From 7a24a173f7dc2414e07355ccc18a5ee79c2404e1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Huss?= <sebastien.huss@gmail.com>
Date: Mon, 23 Oct 2023 15:04:05 +0200
Subject: [PATCH] fix

---
 share/dataset-pg/databases.tf | 19 +++++++++++++
 share/dataset-pg/index.yaml   | 50 +++++++++++++++++------------------
 share/dataset-pg/postgrest.tf |  4 +++
 3 files changed, 48 insertions(+), 25 deletions(-)

diff --git a/share/dataset-pg/databases.tf b/share/dataset-pg/databases.tf
index ccaf4d3..776e820 100644
--- a/share/dataset-pg/databases.tf
+++ b/share/dataset-pg/databases.tf
@@ -26,6 +26,18 @@ locals {
         db if db.name == name
     ]
   ])
+  roles = concat(var.roles, var.extentions.postgrest.enable?[{
+    "name" = "anonymous"
+  }]:[])
+  sorted-role-name = reverse(distinct(sort([
+    for role in local.roles: role.name
+  ])))
+  sorted-roles = flatten([
+    for name in local.sorted-role-name: [
+      for role in local.roles:
+        role if role.name == name
+    ]
+  ])
 }
 
 
@@ -74,3 +86,10 @@ resource "postgresql_database" "my_db" {
   connection_limit  = -1
   allow_connections = true
 }
+
+
+resource "postgresql_role" "roles" {
+  depends_on        = [ time_sleep.wait_pg_ready ]
+  count             = length(local.sorted-roles)
+  name              = "${local.sorted-roles[count.index].name}"
+}
diff --git a/share/dataset-pg/index.yaml b/share/dataset-pg/index.yaml
index 3d8cf0d..1c7abb5 100644
--- a/share/dataset-pg/index.yaml
+++ b/share/dataset-pg/index.yaml
@@ -6,6 +6,16 @@ metadata:
   name: dataset-pg
   description: null
 options:
+  replicas:
+    default: 1
+    examples:
+    - 1
+    type: integer
+  domain-name:
+    default: your_company.com
+    examples:
+    - your_company.com
+    type: string
   extentions:
     default:
       pool:
@@ -112,25 +122,10 @@ options:
             type: object
         type: object
     type: object
-  storage:
-    default: 8Gi
+  sub-domain:
+    default: dataset-pg
     examples:
-    - 8Gi
-    type: string
-  issuer:
-    default: letsencrypt-prod
-    examples:
-    - letsencrypt-prod
-    type: string
-  ingress-class:
-    default: traefik
-    examples:
-    - traefik
-    type: string
-  domain-name:
-    default: your_company.com
-    examples:
-    - your_company.com
+    - dataset-pg
     type: string
   backups:
     default:
@@ -186,11 +181,11 @@ options:
         default: backup-settings
         type: string
     type: object
-  replicas:
-    default: 1
+  storage:
+    default: 8Gi
     examples:
-    - 1
-    type: integer
+    - 8Gi
+    type: string
   databases:
     default: []
     items:
@@ -200,10 +195,15 @@ options:
           type: string
       type: object
     type: array
-  sub-domain:
-    default: dataset-pg
+  issuer:
+    default: letsencrypt-prod
     examples:
-    - dataset-pg
+    - letsencrypt-prod
+    type: string
+  ingress-class:
+    default: traefik
+    examples:
+    - traefik
     type: string
   roles:
     default: []
diff --git a/share/dataset-pg/postgrest.tf b/share/dataset-pg/postgrest.tf
index 58d6d08..a3c2552 100644
--- a/share/dataset-pg/postgrest.tf
+++ b/share/dataset-pg/postgrest.tf
@@ -18,6 +18,7 @@ locals {
 }
 
 resource "kubectl_manifest" "postgrest_config" {
+  count = var.extentions.postgrest.enable ? 1:0
   yaml_body  = <<-EOF
     apiVersion: v1
     kind: ConfigMap
@@ -29,9 +30,12 @@ resource "kubectl_manifest" "postgrest_config" {
       PGDATABASE: "${var.instance}"
       PGHOST: "${var.instance}-${var.component}-rw.${var.namespace}.svc"
       PGPORT: "5432"
+      PGRST_DB_SCHEMA: public
+      PGRST_DB_ANON_ROLE: anonymous
       PGRST_OPENAPI_SERVER_PROXY_URI: "https://${local.prest-dns-name}"
       PGRST_ADMIN_SERVER_PORT: "9000"
       API_URL: "https://${local.prest-dns-name}"
+      BASE_URL: "/ui"
   EOF
 }