fix: adding VPE to access postgresql (#50)

* fix: adding vsi to access postgresql

* fix: adding vpe to access pg

* fix: update version for cbr

* fix: update version for cbr

* fix: update version for cbr

* fix: adding VPE to access postgresql

* tests: tests without VPE

* tests: tests without VPE

* feat: add VPE support

* feat: add VPE support

* fix: precommit fix

* tests: fix test

* fix: review comments

* fix: review comments

* fix: timeout before VPE creation

* fix: timeout before VPE creation

---------

Co-authored-by: shemau <shemau@gmail.com>

Author: jojustin

README.md

@@ -91,6 +91,8 @@ You need the following permissions to run this module.
 
 | Name | Description |
 |------|-------------|
+| <a name="output_cbr_rule_ids"></a> [cbr\_rule\_ids](#output\_cbr\_rule\_ids) | CBR rule ids created to restrict Postgresql |
+| <a name="output_crn"></a> [crn](#output\_crn) | Postgresql instance crn |
 | <a name="output_guid"></a> [guid](#output\_guid) | Postgresql instance guid |
 | <a name="output_id"></a> [id](#output\_id) | Postgresql instance id |
 | <a name="output_service_credentials_json"></a> [service\_credentials\_json](#output\_service\_credentials\_json) | Service credentials json map |

examples/complete/main.tf

@@ -104,3 +104,36 @@ module "postgresql_db" {
     }
   ]
 }
+
+# VPE provisioning should wait for the database provisioning
+resource "time_sleep" "wait_120_seconds" {
+  depends_on      = [module.postgresql_db]
+  create_duration = "120s"
+}
+
+##############################################################################
+# VPE
+##############################################################################
+
+resource "ibm_is_security_group" "sg1" {
+  name = "${var.prefix}-sg1"
+  vpc  = ibm_is_vpc.example_vpc.id
+}
+
+resource "ibm_is_virtual_endpoint_gateway" "pgvpe" {
+  name = "${var.prefix}-vpe-to-pg"
+  target {
+    crn           = module.postgresql_db.crn
+    resource_type = "provider_cloud_service"
+  }
+  vpc = ibm_is_vpc.example_vpc.id
+  ips {
+    subnet = ibm_is_subnet.testacc_subnet.id
+    name   = "${var.prefix}-pg-access-reserved-ip"
+  }
+  resource_group  = module.resource_group.resource_group_id
+  security_groups = [ibm_is_security_group.sg1.id]
+  depends_on = [
+    time_sleep.wait_120_seconds
+  ]
+}

examples/complete/outputs.tf

@@ -6,6 +6,11 @@ output "id" {
   value       = module.postgresql_db.id
 }
 
+output "guid" {
+  description = "Postgresql instance guid"
+  value       = module.postgresql_db.guid
+}
+
 output "version" {
   description = "Postgresql instance version"
   value       = module.postgresql_db.version
@@ -22,3 +27,8 @@ output "service_credentials_object" {
   value       = module.postgresql_db.service_credentials_object
   sensitive   = true
 }
+
+output "cbr_rule_ids" {
+  description = "CBR rule ids created to restrict Postgresql"
+  value       = module.postgresql_db.cbr_rule_ids
+}

examples/complete/version.tf

@@ -6,5 +6,9 @@ terraform {
       source  = "IBM-Cloud/ibm"
       version = "1.49.0"
     }
+    time = {
+      source  = "hashicorp/time"
+      version = ">= 0.8.0"
+    }
   }
 }

module-metadata.json

@@ -248,6 +248,24 @@
     }
   },
   "outputs": {
+    "cbr_rule_ids": {
+      "name": "cbr_rule_ids",
+      "description": "CBR rule ids created to restrict Postgresql",
+      "pos": {
+        "filename": "outputs.tf",
+        "line": 38
+      }
+    },
+    "crn": {
+      "name": "crn",
+      "description": "Postgresql instance crn",
+      "value": "ibm_database.postgresql_db.resource_crn",
+      "pos": {
+        "filename": "outputs.tf",
+        "line": 15
+      },
+      "type": "TypeString"
+    },
     "guid": {
       "name": "guid",
       "description": "Postgresql instance guid",
@@ -274,7 +292,7 @@
       "sensitive": true,
       "pos": {
         "filename": "outputs.tf",
-        "line": 20
+        "line": 25
       }
     },
     "service_credentials_object": {
@@ -284,7 +302,7 @@
       "sensitive": true,
       "pos": {
         "filename": "outputs.tf",
-        "line": 26
+        "line": 31
       }
     },
     "version": {
@@ -293,7 +311,7 @@
       "value": "ibm_database.postgresql_db.version",
       "pos": {
         "filename": "outputs.tf",
-        "line": 15
+        "line": 20
       },
       "type": "TypeString"
     }

outputs.tf

@@ -12,6 +12,11 @@ output "guid" {
   value       = ibm_database.postgresql_db.guid
 }
 
+output "crn" {
+  description = "Postgresql instance crn"
+  value       = ibm_database.postgresql_db.resource_crn
+}
+
 output "version" {
   description = "Postgresql instance version"
   value       = ibm_database.postgresql_db.version
@@ -28,3 +33,9 @@ output "service_credentials_object" {
   value       = local.service_credentials_object
   sensitive   = true
 }
+
+
+output "cbr_rule_ids" {
+  description = "CBR rule ids created to restrict Postgresql"
+  value       = module.cbr_rule[*].rule_id
+}