Terraform module using PostgreSQL
provider to help configuring an existing database.
This module will be used combined with others PostgreSQL modules (like azure-db-postgresql-flexible
or postgresql-users
for example).
This module revoke privileges on the default public
PostgreSQL schema regarding the CVE-2018-1058 and creates a dedicated schema for the specified database.
Module version | Terraform version | AzureRM version |
---|---|---|
>= 7.x.x | 1.3.x | >= 3.0 |
>= 6.x.x | 1.x | >= 3.0 |
>= 5.x.x | 0.15.x | >= 2.0 |
>= 4.x.x | 0.13.x / 0.14.x | >= 2.0 |
>= 3.x.x | 0.12.x | >= 2.0 |
>= 2.x.x | 0.12.x | < 2.0 |
< 2.x.x | 0.11.x | < 2.0 |
This module is optimized to work with the Claranet terraform-wrapper tool
which set some terraform variables in the environment needed by this module.
More details about variables set by the terraform-wrapper
available in the documentation.
module "azure_region" {
source = "claranet/regions/azurerm"
version = "x.x.x"
azure_region = var.azure_region
}
module "rg" {
source = "claranet/rg/azurerm"
version = "x.x.x"
location = module.azure_region.location
client_name = var.client_name
environment = var.environment
stack = var.stack
}
module "db_pg_flex" {
source = "claranet/db-postgresql-flexible/azurerm"
version = "x.x.x"
client_name = var.client_name
location = module.azure_region.location
location_short = module.azure_region.location_short
environment = var.environment
stack = var.stack
resource_group_name = module.rg.resource_group_name
administrator_login = var.administrator_login
administrator_password = var.administrator_password
allowed_cidrs = {}
databases_names = ["mydatabase"]
databases_collation = { mydatabase = "en_US.UTF8" }
databases_charset = { mydatabase = "UTF8" }
logs_destinations_ids = []
}
provider "postgresql" {
host = module.db_pg_flex.postgresql_flexible_fqdn
port = 5432
username = module.db_pg_flex.postgresql_flexible_administrator_login
password = var.administrator_password
sslmode = "require"
superuser = false
}
module "postgresql_users" {
source = "claranet/users/postgresql"
version = "x.x.x"
for_each = toset(module.db_pg_flex.postgresql_flexible_databases_names)
administrator_login = module.db_pg_flex.postgresql_flexible_administrator_login
database = each.key
}
module "postgresql_configuration" {
source = "claranet/database-configuration/postgresql"
version = "x.x.x"
for_each = toset(module.db_pg_flex.postgresql_flexible_databases_names)
administrator_login = module.db_pg_flex.postgresql_flexible_administrator_login
database_admin_user = module.postgresql_users[each.key].user
database = each.key
schema_name = each.key
}
Name | Version |
---|---|
postgresql | >= 1.14 |
No modules.
Name | Type |
---|---|
postgresql_default_privileges.user_functions_privileges | resource |
postgresql_default_privileges.user_sequences_privileges | resource |
postgresql_default_privileges.user_tables_privileges | resource |
postgresql_grant.revoke_public | resource |
postgresql_schema.db_schema | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
administrator_login | Server administrator user name. | string |
n/a | yes |
database | Database to apply hardening to. | string |
n/a | yes |
database_admin_user | Database schema admin user. | string |
n/a | yes |
functions_privileges | User functions privileges, execution privileges if not defined. | list(string) |
null |
no |
schema_name | Schema custom name to create associated to the Database. Database name used if not set. | string |
null |
no |
sequences_privileges | User sequences privileges, all privileges if not defined. | list(string) |
null |
no |
tables_privileges | User tables privileges, all privileges if not defined. | list(string) |
null |
no |
Name | Description |
---|---|
database | Database name |
schema | Database schema name |