diff --git a/terraform/main.tf b/terraform/main.tf index 400192f..1b5d4a4 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -265,6 +265,23 @@ module "azure_rabbitmq_app_registration" { ] } +module "azurerm_postgres_flexible_server" { + source = "./modules/azure/postgres-flex-server" + resource_group_name = var.azure_resource_group_name + unique_project_name = var.unique_project_name + + postgres_runtime_version = "14" + postgres_sku_name = "B_Standard_B1ms" + postgres_storage_mb = 32768 + + postgres_database_name = "test_db" + + user_managed_identity_pg_ad_admin = module.azuread_applications.identity_1 + application_tenant_id = data.azurerm_client_config.current.tenant_id + + tags = local.tags +} + // ====== GITHUB SECRETS ====== module "github_secrets" { @@ -345,10 +362,30 @@ module "github_secrets" { name = "TF_AZURE_IDENTITY_1_APP_FULL_ID" value = module.azuread_applications.identity_1.id }, + { + name = "TF_AZURE_IDENTITY_1_NAME" + value = module.azuread_applications.identity_1.name + }, { name = "TF_AZURE_IDENTITY_2_APP_ID" value = module.azuread_applications.identity_2.client_id }, + { + name = "TF_AZURE_POSTGRES_FQDN" + value = module.azurerm_postgres_flexible_server.postgres_flex_server_fqdn + }, + { + name = "TF_AZURE_POSTGRES_ADMIN_USERNAME" + value = module.azurerm_postgres_flexible_server.admin_username + }, + { + name = "TF_AZURE_POSTGRES_ADMIN_PASSWORD" + value = module.azurerm_postgres_flexible_server.admin_password + }, + { + name = "TF_AZURE_POSTGRES_DB_NAME" + value = module.azurerm_postgres_flexible_server.postgres_database_name + }, { name = "TF_AZURE_KEYVAULT_URI" value = module.azure_key_vault.vault_uri diff --git a/terraform/modules/azure/postgres-flex-server/main.tf b/terraform/modules/azure/postgres-flex-server/main.tf new file mode 100644 index 0000000..b6fe5b8 --- /dev/null +++ b/terraform/modules/azure/postgres-flex-server/main.tf @@ -0,0 +1,68 @@ +provider "azurerm" { + features {} + skip_provider_registration = true +} + +locals { + postgres_server_name = "${var.unique_project_name}-e2e-postgres" +} + +data "azurerm_resource_group" "rg" { + name = var.resource_group_name +} + +resource "random_password" "admin_password" { + length = 32 + special = false + min_lower = 1 + min_numeric = 1 + min_upper = 1 +} + +resource "random_string" "admin_username" { + length = 8 + special = false + numeric = false + min_lower = 1 + min_upper = 1 +} + +resource "azurerm_postgresql_flexible_server" "postgres_flex_server" { + name = local.postgres_server_name + resource_group_name = data.azurerm_resource_group.rg.name + location = data.azurerm_resource_group.rg.location + administrator_login = random_string.admin_username.result + administrator_password = random_password.admin_password.result + authentication { + active_directory_auth_enabled = true + password_auth_enabled = true + tenant_id = var.application_tenant_id + } + version = "14" + sku_name = var.postgres_sku_name + storage_mb = var.postgres_storage_mb + zone = "1" + + tags = var.tags +} + +resource "azurerm_postgresql_flexible_server_active_directory_administrator" "postgres_flex_server_ad_admin_uami" { + server_name = azurerm_postgresql_flexible_server.postgres_flex_server.name + resource_group_name = data.azurerm_resource_group.rg.name + object_id = var.user_managed_identity_pg_ad_admin.principal_id + principal_name = var.user_managed_identity_pg_ad_admin.name + tenant_id = var.application_tenant_id + principal_type = "ServicePrincipal" +} + +resource "azurerm_postgresql_flexible_server_firewall_rule" "postgres_flex_server_fwr_allow_azure" { + name = "AllowAllAzure" + server_id = azurerm_postgresql_flexible_server.postgres_flex_server.id + start_ip_address = "0.0.0.0" + end_ip_address = "0.0.0.0" +} + +resource "azurerm_postgresql_flexible_server_database" "postgres_flex_server_db" { + name = var.postgres_database_name + server_id = azurerm_postgresql_flexible_server.postgres_flex_server.id +} \ No newline at end of file diff --git a/terraform/modules/azure/postgres-flex-server/outputs.tf b/terraform/modules/azure/postgres-flex-server/outputs.tf new file mode 100644 index 0000000..956707c --- /dev/null +++ b/terraform/modules/azure/postgres-flex-server/outputs.tf @@ -0,0 +1,16 @@ +output "postgres_flex_server_fqdn" { + value = azurerm_postgresql_flexible_server.postgres_flex_server.fqdn +} + +output "postgres_database_name" { + value = azurerm_postgresql_flexible_server_database.postgres_flex_server_db.name +} + +output "admin_username" { + value = random_string.admin_username.result +} + +output "admin_password" { + value = random_password.admin_password.result +} + diff --git a/terraform/modules/azure/postgres-flex-server/vars.tf b/terraform/modules/azure/postgres-flex-server/vars.tf new file mode 100644 index 0000000..7f99c90 --- /dev/null +++ b/terraform/modules/azure/postgres-flex-server/vars.tf @@ -0,0 +1,48 @@ +variable "resource_group_name" { + type = string + description = "Resource group name where event hub will be placed" +} + +variable "unique_project_name" { + type = string + description = "Value to make unique every resource name generated" +} + +variable "tags" { + type = map(any) + description = "Tags to apply on resources accepting it" +} + +variable "postgres_runtime_version" { + type = string + description = "Postgres version to use" + default = "14" +} + +variable "postgres_sku_name" { + type = string + description = "The SKU Name for the PostgreSQL Flexible Server" + default = "B_Standard_B1ms" +} + +variable "postgres_storage_mb" { + type = number + description = "The max storage allowed for the PostgreSQL Flexible Server" + default = 32768 +} + +variable "postgres_database_name" { + type = string + description = "Database name to create inside the server" + default = "test_db" +} + +variable "user_managed_identity_pg_ad_admin" { + type = any + description = "User managed identitiy that will be granted admin access on the PostgreSQL Flexible Server" +} + +variable "application_tenant_id" { + type = string + description = "TenantId of the application" +} \ No newline at end of file