add validation for postgres, db name requirements and catch reserved 'admin' user

2025-07-15 16:13:14 +02:00 · 2025-07-15 16:13:14 +02:00 · 370b15a328
commit 370b15a328
parent 7345619f23
5 changed files with 115 additions and 71 deletions
--- a/example/main.tf
+++ b/example/main.tf
@ -57,22 +57,22 @@ module "net" {
  security_group_ids_by_name = local.security_group_ids_by_name
 }

-# module "postgres" {
-#   source = "../postgres"
+module "postgres" {
+  source = "../postgres"

-#   for_each = var.postgres_instances
+  for_each = var.postgres_instances

-#   project_id      = module.project.project_id
-#   name            = each.value.name
-#   ver             = each.value.version
-#   flavor          = each.value.flavor
-#   storage         = each.value.storage
-#   replicas        = each.value.replicas
-#   acl             = each.value.acl
-#   backup_schedule = each.value.backup_schedule
-#   users           = each.value.users
-#   databases       = each.value.databases
-# }
+  project_id      = module.project.project_id
+  name            = each.value.name
+  ver             = each.value.version
+  flavor          = each.value.flavor
+  storage         = each.value.storage
+  replicas        = each.value.replicas
+  acl             = each.value.acl
+  backup_schedule = each.value.backup_schedule
+  users           = each.value.users
+  databases       = each.value.databases
+}

 # module "ske" {
 #   source = "../ske"
@ -86,10 +86,24 @@ module "net" {
 # }

 # module "observability" {
-#   source = "../observability"
-
+#   source     = "../observability"   # path to the new module
 #   for_each   = var.observability_instances
+
 #   project_id = module.project.project_id
-#   name       = each.value.name
-#   plan_name  = each.value.plan_name
+
+#   # required
+#   name      = each.value.name
+#   plan_name = each.value.plan_name
+
+#   # optionals
+#   acl                                    = each.value.acl
+#   metrics_retention_days                 = each.value.metrics_retention_days
+#   metrics_retention_days_5m_downsampling = each.value.metrics_retention_days_5m_downsampling
+#   metrics_retention_days_1h_downsampling = each.value.metrics_retention_days_1h_downsampling
+#   alert_config                           = each.value.alert_config
+#   parameters                             = each.value.parameters
+
+#   # credentials
+#   create_credentials = each.value.create_credentials
+#   credentials_count  = each.value.credentials_count
 # }
--- a/example/terraform.tfvars
+++ b/example/terraform.tfvars
@ -56,39 +56,39 @@ security_groups = {
  # },
 }

-# postgres_instances = {
-#   dev = {
-#     name    = "pg-test-instance"
-#     version = 17
-#     flavor = {
-#       cpu = 2,
-#       ram = 4
-#     }
-#     storage = {
-#       class = "premium-perf6-stackit",
-#       size  = 20
-#     }
-#     replicas        = 1
-#     acl             = ["0.0.0.0/0"]
-#     backup_schedule = "00 00 * * *"
+postgres_instances = {
+  dev = {
+    name    = "pg-test-instance"
+    version = 17
+    flavor = {
+      cpu = 2,
+      ram = 4
+    }
+    storage = {
+      class = "premium-perf6-stackit",
+      size  = 20
+    }
+    replicas        = 1
+    acl             = ["0.0.0.0/0"]
+    backup_schedule = "00 00 * * *"

-#     users = [
-#       { username = "admin",
-#         roles    = ["login", "createdb"]
-#       },
-#       { username = "testusr",
-#         roles    = ["login"]
-#       }
-#     ]
+    users = [
+      { username = "adminusr",
+        roles    = ["login", "createdb"]
+      },
+      { username = "testusr",
+        roles    = ["login"]
+      }
+    ]

-#     databases = [
-#       {
-#         name  = "test_db",
-#         owner = "admin"
-#       }
-#     ]
-#   }
-# }
+    databases = [
+      {
+        name  = "testdb",
+        owner = "admin"
+      }
+    ]
+  }
+}

 networks = {
  wan_network = {
--- a/example/variables.tf
+++ b/example/variables.tf
@ -57,25 +57,25 @@ variable "security_groups" {
  }))
 }

-# variable "postgres_instances" {
-#   type = map(object({
-#     name            = string
-#     version         = number
-#     flavor          = object({ cpu = number, ram = number })
-#     storage         = object({ class = string, size = number })
-#     replicas        = number
-#     acl             = list(string)
-#     backup_schedule = string
-#     users = list(object({
-#       username = string
-#       roles    = set(string)
-#     }))
-#     databases = list(object({
-#       name  = string
-#       owner = string
-#     }))
-#   }))
-# }
+variable "postgres_instances" {
+  type = map(object({
+    name            = string
+    version         = number
+    flavor          = object({ cpu = number, ram = number })
+    storage         = object({ class = string, size = number })
+    replicas        = number
+    acl             = list(string)
+    backup_schedule = string
+    users = list(object({
+      username = string
+      roles    = set(string)
+    }))
+    databases = list(object({
+      name  = string
+      owner = string
+    }))
+  }))
+}

 # Network definition map
 variable "networks" {