From 40e8e5e8cbb2da7d3fa507738158fcabc1e83548 Mon Sep 17 00:00:00 2001
From: hcornet <hcornet@tips-of-mine.fr>
Date: Sat, 18 Jan 2025 20:03:24 +0100
Subject: [PATCH] first sync

---
 .gitignore       |  1 +
 databasas.tf     |  0
 databases.tf     | 22 ++++++++++++++++++++++
 google-secret.tf | 14 ++++++++++++++
 instances.tf     |  0
 outputs.tf       |  4 ++++
 provider.tf      | 17 +++++++++++++++++
 user.tf          | 17 +++++++++++++++++
 variables.tf     | 26 ++++++++++++++++++++++++++
 vault-secret.tf  |  5 +++++
 10 files changed, 106 insertions(+)
 delete mode 100644 databasas.tf
 create mode 100644 databases.tf
 create mode 100644 google-secret.tf
 delete mode 100644 instances.tf
 create mode 100644 user.tf
 create mode 100644 vault-secret.tf

diff --git a/.gitignore b/.gitignore
index 1bce381..58f4bb3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -32,6 +32,7 @@ crash.*.log
 
 # Ignore transient lock info files created by terraform apply
 .terraform.tfstate.lock.info
+.terraform.lock.hcl
 
 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
 *tfplan*
diff --git a/databasas.tf b/databasas.tf
deleted file mode 100644
index e69de29..0000000
diff --git a/databases.tf b/databases.tf
new file mode 100644
index 0000000..f64fad9
--- /dev/null
+++ b/databases.tf
@@ -0,0 +1,22 @@
+# create a database server instance
+resource "google_sql_database_instance" "this" {
+  name             = var.instance_name
+  database_version = "POSTGRES_15"
+
+  region = var.region
+
+  settings {
+    tier            = var.database_tier
+    disk_size       = 20
+    disk_autoresize = true
+    backup_configuration {
+      enabled = true
+    }
+  }
+}
+
+# create a database inside the instance
+resource "google_sql_database" "this" {
+  instance = google_sql_database_instance.this.id
+  name     = var.database_name
+}
diff --git a/google-secret.tf b/google-secret.tf
new file mode 100644
index 0000000..c5b1fe8
--- /dev/null
+++ b/google-secret.tf
@@ -0,0 +1,14 @@
+# create a secret in secret manager to store database credentials
+resource "google_secret_manager_secret" "this" {
+  secret_id = "${var.instance_name}/${var.database_name}"
+
+  replication {
+    auto {}
+  }
+}
+
+# store the password in the secret
+resource "google_secret_manager_secret_version" "this" {
+  secret      = google_secret_manager_secret.this.id
+  secret_data = jsonencode(local.database_access)
+}
diff --git a/instances.tf b/instances.tf
deleted file mode 100644
index e69de29..0000000
diff --git a/outputs.tf b/outputs.tf
index e69de29..69fd4ea 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -0,0 +1,4 @@
+output "database_dns_name" {
+  description = "the DNS name of the instance"
+  value       = google_sql_database_instance.this.dns_name
+}
diff --git a/provider.tf b/provider.tf
index e69de29..0279feb 100644
--- a/provider.tf
+++ b/provider.tf
@@ -0,0 +1,17 @@
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 5.34.0"
+    }
+    vault = {
+      source  = "hashicorp/vault"
+      version = ">= 4"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 3"
+    }
+  }
+  required_version = "> 1.7.5"
+}
diff --git a/user.tf b/user.tf
new file mode 100644
index 0000000..927e70d
--- /dev/null
+++ b/user.tf
@@ -0,0 +1,17 @@
+locals {
+  database_access = {
+    database_host = google_sql_database_instance.this.ip_address[0].ip_address
+    username      = google_sql_user.user.name
+    password      = google_sql_user.user.password
+  }
+}
+
+resource "random_password" "user_password" {
+  length = 12
+}
+
+resource "google_sql_user" "user" {
+  instance = google_sql_database_instance.this.id
+  name     = var.database_user_name
+  password = random_password.user_password.result
+}
diff --git a/variables.tf b/variables.tf
index e69de29..21e2737 100644
--- a/variables.tf
+++ b/variables.tf
@@ -0,0 +1,26 @@
+variable "instance_name" {
+  description = "the name of the database instance to create"
+  type        = string
+}
+
+variable "region" {
+  description = "the GCP region to deploy the database to"
+  type        = string
+  default     = "europe-west1"
+}
+
+variable "database_tier" {
+  description = "the database tier to use"
+  type        = string
+  default     = "db-f1-micro"
+}
+
+variable "database_name" {
+  description = "the name of the database to create in the instance"
+  type        = string
+}
+
+variable "database_user_name" {
+  description = "the name of the database user to create"
+  type        = string
+}
\ No newline at end of file
diff --git a/vault-secret.tf b/vault-secret.tf
new file mode 100644
index 0000000..b58dbf7
--- /dev/null
+++ b/vault-secret.tf
@@ -0,0 +1,5 @@
+resource "vault_kv_secret_v2" "this" {
+  mount     = "secret"
+  name      = "${var.instance_name}/${var.database_name}"
+  data_json = jsonencode(local.database_access)
+}