Add setting of password for admin admin users (#9)

* Add setting of passwords. Useful for setting password from data sources as azurerm_key_vault_secrets * Spelling mistake * Fix breaking change for diagnostic test
avinor · Mar 25, 2021 · c598310 · c598310
1 parent 6e9dbf7
commit c598310
Show file tree

Hide file tree

Showing 6 changed files with 76 additions and 11 deletions.
diff --git a/examples/diagnostics/main.tf b/examples/diagnostics/main.tf
@@ -23,6 +23,7 @@ module "simple" {
       users = [
         {
           name = "a_user"
+          password = null
           grants = [
             {
               object_type : "database"

diff --git a/examples/password/main.tf b/examples/password/main.tf
@@ -0,0 +1,56 @@
+module "simple" {
+  source = "../.."
+
+  name                = "password"
+  resource_group_name = "password-postgresql-rg"
+  location            = "westeurope"
+
+  sku = {
+    name     = "B_Gen5_1"
+    capacity = 1
+    tier     = "Basic"
+    family   = "Gen5"
+  }
+
+  geo_redundant_backup   = "Enabled"
+  storage_auto_grow      = "Disabled"
+  administrator_password = "secretpassword"
+
+  databases = [
+    {
+      name      = "my_database"
+      charset   = "UTF8"
+      collation = "English_United States.1252"
+      users = [
+        {
+          name     = "a_user"
+          password = null
+          grants = [
+            {
+              object_type : "database"
+              privileges : ["CREATE"]
+            },
+            {
+              object_type : "table"
+              privileges : ["SELECT", "INSERT", "UPDATE"]
+            }
+          ]
+        },
+        {
+          name     = "a_user2"
+          password = "secretpassword"
+          grants = [
+            {
+              object_type : "database"
+              privileges : ["CREATE"]
+            },
+            {
+              object_type : "table"
+              privileges : ["SELECT", "INSERT", "UPDATE"]
+            }
+          ]
+        },
+      ]
+    },
+  ]
+}
diff --git a/examples/simple/main.tf b/examples/simple/main.tf
@@ -22,7 +22,8 @@ module "simple" {
       collation = "English_United States.1252"
       users = [
         {
-          name = "a_user"
+          name     = "a_user"
+          password = null
           grants = [
             {
               object_type : "database"

diff --git a/main.tf b/main.tf
@@ -91,7 +91,7 @@ resource "azurerm_postgresql_server" "main" {
   auto_grow_enabled            = local.auto_grow_enabled
 
   administrator_login          = var.administrator
-  administrator_login_password = random_string.unique.result
+  administrator_login_password = var.administrator_password != null ? var.administrator_password : random_string.unique.result
   version                      = var.server_version
   ssl_enforcement_enabled      = true
 
@@ -134,7 +134,7 @@ resource "azurerm_monitor_diagnostic_setting" "namespace" {
     for_each = data.azurerm_monitor_diagnostic_categories.default.metrics
     content {
       category = metric.value
-      enabled  =  contains(local.parsed_diag.metric, "all") || contains(local.parsed_diag.metric, metric.value)
+      enabled  = contains(local.parsed_diag.metric, "all") || contains(local.parsed_diag.metric, metric.value)
 
       retention_policy {
         enabled = false
@@ -232,7 +232,7 @@ resource "postgresql_role" "user" {
   create_role     = false
   inherit         = true
   replication     = false
-  password        = random_string.user[each.key].result
+  password        = each.value.user.password != null ? each.value.user.password : random_string.user[each.key].result
 
   depends_on = [
     azurerm_postgresql_firewall_rule.client

diff --git a/test/example_ut_test.go b/test/example_ut_test.go
@@ -12,6 +12,7 @@ func TestUT_Examples(t *testing.T) {
 	tests := []string{
 		"../examples/simple",
 		"../examples/diagnostics",
+		"../examples/password",
 	}
 
 	for _, test := range tests {

diff --git a/variables.tf b/variables.tf
@@ -38,10 +38,15 @@ variable "storage_auto_grow" {
 }
 
 variable "administrator" {
-  description = "Name of administrator user, password is auto generated."
+  description = "Name of administrator user"
   default     = "pgsqladmin"
 }
 
+variable "administrator_password" {
+  description = "Administrator password, auto generated if set to null"
+  default     = null
+}
+
 variable "server_version" {
   description = "PostgreSql version to use on server."
   default     = "11"
@@ -70,15 +75,16 @@ variable "network_rules" {
 }
 
 variable "databases" {
-  description = "List of databases and users with access to them. Assigning users require that the provisioner have access to database."
+  description = "List of databases and users with access to them. Assigning users require that the provisioner have access to database. Secret attribute is secret name for a keyvault secret for password, auto generated if null"
   type = list(object({
-    name      = string,
-    charset   = string,
-    collation = string,
+    name      = string
+    charset   = string
+    collation = string
     users = list(object({
-      name = string,
+      name     = string
+      password = string
       grants = list(object({
-        object_type = string,
+        object_type = string
         privileges  = list(string)
       }))
     }))