Four-Lights
/
devops
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
devops/infra/modules/postgresql/tenant/main.tf

114 lines
2.5 KiB
HCL
Raw Blame History

terraform {
required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
version = "2.31.0"
}
}
}
resource "random_password" "tenant" {
length = 24
special = true
override_special = "!#$%&*()-_=+[]{}<>:?"
min_special = 2
min_upper = 2
min_lower = 2
min_numeric = 2
}
resource "kubernetes_job" "create-tenant" {
count = var.enabled ? 1 : 0
depends_on = [var.wait_on]
metadata {
name = "create-tenant-${var.name}"
namespace = var.namespace
}
spec {
template {
metadata {}
spec {
container {
name = "create-db-user"
image = "postgres:17-alpine"
command = ["/bin/sh", "-c"]
args = [
<<-EOF
# Wait for postgres to be ready
until PGPASSWORD=$ROOT_PASSWORD psql -h $POSTGRES_HOST -U $ROOT_USERNAME -d $ROOT_DATABASE -c '\l'; do
echo "Waiting for postgres..."
sleep 2
done
# Create user and database
PGPASSWORD=$ROOT_PASSWORD psql -v ON_ERROR_STOP=1 -h $POSTGRES_HOST -U $ROOT_USERNAME -d $ROOT_DATABASE <<-EOSQL
CREATE USER $DB_USER WITH PASSWORD '$DB_PASSWORD';
CREATE DATABASE $DB_NAME OWNER $DB_USER;
GRANT ALL PRIVILEGES ON DATABASE $DB_NAME TO $DB_USER;
EOSQL
EOF
]
env {
name = "POSTGRES_HOST"
value = var.host
}
env {
name = "ROOT_USERNAME"
value = var.root_username
}
env {
name = "ROOT_PASSWORD"
value = var.root_password
}
env {
name = "ROOT_DATABASE"
value = var.root_database
}
env {
name = "DB_NAME"
value = var.name
}
env {
name = "DB_USER"
value = var.name
}
env {
name = "DB_PASSWORD"
value = random_password.tenant.result
}
}
}
}
}
}
output "installed" {
value = true
depends_on = [kubernetes_job.create-tenant]
}
output "password" {
value = random_password.tenant.result
sensitive = true
}
output "database" {
value = var.name
}
output "username" {
value = var.name
}
output "job_name" {
value = var.enabled ? kubernetes_job.create-tenant[0].metadata[0].name : null
}
Reference in New Issue View Git Blame Copy Permalink