infra/main: clean up database_users output

This commit is contained in:
ryan-distrust.co 2023-05-12 00:45:49 -04:00
parent de97ffef10
commit 58f9f507de
Signed by untrusted user who does not match committer: ryan
GPG Key ID: 8E401478A3FBEF72
1 changed files with 23 additions and 4 deletions

View File

@ -57,10 +57,29 @@ module "digitalocean_database_cluster" {
digitalocean_region = var.region digitalocean_region = var.region
} }
# TODO: make it output a Kubernetes Secret in env var format, can be piped into # `jq .database_users.value.forgejo | sops --encrypt`
# `jq .database_users.value.forgejo | sops --encrypt` for nice secret gen
# Ref: https://github.com/RyanSquared/gitops/blob/b8305292f215f6fe0bed170550b9b869302ab9e2/environments/production/kustomizations/forgejo/forgejo-config.enc.yaml
output "database_users" { output "database_users" {
value = module.digitalocean_database_cluster.database_users value = {
for db_user in module.digitalocean_database_cluster.database_users:
db_user.name => {
apiVersion = "v1",
kind = "Secret",
metadata = {
name = "database-configuration",
},
stringData = {
name = db_user.name,
dbname = db_user.name,
host = module.digitalocean_database_cluster.database_cluster.private_host,
port = module.digitalocean_database_cluster.database_cluster.port,
password = db_user.password,
}
}
}
sensitive = true
}
output "database" {
value = module.digitalocean_database_cluster.database_cluster
sensitive = true sensitive = true
} }