Thanks to visit codestin.com
Credit goes to github.com

Skip to content

AckeeCZ/terraform-gcp-cloud-sql-user

BranchesTags

Repository files navigation

Terraform GCP Cloud SQL users setup

Module creates users for Cloud SQL instance, add permissions and exports users to GCP Secret Manager.

Only PSQL is supported.

Usage

module "database_users" {
  source = "git::ssh://[email protected]/AckeeCZ/terraform-gcp-cloud-sql-user.git"
  users = {
    "ackee.fella" : {
      permissions : ["DELETE", "SELECT", "INSERT", "REFERENCES", "TRIGGER", "TRUNCATE", "UPDATE"]
      seq_permissions : ["USAGE", "UPDATE", "SELECT"]
      seq_objects : [
        "audits_id_seq",
        "countries_id_seq",
        "discounts_id_seq",
        "ga_callbacks_id_seq",
        "invoices_id_seq",
        "languages_id_seq",
        "merchants_id_seq",
        "mf_callbacks_id_seq",
        "shops_id_seq"
      ]
    }
    "reader-sa" : {
      permissions : ["SELECT"]
      create_sa : true
    }
    "[email protected]" : {
      permissions : ["SELECT"]
      type : "CLOUD_IAM_USER"
    }
  }
  database               = local.postgres_database_name
  postgres_instance_name = local.instance_name
  project                = var.project
}

See example folder for more details.

Users variable

Users variable is a map of users. Each user has following attributes:

  • permissions - list of permissions for objects
  • seq_permissions - list of permissions for sequences
  • seq_objects - list of sequences objects
  • create_sa - create service account for user
  • type - type of user, default is BUILT_IN, other is CLOUD_IAM_USER
  • special - use special characters for the password
  • override_special - override special characters for the password
  • role - role for the user, default is the key in the users map

Requirements

No requirements.

Providers

Name Version
google n/a
postgresql n/a
random n/a

Modules

No modules.

Resources

Name Type
google_project_iam_member.assign_cloudsql_client resource
google_project_iam_member.test resource
google_project_iam_member.test_cloudsql_client resource
google_secret_manager_secret.database_credentials resource
google_secret_manager_secret_version.database_credentials resource
google_service_account.sa resource
google_service_account_key.sa_key resource
google_sql_user.user resource
postgresql_default_privileges.permissions resource
postgresql_default_privileges.seq_permissions resource
postgresql_grant.permissions resource
postgresql_grant.seq_permissions resource
random_password.password resource

Inputs

Name Description Type Default Required
database Database name used for permission setup string n/a yes
expose_password Expose password to Terraform output bool false no
owner If set, default privileges will be set for users string "" no
postgres_instance_name Cloud SQL instance name string n/a yes
project Project ID string n/a yes
save_credentials Save credentials to GCP Secret Manager bool true no
users Map of users and their attributes, key is the user login map {} no

Outputs

Name Description
passwords Passwords generated

About

Terraform module for setting up users in GCP Cloud SQL for Postgresql

Topics

cloud sql terraform psql gcp

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

5 tags

Packages

No packages published

Languages