Biganimal Module/Spec - move cloud_account per data group and witness…

… node

edbterraform/data/templates/aws/biganimal.tf.j2

@@ -7,7 +7,6 @@ module "biganimal" {
   name               = each.key
   name_id            = module.spec.hex_id
 
-  cloud_account      = each.value.cloud_account
   cluster_name       = module.spec.base.tags.cluster_name
   password           = each.value.password
   data_groups        = each.value.data_groups

edbterraform/data/templates/azure/biganimal.tf.j2

@@ -7,7 +7,6 @@ module "biganimal" {
   name               = each.key
   name_id            = module.spec.hex_id
 
-  cloud_account      = each.value.cloud_account
   cluster_name       = module.spec.base.tags.cluster_name
   password           = each.value.password
   data_groups        = each.value.data_groups

edbterraform/data/templates/gcloud/biganimal.tf.j2

@@ -7,7 +7,6 @@ module "biganimal" {
   name               = each.key
   name_id            = module.spec.hex_id
 
-  cloud_account      = each.value.cloud_account
   cluster_name       = module.spec.base.tags.cluster_name
   password           = each.value.password
   data_groups        = each.value.data_groups

edbterraform/data/terraform/aws/modules/biganimal/main.tf

@@ -1,7 +1,7 @@
 resource "biganimal_cluster" "instance" {
     for_each = local.use_wal_volume || local.use_pgd ? {} : local.data_groups
     # required
-    cloud_provider = local.cloud_provider
+    cloud_provider = each.value.cloud_provider_id
     cluster_architecture {
         id = each.value.type
         nodes = each.value.node_count
@@ -42,7 +42,7 @@ resource "biganimal_cluster" "instance" {
     }
     private_networking = !var.publicly_accessible
     read_only_connections = false
-    superuser_access = local.superuser_access
+    superuser_access = each.value.superuser_access
 }
 
 resource "biganimal_pgd" "clusters" {
@@ -56,7 +56,7 @@ resource "biganimal_pgd" "clusters" {
     data_groups = [
       for key, values in local.data_groups: {
         cloud_provider = {
-          cloud_provider_id = local.cloud_provider
+          cloud_provider_id = values.cloud_provider_id
         }
         cluster_architecture = {
             cluster_architecture_id = values.type
@@ -105,13 +105,13 @@ resource "biganimal_pgd" "clusters" {
         ]
 
         pe_allowed_principled_ids = []
-        service_account_ids = contains(["gcp", "bah:gcp"], var.cloud_provider) ? [] : null
+        service_account_ids = contains(["gcp"], var.cloud_provider) ? [] : null
 
         backup_retention_period = "1d"
         csp_auth = false
         private_networking = !var.publicly_accessible
         read_only_connections = false
-        superuser_access = local.superuser_access
+        superuser_access = values.superuser_access
       }
     ]
 
@@ -121,7 +121,7 @@ resource "biganimal_pgd" "clusters" {
           region_id = v.region
         }
         cloud_provider = {
-          cloud_provider_id = v.cloud_service_provider
+          cloud_provider_id = v.cloud_account ? v.cloud_service_provider : "bah:${v.cloud_service_provider}"
         }
         maintenance_window = {
           is_enabled = v.maintenance_window.is_enabled
@@ -287,7 +287,7 @@ locals {
 }
 
 resource "toolbox_external" "vpc" {
-  count = var.cloud_account && !local.use_pgd ? 1 : 0
+  count = local.cloud_account_non_pgd ? 1 : 0
   program = [
     "bash",
     "-c",

edbterraform/data/terraform/aws/modules/biganimal/outputs.tf

@@ -112,7 +112,7 @@ output "biganimal_id" {
 }
 
 output "buckets" {
-  value = var.cloud_account ? {
+  value = local.cloud_account_non_pgd ? {
     postgres = {
       bucket = local.postgres_bucket
       prefix = local.postgres_bucket_prefix
@@ -128,7 +128,7 @@ output "buckets" {
 }
 
 output "loadbalancer" {
-  value = var.cloud_account && !local.use_pgd ? {
+  value = local.cloud_account_non_pgd ? {
     name = toolbox_external.vpc.0.result.loadbalancer_name
     dns = toolbox_external.vpc.0.result.loadbalancer_dns
   } : {}

edbterraform/data/terraform/aws/modules/biganimal/variables.tf

@@ -1,5 +1,6 @@
 variable data_groups {
   type = map(object({
+    cloud_account  = optional(bool, true)
     type           = string
     region         = string
     node_count     = number
@@ -100,6 +101,15 @@ variable data_groups {
       EOT
     )
   }
+
+  validation {
+    condition = alltrue([for name, grouping in var.data_groups: grouping.type != "pgd" || grouping.node_count == 2 || grouping.node_count == 3])
+    error_message = (
+      <<-EOT
+      When using pgd, node_count must be 2 or 3.
+      EOT
+    )
+  }
 }
 
 variable "witness_groups" {
@@ -108,6 +118,7 @@ variable "witness_groups" {
   nullable = false
   type = map(object({
     region = string
+    cloud_account  = optional(bool, true)
     cloud_service_provider = string
     maintenance_window = optional(object({
       is_enabled = bool
@@ -143,12 +154,6 @@ variable "project" {
 
 variable "name" {}
 variable "name_id" {}
-variable "cloud_account" {
-  type = bool
-  default = true
-  nullable = false
-  description = "Option for selecting if biganimal should host the resources with your own cloud account instead of biganimal hosted resources"
-}
 variable "cluster_name" {}
 variable "password" {
   nullable = true
@@ -170,7 +175,7 @@ variable "cloud_provider" {
   default = "aws"
   nullable = false
   validation {
-    condition = contains(["aws", "bah:aws"], var.cloud_provider)
+    condition = contains(["aws"], var.cloud_provider)
     error_message = "Invalid cloud provider"
   }
 }
@@ -211,9 +216,6 @@ variable "tags" {
 }
 
 locals {
-  # superuser not allowed for biganimal-hosted clusters
-  superuser_access = var.cloud_account ? true : false
-
   service_cidrblocks = [
     for cidr in var.service_cidrblocks : {
       cidr_block = cidr
@@ -255,14 +257,24 @@ locals {
       # resource expects a cloud provider prefix infront of its instance type
       instance_type = !startswith("${var.cloud_provider}:", values.instance_type) ? format("${var.cloud_provider}:%s", values.instance_type) : values.instance_type
       volume_size = "${values.volume.size_gb} Gi"
+
+      # superuser not allowed for biganimal-hosted clusters
+      superuser_access = values.cloud_account ? true : false
+
+      # Format the cloud provider id
+      cloud_provider_id = values.cloud_account ? var.cloud_provider : "bah:${var.cloud_provider}"
     }))
   }
 
+  cloud_account_non_pgd = (
+    alltrue([for group in var.data_groups: group.cloud_account == true])
+    && !local.use_pgd
+    ? true : false
+  )
+
 }
 
 locals {
-
-  cloud_provider = var.cloud_account ? var.cloud_provider : "bah:${var.cloud_provider}"
   cluster_name = format("%s-%s", var.name, var.name_id)
 
   // Create an object that excludes any null objects
@@ -276,7 +288,7 @@ locals {
   // Remove null values from the volume properties and save with the api variable naming as the key
   // Size must be saved as a string and with the Gi suffix
   API_DATA = concat([
-    for group_name, group_values in var.data_groups: {
+    for group_name, group_values in local.data_groups: {
       clusterName = local.cluster_name
       clusterType = group_values.type
       password = local.password
@@ -296,8 +308,8 @@ locals {
         for key, value in group_values.wal_volume == null ? {} : group_values.wal_volume : local.TERRAFORM_API_MAPPING[key] =>
           key == "size_gb" ? "${value} Gi" : tostring(value) if value != null
       }
-      # required 
-      provider = { cloudProviderId = local.cloud_provider }
+      # required
+      provider = { cloudProviderId = group_values.cloud_provider_id }
       clusterArchitecture = {
           clusterArchitectureId = group_values.type
           nodes = group_values.type == "single" ? 1 : group_values.node_count
@@ -310,7 +322,7 @@ locals {
       backupRetentionPeriod = "1d"
       cspAuth = false
       readOnlyConnections = false
-      superuserAccess = true
+      superuserAccess = group_values.superuser_access
     }], [{ # PGD configuration
     clusterName = local.cluster_name
     clusterType = one(distinct([for group_name, group_values in var.data_groups: group_values.type]))
@@ -334,7 +346,7 @@ locals {
             key == "size_gb" ? "${value} Gi" : tostring(value) if value != null
         }
         # required 
-        provider = { cloudProviderId = local.cloud_provider }
+        provider = { cloudProviderId = group_values.cloud_provider_id }
         clusterArchitecture = {
             clusterArchitectureId = group_values.type
             nodes = group_values.type == "single" ? 1 : group_values.node_count
@@ -347,7 +359,7 @@ locals {
         backupRetentionPeriod = "1d"
         cspAuth = false
         readOnlyConnections = false
-        superuserAccess = local.superuser_access
+        superuserAccess = group_values.superuser_access
       }
     ]}
   # Ternary requires consistent types.

edbterraform/data/terraform/aws/modules/specification/variables.tf

@@ -159,9 +159,9 @@ variable "spec" {
       project        = object({
         id = optional(string)
       })
-      cloud_account = optional(bool)
       password       = optional(string)
       data_groups = optional(map(object({
+        cloud_account = optional(bool)
         type           = string
         region         = string
         node_count     = number
@@ -195,6 +195,7 @@ variable "spec" {
       })))
       witness_groups = optional(map(object({
         region = string
+        cloud_account = optional(bool)
         cloud_service_provider = string
       })), {})
       tags = optional(map(string), {})

edbterraform/data/terraform/azure/modules/biganimal/main.tf

@@ -1,7 +1,7 @@
 resource "biganimal_cluster" "instance" {
     for_each = local.use_wal_volume || local.use_pgd ? {} : local.data_groups
     # required
-    cloud_provider = local.cloud_provider
+    cloud_provider = each.value.cloud_provider_id
     cluster_architecture {
         id = each.value.type
         nodes = each.value.node_count
@@ -42,7 +42,7 @@ resource "biganimal_cluster" "instance" {
     }
     private_networking = !var.publicly_accessible
     read_only_connections = false
-    superuser_access = local.superuser_access
+    superuser_access = each.value.superuser_access
 }
 
 resource "biganimal_pgd" "clusters" {
@@ -56,7 +56,7 @@ resource "biganimal_pgd" "clusters" {
     data_groups = [
       for key, values in local.data_groups: {
         cloud_provider = {
-          cloud_provider_id = local.cloud_provider
+          cloud_provider_id = values.cloud_provider_id
         }
         cluster_architecture = {
             cluster_architecture_id = values.type
@@ -105,13 +105,13 @@ resource "biganimal_pgd" "clusters" {
         ]
 
         pe_allowed_principled_ids = []
-        service_account_ids = contains(["gcp", "bah:gcp"], var.cloud_provider) ? [] : null
+        service_account_ids = contains(["gcp"], var.cloud_provider) ? [] : null
 
         backup_retention_period = "1d"
         csp_auth = false
         private_networking = !var.publicly_accessible
         read_only_connections = false
-        superuser_access = local.superuser_access
+        superuser_access = values.superuser_access
       }
     ]
 
@@ -121,7 +121,7 @@ resource "biganimal_pgd" "clusters" {
           region_id = v.region
         }
         cloud_provider = {
-          cloud_provider_id = v.cloud_service_provider
+          cloud_provider_id = v.cloud_account ? v.cloud_service_provider : "bah:${v.cloud_service_provider}"
         }
         maintenance_window = {
           is_enabled = v.maintenance_window.is_enabled

edbterraform/data/terraform/azure/modules/biganimal/outputs.tf

@@ -112,7 +112,7 @@ output "biganimal_id" {
 }
 
 output "buckets" {
-  value = var.cloud_account ? {
+  value = local.cloud_account_non_pgd ? {
     postgres = {
       bucket = local.postgres_bucket
       prefix = local.postgres_bucket_prefix
@@ -128,7 +128,7 @@ output "buckets" {
 }
 
 output "loadbalancer" {
-  value = var.cloud_account && !local.use_pgd ? {
+  value = local.cloud_account_non_pgd ? {
     name = toolbox_external.vpc.0.result.loadbalancer_name
     dns = toolbox_external.vpc.0.result.loadbalancer_dns
   } : {}