Terraform module to provision and manage postgresql resources.
module "bootstrap_db" {
source = "./"
extensions = ["pg_stat_statements", "pg_hint_plan"]
databases = [
{
name = "test"
}
]
roles = [
{
name = "test"
database = "test"
database_privileges = "CONNECT,CREATE,TEMPORARY"
table_privileges = "SELECT,INSERT,UPDATE,DELETE,TRUNCATE,REFERENCES,TRIGGER"
sequence_privileges = "USAGE,SELECT,UPDATE"
},
{
name = "test-ro"
database = "test"
database_privileges = "CONNECT"
table_privileges = "SELECT"
sequence_privileges = "USAGE,SELECT"
},
{
name = "prometheus-exporter"
roles = "pg_read_all_stats,pg_read_all_settings"
database = "test"
database_privileges = "CONNECT"
}
]
}
Name | Version |
---|---|
terraform | >= 1.3 |
postgresql | >= 1.14 |
random | >= 3 |
time | >= 0.7 |
Name | Version |
---|---|
postgresql | >= 1.14 |
random | >= 3 |
time | >= 0.7 |
No modules.
Name | Type |
---|---|
postgresql_database.default | resource |
postgresql_extension.default | resource |
postgresql_grant.database | resource |
postgresql_grant.revoke_public_database | resource |
postgresql_grant.revoke_public_schema | resource |
postgresql_grant.sequence | resource |
postgresql_grant.sequence_ignore_changes | resource |
postgresql_grant.table | resource |
postgresql_grant.table_ignore_changes | resource |
postgresql_role.default | resource |
random_password.default | resource |
time_sleep.db_wait | resource |
time_sleep.grant_database_wait | resource |
time_sleep.grant_sequence_wait | resource |
time_sleep.grant_table_wait | resource |
time_sleep.revoke_public_schema_wait | resource |
time_sleep.role_wait | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
databases | A list of databases to create. name: The name of the database. owner: The role name of the user who will own the database. tablespace_name: The name of the tablespace that will be associated with the database. connection_limit: How many concurrent connections can be established to this database. allow_connections: If false then no one can connect to this database.is_template: If true , then this database can be cloned by any user with CREATEDB privileges.template: The name of the template database from which to create the database. For non-RDS should be template0 .encoding: Character set encoding to use in the database. lc_collate: Collation order to use in the database. lc_ctype: Character classification to use in the database. |
list(object( |
[] |
no |
extensions | A list of names of the extension to enable. | list(string) |
[ |
no |
roles | A list of roles to create. name: The role name. database: The database to grant privileges on for this role. superuser: Defines whether the role is a superuser .create_database: Defines a role's ability to execute CREATE DATABASE .create_role: Defines a role's ability to execute CREATE ROLE .inherit: Defines whether a role inherits the privileges of roles it is a member of.login: Defines whether role is allowed to log in. replication: Defines whether a role is allowed to initiate streaming replication or put the system in and out of backup mode. bypass_row_level_security: Defines whether a role bypasses every row-level security (RLS) policy. connection_limit: How many concurrent connections the role can establish. encrypted_password: Defines whether the password is stored encrypted in the system catalogs. roles: A comma separated list of roles which will be granted to this new role. valid_until: Defines the date and time after which the role's password is no longer valid. schema: The database schema to grant privileges on for this role. with_grant_option: Whether the recipient of these privileges can grant the same privileges to others. database_privileges: A comma separated list of roles which will be granted to database. table_privileges: A comma separated list of roles which will be granted to tables. sequence_privileges: A comma separated list of roles which will be granted to sequence. revoke_public: Whether to revoke non-granted privileges form the role. ignore_changes_privileges: List of objects for which privilege changes should be ignored. |
list( |
[] |
no |
Name | Description |
---|---|
databases | A list of databases. |
roles | A map of role name per password. |
The Apache-2.0 license