This repository has been archived by the owner on Nov 30, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
main.tf
91 lines (75 loc) · 3.13 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
locals {
vaultName = var.key_vault_name != "" ? var.key_vault_name : "infra-vault-${var.subscription}"
vault_resource_group_name = var.key_vault_rg != "" ? var.key_vault_rg : (
local.is_prod ? "core-infra-prod" : "cnp-core-infra"
)
default_name = var.component != "" ? "${var.product}-${var.component}" : var.product
name = var.name != "" ? var.name : local.default_name
server_name = "${local.name}-${var.env}"
}
data "azurerm_key_vault" "infra_vault" {
name = local.vaultName
resource_group_name = local.vault_resource_group_name
}
resource "azurerm_resource_group" "data-resourcegroup" {
name = "${local.name}-data-${var.env}"
location = var.location
tags = var.common_tags
}
resource "random_password" "password" {
length = 16
special = true
upper = true
lower = true
number = true
}
resource "azurerm_postgresql_server" "postgres-paas" {
name = local.server_name
location = var.location
resource_group_name = azurerm_resource_group.data-resourcegroup.name
administrator_login = var.postgresql_user
administrator_login_password = random_password.password.result
sku_name = var.sku_name
version = var.postgresql_version
storage_mb = var.storage_mb
backup_retention_days = var.backup_retention_days
geo_redundant_backup_enabled = var.georedundant_backup
ssl_enforcement_enabled = true
ssl_minimal_tls_version_enforced = "TLS1_2"
public_network_access_enabled = var.subnet_id == "" ? true : false
auto_grow_enabled = var.auto_grow_enabled
tags = var.common_tags
}
resource "azurerm_postgresql_database" "postgres-db" {
name = replace(var.database_name, "-", "")
resource_group_name = azurerm_resource_group.data-resourcegroup.name
server_name = azurerm_postgresql_server.postgres-paas.name
charset = var.charset
collation = var.collation
}
resource "azurerm_postgresql_database" "additional_databases" {
for_each = toset(var.additional_databases)
name = replace("${each.key}", "-", "")
resource_group_name = azurerm_resource_group.data-resourcegroup.name
server_name = azurerm_postgresql_server.postgres-paas.name
charset = var.charset
collation = var.collation
}
locals {
is_prod = length(regexall(".*(prod).*", var.env)) > 0
admin_group = local.is_prod ? "DTS Platform Operations SC" : "DTS Platform Operations"
# psql needs spaces escaped in user names
escaped_admin_group = replace(local.admin_group, " ", "\\ ")
}
data "azurerm_client_config" "current" {}
data "azuread_group" "db_admin" {
display_name = local.admin_group
security_enabled = true
}
resource "azurerm_postgresql_active_directory_administrator" "admin" {
server_name = azurerm_postgresql_database.postgres-db.server_name
resource_group_name = azurerm_resource_group.data-resourcegroup.name
login = local.admin_group
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = data.azuread_group.db_admin.object_id
}