chore: generate random password for postgres

Author: EstopaceMA

infra/main.tf

@@ -36,7 +36,6 @@ module "postgres" {
   tags                 = local.tags
   rg_name              = azurerm_resource_group.rg.name
   admin_username       = var.admin_username
-  admin_password       = var.admin_password
   postgres_subnet_id   = module.vnet.postgres_subnet_id
   postgres_dns_zone_id = module.vnet.postgres_dns_zone_id
 

infra/modules/postgres/postgres.tf

@@ -1,3 +1,18 @@
+# ------------------------------------------------------------------------------------------------------
+# Generate random password for PostgreSQL admin
+# ------------------------------------------------------------------------------------------------------
+resource "random_password" "postgres_admin" {
+  length  = 24
+  special = true
+  # Azure PostgreSQL password requirements
+  min_lower   = 1
+  min_upper   = 1
+  min_numeric = 1
+  min_special = 1
+  # Avoid characters that might cause issues in connection strings
+  override_special = "!#$%&*()-_=+[]{}:?"
+}
+
 # ------------------------------------------------------------------------------------------------------
 # DEPLOY POSTGRESQL FLEXIBLE SERVER WITH PRIVATE NETWORKING
 # ------------------------------------------------------------------------------------------------------
@@ -7,7 +22,7 @@ resource "azurerm_postgresql_flexible_server" "pg" {
   location               = var.location
   version                = var.postgres_version
   administrator_login    = var.admin_username
-  administrator_password = var.admin_password
+  administrator_password = random_password.postgres_admin.result
   sku_name               = var.sku_name
   storage_mb             = 32768
 

infra/modules/postgres/postgres_output.tf

@@ -9,6 +9,12 @@ output "username" {
 
 output "connection_string" {
   description = "PostgreSQL connection string"
-  value       = "postgresql://${var.admin_username}:${var.admin_password}@${azurerm_postgresql_flexible_server.pg.fqdn}:5432/postgres?sslmode=require"
+  value       = "postgresql://${var.admin_username}:${random_password.postgres_admin.result}@${azurerm_postgresql_flexible_server.pg.fqdn}:5432/postgres?sslmode=require"
+  sensitive   = true
+}
+
+output "admin_password" {
+  description = "Auto-generated PostgreSQL admin password"
+  value       = random_password.postgres_admin.result
   sensitive   = true
 }

infra/modules/postgres/postgres_variables.tf

@@ -24,12 +24,6 @@ variable "admin_username" {
   type        = string
 }
 
-variable "admin_password" {
-  description = "The admin password of the PostgreSQL server"
-  type        = string
-  sensitive   = true
-}
-
 variable "postgres_version" {
   description = "The version of the PostgreSQL server"
   type        = string

infra/provider.tf

@@ -4,6 +4,10 @@ terraform {
       source  = "hashicorp/azurerm"
       version = "~>4.50.0"
     }
+    random = {
+      source  = "hashicorp/random"
+      version = "~>3.6.0"
+    }
   }
 }
 

infra/variables.tf

@@ -15,12 +15,9 @@ variable "environment_name" {
 }
 
 variable "admin_username" {
-  default = "pgadmin"
-}
-
-variable "admin_password" {
-  description = "Admin password for PostgreSQL"
-  sensitive   = true
+  description = "Admin username for PostgreSQL"
+  type        = string
+  default     = "pgadmin"
 }
 
 # ------------------------------------------------------------------------------------------------------

src/app/main.py

@@ -31,11 +31,6 @@
 Currently, this API does not require authentication (demo purposes).
     """,
     version="1.0.0",
-    contact={
-        "name": "PyCon Davao Team",
-        "url": "https://pycon.ph",
-        "email": "info@pycon.ph",
-    },
     license_info={
         "name": "MIT",
     },
@@ -98,9 +93,7 @@ def create_member(member: schemas.MemberCreate, db: Session = Depends(get_db)):
     """
     db_member = crud.get_member_by_email(db, email=member.email)
     if db_member:
-        raise HTTPException(
-            status_code=status.HTTP_400_BAD_REQUEST, detail="Email already registered"
-        )
+        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Email already registered")
     return crud.create_member(db=db, member=member)
 
 
@@ -152,9 +145,7 @@ def read_member(member_id: int, db: Session = Depends(get_db)):
     """
     db_member = crud.get_member(db, member_id=member_id)
     if db_member is None:
-        raise HTTPException(
-            status_code=status.HTTP_404_NOT_FOUND, detail="Member not found"
-        )
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Member not found")
     return db_member
 
 
@@ -165,9 +156,7 @@ def read_member(member_id: int, db: Session = Depends(get_db)):
     summary="Update a member",
     response_description="Updated member details",
 )
-def update_member(
-    member_id: int, member: schemas.MemberUpdate, db: Session = Depends(get_db)
-):
+def update_member(member_id: int, member: schemas.MemberUpdate, db: Session = Depends(get_db)):
     """
     ## Update a PyCon member
 
@@ -199,7 +188,5 @@ def update_member(
     """
     db_member = crud.update_member(db, member_id=member_id, member_update=member)
     if db_member is None:
-        raise HTTPException(
-            status_code=status.HTTP_404_NOT_FOUND, detail="Member not found"
-        )
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Member not found")
     return db_member