fix

share/dataset-pg/databases.tf

@@ -26,6 +26,18 @@ locals {
         db if db.name == name
     ]
   ])
+  roles = concat(var.roles, var.extentions.postgrest.enable?[{
+    "name" = "anonymous"
+  }]:[])
+  sorted-role-name = reverse(distinct(sort([
+    for role in local.roles: role.name
+  ])))
+  sorted-roles = flatten([
+    for name in local.sorted-role-name: [
+      for role in local.roles:
+        role if role.name == name
+    ]
+  ])
 }
 
 
@@ -74,3 +86,10 @@ resource "postgresql_database" "my_db" {
   connection_limit  = -1
   allow_connections = true
 }
+
+
+resource "postgresql_role" "roles" {
+  depends_on        = [ time_sleep.wait_pg_ready ]
+  count             = length(local.sorted-roles)
+  name              = "${local.sorted-roles[count.index].name}"
+}

share/dataset-pg/index.yaml

@@ -6,6 +6,16 @@ metadata:
   name: dataset-pg
   description: null
 options:
+  replicas:
+    default: 1
+    examples:
+    - 1
+    type: integer
+  domain-name:
+    default: your_company.com
+    examples:
+    - your_company.com
+    type: string
   extentions:
     default:
       pool:
@@ -112,25 +122,10 @@ options:
             type: object
         type: object
     type: object
-  storage:
-    default: 8Gi
+  sub-domain:
+    default: dataset-pg
     examples:
-    - 8Gi
-    type: string
-  issuer:
-    default: letsencrypt-prod
-    examples:
-    - letsencrypt-prod
-    type: string
-  ingress-class:
-    default: traefik
-    examples:
-    - traefik
-    type: string
-  domain-name:
-    default: your_company.com
-    examples:
-    - your_company.com
+    - dataset-pg
     type: string
   backups:
     default:
@@ -186,11 +181,11 @@ options:
         default: backup-settings
         type: string
     type: object
-  replicas:
-    default: 1
+  storage:
+    default: 8Gi
     examples:
-    - 1
-    type: integer
+    - 8Gi
+    type: string
   databases:
     default: []
     items:
@@ -200,10 +195,15 @@ options:
           type: string
       type: object
     type: array
-  sub-domain:
-    default: dataset-pg
+  issuer:
+    default: letsencrypt-prod
     examples:
-    - dataset-pg
+    - letsencrypt-prod
+    type: string
+  ingress-class:
+    default: traefik
+    examples:
+    - traefik
     type: string
   roles:
     default: []

share/dataset-pg/postgrest.tf

@@ -18,6 +18,7 @@ locals {
 }
 
 resource "kubectl_manifest" "postgrest_config" {
+  count = var.extentions.postgrest.enable ? 1:0
   yaml_body  = <<-EOF
     apiVersion: v1
     kind: ConfigMap
@@ -29,9 +30,12 @@ resource "kubectl_manifest" "postgrest_config" {
       PGDATABASE: "${var.instance}"
       PGHOST: "${var.instance}-${var.component}-rw.${var.namespace}.svc"
       PGPORT: "5432"
+      PGRST_DB_SCHEMA: public
+      PGRST_DB_ANON_ROLE: anonymous
       PGRST_OPENAPI_SERVER_PROXY_URI: "https://${local.prest-dns-name}"
       PGRST_ADMIN_SERVER_PORT: "9000"
       API_URL: "https://${local.prest-dns-name}"
+      BASE_URL: "/ui"
   EOF
 }