masterpointio
diff --git a/‎.github/workflows/notion-sync.yaml
Lines changed: 0 additions & 30 deletions b/‎.github/workflows/notion-sync.yaml
Lines changed: 0 additions & 30 deletions
diff --git a/‎.github/workflows/test.yaml
Lines changed: 45 additions & 0 deletions b/‎.github/workflows/test.yaml
Lines changed: 45 additions & 0 deletions
diff --git a/‎.gitignore
Lines changed: 3 additions & 0 deletions b/‎.gitignore
Lines changed: 3 additions & 0 deletions
diff --git a/‎.terraform-docs.yaml
Lines changed: 3 additions & 3 deletions b/‎.terraform-docs.yaml
Lines changed: 3 additions & 3 deletions
diff --git a/‎CHANGELOG.md
Lines changed: 0 additions & 35 deletions b/‎CHANGELOG.md
Lines changed: 0 additions & 35 deletions
diff --git a/‎README.md
Lines changed: 194 additions & 17 deletions b/‎README.md
Lines changed: 194 additions & 17 deletions
diff --git a/‎aqua.yaml
Lines changed: 1 addition & 1 deletion b/‎aqua.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎examples/complete/README.md
Lines changed: 36 additions & 0 deletions b/‎examples/complete/README.md
Lines changed: 36 additions & 0 deletions
diff --git a/‎examples/complete/fixtures.tfvars
Lines changed: 103 additions & 0 deletions b/‎examples/complete/fixtures.tfvars
Lines changed: 103 additions & 0 deletions
diff --git a/‎examples/complete/main.tf
Lines changed: 8 additions & 1 deletion b/‎examples/complete/main.tf
Lines changed: 8 additions & 1 deletion
@@ -0,0 +1,45 @@
+name: TF Test
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+permissions:
+  actions: read
+  checks: write
+  contents: read
+  id-token: write
+  pull-requests: read
+
+jobs:
+  tf-test:
+    name: ${{ matrix.tf }} Test
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        tf: [tofu, terraform]
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Aqua Cache
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        if: ${{ !github.event.act }} # Don't enable the cache step if we're using act for testing
+        with:
+          path: ~/.local/share/aquaproj-aqua
+          key: v1-aqua-installer-${{runner.os}}-${{runner.arch}}-${{hashFiles('aqua.yaml')}}
+          restore-keys: |
+            v1-aqua-installer-${{runner.os}}-${{runner.arch}}-
+
+      - name: Install Aqua
+        uses: aquaproj/aqua-installer@5e54e5cee8a95ee2ce7c04cb993da6dfad13e59c # v3.2.1
+        with:
+          aqua_version: v2.48.1
+
+      - name: Aqua Install
+        shell: bash
+        run: aqua install --tags ${{ matrix.tf }}
+
+      - run: ${{ matrix.tf }} init
+      - run: ${{ matrix.tf }} test
@@ -9,6 +9,9 @@
 # Local .terraform directories
 **/.terraform/*
 
+# Terraform lock file
+.terraform.lock.hcl
+
 # IDE/Editor settings
 **/.idea
 **/*.iml
 
@@ -1,12 +1,12 @@
-version: 0.19.0
+version: 0.20.0
 formatter: markdown table
 
 recursive:
-  enabled: true
-  include-main: false
+  enabled: false
 
 settings:
   lockfile: false
+  path: .
 
 output:
   file: README.md
 
@@ -1,36 +1 @@
 # Changelog
-
-## [0.4.0](https://github.com/masterpointio/terraform-module-template/compare/v0.3.0...v0.4.0) (2025-04-16)
-
-
-### Features
-
-* setup connection to notion db ([#21](https://github.com/masterpointio/terraform-module-template/issues/21)) ([857df50](https://github.com/masterpointio/terraform-module-template/commit/857df5042fbde3d3e9ffbfc964eae9f7a7927cb0))
-
-## [0.3.0](https://github.com/masterpointio/terraform-module-template/compare/v0.2.0...v0.3.0) (2025-04-10)
-
-
-### Features
-
-* actualize README template ([#15](https://github.com/masterpointio/terraform-module-template/issues/15)) ([5d8de5f](https://github.com/masterpointio/terraform-module-template/commit/5d8de5fcf98b255ed65201b1ab2036ebf92ca138))
-* **renovate:** enables renovate terraform manager ([#18](https://github.com/masterpointio/terraform-module-template/issues/18)) ([e45f5ac](https://github.com/masterpointio/terraform-module-template/commit/e45f5acf08195f45ac9d4fe23447c600230ba4b4))
-
-
-### Bug Fixes
-
-* **renovate:** schedule update ([#20](https://github.com/masterpointio/terraform-module-template/issues/20)) ([62d7e24](https://github.com/masterpointio/terraform-module-template/commit/62d7e24aa39312565c894525ef5c0ebb1053eb74))
-
-## [0.2.0](https://github.com/masterpointio/terraform-module-template/compare/v0.1.1...v0.2.0) (2024-11-14)
-
-
-### Features
-
-* adds GH + CRabbit configs ([d86d463](https://github.com/masterpointio/terraform-module-template/commit/d86d463385d501db5465b02de13d60c925b5815d))
-
-## [0.1.1](https://github.com/masterpointio/terraform-module-template/compare/0.1.0...v0.1.1) (2024-08-15)
-
-
-### Bug Fixes
-
-* remove markdown trailing whitespace ([d609646](https://github.com/masterpointio/terraform-module-template/commit/d6096463b916eb536603d4ca3b2f3315e3fec9f2))
-* removes redundant editorconfig settings ([bbe0050](https://github.com/masterpointio/terraform-module-template/commit/bbe0050450cece8074f3d9ff5c3bd72ff01d8a1b))
@@ -10,6 +10,6 @@ registries:
   - type: standard
     ref: v4.210.0 # renovate: depName=aquaproj/aqua-registry
 packages:
-  - name: terraform-docs/terraform-docs@v0.19.0
+  - name: terraform-docs/terraform-docs@v0.20.0
   - name: hashicorp/terraform@v1.9.3
   - name: opentofu/opentofu@v1.8.0
@@ -0,0 +1,36 @@
+# Example: Complete Setup
+
+This example demonstrates how to set up the Terraform Postgres Automation.
+
+It includes configurations for both an application role and a read-only role.
+
+## Prerequisites
+
+- Terraform installed on your local machine.
+- Access to a PostgreSQL instance where you can apply these configurations.
+
+## Usage
+
+1. Clone the repository and navigate to the `examples/complete` directory.
+2. Review and update the `fixtures.tfvars` file with your specific configuration details.
+3. Run the following Terraform commands to apply the configuration:
+
+   ```bash
+   terraform init
+   terraform plan -var-file="fixtures.tfvars"
+   terraform apply -var-file="fixtures.tfvars"
+   ```
+
+## Roles and Permissions
+
+The `fixtures.tfvars` file defines two roles:
+
+- **system_user**: This role is intended for application use with the following permissions:
+
+  - Can log in and is not a superuser.
+  - Has all privileges on tables and sequences in the `app` database.
+  - Can use and create within the `public` schema.
+
+- **readonly_user**: This role is intended for read-only access with the following permissions:
+  - Can log in and is not a superuser.
+  - Has `SELECT` privileges on tables and `USAGE`, `SELECT` on sequences in the `app` database.
@@ -0,0 +1,103 @@
+# complete/fixtures.tfvars
+
+# postgres shell command to create this user:
+# CREATE ROLE admin_user LOGIN CREATEDB PASSWORD 'insecure-pass-for-demo-admin-user';
+db_username = "admin_user"
+
+db_password  = "insecure-pass-for-demo-admin-user"
+db_scheme    = "postgres"
+db_hostname  = "localhost"
+db_port      = 5432
+db_superuser = false
+db_sslmode   = "disable"
+
+databases = [
+  {
+    name             = "app"
+    connection_limit = 10
+  }
+]
+
+roles = [
+  {
+    role = {
+      name      = "system_user"
+      login     = true
+      superuser = false
+      password  = "insecure-pass-for-demo-system-user"
+    }
+
+    table_grants = {
+      role        = "system_user"
+      database    = "app"
+      schema      = "public"
+      object_type = "table"
+      objects     = [] # empty list to grant all tables
+      privileges  = ["ALL"]
+    }
+
+    schema_grants = {
+      role        = "system_user"
+      database    = "app"
+      schema      = "public"
+      object_type = "schema"
+      privileges  = ["USAGE", "CREATE"]
+    }
+
+    sequence_grants = {
+      role        = "system_user"
+      database    = "app"
+      schema      = "public"
+      object_type = "sequence"
+      objects     = [] # empty list to grant all sequences
+      privileges  = ["ALL"]
+    }
+  },
+  {
+    role = {
+      name      = "readonly_user"
+      login     = true
+      password  = "insecure-pass-for-demo-readonly-user"
+      superuser = false
+    }
+
+    table_grants = {
+      role        = "readonly_user"
+      database    = "app"
+      schema      = "public"
+      object_type = "table"
+      objects     = [] # empty list to grant all tables
+      privileges  = ["SELECT"]
+    }
+
+    sequence_grants = {
+      role        = "readonly_user"
+      database    = "app"
+      schema      = "public"
+      object_type = "sequence"
+      objects     = [] # empty list to grant all sequences
+      privileges  = ["USAGE", "SELECT"]
+    }
+
+    default_privileges = [
+      {
+        role        = "readonly_user"
+        database    = "app"
+        schema      = "public"
+        owner       = "system_user"
+        object_type = "table"
+        objects     = [] # empty list to grant all tables
+        privileges  = ["SELECT"]
+      },
+      {
+        role        = "readonly_user"
+        database    = "app"
+        schema      = "public"
+        owner       = "system_user"
+        object_type = "sequence"
+        objects     = [] # empty list to grant all sequences
+        privileges  = ["USAGE", "SELECT"]
+      },
+    ]
+  }
+]
@@ -1 +1,8 @@
-# complete.tf
+# complete/main.tf
+
+module "postgres_automation" {
+  source = "../../"
+
+  databases = var.databases
+  roles     = var.roles
+}