sassoftware
diff --git a/‎TODO.md‎
Lines changed: 1 addition & 1 deletion b/‎TODO.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/CONFIG-VARS.md‎
Lines changed: 18 additions & 13 deletions b/‎docs/CONFIG-VARS.md‎
Lines changed: 18 additions & 13 deletions
diff --git a/‎locals.tf‎
Lines changed: 37 additions & 36 deletions b/‎locals.tf‎
Lines changed: 37 additions & 36 deletions
@@ -4,7 +4,7 @@
 
 ## Changes for SAS locked down
 - make var for setting outbound_type. Needing for locked down accounts where creating routing tables is not permitted
-- make var for postgres vnet_rules. for vpn subscriptions
+- add Private access (VNet Integration) for flexible postgres
 
 ## Update docs
 - Add this line back into CONFIG-VARS.md @ 122
 
@@ -72,7 +72,7 @@ You can use `default_public_access_cidrs` to set a default range for all created
 | default_public_access_cidrs | IP address ranges allowed to access all created cloud resources | list of strings | | Sets a default for all resources. |
 | cluster_endpoint_public_access_cidrs | IP address ranges allowed to access the AKS cluster API | list of strings | | For client admin access to the cluster api (by `kubectl`, for example). Only used with `cluster_api_mode=public`|
 | vm_public_access_cidrs | IP address ranges allowed to access the VMs | list of strings | | Opens port 22 for SSH access to the jump server and/or NFS VM by adding Ingress Rule on the NSG. Only used with `create_jump_public_ip=true` or `create_nfs_public_ip=true`   |
-| postgres_public_access_cidrs | IP address ranges allowed to access the Azure PostgreSQL Server | list of strings || Opens port 5432 by adding Ingress Rule on the NSG. Only used when creating postgres instances. |
+| postgres_public_access_cidrs | IP address ranges allowed to access the Azure PostgreSQL Flexible Server | list of strings || Opens port 5432 by adding Ingress Rule on the NSG. Only used when creating postgres instances. |
 | acr_public_access_cidrs | IP address ranges allowed to access the ACR instance | list of strings || Only used with `create_container_registry=true` |
 
 **NOTE:** In a SCIM environment, the AzureActiveDirectory service tag must be granted access to port 443/HTTPS for the Ingress IP address. 
@@ -326,15 +326,15 @@ Each server element, like `foo = {}`, can contain none, some, or all of the para
 
 | Name | Description | Type | Default | Notes |
 | :--- | ---: | ---: | ---: | ---: |
-| sku_name| The SKU Name for the PostgreSQL Server | string | "GP_Gen5_32" | The name pattern is the SKU, followed by the tier + family + cores (e.g. B_Gen4_1, GP_Gen5_4).|
-| storage_mb | Max storage allowed for the PostgreSQL server | number | 51200 | Possible values are between 5120 MB(5GB) and 1048576 MB(1TB) for the Basic SKU and between 5120 MB(5GB) and 4194304 MB(4TB) for General Purpose/Memory Optimized SKUs |
-| backup_retention_days | Backup retention days for the PostgreSQL server | number | 7 | Supported values are between 7 and 35 days. |
+| sku_name| The SKU Name for the PostgreSQL Flexible Server | string | "GP_Standard_D16s_v3" | The name pattern is the SKU, followed by the tier + family + cores (e.g. B_Standard_B1ms, GP_Standard_D2s_v3, MO_Standard_E4s_v3).|
+| storage_mb | The max storage allowed for the PostgreSQL Flexible Server | number | 51200 | Possible values are 32768, 65536, 131072, 262144, 524288, 1048576, 2097152, 4194304, 8388608, 16777216, and 33554432. |
+| backup_retention_days | Backup retention days for the PostgreSQL Flexible server | number | 7 | Supported values are between 7 and 35 days. |
 | geo_redundant_backup_enabled | Enable Geo-redundant or not for server backup | bool | false | Not supported for the basic tier. |
-| administrator_login | The Administrator Login for the PostgreSQL Server. Changing this forces a new resource to be created. | string | "pgadmin" | The admin login name cannot be azure_superuser, azure_pg_admin, admin, administrator, root, guest, or public. It cannot start with pg_. See: [Microsoft Quickstart Server Database](https://docs.microsoft.com/en-us/azure/postgresql/quickstart-create-server-database-portal) |
-| administrator_password | The Password associated with the administrator_login for the PostgreSQL Server | string | "my$up3rS3cretPassw0rd" | The password must contain between 8 and 128 characters and must contain characters from three of the following categories: English uppercase letters, English lowercase letters, numbers (0 through 9), and non-alphanumeric characters (!, $, #, %, etc.). |
-| server_version | The version of the Azure Database for PostgreSQL server instance. Changing this forces a new resource to be created.| string | "11" | |
-| ssl_enforcement_enabled | Enforce SSL on connection to the Azure Database for PostgreSQL server instance | bool | true | |
-| postgresql_configurations | Configurations to enable on the PostgreSQL Database server instance | map(string) | {} | More details can be found [here](https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-cli) |
+| administrator_login | The Administrator Login for the PostgreSQL Flexible Server. Changing this forces a new resource to be created. | string | "pgadmin" | The admin login name cannot be azure_superuser, azure_pg_admin, admin, administrator, root, guest, or public. It cannot start with pg_. See: [Microsoft Quickstart Server Database](https://docs.microsoft.com/en-us/azure/postgresql/flexible-server/quickstart-create-server-portal) |
+| administrator_password | The Password associated with the administrator_login for the PostgreSQL Flexible Server | string | "my$up3rS3cretPassw0rd" | The password must contain between 8 and 128 characters and must contain characters from three of the following categories: English uppercase letters, English lowercase letters, numbers (0 through 9), and non-alphanumeric characters (!, $, #, %, etc.). |
+| server_version | The version of the Azure Database for PostgreSQL Flexible server instance. Changing this forces a new resource to be created.| string | "13" | |
+| ssl_enforcement_enabled | Enforce SSL on connection to the Azure Database for PostgreSQL Flexible server instance | bool | true | |
+| postgresql_configurations | Sets a PostgreSQL Configuration value on a Azure PostgreSQL Flexible Server | list(object) | [] | More details can be found [here](https://docs.microsoft.com/en-us/azure/postgresql/flexible-server/howto-configure-server-parameters-using-cli) |
 
 Here is a sample of the `postgres_servers` variable with the `default` entry only overriding the `administrator_password` parameter and the `cps` entry overriding all of the parameters:
 
@@ -344,15 +344,20 @@ postgres_servers = {
     administrator_password       = "D0ntL00kTh1sWay"
   },
   another_server = {
-    sku_name                     = "GP_Gen5_32"
-    storage_mb                   = 51200
+    sku_name                     = "GP_Standard_D16s_v3"
+    storage_mb                   = 65536
     backup_retention_days        = 7
     geo_redundant_backup_enabled = false
     administrator_login          = "pgadmin"
     administrator_password       = "1tsAB3aut1fulDay"
-    server_version               = "11"
+    server_version               = "13"
     ssl_enforcement_enabled      = true
-    postgresql_configurations    = { foo = "true", bar = "false" }
+    postgresql_configurations    = [
+       {
+         name  = "azure.extensions"
+         value = "PLPGSQL,LTREE"
+       }
+      ]
   }
 }
 ```
@@ -1,35 +1,36 @@
 locals {
-  
+
   # Useful flags
-  ssh_public_key = ( var.create_jump_vm || var.storage_type == "standard"
-                     ? file(var.ssh_public_key)
-                     : null
-                   )
-                   
+  ssh_public_key = (var.create_jump_vm || var.storage_type == "standard"
+    ? file(var.ssh_public_key)
+    : null
+  )
+
   # CIDR/Network
   default_public_access_cidrs          = var.default_public_access_cidrs == null ? [] : var.default_public_access_cidrs
   vm_public_access_cidrs               = var.vm_public_access_cidrs == null ? local.default_public_access_cidrs : var.vm_public_access_cidrs
   acr_public_access_cidrs              = var.acr_public_access_cidrs == null ? local.default_public_access_cidrs : var.acr_public_access_cidrs
   cluster_endpoint_public_access_cidrs = var.cluster_api_mode == "private" ? [] : (var.cluster_endpoint_public_access_cidrs == null ? local.default_public_access_cidrs : var.cluster_endpoint_public_access_cidrs)
   postgres_public_access_cidrs         = var.postgres_public_access_cidrs == null ? local.default_public_access_cidrs : var.postgres_public_access_cidrs
 
-  subnets = { for k, v in var.subnets : k => v if ! ( k == "netapp" && var.storage_type == "standard")}
+  subnets = { for k, v in var.subnets : k => v if !(k == "netapp" && var.storage_type == "standard") }
 
   # Kubernetes
   kubeconfig_filename = "${var.prefix}-aks-kubeconfig.conf"
   kubeconfig_path     = var.iac_tooling == "docker" ? "/workspace/${local.kubeconfig_filename}" : local.kubeconfig_filename
 
   # PostgreSQL
-  postgres_servers        = var.postgres_servers == null ? {} : { for k, v in var.postgres_servers : k => merge( var.postgres_server_defaults, v, )}
+  default_postgres_configuration = [{name: "max_prepared_transactions", value: 1024}]
+  postgres_servers        = var.postgres_servers == null ? {} : { for k, v in var.postgres_servers : k => merge(var.postgres_server_defaults, v, ) }
   postgres_firewall_rules = [for addr in local.postgres_public_access_cidrs : { "name" : replace(replace(addr, "/", "_"), ".", "_"), "start_ip" : cidrhost(addr, 0), "end_ip" : cidrhost(addr, abs(pow(2, 32 - split("/", addr)[1]) - 1)) }]
 
-  postgres_outputs = length(module.postgresql) != 0 ? { for k,v in module.postgresql :
+  postgres_outputs = length(module.flex_postgresql) != 0 ? { for k, v in module.flex_postgresql :
     k => {
-      "server_name" : module.postgresql[k].server_name,
-      "fqdn" : module.postgresql[k].server_fqdn,
-      "admin" : "${module.postgresql[k].administrator_login}@${module.postgresql[k].server_name}",
-      "password" : module.postgresql[k].administrator_password,
-      "server_port" : "5432", # TODO - Create a var when supported
+      "server_name" : module.flex_postgresql[k].server_name,
+      "fqdn" : module.flex_postgresql[k].server_fqdn,
+      "admin" : module.flex_postgresql[k].administrator_login,
+      "password" : module.flex_postgresql[k].administrator_password,
+      "server_port" : "5432",
       "ssl_enforcement_enabled" : local.postgres_servers[k].ssl_enforcement_enabled,
       "internal" : false
     }
@@ -38,34 +39,34 @@ locals {
   # Container Registry
   container_registry_sku = title(var.container_registry_sku)
 
-  aks_rg = ( var.resource_group_name == null
-             ? azurerm_resource_group.aks_rg.0
-             : data.azurerm_resource_group.aks_rg.0
-           )
+  aks_rg = (var.resource_group_name == null
+    ? azurerm_resource_group.aks_rg.0
+    : data.azurerm_resource_group.aks_rg.0
+  )
 
-  network_rg = ( var.vnet_resource_group_name == null
-                 ? local.aks_rg
-                 : data.azurerm_resource_group.network_rg.0
-               )
+  network_rg = (var.vnet_resource_group_name == null
+    ? local.aks_rg
+    : data.azurerm_resource_group.network_rg.0
+  )
 
   nsg         = var.nsg_name == null ? azurerm_network_security_group.nsg.0 : data.azurerm_network_security_group.nsg.0
   nsg_rg_name = var.nsg_name == null ? local.aks_rg.name : local.network_rg.name
 
   # Use BYO UAI if given, else create a UAI
-  aks_uai_id = ( var.aks_identity == "uai" 
-                 ? ( var.aks_uai_name == null
-                     ? azurerm_user_assigned_identity.uai.0.id
-                     : data.azurerm_user_assigned_identity.uai.0.id
-                   )
-                 : null
-               )
+  aks_uai_id = (var.aks_identity == "uai"
+    ? (var.aks_uai_name == null
+      ? azurerm_user_assigned_identity.uai.0.id
+      : data.azurerm_user_assigned_identity.uai.0.id
+    )
+    : null
+  )
 
-  cluster_egress_type = ( var.cluster_egress_type == null
-                          ? ( var.egress_public_ip_name == null
-                              ? "loadBalancer"
-                              : "userDefinedRouting"
-                            )
-                          : var.cluster_egress_type
-                        )
+  cluster_egress_type = (var.cluster_egress_type == null
+    ? (var.egress_public_ip_name == null
+      ? "loadBalancer"
+      : "userDefinedRouting"
+    )
+    : var.cluster_egress_type
+  )
 }