fix

share/dataset-pg/roles.tf

@@ -0,0 +1,41 @@
+locals {
+  sorted-roles = reverse(distinct(sort(var.roles)))
+}
+
+
+resource "kubectl_manifest" "db_secret" {
+  ignore_fields = ["metadata.annotations"]
+  count         = length(local.sorted-roles)
+  yaml_body  = <<-EOF
+    apiVersion: "secretgenerator.mittwald.de/v1alpha1"
+    kind: "StringSecret"
+    metadata:
+      name: "${var.instance}-${var.component}-role-${local.sorted-roles[count.index]}"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(merge(local.common-labels, {"app.kubernetes.io/component" = local.sorted-roles[count.index]}))}
+    spec:
+      forceRegenerate: false
+      data:
+        POSGRESQL_USERNAME: "${local.sorted-roles[count.index]}"
+      fields:
+      - fieldName: "POSGRESQL_PASSWORD"
+        length: "32"
+  EOF
+}
+
+data "kubernetes_secret_v1" "password_get" {
+  depends_on        = [ kubectl_manifest.db_secret ]
+  count             = length(local.sorted-roles)
+  metadata {
+    name      = "${var.instance}-${var.component}-role-${local.sorted-roles[count.index]}"
+    namespace = "${var.namespace}"
+  }
+}
+
+resource "postgresql_role" "role" {
+  depends_on        = [ kubectl_manifest.prj_pg ]
+  count             = length(local.sorted-roles)
+  name              = "${local.sorted-roles[count.index]}"
+  login             = true
+  password          = data.kubernetes_secret_v1.password_get[count.index].data["POSGRESQL_PASSWORD"]
+}