azure/keycloak.jenkins.io.tf

resource "random_password" "pgsql_keycloak_user_password" {
  length           = 24
  override_special = "!#%&*()-_=+[]{}:?"
  special          = true
}

# resource "postgresql_role" "keycloak" {
#   name     = "keycloak"
#   login    = true
#   password = random_password.pgsql_keycloak_user_password.result
# }

# resource "postgresql_database" "keycloak" {
#   name  = "keycloak"
#   owner = postgresql_role.keycloak.name
# }

# # This (sensitive) output is meant to be encrypted into the production secret system, to be provided as a secret to the Keycloak application (https://admin.accounts.jenkins.io)
# output "keycloak_dbconfig" {
#   # Value of DB_PORT: 5432 is the only usable port: https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-networking
#   ## Terraform resource does not export any port attribute: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_flexible_server#attributes-reference
#   sensitive   = true
#   description = "YAML (secret) values for the Helm chart codecentric/keycloak"
#   value       = <<-EOT
# secrets:
#     db:
#         data:
#             DB_USER: ${base64encode(postgresql_role.keycloak.name)}
#             DB_PASSWORD: ${base64encode(random_password.pgsql_keycloak_user_password.result)}
#             DB_VENDOR: ${base64encode("postgres")}
#             DB_ADDR: ${base64encode(azurerm_postgresql_flexible_server.public.fqdn)}
#             DB_PORT: ${base64encode("5432")}
#             DB_DATABASE: ${base64encode(postgresql_database.keycloak.name)}
# EOT
# }