feat: Add optional capacities to owner

ducretje-evooq · web-flow · commit c932db58e907 · 2023-02-14T13:55:06.000+01:00
diff --git a/database.tf b/database.tf
@@ -3,10 +3,12 @@ locals {
 }
 
 resource "postgresql_role" "owner" {
-  name     = local.owner
-  login    = var.owner_password != null ? true : false
-  password = var.owner_password
-  roles    = var.roles
+  name            = local.owner
+  login           = var.owner_password != null ? true : false
+  create_database = var.owner_create_database
+  create_role     = var.owner_create_role
+  password        = var.owner_password
+  roles           = var.roles
 
   connection_limit = var.connection_limit
 
diff --git a/variables.tf b/variables.tf
@@ -19,6 +19,16 @@ variable "owner" {
   default     = ""
 }
 
+variable "owner_create_database" {
+  description = "Defines a role's ability to execute `CREATE DATABASE`"
+  default     = false
+}
+
+variable "owner_create_role" {
+  description = "Defines a role's ability to execute `CREATE ROLE`. A role with this privilege can also alter and drop other roles."
+  default     = false
+}
+
 variable "owner_password" {
   description = "The password for the owner of the database"
   type        = string
