Add module for Azure PG flex server (#152)

Signed-off-by: Ferdinand de Baecque <[email protected]>

terraform/main.tf

@@ -265,6 +265,23 @@ module "azure_rabbitmq_app_registration" {
   ]
 }
 
+module "azurerm_postgres_flexible_server" {
+  source              = "./modules/azure/postgres-flex-server"
+  resource_group_name = var.azure_resource_group_name
+  unique_project_name = var.unique_project_name
+
+  postgres_runtime_version = "14"
+  postgres_sku_name        = "B_Standard_B1ms"
+  postgres_storage_mb      = 32768
+
+  postgres_database_name = "test_db"
+
+  user_managed_identity_pg_ad_admin = module.azuread_applications.identity_1
+  application_tenant_id             = data.azurerm_client_config.current.tenant_id
+
+  tags = local.tags
+}
+
 // ====== GITHUB SECRETS ======
 
 module "github_secrets" {
@@ -345,10 +362,30 @@ module "github_secrets" {
       name  = "TF_AZURE_IDENTITY_1_APP_FULL_ID"
       value = module.azuread_applications.identity_1.id
     },
+    {
+      name  = "TF_AZURE_IDENTITY_1_NAME"
+      value = module.azuread_applications.identity_1.name
+    },
     {
       name  = "TF_AZURE_IDENTITY_2_APP_ID"
       value = module.azuread_applications.identity_2.client_id
     },
+    {
+      name  = "TF_AZURE_POSTGRES_FQDN"
+      value = module.azurerm_postgres_flexible_server.postgres_flex_server_fqdn
+    },
+    {
+      name  = "TF_AZURE_POSTGRES_ADMIN_USERNAME"
+      value = module.azurerm_postgres_flexible_server.admin_username
+    },
+    {
+      name  = "TF_AZURE_POSTGRES_ADMIN_PASSWORD"
+      value = module.azurerm_postgres_flexible_server.admin_password
+    },
+    {
+      name  = "TF_AZURE_POSTGRES_DB_NAME"
+      value = module.azurerm_postgres_flexible_server.postgres_database_name
+    },
     {
       name  = "TF_AZURE_KEYVAULT_URI"
       value = module.azure_key_vault.vault_uri

terraform/modules/azure/postgres-flex-server/main.tf

@@ -0,0 +1,68 @@
+provider "azurerm" {
+  features {}
+  skip_provider_registration = true
+}
+
+locals {
+  postgres_server_name = "${var.unique_project_name}-e2e-postgres"
+}
+
+data "azurerm_resource_group" "rg" {
+  name = var.resource_group_name
+}
+
+resource "random_password" "admin_password" {
+  length      = 32
+  special     = false
+  min_lower   = 1
+  min_numeric = 1
+  min_upper   = 1
+}
+
+resource "random_string" "admin_username" {
+  length    = 8
+  special   = false
+  numeric   = false
+  min_lower = 1
+  min_upper = 1
+}
+
+resource "azurerm_postgresql_flexible_server" "postgres_flex_server" {
+  name                   = local.postgres_server_name
+  resource_group_name    = data.azurerm_resource_group.rg.name
+  location               = data.azurerm_resource_group.rg.location
+  administrator_login    = random_string.admin_username.result
+  administrator_password = random_password.admin_password.result
+  authentication {
+    active_directory_auth_enabled = true
+    password_auth_enabled         = true
+    tenant_id                     = var.application_tenant_id
+  }
+  version    = "14"
+  sku_name   = var.postgres_sku_name
+  storage_mb = var.postgres_storage_mb
+  zone       = "1"
+
+  tags = var.tags
+}
+
+resource "azurerm_postgresql_flexible_server_active_directory_administrator" "postgres_flex_server_ad_admin_uami" {
+  server_name         = azurerm_postgresql_flexible_server.postgres_flex_server.name
+  resource_group_name = data.azurerm_resource_group.rg.name
+  object_id           = var.user_managed_identity_pg_ad_admin.principal_id
+  principal_name      = var.user_managed_identity_pg_ad_admin.name
+  tenant_id           = var.application_tenant_id
+  principal_type      = "ServicePrincipal"
+}
+
+resource "azurerm_postgresql_flexible_server_firewall_rule" "postgres_flex_server_fwr_allow_azure" {
+  name             = "AllowAllAzure"
+  server_id        = azurerm_postgresql_flexible_server.postgres_flex_server.id
+  start_ip_address = "0.0.0.0"
+  end_ip_address   = "0.0.0.0"
+}
+
+resource "azurerm_postgresql_flexible_server_database" "postgres_flex_server_db" {
+  name      = var.postgres_database_name
+  server_id = azurerm_postgresql_flexible_server.postgres_flex_server.id
+}

terraform/modules/azure/postgres-flex-server/outputs.tf

@@ -0,0 +1,16 @@
+output "postgres_flex_server_fqdn" {
+  value = azurerm_postgresql_flexible_server.postgres_flex_server.fqdn
+}
+
+output "postgres_database_name" {
+  value = azurerm_postgresql_flexible_server_database.postgres_flex_server_db.name
+}
+
+output "admin_username" {
+  value = random_string.admin_username.result
+}
+
+output "admin_password" {
+  value = random_password.admin_password.result
+}
+

terraform/modules/azure/postgres-flex-server/vars.tf

@@ -0,0 +1,48 @@
+variable "resource_group_name" {
+  type        = string
+  description = "Resource group name where event hub will be placed"
+}
+
+variable "unique_project_name" {
+  type        = string
+  description = "Value to make unique every resource name generated"
+}
+
+variable "tags" {
+  type        = map(any)
+  description = "Tags to apply on resources accepting it"
+}
+
+variable "postgres_runtime_version" {
+  type        = string
+  description = "Postgres version to use"
+  default     = "14"
+}
+
+variable "postgres_sku_name" {
+  type        = string
+  description = "The SKU Name for the PostgreSQL Flexible Server"
+  default     = "B_Standard_B1ms"
+}
+
+variable "postgres_storage_mb" {
+  type        = number
+  description = "The max storage allowed for the PostgreSQL Flexible Server"
+  default     = 32768
+}
+
+variable "postgres_database_name" {
+  type        = string
+  description = "Database name to create inside the server"
+  default     = "test_db"
+}
+
+variable "user_managed_identity_pg_ad_admin" {
+  type        = any
+  description = "User managed identitiy that will be granted admin access on the PostgreSQL Flexible Server"
+}
+
+variable "application_tenant_id" {
+  type        = string
+  description = "TenantId of the application"
+}