tf-azurerm-module_reference-postgresql_server

Overview

This module deploys a Azure Database for PostgreSQL Flexible Server and any related resources

Pre-Commit hooks

.pre-commit-config.yaml file defines certain pre-commit hooks that are relevant to terraform, golang and common linting tasks. There are no custom hooks added.

commitlint hook enforces commit message in certain format. The commit contains the following structural elements, to communicate intent to the consumers of your commit messages:

• fix: a commit of the type fix patches a bug in your codebase (this correlates with PATCH in Semantic Versioning).
• feat: a commit of the type feat introduces a new feature to the codebase (this correlates with MINOR in Semantic Versioning).
• BREAKING CHANGE: a commit that has a footer BREAKING CHANGE:, or appends a ! after the type/scope, introduces a breaking API change (correlating with MAJOR in Semantic Versioning). A BREAKING CHANGE can be part of commits of any type. footers other than BREAKING CHANGE: may be provided and follow a convention similar to git trailer format.
• build: a commit of the type build adds changes that affect the build system or external dependencies (example scopes: gulp, broccoli, npm)
• chore: a commit of the type chore adds changes that don't modify src or test files
• ci: a commit of the type ci adds changes to our CI configuration files and scripts (example scopes: Travis, Circle, BrowserStack, SauceLabs)
• docs: a commit of the type docs adds documentation only changes
• perf: a commit of the type perf adds code change that improves performance
• refactor: a commit of the type refactor adds code change that neither fixes a bug nor adds a feature
• revert: a commit of the type revert reverts a previous commit
• style: a commit of the type style adds code changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)
• test: a commit of the type test adds missing tests or correcting existing tests

Base configuration used for this project is commitlint-config-conventional (based on the Angular convention)

If you are a developer using vscode, this plugin may be helpful.

detect-secrets-hook prevents new secrets from being introduced into the baseline. TODO: INSERT DOC LINK ABOUT HOOKS

In order for pre-commit hooks to work properly

• You need to have the pre-commit package manager installed. Here are the installation instructions.
• pre-commit would install all the hooks when commit message is added by default except for commitlint hook. commitlint hook would need to be installed manually using the command below

pre-commit install --hook-type commit-msg

To test the resource group module locally

1. For development/enhancements to this module locally, you'll need to install all of its components. This is controlled by the configure target in the project's Makefile. Before you can run configure, familiarize yourself with the variables in the Makefile and ensure they're pointing to the right places.

make configure

This adds in several files and directories that are ignored by git. They expose many new Make targets.

2. THIS STEP APPLIES ONLY TO MICROSOFT AZURE. IF YOU ARE USING A DIFFERENT PLATFORM PLEASE SKIP THIS STEP. The first target you care about is env. This is the common interface for setting up environment variables. The values of the environment variables will be used to authenticate with cloud provider from local development workstation.

make configure command will bring down azure_env.sh file on local workstation. Devloper would need to modify this file, replace the environment variable values with relevant values.

These environment variables are used by terratest integration suit.

Service principle used for authentication(value of ARM_CLIENT_ID) should have below privileges on resource group within the subscription.

"Microsoft.Resources/subscriptions/resourceGroups/write"
"Microsoft.Resources/subscriptions/resourceGroups/read"
"Microsoft.Resources/subscriptions/resourceGroups/delete"

Then run this make target to set the environment variables on developer workstation.

make env

3. The first target you care about is check.

Pre-requisites Before running this target it is important to ensure that, developer has created files mentioned below on local workstation under root directory of git repository that contains code for primitives/segments. Note that these files are azure specific. If primitive/segment under development uses any other cloud provider than azure, this section may not be relevant.

• A file named provider.tf with contents below

provider "azurerm" {
  features {}
}

• A file named terraform.tfvars which contains key value pair of variables used.

Note that since these files are added in gitignore they would not be checked in into primitive/segment's git repo.

After creating these files, for running tests associated with the primitive/segment, run

make check

If make check target is successful, developer is good to commit the code to primitive/segment's git repo.

make check target

• runs terraform commands to lint,validate and plan terraform code.
• runs conftests. conftests make sure policy checks are successful.
• runs terratest. This is integration test suit.
• runs opa tests

Requirements

Name	Version
terraform	~> 1.0
azurerm	~> 3.113

Providers

No providers.

Modules

Name	Source	Version
resource_names	terraform.registry.launch.nttdata.com/module_library/resource_name/launch	~> 2.0
resource_group	terraform.registry.launch.nttdata.com/module_primitive/resource_group/azurerm	~> 1.0
postgresql_server	terraform.registry.launch.nttdata.com/module_primitive/postgresql_server/azurerm	~> 1.0
postgresql_server_configuration	terraform.registry.launch.nttdata.com/module_primitive/postgresql_server_configuration/azurerm	~> 1.0
postgresql_server_ad_administrator	terraform.registry.launch.nttdata.com/module_primitive/postgresql_server_ad_administrator/azurerm	~> 1.0
private_endpoint	terraform.registry.launch.nttdata.com/module_primitive/private_endpoint/azurerm	~> 1.0

Resources

No resources.

Inputs

Name	Description	Type	Default	Required
resource_names_map	A map of key to resource_name that will be used by tf-launch-module_library-resource_name to generate resource names	map(object({ name = string max_length = optional(number, 60) }))	{ "postgresql_server": { "max_length": 60, "name": "psql" }, "private_endpoint": { "max_length": 80, "name": "pe" }, "private_service_connection": { "max_length": 80, "name": "pesc" }, "resource_group": { "max_length": 60, "name": "rg" } }	no
instance_env	Number that represents the instance of the environment.	number	0	no
instance_resource	Number that represents the instance of the resource.	number	0	no
logical_product_family	(Required) Name of the product family for which the resource is created. Example: org_name, department_name.	string	"launch"	no
logical_product_service	(Required) Name of the product service for which the resource is created. For example, backend, frontend, middleware etc.	string	"database"	no
class_env	(Required) Environment where resource is going to be deployed. For example. dev, qa, uat	string	"dev"	no
use_azure_region_abbr	Abbreviate the region in the resource names	bool	true	no
location	Location of the Postgres Flexible Server	string	"eastus"	no
sku_name	The name of the SKU used by this Postgres Flexible Server	string	"B_Standard_B1ms"	no
create_mode	The creation mode. Possible values are Default, GeoRestore, PointInTimeRestore, Replica, and Update	string	"Default"	no
postgres_version	Version of the Postgres Flexible Server. Required when create_mode is Default	string	"16"	no
server_configuration	Map of configurations to apply to the postgres flexible server	map(string)	{}	no
delegated_subnet_id	The ID of the subnet to which the Postgres Flexible Server is delegated	string	null	no
private_dns_zone_id	The ID of the private DNS zone. Required when delegated_subnet_id is set	string	null	no
public_network_access_enabled	Whether or not public network access is allowed for this server	bool	false	no
authentication	active_directory_auth_enabled = Whether or not Active Directory authentication is enabled for this server password_auth_enabled = Whether or not password authentication is enabled for this server tenant_id = The tenant ID of the Active Directory to use for authentication	object({ active_directory_auth_enabled = optional(bool) password_auth_enabled = optional(bool) tenant_id = optional(string) })	null	no
ad_administrator	tenant_id = The tenant ID of the AD administrator object_id = The object ID of the AD administrator principal_name = The name of the princiapl to assign as AD administrator principal_type = The type of princiapl to assign as AD administrator	object({ tenant_id = string object_id = string principal_name = string principal_type = string })	null	no
administrator_login	The administrator login for the Postgres Flexible Server. Required when create_mode is Default and authentication.password_auth_enabled is true	string	null	no
administrator_password	The administrator password for the Postgres Flexible Server. Required when create_mode is Default and authentication.password_auth_enabled is true	string	null	no
backup_retention_days	The backup retention days for the Postgres Flexible Server, between 7 and 35 days	number	7	no
geo_redundant_backup_enabled	Whether or not geo-redundant backups are enabled for this server	bool	false	no
zone	The zone of the Postgres Flexible Server	string	null	no
high_availability	mode = The high availability mode. Possible values are SameZone or ZoneRedundant standby_availability_zone = The availability zone for the standby server	object({ mode = string standby_availability_zone = optional(string) })	null	no
identity_ids	Specifies a list of User Assigned Managed Identity IDs to be assigned	list(string)	null	no
maintenance_window	The maintenance window of the Postgres Flexible Server day_of_week = The day of the week when maintenance should be performed start_hour = The start hour of the maintenance window start_minute = The start minute of the maintenance window	object({ day_of_week = optional(string, 0) start_hour = optional(number, 0) start_minute = optional(number, 0) })	{ "day_of_week": 0, "start_hour": 0, "start_minute": 0 }	no
source_server_id	The ID of the source Postgres Flexible Server to restore from. Required when create_mode is GeoRestore, PointInTimeRestore, or Replica	string	null	no
storage_mb	The storage capacity of the Postgres Flexible Server in megabytes	number	32768	no
storage_tier	The storage tier of the Postgres Flexible Server. Default value based on storage_mb	string	null	no
tags	A mapping of tags to assign to the resource.	map(string)	{}	no
create_private_endpoint	Whether or not to create a Private Endpoint for the Postgres Flexible Server	bool	false	no
private_endpoint_subnet_id	The ID of the subnet to which the Postgres Flexible Server private endpoint is connected	string	null	no
private_endpoint_dns_zone_ids	A list of Private DNS Zone IDs to link with the Private Endpoint.	list(string)	[]	no
private_endpoint_dns_zone_group_name	Specifies the Name of the Private DNS Zone Group.	string	"postgresqlServer"	no
private_endpoint_is_manual_connection	Does the Private Endpoint require Manual Approval from the remote resource owner? Changing this forces a new resource to be created.	bool	false	no
private_endpoint_subresource_names	A list of subresource names which the Private Endpoint is able to connect to. subresource_names corresponds to group_id. Possible values are detailed in the product documentation in the Subresources column. https://docs.microsoft.com/azure/private-link/private-endpoint-overview#private-link-resource	list(string)	[ "postgresqlServer" ]	no
private_endpoint_request_message	A message passed to the owner of the remote resource when the private endpoint attempts to establish the connection to the remote resource. The request message can be a maximum of 140 characters in length. Only valid if is_manual_connection=true	string	""	no

Outputs

Name	Description
id	n/a
name	n/a
fqdn	n/a
resource_group_name	n/a
admin_tenant_id	n/a
admin_object_id	n/a
admin_principal_name	n/a
delegated_subnet_id	n/a
private_dns_zone_id	n/a
source_server_id	n/a
server_configuration	n/a