Terraform module using PostgreSQL provider to help configuring an existing database.
This module will be used combined with others PostgreSQL modules (like azure-db-postgresql-flexible or postgresql-users for example).
This module revoke privileges on the default public PostgreSQL schema regarding the CVE-2018-1058 and creates a dedicated schema for the specified database.
| Module version | Terraform version | AzureRM version |
|---|---|---|
| >= 7.x.x | 1.3.x | >= 3.0 |
| >= 6.x.x | 1.x | >= 3.0 |
| >= 5.x.x | 0.15.x | >= 2.0 |
| >= 4.x.x | 0.13.x / 0.14.x | >= 2.0 |
| >= 3.x.x | 0.12.x | >= 2.0 |
| >= 2.x.x | 0.12.x | < 2.0 |
| < 2.x.x | 0.11.x | < 2.0 |
This module is optimized to work with the Claranet terraform-wrapper tool
which set some terraform variables in the environment needed by this module.
More details about variables set by the terraform-wrapper available in the documentation.
module "azure_region" {
source = "claranet/regions/azurerm"
version = "x.x.x"
azure_region = var.azure_region
}
module "rg" {
source = "claranet/rg/azurerm"
version = "x.x.x"
location = module.azure_region.location
client_name = var.client_name
environment = var.environment
stack = var.stack
}
module "db_pg_flex" {
source = "claranet/db-postgresql-flexible/azurerm"
version = "x.x.x"
client_name = var.client_name
location = module.azure_region.location
location_short = module.azure_region.location_short
environment = var.environment
stack = var.stack
resource_group_name = module.rg.resource_group_name
administrator_login = var.administrator_login
administrator_password = var.administrator_password
allowed_cidrs = {}
databases_names = ["mydatabase"]
databases_collation = { mydatabase = "en_US.UTF8" }
databases_charset = { mydatabase = "UTF8" }
logs_destinations_ids = []
}
provider "postgresql" {
host = module.db_pg_flex.postgresql_flexible_fqdn
port = 5432
username = module.db_pg_flex.postgresql_flexible_administrator_login
password = var.administrator_password
sslmode = "require"
superuser = false
}
module "postgresql_users" {
source = "claranet/users/postgresql"
version = "x.x.x"
for_each = toset(module.db_pg_flex.postgresql_flexible_databases_names)
administrator_login = module.db_pg_flex.postgresql_flexible_administrator_login
database = each.key
}
module "postgresql_configuration" {
source = "claranet/database-configuration/postgresql"
version = "x.x.x"
for_each = toset(module.db_pg_flex.postgresql_flexible_databases_names)
administrator_login = module.db_pg_flex.postgresql_flexible_administrator_login
database_admin_user = module.postgresql_users[each.key].user
database = each.key
schema_name = each.key
}| Name | Version |
|---|---|
| postgresql | >= 1.14 |
No modules.
| Name | Type |
|---|---|
| postgresql_default_privileges.user_functions_privileges | resource |
| postgresql_default_privileges.user_sequences_privileges | resource |
| postgresql_default_privileges.user_tables_privileges | resource |
| postgresql_grant.revoke_public | resource |
| postgresql_schema.db_schema | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| administrator_login | Server administrator user name. | string |
n/a | yes |
| database | Database to apply hardening to. | string |
n/a | yes |
| database_admin_user | Database schema admin user. | string |
n/a | yes |
| functions_privileges | User functions privileges, execution privileges if not defined. | list(string) |
null |
no |
| schema_name | Schema custom name to create associated to the Database. Database name used if not set. | string |
null |
no |
| sequences_privileges | User sequences privileges, all privileges if not defined. | list(string) |
null |
no |
| tables_privileges | User tables privileges, all privileges if not defined. | list(string) |
null |
no |
| Name | Description |
|---|---|
| database | Database name |
| schema | Database schema name |