adding Postgres server and database config

kumarvna · kumarvna · commit c108688ea6cd · 2021-06-26T16:28:33.000+05:30
diff --git a/examples/PostgreSQL_Server/main.tf b/examples/PostgreSQL_Server/main.tf
@@ -0,0 +1,81 @@
+module "postgresql-db" {
+  // source  = "kumarvna/postgresql-db/azurerm"
+  // version = "1.0.0"
+  source = "../../"
+
+  # By default, this module will create a resource group
+  # proivde a name to use an existing resource group and set the argument 
+  # to `create_resource_group = false` if you want to existing resoruce group. 
+  # If you use existing resrouce group location will be the same as existing RG.
+  create_resource_group = false
+  resource_group_name   = "rg-shared-westeurope-01"
+  location              = "westeurope"
+
+  # MySQL Server and Database settings
+  postgresql_server_name = "mypostgresdbsrv01"
+
+  postgresql_server_settings = {
+    sku_name   = "GP_Gen5_8"
+    storage_mb = 640000
+    version    = "9.6"
+    # default admin user `sqladmin` and can be specified as per the choice here
+    # by default random password created by this module. required password can be specified here
+    admin_username = "postgresadmin"
+    admin_password = "H@Sh1CoR3!"
+    # Database name, charset and collection arguments  
+    database_name = "demomy-postgres-db"
+    charset       = "utf8"
+    collation     = "utf8_unicode_ci"
+    # Storage Profile and other optional arguments
+    auto_grow_enabled                = true
+    backup_retention_days            = 7
+    geo_redundant_backup_enabled     = true
+    public_network_access_enabled    = false
+    ssl_enforcement_enabled          = true
+    ssl_minimal_tls_version_enforced = "TLS1_2"
+  }
+  /*
+  # MySQL Server Parameters
+  # For more information: https://docs.microsoft.com/en-us/azure/mysql/concepts-server-parameters
+  mysql_configuration = {
+    interactive_timeout = "600"
+  }
+
+  # Use Virtual Network service endpoints and rules for Azure Database for MySQL
+  subnet_id = var.subnet_id
+
+  # The URL to a Key Vault custom managed key
+  key_vault_key_id = var.key_vault_key_id
+
+  # To enable Azure Defender for database set `enable_threat_detection_policy` to true 
+  enable_threat_detection_policy = true
+  log_retention_days             = 30
+  email_addresses_for_alerts     = ["user@example.com", "firstname.lastname@example.com"]
+
+  # AD administrator for an Azure MySQL server
+  # Allows you to set a user or group as the AD administrator for an Azure SQL server
+  ad_admin_login_name = "firstname.lastname@example.com"
+
+  # (Optional) To enable Azure Monitoring for Azure MySQL database
+  # (Optional) Specify `storage_account_name` to save monitoring logs to storage. 
+  log_analytics_workspace_name = "loganalytics-we-sharedtest2"
+
+  # Firewall Rules to allow azure and external clients and specific Ip address/ranges. 
+  firewall_rules = {
+    access-to-azure = {
+      start_ip_address = "0.0.0.0"
+      end_ip_address   = "0.0.0.0"
+    },
+    desktop-ip = {
+      start_ip_address = "49.204.228.223"
+      end_ip_address   = "49.204.228.223"
+    }
+  }
+*/
+  # Tags for Azure Resources
+  tags = {
+    Terraform   = "true"
+    Environment = "dev"
+    Owner       = "test-user"
+  }
+}
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
diff --git a/main.tf b/main.tf
@@ -0,0 +1,127 @@
+#------------------------------------------------------------
+# Local configuration - Default (required). 
+#------------------------------------------------------------
+locals {
+  resource_group_name = element(coalescelist(data.azurerm_resource_group.rgrp.*.name, azurerm_resource_group.rg.*.name, [""]), 0)
+  location            = element(coalescelist(data.azurerm_resource_group.rgrp.*.location, azurerm_resource_group.rg.*.location, [""]), 0)
+  #  if_threat_detection_policy_enabled = var.enable_threat_detection_policy ? [{}] : []
+}
+
+#---------------------------------------------------------
+# Resource Group Creation or selection - Default is "false"
+#----------------------------------------------------------
+data "azurerm_resource_group" "rgrp" {
+  count = var.create_resource_group == false ? 1 : 0
+  name  = var.resource_group_name
+}
+
+resource "azurerm_resource_group" "rg" {
+  count    = var.create_resource_group ? 1 : 0
+  name     = var.resource_group_name
+  location = var.location
+  tags     = merge({ "Name" = format("%s", var.resource_group_name) }, var.tags, )
+}
+
+data "azurerm_client_config" "current" {}
+
+data "azurerm_log_analytics_workspace" "logws" {
+  count               = var.log_analytics_workspace_name != null ? 1 : 0
+  name                = var.log_analytics_workspace_name
+  resource_group_name = local.resource_group_name
+}
+
+#---------------------------------------------------------
+# Storage Account to keep Audit logs - Default is "false"
+#----------------------------------------------------------
+resource "random_string" "str" {
+  count   = var.enable_threat_detection_policy ? 1 : 0
+  length  = 6
+  special = false
+  upper   = false
+  keepers = {
+    name = var.storage_account_name
+  }
+}
+
+resource "azurerm_storage_account" "storeacc" {
+  count                     = var.enable_threat_detection_policy ? 1 : 0
+  name                      = var.storage_account_name == null ? "stsqlauditlogs${element(concat(random_string.str.*.result, [""]), 0)}" : substr(var.storage_account_name, 0, 24)
+  resource_group_name       = local.resource_group_name
+  location                  = local.location
+  account_kind              = "StorageV2"
+  account_tier              = "Standard"
+  account_replication_type  = "GRS"
+  enable_https_traffic_only = true
+  min_tls_version           = "TLS1_2"
+  tags                      = merge({ "Name" = format("%s", "stsqlauditlogs") }, var.tags, )
+}
+
+resource "random_password" "main" {
+  count       = var.admin_password == null ? 1 : 0
+  length      = var.random_password_length
+  min_upper   = 4
+  min_lower   = 2
+  min_numeric = 4
+  special     = false
+
+  keepers = {
+    administrator_login_password = var.postgresql_server_name
+  }
+}
+
+#----------------------------------------------------------------
+# Adding  PostgreSQL Server creation and settings - Default is "True"
+#-----------------------------------------------------------------
+resource "azurerm_postgresql_server" "main" {
+  name                              = format("%s", var.postgresql_server_name)
+  resource_group_name               = local.resource_group_name
+  location                          = local.location
+  administrator_login               = var.admin_username == null ? "sqladmin" : var.admin_username
+  administrator_login_password      = var.admin_password == null ? random_password.main.0.result : var.admin_password
+  sku_name                          = var.postgresql_server_settings.sku_name
+  version                           = var.postgresql_server_settings.version
+  storage_mb                        = var.postgresql_server_settings.storage_mb
+  auto_grow_enabled                 = var.postgresql_server_settings.auto_grow_enabled
+  backup_retention_days             = var.postgresql_server_settings.backup_retention_days
+  geo_redundant_backup_enabled      = var.postgresql_server_settings.geo_redundant_backup_enabled
+  infrastructure_encryption_enabled = var.postgresql_server_settings.infrastructure_encryption_enabled
+  public_network_access_enabled     = var.postgresql_server_settings.public_network_access_enabled
+  ssl_enforcement_enabled           = var.postgresql_server_settings.ssl_enforcement_enabled
+  ssl_minimal_tls_version_enforced  = var.postgresql_server_settings.ssl_minimal_tls_version_enforced
+  create_mode                       = var.create_mode
+  creation_source_server_id         = var.create_mode != "Default" ? var.creation_source_server_id : null
+  restore_point_in_time             = var.create_mode == "PointInTimeRestore" ? var.restore_point_in_time : null
+  tags                              = merge({ "Name" = format("%s", var.postgresql_server_name) }, var.tags, )
+
+  dynamic "identity" {
+    for_each = var.identity == true ? [1] : [0]
+    content {
+      type = "SystemAssigned"
+    }
+  }
+
+  dynamic "threat_detection_policy" {
+    for_each = var.enable_threat_detection_policy == true ? [1] : []
+    content {
+      enabled                    = var.enable_threat_detection_policy
+      disabled_alerts            = var.disabled_alerts
+      email_account_admins       = var.email_addresses_for_alerts != null ? true : false
+      email_addresses            = var.email_addresses_for_alerts
+      retention_days             = var.log_retention_days
+      storage_account_access_key = azurerm_storage_account.storeacc.0.primary_access_key
+      storage_endpoint           = azurerm_storage_account.storeacc.0.primary_blob_endpoint
+    }
+  }
+}
+
+#------------------------------------------------------------
+# Adding  PostgreSQL Server Database - Default is "true"
+#------------------------------------------------------------
+resource "azurerm_postgresql_database" "main" {
+  name                = var.postgresql_server_settings.database_name
+  resource_group_name = local.resource_group_name
+  server_name         = azurerm_postgresql_server.main.name
+  charset             = var.postgresql_server_settings.charset
+  collation           = var.postgresql_server_settings.collation
+}
+
diff --git a/variables.tf b/variables.tf
@@ -0,0 +1,116 @@
+variable "create_resource_group" {
+  description = "Whether to create resource group and use it for all networking resources"
+  default     = true
+}
+
+variable "resource_group_name" {
+  description = "A container that holds related resources for an Azure solution"
+  default     = ""
+}
+
+variable "location" {
+  description = "The location/region to keep all your network resources. To get the list of all locations with table format from azure cli, run 'az account list-locations -o table'"
+  default     = ""
+}
+
+variable "subnet_id" {
+  description = "The resource ID of the subnet"
+  default     = ""
+}
+
+variable "log_analytics_workspace_name" {
+  description = "The name of log analytics workspace name"
+  default     = null
+}
+
+variable "random_password_length" {
+  description = "The desired length of random password created by this module"
+  default     = 24
+}
+
+variable "postgresql_server_name" {
+  description = "PostgreSQL server Name"
+  default     = ""
+}
+
+variable "admin_username" {
+  description = "The administrator login name for the new SQL Server"
+  default     = null
+}
+
+variable "admin_password" {
+  description = "The password associated with the admin_username user"
+  default     = null
+}
+
+variable "identity" {
+  description = "If you want your SQL Server to have an managed identity. Defaults to false."
+  default     = false
+}
+
+variable "postgresql_server_settings" {
+  description = "PostgreSQL server settings"
+  type = object({
+    sku_name                          = string
+    version                           = string
+    storage_mb                        = number
+    auto_grow_enabled                 = optional(bool)
+    backup_retention_days             = optional(number)
+    geo_redundant_backup_enabled      = optional(bool)
+    infrastructure_encryption_enabled = optional(bool)
+    public_network_access_enabled     = optional(bool)
+    ssl_enforcement_enabled           = optional(bool)
+    ssl_minimal_tls_version_enforced  = optional(string)
+    database_name                     = string
+    charset                           = string
+    collation                         = string
+  })
+}
+
+variable "create_mode" {
+  description = " The creation mode. Can be used to restore or replicate existing servers. Possible values are `Default`, `Replica`, `GeoRestore`, and `PointInTimeRestore`. Defaults to `Default`"
+  default     = "Default"
+}
+
+variable "creation_source_server_id" {
+  description = "For creation modes other than `Default`, the source server ID to use."
+  default     = null
+}
+
+variable "restore_point_in_time" {
+  description = "When `create_mode` is `PointInTimeRestore`, specifies the point in time to restore from `creation_source_server_id`"
+  default     = null
+}
+
+variable "storage_account_name" {
+  description = "The name of the storage account name"
+  default     = null
+}
+
+variable "enable_threat_detection_policy" {
+  description = "Threat detection policy configuration, known in the API as Server Security Alerts Policy"
+  default     = false
+}
+
+variable "email_addresses_for_alerts" {
+  description = "A list of email addresses which alerts should be sent to."
+  type        = list(any)
+  default     = []
+}
+
+variable "disabled_alerts" {
+  description = "Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action."
+  type        = list(any)
+  default     = []
+}
+
+variable "log_retention_days" {
+  description = "Specifies the number of days to keep in the Threat Detection audit logs"
+  default     = "30"
+}
+
+variable "tags" {
+  description = "A map of tags to add to all resources"
+  type        = map(string)
+  default     = {}
+}
