From dcc12b1cd985a67051afde6e8965ecb25b4c8459 Mon Sep 17 00:00:00 2001 From: clouddrove-ci Date: Thu, 1 Feb 2024 11:24:45 +0000 Subject: [PATCH] update README.md --- README.md | 254 +++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 233 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 674fd94..2759f3b 100644 --- a/README.md +++ b/README.md @@ -4,20 +4,22 @@

- Terraform Module Template + Terraform AZURE flexible-postgresql + +

- Terraform module template to create new modules using this as baseline + Terraform module to create VIRTUAL-NETWORK resource on AZURE.

- - Latest Release + + Latest Release - - tfsec + + tfsec Licence @@ -27,13 +29,13 @@

- + - + - + @@ -53,8 +55,6 @@ We have [*fifty plus terraform modules*][terraform_modules]. A few of them are c ## Prerequisites This module has a few dependencies: -- [Terraform 1.4.6](https://learn.hashicorp.com/terraform/getting-started/install.html) - @@ -64,12 +64,163 @@ This module has a few dependencies: ## Examples -**IMPORTANT:** Since the `master` branch used in `source` varies based on new modifications, we suggest that you use the release versions [here](https://github.com/clouddrove/terraform-module-template/releases). - - -Here are some examples of how you can use this module in your inventory structure: -```hcl - ``` +**IMPORTANT:** Since the `master` branch used in `source` varies based on new modifications, we suggest that you use the release versions [here](https://github.com/clouddrove/terraform-azure-flexible-postgresql/releases). + + +### Basic Example + ```hcl + module "flexible-postgresql" { + source = "../.." + name = "app" + resource_group_name = "test" + location = "Canada Central" + + #**************************server configuration*************************** + postgresql_version = "16" + admin_username = "postgresqlusername" + admin_password = "ba5yatgfgfhdsv6A3ns2lu4gqzzc" # Null value will generate random password and added to tfstate file. + tier = "Burstable" + size = "B1ms" + database_names = ["maindb"] + #high_availability is applicable if tier are GeneralPurpose and MemoryOptimized. + high_availability = { + mode = "ZoneRedundant" + standby_availability_zone = 2 + } + #Entra_id Group name or user who can log into database. + principal_name = "Database_Admins" + + #**************************private server********************************* + #(Resources to recreate when changing private to public cluster or vise-versa ) + virtual_network_id = "" + private_dns = false + delegated_subnet_id = null + + #**************************Logging***************************************** + # By default diagnostic setting is enabled and logs are set AuditLogs and All_Metric. To disable logging set enable_diagnostic to false. + enable_diagnostic = false + log_analytics_workspace_id = "/subscription/***************" + + #**************************Encryption************************************** + # Database encryption with costumer manage keys + cmk_encryption_enabled = false + key_vault_id = "/subscription/***************" + admin_objects_ids = [data.azurerm_client_config.current_client_config.object_id] + } + + ``` +### Complete Example + ```hcl + module "flexible-postgresql" { + depends_on = [module.resource_group, module.vnet] + source = "../.." + name = local.name + environment = local.environment + resource_group_name = module.resource_group.resource_group_name + location = module.resource_group.resource_group_location + + #**************************server configuration*************************** + postgresql_version = "16" + admin_username = "postgresqlusername" + admin_password = "ba5yatgfgfhdsv6A3ns2lu4gqzzc" # Null value will generate random password and added to tfstate file. + tier = "Burstable" + size = "B1ms" + database_names = ["maindb"] + #high_availability is applicable if tier are GeneralPurpose and MemoryOptimized. + high_availability = { + mode = "ZoneRedundant" + standby_availability_zone = 2 + } + #Entra_id Group name or user who can log into database. + principal_name = "Database_Admins" + + #**************************private server********************************* + #(Resources to recreate when changing private to public cluster or vise-versa ) + virtual_network_id = module.vnet.vnet_id + private_dns = true + delegated_subnet_id = module.subnet.default_subnet_id[0] + + #**************************Logging***************************************** + # By default diagnostic setting is enabled and logs are set AuditLogs and All_Metric. To disable logging set enable_diagnostic to false. + log_analytics_workspace_id = module.log-analytics.workspace_id + + #**************************Encryption************************************** + # Database encryption with costumer manage keys + cmk_encryption_enabled = true + key_vault_id = module.vault.id + admin_objects_ids = [data.azurerm_client_config.current_client_config.object_id] + } + + ``` + ### flexible-pgsql-public Example + ```hcl + module "flexible-postgresql" { + depends_on = [module.resource_group] + source = "../.." + name = local.name + environment = local.environment + resource_group_name = module.resource_group.resource_group_name + location = module.resource_group.resource_group_location + + #**************************server configuration*************************** + postgresql_version = "16" + admin_username = "postgresqlusername" + admin_password = "ba5yatgfgfhdsv6A3ns2lu4gqzzc" # Null value will generate random password and added to tfstate file. + tier = "Burstable" + size = "B1ms" + database_names = ["maindb"] + #high_availability is applicable if tier are GeneralPurpose and MemoryOptimized. + high_availability = { + mode = "ZoneRedundant" + standby_availability_zone = 2 + } + #Entra_id Group name or user who can log into database. + principal_name = "Database_Admins" + + #**************************Public server********************************* + allowed_cidrs = { + "allowed_all_ip" = "0.0.0.0/0" + "allowed_specific_ip" = "11.32.16.78/32" + } + + #**************************Logging***************************************** + # By default diagnostic setting is enabled and logs are set AuditLogs and All_Metric. To disable logging set enable_diagnostic to false. + log_analytics_workspace_id = module.log-analytics.workspace_id + + #**************************Encryption************************************** + # Database encryption with costumer manage keys + cmk_encryption_enabled = true + key_vault_id = module.vault.id + admin_objects_ids = [data.azurerm_client_config.current_client_config.object_id] + } + ``` + ### pgsql-server-replication Example + ```hcl + module "flexible-postgresql" { + depends_on = [module.resource_group, module.vnet, data.azurerm_resource_group.main] + source = "../.." + name = "app" + environment = "test2" + label_order = ["name", "environment"] + main_rg_name = data.azurerm_resource_group.main.name + resource_group_name = module.resource_group.resource_group_name + location = module.resource_group.resource_group_location + virtual_network_id = module.vnet.vnet_id[0] + delegated_subnet_id = module.subnet.default_subnet_id[0] + postgresql_version = "12" + zone = "1" + admin_username = "postgresqlusern" + admin_password = "ba5yatgfgfhdsvvc6A3ns2lu4gqzzc" + tier = "Burstable" + size = "B1ms" + database_names = ["maindb"] + charset = "utf8" + collation = "en_US.utf8" + existing_private_dns_zone = true + existing_private_dns_zone_id = data.azurerm_private_dns_zone.main.id + existing_private_dns_zone_name = data.azurerm_private_dns_zone.main.name + } + ``` @@ -80,13 +231,74 @@ Here are some examples of how you can use this module in your inventory structur | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| label\_order | Label order, e.g. `name`,`environment`. | `list(string)` | 

[
  "name",
  "environment"
]
| no | +| active\_directory\_auth\_enabled | Set to true to enable Active Directory Authentication | `bool` | `true` | no | +| addon\_resource\_group\_name | The name of the addon vnet resource group | `string` | `""` | no | +| addon\_vent\_link | The name of the addon vnet | `bool` | `false` | no | +| addon\_virtual\_network\_id | The name of the addon vnet link vnet id | `string` | `""` | no | +| admin\_objects\_ids | IDs of the objects that can do all operations on all keys, secrets and certificates. | `list(string)` | `[]` | no | +| admin\_password | The password associated with the admin\_username user | `string` | `null` | no | +| admin\_password\_length | Length of random password generated. | `number` | `16` | no | +| admin\_username | The administrator login name for the new SQL Server | `string` | `null` | no | +| allowed\_cidrs | Map of authorized cidrs to connect database | `map(string)` | `{}` | no | +| backup\_retention\_days | The backup retention days for the PostgreSQL Flexible Server. Possible values are between 1 and 35 days. Defaults to 7 | `number` | `7` | no | +| charset | Specifies the Charset for the PostgreSQL Database, which needs to be a valid PostgreSQL Charset. Changing this forces a new resource to be created. | `string` | `"utf8"` | no | +| cmk\_encryption\_enabled | Enanle or Disable Database encryption with Customer Manage Key | `bool` | `false` | no | +| collation | Specifies the Collation for the PostgreSQL Database, which needs to be a valid PostgreSQL Collation. Changing this forces a new resource to be created. | `string` | `"en_US.utf8"` | no | +| create\_mode | The creation mode. Can be used to restore or replicate existing servers. Possible values are `Default`, `Replica`, `GeoRestore`, and `PointInTimeRestore`. Defaults to `Default` | `string` | `"Default"` | no | +| database\_names | Specifies the name of the MySQL Database, which needs to be a valid MySQL identifier. Changing this forces a new resource to be created. | `list(string)` | 
[
  "maindb"
]
| no | +| delegated\_subnet\_id | The resource ID of the subnet | `string` | `null` | no | +| enable\_diagnostic | Flag to control creation of diagnostic settings. | `bool` | `true` | no | +| enabled | Set to false to prevent the module from creating any resources. | `bool` | `true` | no | +| environment | Environment (e.g. `prod`, `dev`, `staging`). | `string` | `""` | no | +| eventhub\_authorization\_rule\_id | Eventhub authorization rule id to pass it to destination details of diagnosys setting of NSG. | `string` | `null` | no | +| eventhub\_name | Eventhub Name to pass it to destination details of diagnosys setting of NSG. | `string` | `null` | no | +| existing\_private\_dns\_zone | Name of the existing private DNS zone | `bool` | `false` | no | +| existing\_private\_dns\_zone\_id | n/a | `string` | `null` | no | +| existing\_private\_dns\_zone\_name | The name of the Private DNS zone (without a terminating dot). Changing this forces a new resource to be created. | `string` | `""` | no | +| expiration\_date | Expiration UTC datetime (Y-m-d'T'H:M:S'Z') | `string` | `"2024-05-22T18:29:59Z"` | no | +| extra\_tags | Additional tags (e.g. map(`BusinessUnit`,`XYZ`). | `map(string)` | `{}` | no | +| geo\_backup\_key\_vault\_key\_id | Key-vault key id to encrypt the geo redundant backup | `string` | `null` | no | +| geo\_backup\_user\_assigned\_identity\_id | User assigned identity id to encrypt the geo redundant backup | `string` | `null` | no | +| geo\_redundant\_backup\_enabled | Should geo redundant backup enabled? Defaults to false. Changing this forces a new PostgreSQL Flexible Server to be created. | `bool` | `false` | no | +| high\_availability | Map of high availability configuration: https://docs.microsoft.com/en-us/azure/mysql/flexible-server/concepts-high-availability. `null` to disable high availability | 
object({
    standby_availability_zone = optional(number)
  })
| 
{
  "standby_availability_zone": 1
}
| no | +| key\_vault\_id | Specifies the URL to a Key Vault Key (either from a Key Vault Key, or the Key URL for the Key Vault Secret | `string` | `""` | no | +| label\_order | Label order, e.g. sequence of application name and environment `name`,`environment`,'attribute' [`webserver`,`qa`,`devops`,`public`,] . | `list(any)` | 
[
  "name",
  "environment"
]
| no | +| location | The Azure Region where the PostgreSQL Flexible Server should exist. Changing this forces a new PostgreSQL Flexible Server to be created. | `string` | `""` | no | +| log\_analytics\_destination\_type | Possible values are AzureDiagnostics and Dedicated, default to AzureDiagnostics. When set to Dedicated, logs sent to a Log Analytics workspace will go into resource specific tables, instead of the legacy AzureDiagnostics table. | `string` | `"AzureDiagnostics"` | no | +| log\_analytics\_workspace\_id | Log Analytics workspace id in which logs should be retained. | `string` | `null` | no | +| log\_category | Categories of logs to be recorded in diagnostic setting. Acceptable values are PostgreSQLFlexDatabaseXacts, PostgreSQLFlexQueryStoreRuntime, PostgreSQLFlexQueryStoreWaitStats ,PostgreSQLFlexSessions, PostgreSQLFlexTableStats, PostgreSQLLogs | `list(string)` | `[]` | no | +| log\_category\_group | Log category group for diagnostic settings. | `list(string)` | 
[
  "audit"
]
| no | +| main\_rg\_name | n/a | `string` | `""` | no | +| maintenance\_window | Map of maintenance window configuration: https://docs.microsoft.com/en-us/azure/mysql/flexible-server/concepts-maintenance | `map(number)` | `null` | no | +| managedby | ManagedBy, eg ''. | `string` | `""` | no | +| metric\_enabled | Whether metric diagnonsis should be enable in diagnostic settings for flexible Mysql. | `bool` | `true` | no | +| name | Name (e.g. `app` or `cluster`). | `string` | `""` | no | +| point\_in\_time\_restore\_time\_in\_utc | The point in time to restore from creation\_source\_server\_id when create\_mode is PointInTimeRestore. Changing this forces a new PostgreSQL Flexible Server to be created. | `string` | `null` | no | +| postgresql\_version | The version of the PostgreSQL Flexible Server to use. Possible values are 5.7, and 8.0.21. Changing this forces a new PostgreSQL Flexible Server to be created. | `string` | `"5.7"` | no | +| principal\_name | The name of Azure Active Directory principal. | `string` | `null` | no | +| principal\_type | Set the principal type, defaults to ServicePrincipal. The type of Azure Active Directory principal. Possible values are Group, ServicePrincipal and User. Changing this forces a new resource to be created. | `string` | `"Group"` | no | +| private\_dns | n/a | `bool` | `false` | no | +| registration\_enabled | Is auto-registration of virtual machine records in the virtual network in the Private DNS zone enabled | `bool` | `false` | no | +| repository | Terraform current module repo | `string` | `""` | no | +| resource\_group\_name | A container that holds related resources for an Azure solution | `string` | `""` | no | +| rotation\_policy | The rotation policy for azure key vault key | 
map(object({
    time_before_expiry   = string
    expire_after         = string
    notify_before_expiry = string
  }))
| `null` | no | +| server\_configurations | PostgreSQL server configurations to add. | `map(string)` | `{}` | no | +| size | Size for PostgreSQL Flexible server sku : https://docs.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-compute-storage. | `string` | `"D2ds_v4"` | no | +| source\_server\_id | The resource ID of the source PostgreSQL Flexible Server to be restored. Required when create\_mode is PointInTimeRestore, GeoRestore, and Replica. Changing this forces a new PostgreSQL Flexible Server to be created. | `string` | `null` | no | +| storage\_account\_id | Storage account id to pass it to destination details of diagnosys setting of NSG. | `string` | `null` | no | +| storage\_mb | The max storage allowed for the PostgreSQL Flexible Server. Possible values are 32768, 65536, 131072, 262144, 524288, 1048576, 2097152, 4194304, 8388608, and 16777216. | `string` | `"32768"` | no | +| tier | Tier for PostgreSQL Flexible server sku : https://docs.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-compute-storage. Possible values are: GeneralPurpose, Burstable, MemoryOptimized. | `string` | `"GeneralPurpose"` | no | +| virtual\_network\_id | The name of the virtual network | `string` | `""` | no | +| zone | Specifies the Availability Zone in which this PostgreSQL Flexible Server should be located. Possible values are 1, 2 and 3. | `number` | `null` | no | ## Outputs | Name | Description | |------|-------------| -| label\_order | Label order. | +| azurerm\_private\_dns\_zone\_id | The Private DNS Zone ID. | +| azurerm\_private\_dns\_zone\_virtual\_network\_link\_id | The ID of the Private DNS Zone Virtual Network Link. | +| existing\_private\_dns\_zone\_virtual\_network\_link\_id | The ID of the Private DNS Zone Virtual Network Link. | +| postgresql\_flexible\_server\_id | The ID of the PostgreSQL Flexible Server. | @@ -102,9 +314,9 @@ You need to run the following command in the testing folder: ## Feedback -If you come accross a bug or have any feedback, please log it in our [issue tracker](https://github.com/clouddrove/terraform-module-template/issues), or feel free to drop us an email at [hello@clouddrove.com](mailto:hello@clouddrove.com). +If you come accross a bug or have any feedback, please log it in our [issue tracker](https://github.com/clouddrove/terraform-azure-flexible-postgresql/issues), or feel free to drop us an email at [hello@clouddrove.com](mailto:hello@clouddrove.com). -If you have found it worth your time, go ahead and give us a ★ on [our GitHub](https://github.com/clouddrove/terraform-module-template)! +If you have found it worth your time, go ahead and give us a ★ on [our GitHub](https://github.com/clouddrove/terraform-azure-flexible-postgresql)! ## About us