[IVYNET-90] - Add DB for Postgres (#7)

Main changes:
    New module for postgres DB
    Adjustment in backend and network (extra outputs + some cleanup)

New tags:

    network-3
    backend-2
    postgres-1

.pre-commit-config.yaml

@@ -36,3 +36,6 @@ repos:
       - id: terraform-docs-go
         name: tfdocs - network module
         args: ["network"]
+      - id: terraform-docs-go
+        name: tfdocs - postgres/DB module
+        args: ["postgres"]

README.md

@@ -6,6 +6,7 @@ Modules for Open Tofu (Terraform)
 - backend - vm for the backend
 - dns_zone - dns zone in GCP
 - lb - Load Balancer for Backend
+- postgres - DB for Postgres
 - network - a GCP network (for backend)
 
 

backend/README.md

@@ -3,6 +3,7 @@
 This module a backend VM and instance group based on it.
 
 # Versions
+- backend-2 - rename size/type variable
 - backend-1 - initial backend vm
 
 # TF Docs
@@ -15,7 +16,7 @@ No requirements.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | 6.6.0 |
+| <a name="provider_google"></a> [google](#provider\_google) | 6.7.0 |
 
 ## Modules
 
@@ -44,7 +45,7 @@ No modules.
 | <a name="input_project"></a> [project](#input\_project) | Name of the GCP project | `string` | `"ivynet-tests"` | no |
 | <a name="input_region"></a> [region](#input\_region) | Name of the region | `string` | `"us-central1"` | no |
 | <a name="input_region_zone"></a> [region\_zone](#input\_region\_zone) | Letter for the zone (by default based on the region) | `string` | `"c"` | no |
-| <a name="input_vm-type"></a> [vm-type](#input\_vm-type) | VM size/type | `string` | `"n2-standard-2"` | no |
+| <a name="input_vm-size"></a> [vm-size](#input\_vm-size) | VM size/type | `string` | `"n2-standard-2"` | no |
 
 ## Outputs
 

backend/main.tf

@@ -14,7 +14,7 @@ resource "google_compute_instance" "this" {
     creator = "terraform"
     area    = "backend"
   }
-  machine_type = var.vm-type
+  machine_type = var.vm-size
   network_interface {
     network    = var.network-id
     subnetwork = var.network-subnet-id

backend/variables.tf

@@ -41,7 +41,7 @@ variable "region_zone" {
   type        = string
 }
 
-variable "vm-type" {
+variable "vm-size" {
   default     = "n2-standard-2"
   description = "VM size/type"
   type        = string

dns_zone/README.md

@@ -15,7 +15,7 @@ No requirements.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | 6.6.0 |
+| <a name="provider_google"></a> [google](#provider\_google) | 6.7.0 |
 
 ## Modules
 

lb/README.md

@@ -7,7 +7,7 @@ No requirements.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | 6.6.0 |
+| <a name="provider_google"></a> [google](#provider\_google) | 6.7.0 |
 
 ## Modules
 

network/README.md

@@ -5,6 +5,7 @@ It 'hardcoded' for limited number of usages.
 At the moment it's only a network for the backend.
 
 # Versions
+- network-3 - extra output for DB/PG
 - network-2 - add outputs; reorg project & region vars setup
 - network-1 - initial network, only for backend
 
@@ -18,7 +19,7 @@ No requirements.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | 6.6.0 |
+| <a name="provider_google"></a> [google](#provider\_google) | 6.7.0 |
 
 ## Modules
 
@@ -46,6 +47,8 @@ No modules.
 | Name | Description |
 |------|-------------|
 | <a name="output_network-id"></a> [network-id](#output\_network-id) | ID of the network |
+| <a name="output_network-link"></a> [network-link](#output\_network-link) | Network self-link |
+| <a name="output_network-name"></a> [network-name](#output\_network-name) | Network name |
 | <a name="output_subnet-cidr-proxy"></a> [subnet-cidr-proxy](#output\_subnet-cidr-proxy) | CIDR of the proxy subnet |
 | <a name="output_subnet-id-backend"></a> [subnet-id-backend](#output\_subnet-id-backend) | ID of the backend subnet |
 | <a name="output_subnet-id-proxy"></a> [subnet-id-proxy](#output\_subnet-id-proxy) | ID of the proxy subnet |

network/outputs.tf

@@ -3,6 +3,16 @@ output "network-id" {
   value       = google_compute_network.this.id
 }
 
+output "network-link" {
+  description = "Network self-link"
+  value       = google_compute_network.this.self_link
+}
+
+output "network-name" {
+  description = "Network name"
+  value       = google_compute_network.this.name
+}
+
 output "subnet-cidr-proxy" {
   description = "CIDR of the proxy subnet"
   value       = google_compute_subnetwork.backend.ip_cidr_range

postgres/README.md

@@ -0,0 +1,55 @@
+# Overview
+
+This module provides a DB (Postgres) mostly for backend.
+
+# Versions
+- postgres-1 - basic module for backend
+
+# TF Docs
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_google"></a> [google](#provider\_google) | 6.7.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [google_compute_global_address.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_global_address) | resource |
+| [google_compute_network_peering_routes_config.peering_routes](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_network_peering_routes_config) | resource |
+| [google_service_networking_connection.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_networking_connection) | resource |
+| [google_sql_database.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_database) | resource |
+| [google_sql_database_instance.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_database_instance) | resource |
+| [google_sql_user.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_user) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_db-size"></a> [db-size](#input\_db-size) | DB size/type | `string` | `"db-f1-micro"` | no |
+| <a name="input_db-version"></a> [db-version](#input\_db-version) | DB type and version (e.g. POSTGRES\_14) | `string` | `"POSTGRES_14"` | no |
+| <a name="input_deletion-protection"></a> [deletion-protection](#input\_deletion-protection) | Delete protection of DB | `bool` | `true` | no |
+| <a name="input_name"></a> [name](#input\_name) | Name of the DB | `string` | n/a | yes |
+| <a name="input_network-id"></a> [network-id](#input\_network-id) | ID of the network | `string` | n/a | yes |
+| <a name="input_network-name"></a> [network-name](#input\_network-name) | Name for the network | `string` | n/a | yes |
+| <a name="input_password"></a> [password](#input\_password) | Password for the postgres user | `string` | `"ivy5TAYSthe5AME"` | no |
+| <a name="input_private-network"></a> [private-network](#input\_private-network) | Switch to connect to a private network | `bool` | `true` | no |
+| <a name="input_project"></a> [project](#input\_project) | Name of the GCP project | `string` | `"ivynet-tests"` | no |
+| <a name="input_region"></a> [region](#input\_region) | Name of the region | `string` | `"us-central1"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_ip"></a> [ip](#output\_ip) | DB IP address |
+<!-- END_TF_DOCS -->

postgres/main.tf

@@ -0,0 +1,33 @@
+resource "google_sql_database" "this" {
+  name            = var.name
+  deletion_policy = "ABANDON"
+  instance        = google_sql_database_instance.this.name
+  project         = var.project
+}
+
+resource "google_sql_database_instance" "this" {
+  name                = var.name
+  database_version    = var.db-version
+  deletion_protection = var.deletion-protection
+  project             = var.project
+  region              = var.region
+  settings {
+    tier = var.db-size
+    dynamic "ip_configuration" {
+      for_each = var.private-network ? [1] : []
+      content {
+        ipv4_enabled    = false
+        private_network = var.network-id
+      }
+    }
+  }
+  depends_on = [google_service_networking_connection.this]
+}
+
+resource "google_sql_user" "this" {
+  name     = "postgres"
+  instance = google_sql_database_instance.this.name
+  host     = ""
+  password = var.password
+  project  = var.project
+}

postgres/network.tf

@@ -0,0 +1,25 @@
+resource "google_compute_global_address" "this" {
+  count         = var.private-network ? 1 : 0
+  name          = "${var.name}-private-ip-address"
+  address_type  = "INTERNAL"
+  network       = var.network-id
+  prefix_length = 16
+  project       = var.project
+  purpose       = "VPC_PEERING"
+}
+
+resource "google_service_networking_connection" "this" {
+  count                   = var.private-network ? 1 : 0
+  network                 = var.network-id
+  reserved_peering_ranges = [google_compute_global_address.this[0].name]
+  service                 = "servicenetworking.googleapis.com"
+}
+
+resource "google_compute_network_peering_routes_config" "peering_routes" {
+  count                = var.private-network ? 1 : 0
+  peering              = google_service_networking_connection.this[0].peering
+  project              = var.project
+  network              = var.network-name
+  import_custom_routes = true
+  export_custom_routes = true
+}

postgres/outputs.tf

@@ -0,0 +1,4 @@
+output "ip" {
+  description = "DB IP address"
+  value       = google_sql_database_instance.this.ip_address.0.ip_address
+}

postgres/tests/main.tftest.hcl

@@ -0,0 +1,58 @@
+provider "google" {}
+
+run "setup_plan" {
+  command = plan
+  module {
+    source = "./tests/setup"
+  }
+}
+
+run "setup" {
+  module {
+    source = "./tests/setup"
+  }
+}
+
+
+run "plan_not_net" {
+  command = plan
+  variables {
+    name            = "test"
+    network-id      = run.setup.net-id
+    network-name    = run.setup.net-name
+    private-network = false
+  }
+}
+
+run "plan_full" {
+  command = plan
+  variables {
+    name         = "test"
+    network-id   = run.setup.net-id
+    network-name = run.setup.net-name
+  }
+}
+
+run "apply_simple" {
+  command = apply
+  variables {
+    name                = "test"
+    deletion-protection = false
+    db-size             = "db-g1-small"
+    db-version          = "POSTGRES_15"
+    network-id          = run.setup.net-id
+    network-name        = run.setup.net-name
+    private-network     = false
+  }
+}
+
+run "apply_private" {
+  command = apply
+  variables {
+    name                = "test2"
+    deletion-protection = false
+    network-id          = run.setup.net-id
+    network-name        = run.setup.net-name
+    private-network     = true
+  }
+}

postgres/tests/setup/main.tf

@@ -0,0 +1,32 @@
+module "network" {
+  source = "../../../network"
+  name   = "test44"
+}
+
+module "vm" {
+  source             = "../../../backend"
+  name               = "test44"
+  network-id         = module.network.network-id
+  network-subnet-id  = module.network.subnet-id-backend
+  network-proxy-cidr = module.network.subnet-cidr-proxy
+}
+
+output "back-id" {
+  value = module.network.subnet-id-backend
+}
+
+output "backend-id" {
+  value = module.vm.backend-group-id
+}
+
+output "net-id" {
+  value = module.network.network-id
+}
+
+output "net-name" {
+  value = module.network.network-name
+}
+
+output "net-link" {
+  value = module.network.network-link
+}

postgres/variables.tf

@@ -0,0 +1,56 @@
+variable "db-size" {
+  default     = "db-f1-micro"
+  description = "DB size/type"
+  type        = string
+}
+
+variable "db-version" {
+  default     = "POSTGRES_14"
+  description = "DB type and version (e.g. POSTGRES_14)"
+  type        = string
+}
+variable "deletion-protection" {
+  default     = true
+  description = "Delete protection of DB"
+  type        = bool
+}
+
+variable "name" {
+  description = "Name of the DB"
+  type        = string
+}
+
+variable "network-id" {
+  description = "ID of the network"
+  type        = string
+}
+
+variable "network-name" {
+  description = "Name for the network"
+  type        = string
+}
+
+variable "password" {
+  default     = "ivy5TAYSthe5AME"
+  description = "Password for the postgres user"
+  type        = string
+  sensitive   = true
+}
+
+variable "project" {
+  default     = "ivynet-tests"
+  description = "Name of the GCP project"
+  type        = string
+}
+
+variable "private-network" {
+  default     = true
+  description = "Switch to connect to a private network"
+  type        = bool
+}
+
+variable "region" {
+  default     = "us-central1"
+  description = "Name of the region"
+  type        = string
+}

update-providers.zsh

@@ -0,0 +1,6 @@
+#!/usr/bin/env zsh
+#
+# Simple loop to upgrade providers in each directory,
+# and then update README files
+
+for i (*(/)) {(cd postgres; tofu init -upgrade); terraform-docs postgres}