Requirements

Name	Version
terraform	>= 1.0.2
azurerm	~> 3.58
postgresql	~> 1.17
random	~> 3.5

Providers

Name	Version
azurerm	~> 3.58
postgresql	~> 1.17
random	~> 3.5

Resources

Name	Type
azurerm_postgresql_flexible_server.main	resource
azurerm_postgresql_flexible_server_active_directory_administrator.admin	resource
azurerm_postgresql_flexible_server_database.databases	resource
azurerm_postgresql_flexible_server_firewall_rule.allow_all	resource
azurerm_postgresql_flexible_server_firewall_rule.firewall	resource
postgresql_grant.database_grants	resource
postgresql_role.roles	resource
random_password.db_admin	resource
random_password.roles	resource

Inputs

Name	Description	Type	Default	Required
ad_admin	n/a	object({ tenant_id = string object_id = string principal_name = string principal_type = optional(string, "Group") })	n/a	yes
databases	n/a	map(object({ charset = string collation = string roles = map(object({ roles = optional(set(string), []) privileges = set(string) })) ad_roles = optional(object({ app_role = string migrations_role = string })) }))	n/a	yes
firewall	n/a	object({ allow_all = bool ip_rules = map(object({ start_ip = string end_ip = string })) })	n/a	yes
maintenance_window	n/a	object({ start_hour = optional(number, 3) day_of_week = optional(number, null) start_minute = optional(number, null) })	`{}`	no
resource_group	n/a	object({ name = string location = string })	n/a	yes
server	n/a	object({ name = string version = string sku_name = string storage_mb = number administrator_login = string })	n/a	yes
tags	n/a	`map(string)`	n/a	yes

Outputs

Name	Description
ad_roles	n/a
ad_setup_config	n/a
ad_setup_script	n/a
administrator_login	n/a
administrator_password	n/a
postresql_server_id	n/a
roles	n/a
server_fqdn	n/a
server_id	n/a

Active Directory roles setup

Postgres provider cannot create AD roles (it cannot login via AD). Instead a setup script is generated. Two outputs are defined

ad_setup_script - contents of provision_psql.sh
ad_setup_config - setup SQL script and credentials to the server

To use the script you need to output them in the root module.

module "postgresql" {
  source = "../postgresql"
  // clipped
}

output "postgres_ad_roles_config" {
  value     = module.postgresql.ad_setup_config
  sensitive = true
}

// Script assumes this output name by default
output "postgres_ad_roles_script" {
  value     = module.postgresql.ad_setup_script
  sensitive = false
}

You can setup roles via a one-liner tf output -raw postgres_ad_roles_script | bash or export the script to a file. You need to have psql CLI installed to run the script.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

readme.md

readme.md

Requirements

Providers

Resources

Inputs

Outputs

Active Directory roles setup

Files

readme.md

Latest commit

History

readme.md

File metadata and controls

Requirements

Providers

Resources

Inputs

Outputs

Active Directory roles setup