From 4a496e6118dcc71f80d2397668bba098c068abe9 Mon Sep 17 00:00:00 2001
From: GAGRIGOR <GAGRIGOR@GAGRIGOR-T490.ro.oracle.com>
Date: Mon, 8 Nov 2021 17:46:34 +0200
Subject: [PATCH 1/4] Choose whitelisted IP in public scenario

---
 remote.tf                              |  1 +
 schema.yaml                            | 10 ++++++++++
 scripts/postgresql_install_binaries.sh |  6 ++++++
 tags.tf                                |  2 +-
 variables.tf                           |  8 ++++++--
 5 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/remote.tf b/remote.tf
index 7e5aaeb..028edd6 100644
--- a/remote.tf
+++ b/remote.tf
@@ -8,6 +8,7 @@ data "template_file" "postgresql_install_binaries_sh" {
     pg_password       = var.postgresql_password
     pg_version_no_dot = replace(var.postgresql_version, ".", "")
     pg_version        = var.postgresql_version
+    pg_whitelisted_ip = var.pg_whitelisted_ip
   }
 }
 
diff --git a/schema.yaml b/schema.yaml
index d6f3082..59a31d5 100644
--- a/schema.yaml
+++ b/schema.yaml
@@ -99,6 +99,16 @@
         visible: true
         default: false
 
+      pg_whitelisted_ip: 
+        type: string
+        visible: 
+           not:
+             - create_in_private_subnet
+        required: false
+        title: "Whitelisted IP"
+        description: "Choose whitelisted IP in public scenario."
+        default: ""
+
       postgresql_deploy_hotstandby1:
         type: boolean
         title: "Deploy first PostgreSQL HotStandby?"
diff --git a/scripts/postgresql_install_binaries.sh b/scripts/postgresql_install_binaries.sh
index df4e69e..6d7a7c1 100644
--- a/scripts/postgresql_install_binaries.sh
+++ b/scripts/postgresql_install_binaries.sh
@@ -17,6 +17,12 @@ sudo yum-config-manager --enable ol7_developer_EPEL
 sudo yum install -y llvm5.0-devel
 sudo yum install -y postgresql${pg_version_no_dot}-devel
 
+# Setting firewall rules
+sudo -u root bash -c "firewall-cmd --permanent --zone=trusted --add-source=${pg_whitelisted_ip}/32"
+sudo -u root bash -c "firewall-cmd --permanent --zone=trusted --add-port=5432/tcp"
+sudo -u root bash -c "firewall-cmd --reload"
+
+
 echo '#####################################'
 echo 'PostgreSQL Install Binaries finished.'
 echo '#####################################'
diff --git a/tags.tf b/tags.tf
index 0f95f0f..6f4a29c 100644
--- a/tags.tf
+++ b/tags.tf
@@ -25,7 +25,7 @@ resource "oci_identity_tag" "ArchitectureCenterTag" {
 
   validator {
     validator_type = "ENUM"
-    values         = ["release", "1.4"]
+    values         = ["release", "1.4.1"]
   }
 
   provisioner "local-exec" {
diff --git a/variables.tf b/variables.tf
index d06f8cb..3bb47f7 100644
--- a/variables.tf
+++ b/variables.tf
@@ -13,6 +13,10 @@ variable "use_existing_vcn" {
   default = false
 }
 
+variable "pg_whitelisted_ip" {
+  default = ""
+}
+
 variable "postgresql_vcn" {
   default = ""
 }
@@ -30,12 +34,12 @@ variable "create_in_private_subnet" {
 }
 
 variable "create_drg_for_private_subnet" {
-  default = true
+  default = false
 }
 
 variable "release" {
   description = "Reference Architecture Release (OCI Architecture Center)"
-  default     = "1.4"
+  default     = "1.4.1"
 }
 
 variable "ssh_public_key" {

From 6fde5ff9d7a4c8c3c4d550e767222c9c38475c38 Mon Sep 17 00:00:00 2001
From: gabrielgrigorie <gabriel.grigorie@oracle.com>
Date: Fri, 19 Nov 2021 10:36:03 +0200
Subject: [PATCH 2/4] Choose whitelisted IP in public scenario

---
 provider.tf                            | 4 ++--
 remote.tf                              | 1 +
 schema.yaml                            | 7 ++++---
 scripts/postgresql_install_binaries.sh | 5 ++++-
 scripts/postgresql_master_setup.sh     | 9 +++++++++
 variables.tf                           | 3 ++-
 6 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/provider.tf b/provider.tf
index 7963153..2127e95 100644
--- a/provider.tf
+++ b/provider.tf
@@ -2,11 +2,11 @@
 ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl
 
 terraform {
-  required_version = ">= 0.14"
+  required_version = ">= 0.1"
   required_providers {
     oci = {
       source  = "hashicorp/oci"
-      version = "4.34.0"
+      version = ">= 4.34.0"
     }
   }
 }
diff --git a/remote.tf b/remote.tf
index 028edd6..c1d73bb 100644
--- a/remote.tf
+++ b/remote.tf
@@ -45,6 +45,7 @@ data "template_file" "postgresql_master_setup_sh" {
     pg_replicat_username = var.postgresql_replicat_username
     node_subnet_cidr     = var.postgresql_subnet_cidr
     add_iscsi_volume     = var.add_iscsi_volume
+    pg_whitelisted_ip    = var.pg_whitelisted_ip
   }
 }
 
diff --git a/schema.yaml b/schema.yaml
index 59a31d5..b365d28 100644
--- a/schema.yaml
+++ b/schema.yaml
@@ -34,6 +34,7 @@
           and:
             - show_advanced
       variables:
+      - pg_whitelisted_ip    = var.pg_whitelisted_ip
       - postgresql_vcn_cidr
       - postgresql_subnet_cidr
       - create_drg_for_private_subnet
@@ -102,11 +103,11 @@
       pg_whitelisted_ip: 
         type: string
         visible: 
-           not:
-             - create_in_private_subnet
+          not:
+            - create_in_private_subnet
         required: false
         title: "Whitelisted IP"
-        description: "Choose whitelisted IP in public scenario."
+        description: "Choose whitelisted IP in a public scenario (for example, 89.64.91.8). It will give you the ability to access the database from your laptop and PGAdmin tool."
         default: ""
 
       postgresql_deploy_hotstandby1:
diff --git a/scripts/postgresql_install_binaries.sh b/scripts/postgresql_install_binaries.sh
index 6d7a7c1..7510f74 100644
--- a/scripts/postgresql_install_binaries.sh
+++ b/scripts/postgresql_install_binaries.sh
@@ -18,7 +18,10 @@ sudo yum install -y llvm5.0-devel
 sudo yum install -y postgresql${pg_version_no_dot}-devel
 
 # Setting firewall rules
-sudo -u root bash -c "firewall-cmd --permanent --zone=trusted --add-source=${pg_whitelisted_ip}/32"
+export pg_whitelisted_ip='${pg_whitelisted_ip}'
+if [[ $pg_whitelisted_ip != "" ]]; then 
+   sudo -u root bash -c "firewall-cmd --permanent --zone=trusted --add-source=${pg_whitelisted_ip}/32"
+fi
 sudo -u root bash -c "firewall-cmd --permanent --zone=trusted --add-port=5432/tcp"
 sudo -u root bash -c "firewall-cmd --reload"
 
diff --git a/scripts/postgresql_master_setup.sh b/scripts/postgresql_master_setup.sh
index 89fc28d..4f60199 100644
--- a/scripts/postgresql_master_setup.sh
+++ b/scripts/postgresql_master_setup.sh
@@ -18,6 +18,7 @@ sudo -u root bash -c "firewall-cmd --reload"
 # Create replication user
 chown postgres /tmp/postgresql_master_setup.sql
 sudo -u postgres bash -c "psql -d template1 -f /tmp/postgresql_master_setup.sql"
+sudo -u postgres bash -c "psql -U postgres -d postgres -c \"alter user postgres with password '${pg_password}';\""
 
 if [[ $add_iscsi_volume == "true" ]]; then 
 	# Update the content of postgresql.conf to support WAL
@@ -40,6 +41,10 @@ if [[ $add_iscsi_volume == "true" ]]; then
     sudo -u root bash -c "echo 'host all all ${pg_hotstandby_ip}/32 md5' | sudo tee -a /data/pgsql/pg_hba.conf" 
     sudo -u root bash -c "echo 'host all all ${pg_master_ip}/32 md5' | sudo tee -a /data/pgsql/pg_hba.conf" 
     sudo -u root bash -c "echo 'host all all ${node_subnet_cidr} md5' | sudo tee -a /data/pgsql/pg_hba.conf" 
+    export pg_whitelisted_ip='${pg_whitelisted_ip}'
+	if [[ $pg_whitelisted_ip != "" ]]; then 
+    	sudo -u root bash -c "echo 'host all all ${pg_whitelisted_ip}/0 md5' | sudo tee -a /data/pgsql/pg_hba.conf" 
+    fi
     sudo -u root bash -c "chown postgres /data/pgsql/pg_hba.conf" 
 else
 	# Update the content of postgresql.conf to support WAL
@@ -62,6 +67,10 @@ else
 	sudo -u root bash -c "echo 'host all all ${pg_hotstandby_ip}/32 md5' | sudo tee -a /var/lib/pgsql/${pg_version}/data/pg_hba.conf" 
 	sudo -u root bash -c "echo 'host all all ${pg_master_ip}/32 md5' | sudo tee -a /var/lib/pgsql/${pg_version}/data/pg_hba.conf" 
 	sudo -u root bash -c "echo 'host all all ${node_subnet_cidr} md5' | sudo tee -a /var/lib/pgsql/${pg_version}/data/pg_hba.conf" 
+	export pg_whitelisted_ip='${pg_whitelisted_ip}'
+	if [[ $pg_whitelisted_ip != "" ]]; then 
+    	sudo -u root bash -c "echo 'host all all ${pg_whitelisted_ip}/0 md5' | sudo tee -a /var/lib/pgsql/${pg_version}/data/pg_hba.conf" 
+    fi
 	sudo -u root bash -c "chown postgres /var/lib/pgsql/${pg_version}/data/pg_hba.conf" 
 fi 
 
diff --git a/variables.tf b/variables.tf
index 3bb47f7..9246947 100644
--- a/variables.tf
+++ b/variables.tf
@@ -14,7 +14,8 @@ variable "use_existing_vcn" {
 }
 
 variable "pg_whitelisted_ip" {
-  default = ""
+  description = "Should be Public host IP Address like 89.64.91.8"
+  default     = ""
 }
 
 variable "postgresql_vcn" {

From d42581a617531ee7cab86a024f17bd56afce3045 Mon Sep 17 00:00:00 2001
From: gabrielgrigorie <gabriel.grigorie@oracle.com>
Date: Fri, 19 Nov 2021 12:36:00 +0200
Subject: [PATCH 3/4] Updated schema.yaml file

---
 schema.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/schema.yaml b/schema.yaml
index b365d28..e6e26d6 100644
--- a/schema.yaml
+++ b/schema.yaml
@@ -34,7 +34,6 @@
           and:
             - show_advanced
       variables:
-      - pg_whitelisted_ip    = var.pg_whitelisted_ip
       - postgresql_vcn_cidr
       - postgresql_subnet_cidr
       - create_drg_for_private_subnet

From 33a6213599066b87ef115140075cc7a2b76f528d Mon Sep 17 00:00:00 2001
From: gabrielgrigorie <gabriel.grigorie@oracle.com>
Date: Fri, 19 Nov 2021 14:20:42 +0200
Subject: [PATCH 4/4] Updated schema.yaml with pg_whitelisted_ip

---
 schema.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/schema.yaml b/schema.yaml
index e6e26d6..3622b2c 100644
--- a/schema.yaml
+++ b/schema.yaml
@@ -34,6 +34,7 @@
           and:
             - show_advanced
       variables:
+      - pg_whitelisted_ip 
       - postgresql_vcn_cidr
       - postgresql_subnet_cidr
       - create_drg_for_private_subnet