diff --git a/main.tf b/main.tf index 919e545..6eaf4a2 100644 --- a/main.tf +++ b/main.tf @@ -44,8 +44,10 @@ module "keyvault" { source = "./modules/keyvault" env_name = "prod" - resource_group_name = module.common.resource_group_name - resource_group_location = local.resource_group_location + resource_group_name = module.common.resource_group_name + resource_group_location = local.resource_group_location + tikweb_postgres_admin_password = module.common.postgres_admin_password + tikweb_postgres_admin_username = module.common.postgres_admin_username } @@ -141,6 +143,7 @@ module "cms" { tikweb_app_plan_id = module.common.tikweb_app_plan_id tikweb_rg_location = module.common.resource_group_location tikweb_rg_name = module.common.resource_group_name + postgres_server_new_id = module.common.postgres_server_new_id } module "ilmo" { @@ -152,6 +155,7 @@ module "ilmo" { postgres_server_fqdn = module.common.postgres_server_fqdn postgres_server_host = module.common.postgres_server_host postgres_admin_password = module.common.postgres_admin_password + postgres_server_new_id = module.common.postgres_server_new_id edit_token_secret = module.keyvault.ilmo_edit_token_secret auth_jwt_secret = module.keyvault.ilmo_auth_jwt_secret mailgun_api_key = module.keyvault.ilmo_mailgun_api_key @@ -187,6 +191,7 @@ module "tenttiarkisto" { postgres_server_fqdn = module.common.postgres_server_fqdn postgres_server_host = module.common.postgres_server_host postgres_admin_password = module.common.postgres_admin_password + postgres_server_new_id = module.common.postgres_server_new_id tikweb_app_plan_id = module.common.tikweb_app_plan_id tikweb_app_plan_rg_location = module.common.resource_group_location tikweb_app_plan_rg_name = module.common.resource_group_name diff --git a/modules/cms/main.tf b/modules/cms/main.tf index e3b84c5..d2d353e 100644 --- a/modules/cms/main.tf +++ b/modules/cms/main.tf @@ -10,6 +10,12 @@ resource "azurerm_postgresql_database" "tikweb_cms_db" { collation = "fi-FI" } +resource "azurerm_postgresql_flexible_server_database" "tikweb_cms_db_new" { + name = "${local.db_name}-new" + server_id = var.postgres_server_new_id + collation = "fi_FI" + charset = "utf8" +} resource "azurerm_linux_web_app" "tikweb_cms" { name = "tikweb-${var.env_name}-app-cms" diff --git a/modules/cms/variables.tf b/modules/cms/variables.tf index cd7ec22..b37b511 100644 --- a/modules/cms/variables.tf +++ b/modules/cms/variables.tf @@ -18,6 +18,9 @@ variable "postgres_server_fqdn" { type = string } +variable "postgres_server_new_id" { + type = string +} variable "postgres_admin_password" { type = string } diff --git a/modules/common/main.tf b/modules/common/main.tf index 0bb51ec..a335b6b 100644 --- a/modules/common/main.tf +++ b/modules/common/main.tf @@ -38,6 +38,20 @@ resource "azurerm_postgresql_server" "tikweb_pg" { ssl_enforcement_enabled = true } +resource "azurerm_postgresql_flexible_server" "tikweb_pg_new" { + name = "example-psqlflexibleserver" + resource_group_name = azurerm_resource_group.tikweb_rg.name + location = azurerm_resource_group.tikweb_rg.location + version = "15" + administrator_login = "tietokilta" + administrator_password = random_password.db_password.result + storage_mb = 32768 + sku_name = "B_Standard_B1ms" + backup_retention_days = 7 + geo_redundant_backup_enabled = false + auto_grow_enabled = false +} + # Enable access from other Azure services resource "azurerm_postgresql_firewall_rule" "tikweb_pg_internal_access" { name = "tikweb-${var.env_name}-pg-internal-access" diff --git a/modules/common/output.tf b/modules/common/output.tf index 6e3aa38..947c653 100644 --- a/modules/common/output.tf +++ b/modules/common/output.tf @@ -21,6 +21,14 @@ output "postgres_admin_password" { sensitive = true } +output "postgres_admin_username" { + value = azurerm_postgresql_server.tikweb_pg.administrator_login + sensitive = true +} + +output "postgres_server_new_id" { + value = azurerm_postgresql_flexible_server.tikweb_pg_new.id +} output "tikweb_app_plan_id" { value = azurerm_service_plan.tikweb_plan.id } diff --git a/modules/ilmo/main.tf b/modules/ilmo/main.tf index 1b0ff45..077311d 100644 --- a/modules/ilmo/main.tf +++ b/modules/ilmo/main.tf @@ -11,6 +11,14 @@ resource "azurerm_postgresql_database" "ilmo_db" { collation = "fi-FI" } +resource "azurerm_postgresql_flexible_server_database" "ilmo_db_new" { + name = "${local.db_name}-new" + server_id = var.postgres_server_new_id + collation = "fi_FI" + charset = "utf8" +} + + resource "azurerm_linux_web_app" "ilmo_backend" { name = "tik-ilmo-${var.env_name}-app" location = var.tikweb_rg_location diff --git a/modules/ilmo/variables.tf b/modules/ilmo/variables.tf index 3253125..3e8d28b 100644 --- a/modules/ilmo/variables.tf +++ b/modules/ilmo/variables.tf @@ -27,6 +27,10 @@ variable "postgres_server_host" { type = string } +variable "postgres_server_new_id" { + type = string +} + variable "edit_token_secret" { type = string sensitive = true diff --git a/modules/keyvault/main.tf b/modules/keyvault/main.tf index 773fe8d..a9d7e40 100644 --- a/modules/keyvault/main.tf +++ b/modules/keyvault/main.tf @@ -17,14 +17,19 @@ resource "azurerm_key_vault" "keyvault" { key_permissions = [ "Get", + "Create", + "Update" ] secret_permissions = [ "Get", + "Set" ] storage_permissions = [ "Get", + "Set", + "Update" ] } } @@ -88,3 +93,14 @@ data "azurerm_key_vault_secret" "github_app_key" { name = "github-app-key" key_vault_id = azurerm_key_vault.keyvault.id } + +resource "azurerm_key_vault_secret" "postgres_admin_username" { + key_vault_id = azurerm_key_vault.keyvault.id + name = "postgres-admin-username" + value = var.tikweb_postgres_admin_username +} +resource "azurerm_key_vault_secret" "postgres_admin_password" { + key_vault_id = azurerm_key_vault.keyvault.id + name = "postgres-admin-password" + value = var.tikweb_postgres_admin_password +} diff --git a/modules/keyvault/output.tf b/modules/keyvault/output.tf index 6741be6..c65261c 100644 --- a/modules/keyvault/output.tf +++ b/modules/keyvault/output.tf @@ -44,3 +44,10 @@ output "tenttiarkisto_django_secret_key" { output "github_app_key" { value = data.azurerm_key_vault_secret.github_app_key.value } +output "postgres_admin_password" { + value = azurerm_key_vault_secret.postgres_admin_password +} + +output "postgres_admin_username" { + value = azurerm_key_vault_secret.postgres_admin_username +} diff --git a/modules/keyvault/variables.tf b/modules/keyvault/variables.tf index 36b3af6..32f9ab3 100644 --- a/modules/keyvault/variables.tf +++ b/modules/keyvault/variables.tf @@ -9,3 +9,10 @@ variable "resource_group_name" { variable "resource_group_location" { type = string } +variable "tikweb_postgres_admin_username" { + type = string +} + +variable "tikweb_postgres_admin_password" { + type = string +} diff --git a/modules/tenttiarkisto/main.tf b/modules/tenttiarkisto/main.tf index 0448348..f3a9e5b 100644 --- a/modules/tenttiarkisto/main.tf +++ b/modules/tenttiarkisto/main.tf @@ -15,6 +15,13 @@ resource "azurerm_postgresql_database" "tenttiarkisto_db" { collation = "fi-FI" } +resource "azurerm_postgresql_flexible_server_database" "tenttiarkisto_db_new" { + name = "${local.db_name}_new" + server_id = var.postgres_server_new_id + collation = "fi_FI" + charset = "utf8" +} + resource "azurerm_storage_account" "tenttiarkisto_storage_account" { name = "tenttiarkisto${var.env_name}sa" resource_group_name = azurerm_resource_group.tenttiarkisto_rg.name diff --git a/modules/tenttiarkisto/variables.tf b/modules/tenttiarkisto/variables.tf index 8ccf807..ef5d775 100644 --- a/modules/tenttiarkisto/variables.tf +++ b/modules/tenttiarkisto/variables.tf @@ -26,7 +26,9 @@ variable "postgres_admin_password" { variable "postgres_server_host" { type = string } - +variable "postgres_server_new_id" { + type = string +} variable "tikweb_app_plan_id" { type = string }