professional-service-best-practices/terraform-modules
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add validation for postgres, db name requirements and catch reserved 'admin' user

Browse source
This commit is contained in:
Maximilian_Schlenz 2025-07-15 16:13:14 +02:00
parent 7345619f23
commit 370b15a328
5 changed files with 115 additions and 71 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
example/main.tf
View file

@ -57,22 +57,22 @@ module "net" {
security_group_ids_by_name = local.security_group_ids_by_name
}
# module "postgres" {
# source = "../postgres"
module "postgres" {
source = "../postgres"
# for_each = var.postgres_instances
for_each = var.postgres_instances
# project_id = module.project.project_id
# name = each.value.name
# ver = each.value.version
# flavor = each.value.flavor
# storage = each.value.storage
# replicas = each.value.replicas
# acl = each.value.acl
# backup_schedule = each.value.backup_schedule
# users = each.value.users
# databases = each.value.databases
# }
project_id = module.project.project_id
name = each.value.name
ver = each.value.version
flavor = each.value.flavor
storage = each.value.storage
replicas = each.value.replicas
acl = each.value.acl
backup_schedule = each.value.backup_schedule
users = each.value.users
databases = each.value.databases
}
# module "ske" {
# source = "../ske"
@ -86,10 +86,24 @@ module "net" {
# }
# module "observability" {
# source = "../observability"
# source = "../observability" # path to the new module
# for_each = var.observability_instances
# project_id = module.project.project_id
# name = each.value.name
# plan_name = each.value.plan_name
# # required
# name = each.value.name
# plan_name = each.value.plan_name
# # optionals
# acl = each.value.acl
# metrics_retention_days = each.value.metrics_retention_days
# metrics_retention_days_5m_downsampling = each.value.metrics_retention_days_5m_downsampling
# metrics_retention_days_1h_downsampling = each.value.metrics_retention_days_1h_downsampling
# alert_config = each.value.alert_config
# parameters = each.value.parameters
# # credentials
# create_credentials = each.value.create_credentials
# credentials_count = each.value.credentials_count
# }

62
example/terraform.tfvars
View file

@ -56,39 +56,39 @@ security_groups = {
# },
}
# postgres_instances = {
# dev = {
# name = "pg-test-instance"
# version = 17
# flavor = {
# cpu = 2,
# ram = 4
# }
# storage = {
# class = "premium-perf6-stackit",
# size = 20
# }
# replicas = 1
# acl = ["0.0.0.0/0"]
# backup_schedule = "00 00 * * *"
postgres_instances = {
dev = {
name = "pg-test-instance"
version = 17
flavor = {
cpu = 2,
ram = 4
}
storage = {
class = "premium-perf6-stackit",
size = 20
}
replicas = 1
acl = ["0.0.0.0/0"]
backup_schedule = "00 00 * * *"
# users = [
# { username = "admin",
# roles = ["login", "createdb"]
# },
# { username = "testusr",
# roles = ["login"]
# }
# ]
users = [
{ username = "adminusr",
roles = ["login", "createdb"]
},
{ username = "testusr",
roles = ["login"]
}
]
# databases = [
# {
# name = "test_db",
# owner = "admin"
# }
# ]
# }
# }
databases = [
{
name = "testdb",
owner = "admin"
}
]
}
}
networks = {
wan_network = {

38
example/variables.tf
View file

@ -57,25 +57,25 @@ variable "security_groups" {
}))
}
# variable "postgres_instances" {
# type = map(object({
# name = string
# version = number
# flavor = object({ cpu = number, ram = number })
# storage = object({ class = string, size = number })
# replicas = number
# acl = list(string)
# backup_schedule = string
# users = list(object({
# username = string
# roles = set(string)
# }))
# databases = list(object({
# name = string
# owner = string
# }))
# }))
# }
variable "postgres_instances" {
type = map(object({
name = string
version = number
flavor = object({ cpu = number, ram = number })
storage = object({ class = string, size = number })
replicas = number
acl = list(string)
backup_schedule = string
users = list(object({
username = string
roles = set(string)
}))
databases = list(object({
name = string
owner = string
}))
}))
}
# Network definition map
variable "networks" {

2
postgres/providers.tf
View file

@ -3,7 +3,7 @@ terraform {
required_providers {
stackit = {
source = "stackitcloud/stackit"
version = "0.56.0"
version = "0.54.0"
}
}
}

34
postgres/variables.tf
View file

@ -4,6 +4,21 @@ variable "project_id" {
variable "name" {
type = string
validation {
condition = length(regexall("^[a-z]([-a-z0-9]*[a-z0-9])?$", var.name)) > 0
error_message = <<EOT
The name must be a valid DNS-1035 label:
- only lower-case letters, digits or '-'
- must start with a letter
- must end with a letter or digit
EOT
}
}
variable "instance_id" {
type = string
default = ""
}
variable "ver" {
@ -38,19 +53,34 @@ variable "backup_schedule" {
}
variable "users" {
description = "List of users"
type = list(object({
username = string
roles = set(string)
}))
default = []
validation {
condition = alltrue([
for user in var.users : user.username != "admin"
])
error_message = "The username 'admin' is reserved and cannot be used."
}
}
variable "databases" {
description = "List of databases"
type = list(object({
name = string
owner = string
}))
default = []
validation {
condition = alltrue([
for db in var.databases : length(regexall("^[a-z]([-a-z0-9]*[a-z0-9])?$", db.name)) > 0
])
error_message = <<EOT
The name must be a valid DNS-1035 label:
- only lower-case letters, digits or '-'
- must start with a letter
- must end with a letter or digit
EOT
}
}