infra/main: clean up database_users output
This commit is contained in:
parent
de97ffef10
commit
58f9f507de
|
@ -57,10 +57,29 @@ module "digitalocean_database_cluster" {
|
|||
digitalocean_region = var.region
|
||||
}
|
||||
|
||||
# TODO: make it output a Kubernetes Secret in env var format, can be piped into
|
||||
# `jq .database_users.value.forgejo | sops --encrypt` for nice secret gen
|
||||
# Ref: https://github.com/RyanSquared/gitops/blob/b8305292f215f6fe0bed170550b9b869302ab9e2/environments/production/kustomizations/forgejo/forgejo-config.enc.yaml
|
||||
# `jq .database_users.value.forgejo | sops --encrypt`
|
||||
output "database_users" {
|
||||
value = module.digitalocean_database_cluster.database_users
|
||||
value = {
|
||||
for db_user in module.digitalocean_database_cluster.database_users:
|
||||
db_user.name => {
|
||||
apiVersion = "v1",
|
||||
kind = "Secret",
|
||||
metadata = {
|
||||
name = "database-configuration",
|
||||
},
|
||||
stringData = {
|
||||
name = db_user.name,
|
||||
dbname = db_user.name,
|
||||
host = module.digitalocean_database_cluster.database_cluster.private_host,
|
||||
port = module.digitalocean_database_cluster.database_cluster.port,
|
||||
password = db_user.password,
|
||||
}
|
||||
}
|
||||
}
|
||||
sensitive = true
|
||||
}
|
||||
|
||||
output "database" {
|
||||
value = module.digitalocean_database_cluster.database_cluster
|
||||
sensitive = true
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue