From c598310653d2012afd50d1ce8009c17c89d7b71a Mon Sep 17 00:00:00 2001 From: Yngve Hansen <6208039+yngveh@users.noreply.github.com> Date: Thu, 25 Mar 2021 14:05:00 +0100 Subject: [PATCH] Add setting of password for admin admin users (#9) * Add setting of passwords. Useful for setting password from data sources as azurerm_key_vault_secrets * Spelling mistake * Fix breaking change for diagnostic test --- examples/diagnostics/main.tf | 1 + examples/password/main.tf | 56 ++++++++++++++++++++++++++++++++++++ examples/simple/main.tf | 3 +- main.tf | 6 ++-- test/example_ut_test.go | 1 + variables.tf | 20 ++++++++----- 6 files changed, 76 insertions(+), 11 deletions(-) create mode 100644 examples/password/main.tf diff --git a/examples/diagnostics/main.tf b/examples/diagnostics/main.tf index d6e6ed6..5cf2078 100644 --- a/examples/diagnostics/main.tf +++ b/examples/diagnostics/main.tf @@ -23,6 +23,7 @@ module "simple" { users = [ { name = "a_user" + password = null grants = [ { object_type : "database" diff --git a/examples/password/main.tf b/examples/password/main.tf new file mode 100644 index 0000000..87f809a --- /dev/null +++ b/examples/password/main.tf @@ -0,0 +1,56 @@ +module "simple" { + source = "../.." + + name = "password" + resource_group_name = "password-postgresql-rg" + location = "westeurope" + + sku = { + name = "B_Gen5_1" + capacity = 1 + tier = "Basic" + family = "Gen5" + } + + geo_redundant_backup = "Enabled" + storage_auto_grow = "Disabled" + administrator_password = "secretpassword" + + databases = [ + { + name = "my_database" + charset = "UTF8" + collation = "English_United States.1252" + users = [ + { + name = "a_user" + password = null + grants = [ + { + object_type : "database" + privileges : ["CREATE"] + }, + { + object_type : "table" + privileges : ["SELECT", "INSERT", "UPDATE"] + } + ] + }, + { + name = "a_user2" + password = "secretpassword" + grants = [ + { + object_type : "database" + privileges : ["CREATE"] + }, + { + object_type : "table" + privileges : ["SELECT", "INSERT", "UPDATE"] + } + ] + }, + ] + }, + ] +} \ No newline at end of file diff --git a/examples/simple/main.tf b/examples/simple/main.tf index 4eb5c13..81b02a7 100644 --- a/examples/simple/main.tf +++ b/examples/simple/main.tf @@ -22,7 +22,8 @@ module "simple" { collation = "English_United States.1252" users = [ { - name = "a_user" + name = "a_user" + password = null grants = [ { object_type : "database" diff --git a/main.tf b/main.tf index 90ac8df..2b15e6a 100644 --- a/main.tf +++ b/main.tf @@ -91,7 +91,7 @@ resource "azurerm_postgresql_server" "main" { auto_grow_enabled = local.auto_grow_enabled administrator_login = var.administrator - administrator_login_password = random_string.unique.result + administrator_login_password = var.administrator_password != null ? var.administrator_password : random_string.unique.result version = var.server_version ssl_enforcement_enabled = true @@ -134,7 +134,7 @@ resource "azurerm_monitor_diagnostic_setting" "namespace" { for_each = data.azurerm_monitor_diagnostic_categories.default.metrics content { category = metric.value - enabled = contains(local.parsed_diag.metric, "all") || contains(local.parsed_diag.metric, metric.value) + enabled = contains(local.parsed_diag.metric, "all") || contains(local.parsed_diag.metric, metric.value) retention_policy { enabled = false @@ -232,7 +232,7 @@ resource "postgresql_role" "user" { create_role = false inherit = true replication = false - password = random_string.user[each.key].result + password = each.value.user.password != null ? each.value.user.password : random_string.user[each.key].result depends_on = [ azurerm_postgresql_firewall_rule.client diff --git a/test/example_ut_test.go b/test/example_ut_test.go index e32e4e5..29ed259 100644 --- a/test/example_ut_test.go +++ b/test/example_ut_test.go @@ -12,6 +12,7 @@ func TestUT_Examples(t *testing.T) { tests := []string{ "../examples/simple", "../examples/diagnostics", + "../examples/password", } for _, test := range tests { diff --git a/variables.tf b/variables.tf index ef89db3..35149cb 100644 --- a/variables.tf +++ b/variables.tf @@ -38,10 +38,15 @@ variable "storage_auto_grow" { } variable "administrator" { - description = "Name of administrator user, password is auto generated." + description = "Name of administrator user" default = "pgsqladmin" } +variable "administrator_password" { + description = "Administrator password, auto generated if set to null" + default = null +} + variable "server_version" { description = "PostgreSql version to use on server." default = "11" @@ -70,15 +75,16 @@ variable "network_rules" { } variable "databases" { - description = "List of databases and users with access to them. Assigning users require that the provisioner have access to database." + description = "List of databases and users with access to them. Assigning users require that the provisioner have access to database. Secret attribute is secret name for a keyvault secret for password, auto generated if null" type = list(object({ - name = string, - charset = string, - collation = string, + name = string + charset = string + collation = string users = list(object({ - name = string, + name = string + password = string grants = list(object({ - object_type = string, + object_type = string privileges = list(string) })) }))