diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5a224ad --- /dev/null +++ b/.gitignore @@ -0,0 +1,39 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# .tfvars files +*.tfvars + +# Crash log files +crash.log + +# Ignore any .tfvars files that are generated automatically for each Terraform run. Most +# .tfvars files are managed as part of configuration and so should be included in +# version control. +# +# example.tfvars + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Include override files you do wish to add to version control using negated pattern +# +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* +*.tfplan + +# Exclude any generated kubeconfig_* files +kubeconfig_* + +# Exclude any Sonatype License files +*.lic \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..c148024 --- /dev/null +++ b/README.md @@ -0,0 +1,18 @@ +# Terraform Module: Sonatype IQ Server + +This repository contains a Terraform Module that will deploy an Active-Active Cluster of Sonatype IQ Server. + +It has some pre-requisites: +- You have already got a PostgreSQL service available, know where it is and have ADMIN access to it +- You have a valid Sonatype license file for Sonatype IQ Server (Lifecycle of Firewall) + +An exmaple using this module can be found in [tools-nxiq-ha-cluster](https://github.com/vendorcorp/tools-nxiq-ha-cluster). + +# The Fine Print + +At the time of writing I work for Sonatype, and it is worth nothing that this is **NOT SUPPORTED** bu Sonatype - it is purely a contribution to the open source community (read: you!). + +Remember: +- Use this contribution at the risk tolerance that you have +- Do NOT file Sonatype support tickets related to cheque support in regard to this project +- DO file issues here on GitHub, so that the community can pitch in \ No newline at end of file diff --git a/locals.tf b/locals.tf new file mode 100644 index 0000000..6af63b1 --- /dev/null +++ b/locals.tf @@ -0,0 +1,26 @@ +# -------------------------------------------------------------------------- +# +# Copyright 2023-Present Sonatype Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# -------------------------------------------------------------------------- + +resource "random_string" "pgsql_user_password" { + length = 16 + special = false +} + +locals { + pgsql_user_password = random_string.pgsql_user_password.result +} diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..c082193 --- /dev/null +++ b/main.tf @@ -0,0 +1,65 @@ +# -------------------------------------------------------------------------- +# +# Copyright 2023-Present Sonatype Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# -------------------------------------------------------------------------- + +# -------------------------------------------------------------------------- +# Require a minimum version of Terraform and Providers +# -------------------------------------------------------------------------- +terraform { + required_version = ">= 1.0.11" + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.6.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = ">= 2.19.0" + } + postgresql = { + source = "cyrilgdn/postgresql" + version = ">= 1.15.0" + } + } +} + +# -------------------------------------------------------------------------- +# Deploy NXRM HA Cluster +# -------------------------------------------------------------------------- +module "nxrm_pg_database" { + source = "./modules/nxrm-pg-db" + + pg_hostname = var.pg_hostname + pg_port = var.pg_port + pg_admin_username = var.pg_admin_username + pg_admin_password = var.pg_admin_password +} + +module "nxrm_ha_cluster" { + source = "./modules/nxrm-ha-cluster" + + default_resource_tags = var.default_resource_tags + nxrm_name = var.nxrm_name + nxrm_license_file = var.nxrm_license_file + nxrm_version = var.nxrm_version + replica_count = var.replica_count + db_hostname = var.pg_hostname + db_port = var.pg_port + db_username = module.nxrm_pg_database.nxrm_db_username + db_password = module.nxrm_pg_database.nxrm_db_password + db_database = module.nxrm_pg_database.nxrm_db_database +} diff --git a/modules/nxiq-ha-cluster/locals.tf b/modules/nxiq-ha-cluster/locals.tf new file mode 100644 index 0000000..6975682 --- /dev/null +++ b/modules/nxiq-ha-cluster/locals.tf @@ -0,0 +1,26 @@ +# -------------------------------------------------------------------------- +# +# Copyright 2023-Present Sonatype Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# -------------------------------------------------------------------------- + +resource "random_string" "nxiq_suffix" { + length = 12 + special = false +} + +locals { + namespace = "nxiq-${lower(random_string.nxiq_suffix.result)}" +} diff --git a/modules/nxiq-ha-cluster/main.tf b/modules/nxiq-ha-cluster/main.tf new file mode 100644 index 0000000..922a7be --- /dev/null +++ b/modules/nxiq-ha-cluster/main.tf @@ -0,0 +1,239 @@ +# -------------------------------------------------------------------------- +# +# Copyright 2023-Present Sonatype Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# -------------------------------------------------------------------------- + +# -------------------------------------------------------------------------- +# Require a minimum version of Terraform and Providers +# -------------------------------------------------------------------------- +terraform { + required_version = ">= 1.0.11" + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.6.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = ">= 2.19.0" + } + } +} + +# -------------------------------------------------------------------------- +# Create k8s Namespace +# -------------------------------------------------------------------------- +resource "kubernetes_namespace" "nxiq" { + metadata { + name = local.namespace + annotations = { + "nxiq_purpose" = "${var.nxiq_name}" + } + } +} + +# -------------------------------------------------------------------------- +# Create k8s Secrets +# -------------------------------------------------------------------------- +resource "kubernetes_secret" "nxiq" { + metadata { + name = "nxiq-secrets" + namespace = local.namespace + annotations = { + "nxiq_purpose" = "${var.nxiq_name}" + } + } + + binary_data = { + "license.lic" = filebase64("${var.nxiq_license_file}") + } + + data = { + "db_password" = var.db_password + } + + type = "Opaque" +} + +# -------------------------------------------------------------------------- +# Create k8s PVC +# -------------------------------------------------------------------------- +resource "kubernetes_persistent_volume_claim" "nxiq" { + metadata { + name = "nxiq-pvc" + namespace = var.target_namespace + } + spec { + access_modes = ["ReadWriteMany"] + storage_class_name = "efs-fs" + resources { + requests = { + storage = "25Gi" + } + } + } +} + +# -------------------------------------------------------------------------- +# Create k8s Deployment +# -------------------------------------------------------------------------- +resource "kubernetes_deployment" "nxiq" { + metadata { + name = "nxiq-ha-${var.nxiq_name}" + namespace = local.namespace + labels = { + app = "nxiq-ha" + } + } + spec { + replicas = var.replica_count + + selector { + match_labels = { + app = "nxiq-ha" + } + } + + template { + metadata { + labels = { + app = "nxiq-ha" + } + } + + spec { + node_selector = { + instancegroup = "shared" + } + + init_container { + name = "chown-nexusdata-owner-to-nexus-and-init-log-dir" + image = "busybox:1.33.1" + command = ["/bin/sh"] + args = [ + "-c", + ">- chown -R '1000:1000' /sonatype-work" + ] + } + + container { + image = "sonatype/nexus-iq-server:${var.nxiq_version}" + name = "nxiq-app" + image_pull_policy = "IfNotPresent" + + env { + name = "NXIQ_DATABASE_HOSTNAME" + value = var.db_hostname + } + + env { + name = "NXIQ_DATABASE_NAME" + value = var.db_database + } + + env { + name = "NXIQ_DATABASE_PASSWORD" + value_from { + secret_key_ref { + name = "nxiq-secrets" + key = "db_password" + } + } + } + + env { + name = "NXIQ_DATABASE_PORT" + value = var.db_port + } + + env { + name = "NXIQ_DATABASE_USERNAME" + value = var.db_username + } + + # env { + # name = "NEXUS_SECURITY_RANDOMPASSWORD" + # value = false + # } + + # env { + # name = "INSTALL4J_ADD_VM_PARAMS" + # value = "-Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -Dnexus.licenseFile=/nxrm3-secrets/license.lic -Dnexus.datastore.enabled=true -Djava.util.prefs.userRoot=$${NEXUS_DATA}/javaprefs -Dnexus.datastore.nexus.jdbcUrl=jdbc:postgresql://$${DB_HOST}:$${DB_PORT}/$${DB_NAME} -Dnexus.datastore.nexus.username=$${DB_USER} -Dnexus.datastore.nexus.password=$${DB_PASSWORD} -Dnexus.datastore.clustered.enabled=true" + # } + + port { + container_port = 8070 + } + + security_context { + run_as_user = 1000 + } + + volume_mount { + mount_path = "/nxiq-secrets" + name = "nxiq-secrets" + } + + volume_mount { + mount_path = "/sonatype-work" + name = "nxiq-data" + } + } + + volume { + name = "nxiq-secrets" + secret { + secret_name = "nxiq-secrets" + } + } + + volume { + name = "nxiq-data" + persistent_volume_claim { + claim_name = "nxiq-data" + } + } + } + } + } +} + +# -------------------------------------------------------------------------- +# Create k8s Service +# -------------------------------------------------------------------------- +resource "kubernetes_service" "nxiq" { + metadata { + name = "nxiq-ha-${var.nxrm_name}-svc" + namespace = local.namespace + labels = { + app = "nxiq-ha" + } + } + spec { + selector = { + app = kubernetes_deployment.nxiq.metadata.0.labels.app + } + + port { + name = "http" + port = 8070 + target_port = 8070 + protocol = "TCP" + } + + type = "NodePort" + } +} diff --git a/modules/nxiq-ha-cluster/outputs.tf b/modules/nxiq-ha-cluster/outputs.tf new file mode 100644 index 0000000..eeaaea8 --- /dev/null +++ b/modules/nxiq-ha-cluster/outputs.tf @@ -0,0 +1,29 @@ +# -------------------------------------------------------------------------- +# +# Copyright 2023-Present Sonatype Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# -------------------------------------------------------------------------- + +output "nxiq_ha_k8s_namespace" { + value = local.namespace +} + +output "nxiq_ha_k8s_service_id" { + value = kubernetes_service.nxiq.id +} + +output "nxiq_ha_k8s_service_name" { + value = "nxiq3-ha-${var.nxiq_name}-svc" +} diff --git a/modules/nxiq-ha-cluster/variables.tf b/modules/nxiq-ha-cluster/variables.tf new file mode 100644 index 0000000..d0318e4 --- /dev/null +++ b/modules/nxiq-ha-cluster/variables.tf @@ -0,0 +1,93 @@ +# -------------------------------------------------------------------------- +# +# Copyright 2023-Present Sonatype Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# -------------------------------------------------------------------------- + +variable "default_resource_tags" { + description = "List of tags to apply to all resources created in AWS" + type = map(string) + default = {} +} + +variable "nxiq_name" { + description = "Helpful friendly name for this NXIQ Cluster (min 8 alpha characters)" + type = string + validation { + condition = length(regex("[[:alpha:]]{6,}", var.nxiq_name)) > 6 + error_message = "Name for this NXIQ must be 6 or more alpha characters." + } +} + +variable "nxiq_license_file" { + description = "Path to a valid Sonatype License file for Nexus Repository Manager Pro." + type = string + validation { + condition = length(var.nxiq_license_file) > 5 + error_message = "Name for this NXIQ must be 6 or more alpha characters." + } +} + +variable "nxiq_version" { + description = "Version of NXIQ to deploy." + type = string + default = "1.158.0" + validation { + condition = length(var.nxiq_version) > 5 + error_message = "Version must be supplied as X.Y.Z to match the Docker Image Tag." + } +} + +variable "replica_count" { + description = "Number of replicas to run in the Active-Active NXIQ HA Cluster." + type = number + default = 1 + validation { + condition = var.replica_count > 0 + error_message = "Replica Count must be greater than zero." + } +} + +variable "db_hostname" { + description = "The hostname where your PostgreSQL service is accessible at." + type = string + default = null +} + +variable "db_port" { + description = "The port where your PostgreSQL service is accessible at." + type = string + default = null +} + +variable "db_database" { + description = "Name of the Database inside PostgreSQL to use." + type = string + default = null +} + +variable "db_username" { + description = "Username for NXIQ to use to access PostgreSQL service." + type = string + default = null + sensitive = true +} + +variable "db_password" { + description = "Password for NXIQ to use to access PostgreSQL service." + type = string + default = null + sensitive = true +} diff --git a/modules/nxiq-pg-db/locals.tf b/modules/nxiq-pg-db/locals.tf new file mode 100644 index 0000000..f76c7df --- /dev/null +++ b/modules/nxiq-pg-db/locals.tf @@ -0,0 +1,33 @@ +# -------------------------------------------------------------------------- +# +# Copyright 2023-Present Sonatype Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# -------------------------------------------------------------------------- + +resource "random_string" "pg_suffix" { + length = 12 + special = false +} + +resource "random_string" "pg_user_password" { + length = 16 + special = false +} + +locals { + pg_database_name = "nxiq_${random_string.pg_suffix.result}" + pg_user_username = "nxiq_${random_string.pg_suffix.result}" + pg_user_password = random_string.pg_user_password.result +} diff --git a/modules/nxiq-pg-db/main.tf b/modules/nxiq-pg-db/main.tf new file mode 100644 index 0000000..c6823f2 --- /dev/null +++ b/modules/nxiq-pg-db/main.tf @@ -0,0 +1,58 @@ +# -------------------------------------------------------------------------- +# +# Copyright 2023-Present Sonatype Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# -------------------------------------------------------------------------- + +# -------------------------------------------------------------------------- +# Require a minimum version of Terraform and Providers +# -------------------------------------------------------------------------- +terraform { + required_version = ">= 1.0.11" + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.6.0" + } + postgresql = { + source = "cyrilgdn/postgresql" + version = ">= 1.15.0" + } + } +} + +# -------------------------------------------------------------------------- +# Create a unique database for NXIQ +# -------------------------------------------------------------------------- +resource "postgresql_role" "nxiq" { + name = local.pg_user_username + login = true + password = local.pg_user_password +} + +resource "postgresql_grant_role" "grant_root" { + role = var.pg_admin_username + grant_role = postgresql_role.nxiq.name + with_admin_option = true +} + +resource "postgresql_database" "nxiq" { + name = local.pg_database_name + owner = local.pg_user_username + template = "template0" + lc_collate = "C" + connection_limit = -1 + allow_connections = true +} diff --git a/modules/nxiq-pg-db/outputs.tf b/modules/nxiq-pg-db/outputs.tf new file mode 100644 index 0000000..e416ebb --- /dev/null +++ b/modules/nxiq-pg-db/outputs.tf @@ -0,0 +1,33 @@ +# -------------------------------------------------------------------------- +# +# Copyright 2023-Present Sonatype Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# -------------------------------------------------------------------------- + +output "nxiq_db_username" { + value = local.pg_user_username + description = "Dedicated username for NXIQ to use to connect to PostgreSQL." +} + +output "nxiq_db_password" { + value = local.pg_user_password + description = "Dedicated password for NXIQ to use to connect to PostgreSQL." + sensitive = true +} + +output "nxiq_db_database" { + value = local.pg_database_name + description = "Dedicated database for NXIQ to use to connect to PostgreSQL." +} diff --git a/modules/nxiq-pg-db/variables.tf b/modules/nxiq-pg-db/variables.tf new file mode 100644 index 0000000..4a1fb2c --- /dev/null +++ b/modules/nxiq-pg-db/variables.tf @@ -0,0 +1,42 @@ +# -------------------------------------------------------------------------- +# +# Copyright 2023-Present Sonatype Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# -------------------------------------------------------------------------- + +variable "pg_hostname" { + description = "The hostname where your PostgreSQL service is accessible at." + type = string + default = null +} + +variable "pg_port" { + description = "The port where your PostgreSQL service is accessible at." + type = string + default = null +} + +variable "pg_admin_username" { + description = "Administrator/Root user to access your PostgreSQL service." + type = string + default = null +} + +variable "pg_admin_password" { + description = "Administrator/Root password to access your PostgreSQL service." + type = string + default = null + sensitive = true +} diff --git a/outputs.tf b/outputs.tf new file mode 100644 index 0000000..b34e948 --- /dev/null +++ b/outputs.tf @@ -0,0 +1,29 @@ +# -------------------------------------------------------------------------- +# +# Copyright 2023-Present Sonatype Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# -------------------------------------------------------------------------- + +output "nxrm_ha_k8s_namespace" { + value = module.nxrm_ha_cluster.nxrm_ha_k8s_namespace +} + +output "nxrm_ha_k8s_service_id" { + value = module.nxrm_ha_cluster.nxrm_ha_k8s_service_id +} + +output "nxrm_ha_k8s_service_name" { + value = module.nxrm_ha_cluster.nxrm_ha_k8s_service_name +} diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..aa95959 --- /dev/null +++ b/variables.tf @@ -0,0 +1,96 @@ +# -------------------------------------------------------------------------- +# +# Copyright 2023-Present Sonatype Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# -------------------------------------------------------------------------- + +variable "default_resource_tags" { + description = "List of tags to apply to all resources created in AWS" + type = map(string) + default = {} +} + +variable "nxrm_name" { + description = "Helpful friendly name for this NXRM Cluster (min 8 alpha characters)" + type = string + validation { + condition = length(regex("[[:alpha:]]{6,}", var.nxrm_name)) > 6 + error_message = "Name for this NXRM must be 6 or more alpha characters." + } +} + +variable "nxrm_license_file" { + description = "Path to a valid Sonatype License file for Nexus Repository Manager Pro." + type = string + validation { + condition = length(var.nxrm_license_file) > 5 + error_message = "Name for this NXRM must be 6 or more alpha characters." + } +} + +variable "nxrm_version" { + description = "Version of NXRM to deploy." + type = string + default = "3.50.0" + validation { + condition = length(var.nxrm_version) > 5 + error_message = "Version must be supplied as X.Y.Z to match the Docker Image Tag." + } +} + +variable "replica_count" { + description = "Number of replicas to run in the Active-Active NXRM HA Cluster." + type = number + default = 1 + validation { + condition = var.replica_count > 0 + error_message = "Replica Count must be greater than zero." + } +} + +variable "pg_hostname" { + description = "The hostname where your PostgreSQL service is accessible at." + type = string + default = null +} + +variable "pg_port" { + description = "The port where your PostgreSQL service is accessible at." + type = string + default = null +} + +variable "pg_admin_username" { + description = "Administrator/Root user to access your PostgreSQL service." + type = string + default = null +} + +variable "pg_admin_password" { + description = "Administrator/Root password to access your PostgreSQL service." + type = string + default = null + sensitive = true +} + +variable "create_database" { + description = "Whether a unique database will be created for this NXRM Cluster." + type = bool + default = true + validation { + condition = var.create_database == true + error_message = "Only true is currently supported for create_database!" + } +}