rblaine95/terraform-postgresql-bootstrap

Terraform module to provision and manage postgresql resources

terraform-postgresql-bootstrap

Terraform module to provision and manage postgresql resources.

Usage

  module "bootstrap_db" {
    source = "./"

    extensions = ["pg_stat_statements", "pg_hint_plan"]

    databases = [
      {
        name = "test"
      }
    ]

    roles = [
      {
        name                = "test"
        database            = "test"
        database_privileges = "CONNECT,CREATE,TEMPORARY"
        table_privileges    = "SELECT,INSERT,UPDATE,DELETE,TRUNCATE,REFERENCES,TRIGGER"
        sequence_privileges = "USAGE,SELECT,UPDATE"
      },

      {
        name                = "test-ro"
        database            = "test"
        database_privileges = "CONNECT"
        table_privileges    = "SELECT"
        sequence_privileges = "USAGE,SELECT"
      },

      {
        name                = "prometheus-exporter"
        roles               = "pg_read_all_stats,pg_read_all_settings"
        database            = "test"
        database_privileges = "CONNECT"
      }
    ]
  }

Requirements

Name	Version
terraform	>= 1.3
postgresql	>= 1.14
random	>= 3
time	>= 0.7

Providers

Name	Version
postgresql	>= 1.14
random	>= 3
time	>= 0.7

Modules

No modules.

Resources

Name	Type
postgresql_database.default	resource
postgresql_extension.default	resource
postgresql_grant.database	resource
postgresql_grant.revoke_public_database	resource
postgresql_grant.revoke_public_schema	resource
postgresql_grant.sequence	resource
postgresql_grant.sequence_ignore_changes	resource
postgresql_grant.table	resource
postgresql_grant.table_ignore_changes	resource
postgresql_role.default	resource
random_password.default	resource
time_sleep.db_wait	resource
time_sleep.grant_database_wait	resource
time_sleep.grant_sequence_wait	resource
time_sleep.grant_table_wait	resource
time_sleep.revoke_public_schema_wait	resource
time_sleep.role_wait	resource

Inputs

Name	Description	Type	Default	Required
databases	A list of databases to create. name: The name of the database. owner: The role name of the user who will own the database. tablespace_name: The name of the tablespace that will be associated with the database. connection_limit: How many concurrent connections can be established to this database. allow_connections: If false then no one can connect to this database. is_template: If true, then this database can be cloned by any user with CREATEDB privileges. template: The name of the template database from which to create the database. For non-RDS should be template0. encoding: Character set encoding to use in the database. lc_collate: Collation order to use in the database. lc_ctype: Character classification to use in the database.	list(object( { name = string owner = optional(string) tablespace_name = optional(string) connection_limit = optional(number, -1) allow_connections = optional(bool, true) is_template = optional(bool, false) encoding = optional(string, "UTF8") template = optional(string, "template1") lc_collate = optional(string, "en_US.UTF-8") lc_ctype = optional(string, "en_US.UTF-8") } ))	[]	no
extensions	A list of names of the extension to enable.	list(string)	[ "pg_stat_statements", "pg_hint_plan" ]	no
roles	A list of roles to create. name: The role name. database: The database to grant privileges on for this role. superuser: Defines whether the role is a superuser. create_database: Defines a role's ability to execute CREATE DATABASE. create_role: Defines a role's ability to execute CREATE ROLE. inherit: Defines whether a role inherits the privileges of roles it is a member of. login: Defines whether role is allowed to log in. replication: Defines whether a role is allowed to initiate streaming replication or put the system in and out of backup mode. bypass_row_level_security: Defines whether a role bypasses every row-level security (RLS) policy. connection_limit: How many concurrent connections the role can establish. encrypted_password: Defines whether the password is stored encrypted in the system catalogs. roles: A comma separated list of roles which will be granted to this new role. valid_until: Defines the date and time after which the role's password is no longer valid. schema: The database schema to grant privileges on for this role. with_grant_option: Whether the recipient of these privileges can grant the same privileges to others. database_privileges: A comma separated list of roles which will be granted to database. table_privileges: A comma separated list of roles which will be granted to tables. sequence_privileges: A comma separated list of roles which will be granted to sequence. revoke_public: Whether to revoke non-granted privileges form the role. ignore_changes_privileges: List of objects for which privilege changes should be ignored.	list( object( { name = string database = optional(string) superuser = optional(bool, false) create_database = optional(bool, false) create_role = optional(bool, false) inherit = optional(bool, true) login = optional(bool, true) replication = optional(bool, false) connection_limit = optional(number, -1) encrypted_password = optional(bool, true) bypass_row_level_security = optional(bool, false) valid_until = optional(string, "infinity") roles = optional(list(string)) search_path = optional(list(string)) schema = optional(string, "public") with_grant_option = optional(string, false) database_privileges = optional(list(string)) table_privileges = optional(list(string)) sequence_privileges = optional(list(string)) revoke_public = optional(bool, true) ignore_changes_privileges = optional(list(string), []) } ) )	[]	no

Outputs

Name	Description
databases	A list of databases.
roles	A map of role name per password.

License

The Apache-2.0 license