Add support for legacy users (#11)

drsherluck · web-flow · commit efef8027de99 · 2022-10-13T16:27:51.000+02:00
* add support for migrating users

* fix passwords

* rename to legacy users

* rename output

* be explicit about user type

* indent and seperate concerns
diff --git a/outputs.tf b/outputs.tf
@@ -12,3 +12,8 @@ output "admin_user_password" {
   sensitive = true
   value     = random_password.admin_user.result
 }
+
+output "legacy_users_passwords" {
+  sensitive = true
+  value     = { for user in var.legacy_users : user => random_password.legacy_users[user].result }
+}
diff --git a/user.tf b/user.tf
@@ -4,10 +4,25 @@ resource "random_password" "admin_user" {
 
 resource "google_sql_user" "admin_user" {
   instance = google_sql_database_instance.instance.name
-
   name     = local.admin_user
   password = random_password.admin_user.result
-  type     = "" # Equivalent of "BUILT_IN"
+  type     = "BUILT_IN"
+
+  deletion_policy = null
+}
+
+resource "random_password" "legacy_users" {
+  for_each = toset(var.legacy_users)
+  length   = 48
+}
+
+resource "google_sql_user" "legacy_users" {
+  for_each = toset(var.legacy_users)
+
+  instance = google_sql_database_instance.instance.name
+  name     = each.value
+  password = random_password.legacy_users[each.value].result
+  type     = "BUILT_IN"
 
   deletion_policy = null
 }
diff --git a/variables.tf b/variables.tf
@@ -75,6 +75,11 @@ variable "labels" {
   default = {}
 }
 
+variable "legacy_users" {
+  type    = list(string)
+  default = []
+}
+
 variable "maintenance_window" {
   type = object({
     day          = number

Original file line number	Diff line number	Diff line change
`@@ -12,3 +12,8 @@ output "admin_user_password" {`
`12`	`12`	`sensitive = true`
`13`	`13`	`value = random_password.admin_user.result`
`14`	`14`	`}`
	`15`	`+`
	`16`	`+output "legacy_users_passwords" {`
	`17`	`+ sensitive = true`
	`18`	`+ value = { for user in var.legacy_users : user => random_password.legacy_users[user].result }`
	`19`	`+}`