chore: temporary ignore postgresql resources (#260)

archives.tf

@@ -15,10 +15,9 @@ resource "azurerm_storage_account" "archives" {
   min_tls_version                   = "TLS1_2" # default value, needed for tfsec
 
   network_rules {
-    default_action = "Deny"
-    ip_rules       = values(local.admin_allowed_ips)
-    # TODO: replace temp-privatek8s "default" subnet by privatek8s one when switching to the new cluster
-    virtual_network_subnet_ids = [data.azurerm_subnet.default.id]
+    default_action             = "Deny"
+    ip_rules                   = values(local.admin_allowed_ips)
+    virtual_network_subnet_ids = [data.azurerm_subnet.privatek8s_tier.id]
     bypass                     = ["AzureServices"]
   }
 

keycloak.jenkins.io.tf

@@ -4,32 +4,32 @@ resource "random_password" "pgsql_keycloak_user_password" {
   special          = true
 }
 
-resource "postgresql_role" "keycloak" {
-  name     = "keycloak"
-  login    = true
-  password = random_password.pgsql_keycloak_user_password.result
-}
+# resource "postgresql_role" "keycloak" {
+#   name     = "keycloak"
+#   login    = true
+#   password = random_password.pgsql_keycloak_user_password.result
+# }
 
-resource "postgresql_database" "keycloak" {
-  name  = "keycloak"
-  owner = postgresql_role.keycloak.name
-}
+# resource "postgresql_database" "keycloak" {
+#   name  = "keycloak"
+#   owner = postgresql_role.keycloak.name
+# }
 
-# This (sensitive) output is meant to be encrypted into the production secret system, to be provided as a secret to the Keycloak application (https://admin.accounts.jenkins.io)
-output "keycloak_dbconfig" {
-  # Value of DB_PORT: 5432 is the only usable port: https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-networking
-  ## Terraform resource does not export any port attribute: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_flexible_server#attributes-reference
-  sensitive   = true
-  description = "YAML (secret) values for the Helm chart codecentric/keycloak"
-  value       = <<-EOT
-secrets:
-    db:
-        data:
-            DB_USER: ${base64encode(postgresql_role.keycloak.name)}
-            DB_PASSWORD: ${base64encode(random_password.pgsql_keycloak_user_password.result)}
-            DB_VENDOR: ${base64encode("postgres")}
-            DB_ADDR: ${base64encode(azurerm_postgresql_flexible_server.public.fqdn)}
-            DB_PORT: ${base64encode("5432")}
-            DB_DATABASE: ${base64encode(postgresql_database.keycloak.name)}
-EOT
-}
+# # This (sensitive) output is meant to be encrypted into the production secret system, to be provided as a secret to the Keycloak application (https://admin.accounts.jenkins.io)
+# output "keycloak_dbconfig" {
+#   # Value of DB_PORT: 5432 is the only usable port: https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-networking
+#   ## Terraform resource does not export any port attribute: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_flexible_server#attributes-reference
+#   sensitive   = true
+#   description = "YAML (secret) values for the Helm chart codecentric/keycloak"
+#   value       = <<-EOT
+# secrets:
+#     db:
+#         data:
+#             DB_USER: ${base64encode(postgresql_role.keycloak.name)}
+#             DB_PASSWORD: ${base64encode(random_password.pgsql_keycloak_user_password.result)}
+#             DB_VENDOR: ${base64encode("postgres")}
+#             DB_ADDR: ${base64encode(azurerm_postgresql_flexible_server.public.fqdn)}
+#             DB_PORT: ${base64encode("5432")}
+#             DB_DATABASE: ${base64encode(postgresql_database.keycloak.name)}
+# EOT
+# }

locals.tf

@@ -35,9 +35,9 @@ locals {
   }
 
   admin_allowed_ips = {
-    dduportal        = "109.88.253.125"
-    lemeurherve      = "176.185.227.180"
-    smerle33         = "82.64.5.129"
+    dduportal   = "109.88.253.125"
+    lemeurherve = "176.185.227.180"
+    smerle33    = "82.64.5.129"
   }
 
   # TODO: remove when switching infra.ci.jenkins.io from temp-privatek8s to privatek8s

plugin-health.jenkins.io.tf

@@ -1,7 +1,7 @@
-resource "postgresql_database" "plugin_health" {
-  name  = "plugin_health"
-  owner = postgresql_role.plugin_health.name
-}
+# resource "postgresql_database" "plugin_health" {
+#   name  = "plugin_health"
+#   owner = postgresql_role.plugin_health.name
+# }
 
 resource "random_password" "pgsql_plugin_health_user_password" {
   length           = 24
@@ -9,21 +9,21 @@ resource "random_password" "pgsql_plugin_health_user_password" {
   special          = true
 }
 
-resource "postgresql_role" "plugin_health" {
-  name     = "plugin_health"
-  login    = true
-  password = random_password.pgsql_plugin_health_user_password.result
-}
+# resource "postgresql_role" "plugin_health" {
+#   name     = "plugin_health"
+#   login    = true
+#   password = random_password.pgsql_plugin_health_user_password.result
+# }
 
-# This (sensitive) output is meant to be encrypted into the production secret system, to be provided as a secret to the plugin-health.jenkins.io application
-output "plugin_health_dbconfig" {
-  sensitive   = true
-  description = "YAML (secret) values for the Helm chart jenkins-infra/plugin-health-scoring"
-  value       = <<-EOT
-database:
-  username: "${postgresql_role.plugin_health.name}"
-  password: "${random_password.pgsql_plugin_health_user_password.result}"
-  server: "${azurerm_postgresql_flexible_server.public.fqdn}"
-  name: "${postgresql_database.plugin_health.name}"
-  EOT
-}
+# # This (sensitive) output is meant to be encrypted into the production secret system, to be provided as a secret to the plugin-health.jenkins.io application
+# output "plugin_health_dbconfig" {
+#   sensitive   = true
+#   description = "YAML (secret) values for the Helm chart jenkins-infra/plugin-health-scoring"
+#   value       = <<-EOT
+# database:
+#   username: "${postgresql_role.plugin_health.name}"
+#   password: "${random_password.pgsql_plugin_health_user_password.result}"
+#   server: "${azurerm_postgresql_flexible_server.public.fqdn}"
+#   name: "${postgresql_database.plugin_health.name}"
+#   EOT
+# }

providers.tf

@@ -11,17 +11,17 @@ provider "kubernetes" {
   cluster_ca_certificate = base64decode(azurerm_kubernetes_cluster.privatek8s.kube_config.0.cluster_ca_certificate)
 }
 
-provider "postgresql" {
-  /**
-  Important: terraform must be allowed to reach this instance through the network. Check the followings:
-  - If running in Jenkins, ensure that the subnet of the agents is peered to the subnet of this pgsql instance
-    * Don't forget to also check the network security group rules
-  - If running locally, ensure that:
-    * your /etc/hosts defines an entry with <azurerm_postgresql_flexible_server.public.fqdn> to 127.0.0.1
-    * you've opened an SSH tunnel such as `ssh -L 5432:<azurerm_postgresql_flexible_server.public.fqdn>:5432` through a machine of the private network
-  **/
-  host      = azurerm_postgresql_flexible_server.public.fqdn
-  username  = local.public_pgsql_admin_login
-  password  = random_password.pgsql_admin_password.result
-  superuser = false
-}
+# provider "postgresql" {
+#   /**
+#   Important: terraform must be allowed to reach this instance through the network. Check the followings:
+#   - If running in Jenkins, ensure that the subnet of the agents is peered to the subnet of this pgsql instance
+#     * Don't forget to also check the network security group rules
+#   - If running locally, ensure that:
+#     * your /etc/hosts defines an entry with <azurerm_postgresql_flexible_server.public.fqdn> to 127.0.0.1
+#     * you've opened an SSH tunnel such as `ssh -L 5432:<azurerm_postgresql_flexible_server.public.fqdn>:5432` through a machine of the private network
+#   **/
+#   host      = azurerm_postgresql_flexible_server.public.fqdn
+#   username  = local.public_pgsql_admin_login
+#   password  = random_password.pgsql_admin_password.result
+#   superuser = false
+# }

rating.jenkins.io.tf

@@ -1,7 +1,7 @@
-resource "postgresql_database" "rating" {
-  name  = "rating"
-  owner = postgresql_role.rating.name
-}
+# resource "postgresql_database" "rating" {
+#   name  = "rating"
+#   owner = postgresql_role.rating.name
+# }
 
 resource "random_password" "pgsql_rating_user_password" {
   length           = 24
@@ -9,21 +9,21 @@ resource "random_password" "pgsql_rating_user_password" {
   special          = true
 }
 
-resource "postgresql_role" "rating" {
-  name     = "rating"
-  login    = true
-  password = random_password.pgsql_rating_user_password.result
-}
+# resource "postgresql_role" "rating" {
+#   name     = "rating"
+#   login    = true
+#   password = random_password.pgsql_rating_user_password.result
+# }
 
-# This (sensitive) output is meant to be encrypted into the production secret system, to be provided as a secret to the ratings.jenkins.io application
-output "rating_dbconfig" {
-  sensitive   = true
-  description = "YAML (secret) values for the Helm chart jenkins-infra/rating"
-  value       = <<-EOT
-database:
-  username: "${postgresql_role.rating.name}"
-  password: "${random_password.pgsql_rating_user_password.result}"
-  server: "${azurerm_postgresql_flexible_server.public.fqdn}"
-  name: "${postgresql_database.rating.name}"
-  EOT
-}
+# # This (sensitive) output is meant to be encrypted into the production secret system, to be provided as a secret to the ratings.jenkins.io application
+# output "rating_dbconfig" {
+#   sensitive   = true
+#   description = "YAML (secret) values for the Helm chart jenkins-infra/rating"
+#   value       = <<-EOT
+# database:
+#   username: "${postgresql_role.rating.name}"
+#   password: "${random_password.pgsql_rating_user_password.result}"
+#   server: "${azurerm_postgresql_flexible_server.public.fqdn}"
+#   name: "${postgresql_database.rating.name}"
+#   EOT
+# }