masterpointio
diff --git a/‎.github/workflows/notion-sync.yaml
Lines changed: 0 additions & 30 deletions b/‎.github/workflows/notion-sync.yaml
Lines changed: 0 additions & 30 deletions
diff --git a/‎.github/workflows/test.yaml
Lines changed: 45 additions & 0 deletions b/‎.github/workflows/test.yaml
Lines changed: 45 additions & 0 deletions
diff --git a/‎README.md
Lines changed: 2 additions & 2 deletions b/‎README.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎examples/complete/main.tf
Lines changed: 1 addition & 2 deletions b/‎examples/complete/main.tf
Lines changed: 1 addition & 2 deletions
diff --git a/‎examples/complete/outputs.tf
Lines changed: 4 additions & 0 deletions b/‎examples/complete/outputs.tf
Lines changed: 4 additions & 0 deletions
diff --git a/‎examples/complete/validation_script.py
Lines changed: 0 additions & 129 deletions b/‎examples/complete/validation_script.py
Lines changed: 0 additions & 129 deletions
diff --git a/‎examples/complete/variables.tf
Lines changed: 2 additions & 0 deletions b/‎examples/complete/variables.tf
Lines changed: 2 additions & 0 deletions
diff --git a/‎main.tf
Lines changed: 10 additions & 11 deletions b/‎main.tf
Lines changed: 10 additions & 11 deletions
diff --git a/‎outputs.tf
Lines changed: 4 additions & 0 deletions b/‎outputs.tf
Lines changed: 4 additions & 0 deletions
@@ -0,0 +1,45 @@
+name: TF Test
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+permissions:
+  actions: read
+  checks: write
+  contents: read
+  id-token: write
+  pull-requests: read
+
+jobs:
+  tf-test:
+    name: ${{ matrix.tf }} Test
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        tf: [tofu, terraform]
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Aqua Cache
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        if: ${{ !github.event.act }} # Don't enable the cache step if we're using act for testing
+        with:
+          path: ~/.local/share/aquaproj-aqua
+          key: v1-aqua-installer-${{runner.os}}-${{runner.arch}}-${{hashFiles('aqua.yaml')}}
+          restore-keys: |
+            v1-aqua-installer-${{runner.os}}-${{runner.arch}}-
+
+      - name: Install Aqua
+        uses: aquaproj/aqua-installer@5e54e5cee8a95ee2ce7c04cb993da6dfad13e59c # v3.2.1
+        with:
+          aqua_version: v2.48.1
+
+      - name: Aqua Install
+        shell: bash
+        run: aqua install --tags ${{ matrix.tf }}
+
+      - run: ${{ matrix.tf }} init
+      - run: ${{ matrix.tf }} test
@@ -47,7 +47,7 @@ module "logical_dbs" {
       name      = "system_user"
       login     = true
       superuser = false
-      password  = "insecure-pass-for-demo-app"
+      password  = "insecure-pass-for-readme-app"
     }
 
     table_grants = {
@@ -80,7 +80,7 @@ module "logical_dbs" {
     role = {
       name      = "readonly_user"
       login     = true
-      password  = "insecure-pass-for-demo-readonly"
+      password  = "insecure-pass-for-readme-readonly"
       superuser = false
     }
 
 
@@ -4,6 +4,5 @@ module "app_dbs" {
   source = "../../"
 
   databases = var.databases
-
-  roles = var.roles
+  roles     = var.roles
 }
@@ -1,3 +1,7 @@
+output "databases" {
+  value = module.app_dbs.databases
+}
+
 output "database_access" {
   value = module.app_dbs.database_access
 }
 
@@ -40,6 +40,7 @@ variable "databases" {
     name             = string
     connection_limit = number
   }))
+  default = []
 }
 
 
@@ -104,5 +105,6 @@ variable "roles" {
       privileges  = list(string)
     }))
   }))
+  default     = []
   description = "List of static postgres roles to create and related permissions. These are for applications that use static credentials and don't use IAM DB Auth. See defaults: https://registry.terraform.io/providers/cyrilgdn/postgresql/latest/docs/resources/postgresql_role"
 }
@@ -1,10 +1,3 @@
-resource "postgresql_database" "logical_db" {
-  for_each         = { for database in var.databases : database.name => database }
-  name             = each.key
-  connection_limit = each.value.connection_limit
-}
-
-
 locals {
   roles_with_passwords = [for idx, role_data in var.roles : merge(role_data,
     {
@@ -27,6 +20,12 @@ locals {
   _table_grants       = [for role in local.roles_with_passwords : role.table_grants if try(role.table_grants, null) != null]
 }
 
+resource "postgresql_database" "logical_db" {
+  for_each         = { for database in var.databases : database.name => database }
+  name             = each.key
+  connection_limit = each.value.connection_limit
+}
+
 # If no password passed in, then use this to generate one
 resource "random_password" "user_password" {
   count = length(var.roles)
@@ -74,7 +73,7 @@ resource "postgresql_grant" "database_access" {
   object_type = each.value.object_type
   privileges  = each.value.privileges
 
-  depends_on = [postgresql_database.logical_db]
+  depends_on = [postgresql_database.logical_db, postgresql_role.role]
 }
 
 resource "postgresql_grant" "schema_access" {
@@ -87,7 +86,7 @@ resource "postgresql_grant" "schema_access" {
   object_type = each.value.object_type
   privileges  = each.value.privileges
 
-  depends_on = [postgresql_database.logical_db]
+  depends_on = [postgresql_database.logical_db, postgresql_role.role]
 }
 
 resource "postgresql_grant" "table_access" {
@@ -114,7 +113,7 @@ resource "postgresql_grant" "sequence_access" {
   object_type = each.value.object_type
   privileges  = each.value.privileges
 
-  depends_on = [postgresql_database.logical_db]
+  depends_on = [postgresql_database.logical_db, postgresql_role.role]
 }
 
 resource "postgresql_default_privileges" "privileges" {
@@ -128,5 +127,5 @@ resource "postgresql_default_privileges" "privileges" {
   object_type = each.value.object_type
   privileges  = each.value.privileges
 
-  depends_on = [postgresql_database.logical_db]
+  depends_on = [postgresql_database.logical_db, postgresql_role.role]
 }
@@ -1,3 +1,7 @@
+output "databases" {
+  value = postgresql_database.logical_db
+}
+
 output "database_access" {
   value = postgresql_grant.database_access
 }
Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,5 @@ module "app_dbs" {`
`4`	`4`	`source = "../../"`
`5`	`5`
`6`	`6`	`databases = var.databases`
`7`		`-`
`8`		`- roles = var.roles`
	`7`	`+ roles = var.roles`
`9`	`8`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,7 @@`
	`1`	`+output "databases" {`
	`2`	`+ value = module.app_dbs.databases`
	`3`	`+}`
	`4`	`+`
`1`	`5`	`output "database_access" {`
`2`	`6`	`value = module.app_dbs.database_access`
`3`	`7`	`}`
Original file line number	Diff line number	Diff line change
`@@ -40,6 +40,7 @@ variable "databases" {`
`40`	`40`	`name = string`
`41`	`41`	`connection_limit = number`
`42`	`42`	`}))`
	`43`	`+ default = []`
`43`	`44`	`}`
`44`	`45`
`45`	`46`
`@@ -104,5 +105,6 @@ variable "roles" {`
`104`	`105`	`privileges = list(string)`
`105`	`106`	`}))`
`106`	`107`	`}))`
	`108`	`+ default = []`
`107`	`109`	`description = "List of static postgres roles to create and related permissions. These are for applications that use static credentials and don't use IAM DB Auth. See defaults: https://registry.terraform.io/providers/cyrilgdn/postgresql/latest/docs/resources/postgresql_role"`
`108`	`110`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,7 @@`
	`1`	`+output "databases" {`
	`2`	`+ value = postgresql_database.logical_db`
	`3`	`+}`
	`4`	`+`
`1`	`5`	`output "database_access" {`
`2`	`6`	`value = postgresql_grant.database_access`
`3`	`7`	`}`