a/outputs.tf b/outputs.tf index fabffb4..4fe922a 100644 --- a/outputs.tf +++ b/outputs.tf @@ -42,6 +42,50 @@ output "mysql_flexible_server_firewall_rule" { } } +output "postgresql_flexible_server" { + description = "Outputs all attributes of resource_type." + value = { + for postgresql_flexible_server in keys(azurerm_postgresql_flexible_server.postgresql_flexible_server) : + postgresql_flexible_server => { + for key, value in azurerm_postgresql_flexible_server.postgresql_flexible_server[postgresql_flexible_server] : + key => value + } + } +} + +output "postgresql_flexible_server_configuration" { + description = "Outputs all attributes of resource_type." + value = { + for postgresql_flexible_server_configuration in keys(azurerm_postgresql_flexible_server_configuration.postgresql_flexible_server_configuration) : + postgresql_flexible_server_configuration => { + for key, value in azurerm_postgresql_flexible_server_configuration.postgresql_flexible_server_configuration[postgresql_flexible_server_configuration] : + key => value + } + } +} + +output "postgresql_flexible_server_database" { + description = "Outputs all attributes of resource_type." + value = { + for postgresql_flexible_server_database in keys(azurerm_postgresql_flexible_server_database.postgresql_flexible_server_database) : + postgresql_flexible_server_database => { + for key, value in azurerm_postgresql_flexible_server_database.postgresql_flexible_server_database[postgresql_flexible_server_database] : + key => value + } + } +} + +output "postgresql_flexible_server_firewall_rule" { + description = "Outputs all attributes of resource_type." + value = { + for postgresql_flexible_server_firewall_rule in keys(azurerm_postgresql_flexible_server_firewall_rule.postgresql_flexible_server_firewall_rule) : + postgresql_flexible_server_firewall_rule => { + for key, value in azurerm_postgresql_flexible_server_firewall_rule.postgresql_flexible_server_firewall_rule[postgresql_flexible_server_firewall_rule] : + key => value + } + } +} + output "variables" { description = "Displays all configurable variables passed by the module. __default__ = predefined values per module. __merged__ = result of merging the default values and custom values passed to the module" value = { @@ -66,6 +110,22 @@ output "variables" { for key in keys(var.mysql_flexible_server_firewall_rule) : key => local.mysql_flexible_server_firewall_rule[key] } + postgresql_flexible_server = { + for key in keys(var.postgresql_flexible_server) : + key => local.postgresql_flexible_server[key] + } + postgresql_flexible_server_configuration = { + for key in keys(var.postgresql_flexible_server_configuration) : + key => local.postgresql_flexible_server_configuration[key] + } + postgresql_flexible_server_database = { + for key in keys(var.postgresql_flexible_server_database) : + key => local.postgresql_flexible_server_database[key] + } + postgresql_flexible_server_firewall_rule = { + for key in keys(var.postgresql_flexible_server_firewall_rule) : + key => local.postgresql_flexible_server_firewall_rule[key] + } } } } diff --git a/variables.tf b/variables.tf index 27ca14b..d907ba6 100644 --- a/variables.tf +++ b/variables.tf @@ -19,6 +19,29 @@ variable "mysql_flexible_server_firewall_rule" { description = "Resource definition, default settings are defined within locals and merged with var settings. For more information look at [Outputs](#Outputs)." } +variable "postgresql_flexible_server" { + type = any + default = {} + description = "Resource definition, default settings are defined within locals and merged with var settings. For more information look at [Outputs](#Outputs)." +} + +variable "postgresql_flexible_server_configuration" { + type = any + default = {} + description = "Resource definition, default settings are defined within locals and merged with var settings. For more information look at [Outputs](#Outputs)." +} +variable "postgresql_flexible_server_database" { + type = any + default = {} + description = "Resource definition, default settings are defined within locals and merged with var settings. For more information look at [Outputs](#Outputs)." +} + +variable "postgresql_flexible_server_firewall_rule" { + type = any + default = {} + description = "Resource definition, default settings are defined within locals and merged with var settings. For more information look at [Outputs](#Outputs)." +} + locals { default = { @@ -59,6 +82,7 @@ locals { } tags = {} } + mysql_flexible_server_configuration = { name = "" } @@ -70,6 +94,47 @@ locals { mysql_flexible_server_firewall_rule = { name = "" } + + postgresql_flexible_server = { + name = "" + administrator_login = null + administrator_password = null + backup_retention_days = null + create_mode = "Default" + delegated_subnet_id = null + geo_redundant_backup_enabled = null + point_in_time_restore_time_in_utc = null + private_dns_zone_id = null + replication_role = null + sku_name = null + source_server_id = null + auto_grow_enabled = true + storage_mb = null + version = null + zone = null + authentication = {} + customer_managed_key = {} + high_availability = { + standby_availability_zone = null + } + identity = {} + maintenance_window = {} + tags = {} + } + + postgresql_flexible_server_configuration = { + name = "" + } + + postgresql_flexible_server_database = { + name = "" + charset = "UTF8" + collation = "de-DE" + } + + postgresql_flexible_server_firewall_rule = { + name = "" + } } /** @@ -99,6 +164,7 @@ locals { } ) } + mysql_flexible_server_configuration = { for mysql_flexible_server_configuration in keys(var.mysql_flexible_server_configuration) : mysql_flexible_server_configuration => merge(local.default.mysql_flexible_server_configuration, var.mysql_flexible_server_configuration[mysql_flexible_server_configuration]) @@ -111,4 +177,45 @@ locals { for mysql_flexible_server_firewall_rule in keys(var.mysql_flexible_server_firewall_rule) : mysql_flexible_server_firewall_rule => merge(local.default.mysql_flexible_server_firewall_rule, var.mysql_flexible_server_firewall_rule[mysql_flexible_server_firewall_rule]) } + + /** + compare and merge custom and default values + */ + postgresql_flexible_server_values = { + for postgresql_flexible_server in keys(var.postgresql_flexible_server) : + postgresql_flexible_server => merge(local.default.postgresql_flexible_server, var.postgresql_flexible_server[postgresql_flexible_server]) + } + + /** + deep merge of all custom and default values + */ + postgresql_flexible_server = { + for postgresql_flexible_server in keys(var.postgresql_flexible_server) : + postgresql_flexible_server => merge( + local.postgresql_flexible_server_values[postgresql_flexible_server], + { + for config in [ + "authentication", + "customer_managed_key", + "high_availability", + "identity", + "maintenance_window", + ] : + config => merge(local.default.postgresql_flexible_server[config], local.postgresql_flexible_server_values[postgresql_flexible_server][config]) + } + ) + } + + postgresql_flexible_server_configuration = { + for postgresql_flexible_server_configuration in keys(var.postgresql_flexible_server_configuration) : + postgresql_flexible_server_configuration => merge(local.default.postgresql_flexible_server_configuration, var.postgresql_flexible_server_configuration[postgresql_flexible_server_configuration]) + } + postgresql_flexible_server_database = { + for postgresql_flexible_server_database in keys(var.postgresql_flexible_server_database) : + postgresql_flexible_server_database => merge(local.default.postgresql_flexible_server_database, var.postgresql_flexible_server_database[postgresql_flexible_server_database]) + } + postgresql_flexible_server_firewall_rule = { + for postgresql_flexible_server_firewall_rule in keys(var.postgresql_flexible_server_firewall_rule) : + postgresql_flexible_server_firewall_rule => merge(local.default.postgresql_flexible_server_firewall_rule, var.postgresql_flexible_server_firewall_rule[postgresql_flexible_server_firewall_rule]) + } } From 444e7b2a884040555beee3adc7739454660cdc5d Mon Sep 17 00:00:00 2001 From: Sebastian Wolschke Date: Mon, 22 Jan 2024 15:24:05 +0100 Subject: [PATCH 2/4] add examples --- .github/settings.json | 7 ++++++- examples/apply_main.tf | 27 +++++++++++++++++++++++++++ examples/full_main.tf | 42 +++++++++++++++++++++++++++++++++++++++++- examples/min_main.tf | 29 ++++++++++++++++++++++++++++- 4 files changed, 102 insertions(+), 3 deletions(-) diff --git a/.github/settings.json b/.github/settings.json index a0d3a79..945921a 100644 --- a/.github/settings.json +++ b/.github/settings.json @@ -8,7 +8,12 @@ "azure", "mysql-flexible-server", "mysql-flexible-database", - "mysql-flexible-server-firewall-rule" + "mysql-flexible-configuration", + "mysql-flexible-server-firewall-rule", + "postgresql-flexible-server", + "postgresql-flexible-server-database", + "postgresql-flexible-server-configuration", + "postgresql-flexible-server-firewall-rule" ] } } diff --git a/examples/apply_main.tf b/examples/apply_main.tf index ddb6031..9807561 100644 --- a/examples/apply_main.tf +++ b/examples/apply_main.tf @@ -37,4 +37,31 @@ module "database" { end_ip_address = cidrhost("0.0.0.0/32", -1) } } + postgresql_flexible_server = { + postgresql-mms = { + location = "westeurope" + resource_group_name = "rg-mms-github" + administrator_login = "postgresql_root" + administrator_password = random_password.password["postgresql_root"].result + sku_name = "GP_Standard_D2ds_v5" + } + } + postgresql_flexible_server_configuration = { + backslash_quote = { + server_id = module.database.postgresql_flexible_server["postgresql-mms"].id + value = "on" + } + } + postgresql_flexible_server_database = { + application = { + server_id = module.database.postgresql_flexible_server["postgresql-mms"].id + } + } + postgresql_flexible_server_firewall_rule = { + AzureServices = { + server_id = module.database.postgresql_flexible_server["postgresql-mms"].id + start_ip_address = cidrhost("0.0.0.0/32", 0) + end_ip_address = cidrhost("0.0.0.0/32", -1) + } + } } diff --git a/examples/full_main.tf b/examples/full_main.tf index ae78473..1844761 100644 --- a/examples/full_main.tf +++ b/examples/full_main.tf @@ -1,5 +1,5 @@ resource "random_password" "password" { - for_each = toset(["mysql_root"]) + for_each = toset(["mysql_root", "postgresql_root"]) length = 16 special = false @@ -51,4 +51,44 @@ module "database" { end_ip_address = cidrhost("0.0.0.0/32", -1) } } + + postgresql_flexible_server = { + postgresql-mms = { + location = "westeurope" + resource_group_name = "rg-mms-github" + administrator_login = "postgresql_root" + administrator_password = random_password.password["postgresql_root"].result + sku_name = "GP_Standard_D2ds_v5" + storage_mb = 32768 + version = "16" + zone = "1" + high_availability = { + mode = "ZoneRedundant" + standby_availability_zone = 2 + } + tags = { + project = "mms-github" + environment = terraform.workspace + managed-by = "terraform" + } + } + } + postgresql_flexible_server_configuration = { + backslash_quote = { + server_id = module.database.postgresql_flexible_server["postgresql-mms"].id + value = "on" + } + } + postgresql_flexible_server_database = { + application = { + server_id = module.database.postgresql_flexible_server["postgresql-mms"].id + } + } + postgresql_flexible_server_firewall_rule = { + AzureServices = { + server_id = module.database.postgresql_flexible_server["postgresql-mms"].id + start_ip_address = cidrhost("0.0.0.0/32", 0) + end_ip_address = cidrhost("0.0.0.0/32", -1) + } + } } diff --git a/examples/min_main.tf b/examples/min_main.tf index ddb6031..a62b0a9 100644 --- a/examples/min_main.tf +++ b/examples/min_main.tf @@ -1,5 +1,5 @@ resource "random_password" "password" { - for_each = toset(["mysql_root"]) + for_each = toset(["mysql_root", "postgresql_root"]) length = 16 special = false @@ -37,4 +37,31 @@ module "database" { end_ip_address = cidrhost("0.0.0.0/32", -1) } } + postgresql_flexible_server = { + postgresql-mms = { + location = "westeurope" + resource_group_name = "rg-mms-github" + administrator_login = "postgresql_root" + administrator_password = random_password.password["postgresql_root"].result + sku_name = "GP_Standard_D2ds_v5" + } + } + postgresql_flexible_server_configuration = { + backslash_quote = { + server_id = module.database.postgresql_flexible_server["postgresql-mms"].id + value = "on" + } + } + postgresql_flexible_server_database = { + application = { + server_id = module.database.postgresql_flexible_server["postgresql-mms"].id + } + } + postgresql_flexible_server_firewall_rule = { + AzureServices = { + server_id = module.database.postgresql_flexible_server["postgresql-mms"].id + start_ip_address = cidrhost("0.0.0.0/32", 0) + end_ip_address = cidrhost("0.0.0.0/32", -1) + } + } } From ee0b4acfe60aa9f1a1ebf0b6e904af9fca706e6d Mon Sep 17 00:00:00 2001 From: Hauke Brandt Date: Wed, 24 Jan 2024 16:22:12 +0100 Subject: [PATCH 3/4] Corrected typos --- main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/main.tf b/main.tf index 457d512..d997e9d 100644 --- a/main.tf +++ b/main.tf @@ -124,8 +124,8 @@ resource "azurerm_postgresql_flexible_server" "postgresql_flexible_server" { replication_role = local.postgresql_flexible_server[each.key].replication_role sku_name = local.postgresql_flexible_server[each.key].sku_name source_server_id = local.postgresql_flexible_server[each.key].source_server_id - auto_grow_enabled = local.postgresql_flexible_server[each.key].auto_grow_enabled_id - storage_mb = local.postgresql_flexible_server[each.key].storage_mb_id + auto_grow_enabled = local.postgresql_flexible_server[each.key].auto_grow_enabled + storage_mb = local.postgresql_flexible_server[each.key].storage_mb version = local.postgresql_flexible_server[each.key].version zone = local.postgresql_flexible_server[each.key].zone @@ -202,7 +202,7 @@ resource "azurerm_postgresql_flexible_server_firewall_rule" "postgresql_flexible for_each = var.postgresql_flexible_server_firewall_rule name = local.postgresql_flexible_server_firewall_rule[each.key].name == "" ? each.key : local.postgresql_flexible_server_firewall_rule[each.key].name - server_id = local.postgresql_flexible_server_firewall_rule[each.key].server_name + server_id = local.postgresql_flexible_server_firewall_rule[each.key].server_id start_ip_address = local.postgresql_flexible_server_firewall_rule[each.key].start_ip_address end_ip_address = local.postgresql_flexible_server_firewall_rule[each.key].end_ip_address } From 4f01927f5c7d1260dcea32fb088fe7d6893629ed Mon Sep 17 00:00:00 2001 From: Sebastian Wolschke Date: Tue, 21 May 2024 10:45:38 +0200 Subject: [PATCH 4/4] move postgresql_flexible_server_values block to better location in variables.tf --- variables.tf | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/variables.tf b/variables.tf index d907ba6..9d5d463 100644 --- a/variables.tf +++ b/variables.tf @@ -145,6 +145,14 @@ locals { mysql_flexible_server => merge(local.default.mysql_flexible_server, var.mysql_flexible_server[mysql_flexible_server]) } + /** + compare and merge custom and default values + */ + postgresql_flexible_server_values = { + for postgresql_flexible_server in keys(var.postgresql_flexible_server) : + postgresql_flexible_server => merge(local.default.postgresql_flexible_server, var.postgresql_flexible_server[postgresql_flexible_server]) + } + /** deep merge of all custom and default values */ @@ -178,14 +186,6 @@ locals { mysql_flexible_server_firewall_rule => merge(local.default.mysql_flexible_server_firewall_rule, var.mysql_flexible_server_firewall_rule[mysql_flexible_server_firewall_rule]) } - /** - compare and merge custom and default values - */ - postgresql_flexible_server_values = { - for postgresql_flexible_server in keys(var.postgresql_flexible_server) : - postgresql_flexible_server => merge(local.default.postgresql_flexible_server, var.postgresql_flexible_server[postgresql_flexible_server]) - } - /** deep merge of all custom and default values */