basedosdados
diff --git a/‎.pre-commit-config.yaml
Lines changed: 1 addition & 1 deletion b/‎.pre-commit-config.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎terraform/.env.example
Lines changed: 1 addition & 2 deletions b/‎terraform/.env.example
Lines changed: 1 addition & 2 deletions
diff --git a/‎terraform/cloud_sql/.terraform.lock.hcl
Lines changed: 2 additions & 0 deletions b/‎terraform/cloud_sql/.terraform.lock.hcl
Lines changed: 2 additions & 0 deletions
diff --git a/‎terraform/cloud_sql/main.tf
Lines changed: 42 additions & 17 deletions b/‎terraform/cloud_sql/main.tf
Lines changed: 42 additions & 17 deletions
diff --git a/‎terraform/cloud_sql/variables.tf
Lines changed: 6 additions & 30 deletions b/‎terraform/cloud_sql/variables.tf
Lines changed: 6 additions & 30 deletions
diff --git a/‎terraform/cloud_sql_mysql/.terraform.lock.hcl
Lines changed: 2 additions & 0 deletions b/‎terraform/cloud_sql_mysql/.terraform.lock.hcl
Lines changed: 2 additions & 0 deletions
diff --git a/‎terraform/gke/.terraform.lock.hcl
Lines changed: 21 additions & 0 deletions b/‎terraform/gke/.terraform.lock.hcl
Lines changed: 21 additions & 0 deletions
diff --git a/‎terraform/iam/.terraform.lock.hcl
Lines changed: 21 additions & 0 deletions b/‎terraform/iam/.terraform.lock.hcl
Lines changed: 21 additions & 0 deletions
diff --git a/‎terraform/iam/bindings/.terraform.lock.hcl
Lines changed: 1 addition & 0 deletions b/‎terraform/iam/bindings/.terraform.lock.hcl
Lines changed: 1 addition & 0 deletions
diff --git a/‎terraform/iam/bindings/main.tf
Lines changed: 5 additions & 5 deletions b/‎terraform/iam/bindings/main.tf
Lines changed: 5 additions & 5 deletions
@@ -23,4 +23,4 @@ repos:
     - --args=--path=./terraform
     verbose: true
   - id: terraform_fmt
-  - id: terraform_validate
+  # - id: terraform_validate
@@ -1,8 +1,7 @@
 GOOGLE_APPLICATION_CREDENTIALS=/path/to/key.json
 TF_VAR_bucket_name=bucket-name-to-store-tfstate
 TF_VAR_project_id=name-of-gcp-project
-TF_VAR_sql_ckan_production_user_password=password-to-ckan-production-user
-TF_VAR_sql_ckan_staging_user_password=password-to-ckan-stagin-user
 TF_VAR_sql_id_server_user_password=password-to-id-server-user
 TF_VAR_sql_metabase_user_password=password-to-metabase-user
+TF_VAR_sql_passbolt_user_password=password-to-passbolt-user
 TF_VAR_sql_prefect_user_password=password-to-prefect-user
@@ -1,7 +1,38 @@
+# ...........................................................................
+# Create Random Data
+# https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id
+# ...........................................................................
 resource "random_id" "db_name_suffix" {
   byte_length = 4
 }
 
+resource "random_password" "api_staging_db_password" {
+  length           = 22
+  special          = true
+  override_special = "!#$%&*()-_=+[]{}<>:?"
+}
+
+# ...........................................................................
+# Write data to Secret Manager
+# https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/secret_manager_secret
+# ...........................................................................
+resource "google_secret_manager_secret" "api_staging_db_password" {
+  secret_id = "api-staging-db-password"
+
+  replication {
+    automatic = true
+  }
+}
+
+resource "google_secret_manager_secret_version" "api_staging_db_password" {
+  secret      = google_secret_manager_secret.api_staging_db_password.id
+  secret_data = random_password.api_staging_db_password.result
+}
+
+# ...........................................................................
+# Create Cloud SQL
+# https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_database_instance
+# ...........................................................................
 resource "google_sql_database_instance" "main" {
   name                = "${var.project_id}-${random_id.db_name_suffix.hex}"
   region              = var.region
@@ -31,26 +62,20 @@ resource "google_sql_database_instance" "main" {
   }
 }
 
-resource "google_sql_user" "ckan_production" {
-  name     = var.sql_ckan_production_user_name
-  instance = google_sql_database_instance.main.name
-  password = var.sql_ckan_production_user_password
-}
-
-resource "google_sql_database" "ckan_production" {
-  name     = var.sql_ckan_production_db_name
-  instance = google_sql_database_instance.main.name
-}
-
-resource "google_sql_user" "ckan_staging" {
-  name     = var.sql_ckan_staging_user_name
+# ...........................................................................
+# Create Cloud SQL Databases and Users
+# https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_database
+# https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_user
+# ...........................................................................
+resource "google_sql_database" "api_staging" {
+  name     = var.sql_api_staging_db_name
   instance = google_sql_database_instance.main.name
-  password = var.sql_ckan_staging_user_password
 }
 
-resource "google_sql_database" "ckan_staging" {
-  name     = var.sql_ckan_staging_db_name
+resource "google_sql_user" "api_staging" {
+  name     = var.sql_api_staging_user_name
   instance = google_sql_database_instance.main.name
+  password = random_password.api_staging_db_password.result
 }
 
 resource "google_sql_database" "id_server" {
@@ -61,7 +86,7 @@ resource "google_sql_database" "id_server" {
 resource "google_sql_user" "id_server" {
   name     = var.sql_id_server_user_name
   instance = google_sql_database_instance.main.name
-  password = var.sql_ckan_production_user_password
+  password = var.sql_id_server_user_password
 }
 
 resource "google_sql_user" "metabase" {
 
@@ -69,40 +69,16 @@ variable "sql_db_max_connections" {
   description = "The maximum number of connections for the Cloud SQL instance."
 }
 
-variable "sql_ckan_production_user_name" {
+variable "sql_api_staging_user_name" {
   type        = string
-  description = "The name of the CKAN production database user."
-  default     = "ckan_production"
+  description = "The name of the API staging database user."
+  default     = "api_staging"
 }
 
-variable "sql_ckan_production_user_password" {
+variable "sql_api_staging_db_name" {
   type        = string
-  description = "The password of the CKAN production database user."
-  sensitive   = true
-}
-
-variable "sql_ckan_production_db_name" {
-  type        = string
-  description = "The name of the CKAN production database."
-  default     = "ckan_production"
-}
-
-variable "sql_ckan_staging_user_name" {
-  type        = string
-  description = "The name of the CKAN staging database user."
-  default     = "ckan_staging"
-}
-
-variable "sql_ckan_staging_user_password" {
-  type        = string
-  description = "The password of the CKAN staging user."
-  sensitive   = true
-}
-
-variable "sql_ckan_staging_db_name" {
-  type        = string
-  description = "The name of the CKAN staging database."
-  default     = "ckan_staging"
+  description = "The name of the API staging database."
+  default     = "api_staging"
 }
 
 variable "sql_id_server_user_name" {
 
@@ -1,9 +1,9 @@
 # Add IAM policy binding for Cloud SQL SA
-resource "google_project_iam_member" "cloudsql" {
-  project = var.project_id
-  role    = "roles/cloudsql.client"
-  member  = "serviceAccount:${var.gsa-cloudsql.email}"
-}
+# resource "google_project_iam_member" "cloudsql" {
+#   project = var.project_id
+#   role    = "roles/cloudsql.client"
+#   member  = "serviceAccount:${var.gsa-cloudsql.email}"
+# }
 
 # Allow the Kubernetes service account to impersonate the Google
 # service account by creating an IAM policy binding between the