Merge pull request #2 from cookielab/jj/toggle-roles-creation

feat(roles): toggle ro/rw roles creation
cookielab · Sep 23, 2024 · 259fa31 · 259fa31
2 parents 179b565 + b267f1e
commit 259fa31
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 3 deletions.
diff --git a/.terraform-docs.yml b/.terraform-docs.yml
@@ -1,6 +1,6 @@
 ---
 formatter: "markdown table"  # this is required
-version: "0.17.0"
+version: "0.19.0"
 header-from: main.tf
 footer-from: ""
 recursive:

diff --git a/README.md b/README.md
@@ -4,6 +4,7 @@
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0, < 2.0.0 |
+| <a name="requirement_postgresql"></a> [postgresql](#requirement\_postgresql) | ~> 1.21 |
 
 Basic usage of this module is as follows:
 
@@ -16,6 +17,8 @@ module "example" {
   
 	 # Optional variables
   	 app_username  = null
+  	 create_role_ro  = true
+  	 create_role_rw  = true
   	 owner_username  = null
   	 role_ro_name  = null
   	 role_rw_name  = null
@@ -30,6 +33,8 @@ No resources.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_app_username"></a> [app\_username](#input\_app\_username) | Application username | `string` | `null` | no |
+| <a name="input_create_role_ro"></a> [create\_role\_ro](#input\_create\_role\_ro) | Toggle read-only role creation | `bool` | `true` | no |
+| <a name="input_create_role_rw"></a> [create\_role\_rw](#input\_create\_role\_rw) | Toggle read-write role creation | `bool` | `true` | no |
 | <a name="input_database"></a> [database](#input\_database) | Database name | `string` | n/a | yes |
 | <a name="input_owner_username"></a> [owner\_username](#input\_owner\_username) | Database owner | `string` | `null` | no |
 | <a name="input_role_ro_name"></a> [role\_ro\_name](#input\_role\_ro\_name) | Read-only role name | `string` | `null` | no |

diff --git a/main.tf b/main.tf
@@ -26,7 +26,7 @@ module "access_ro" {
   database_name  = var.database
   database_owner = module.database.username
   role_name      = var.role_ro_name != null ? var.role_ro_name : "${var.database}_ro"
-  create_role    = true
+  create_role    = var.create_role_ro
   allow_login    = false
   access_map     = local.access_map_ro
   depends_on     = [module.database]
@@ -38,7 +38,7 @@ module "access_rw" {
   database_name  = var.database
   database_owner = module.database.username
   role_name      = var.role_rw_name != null ? var.role_rw_name : "${var.database}_rw"
-  create_role    = true
+  create_role    = var.create_role_rw
   allow_login    = false
   access_map     = local.access_map_rw
   depends_on     = [module.database]

diff --git a/variables.tf b/variables.tf
@@ -26,3 +26,15 @@ variable "role_rw_name" {
   type        = string
   description = "Read-write role name"
 }
+
+variable "create_role_ro" {
+  default     = true
+  type        = bool
+  description = "Toggle read-only role creation"
+}
+
+variable "create_role_rw" {
+  default     = true
+  type        = bool
+  description = "Toggle read-write role creation"
+}