// 2026-03-20 — выделено из resources.tf: только managed PostgreSQL ресурсы. # Актуальные credentials из vault_secrets (authoritatively) — vault синхронизирован с кластером. # Структура vault_secrets["users"]: JSON-строка {"username": {"password": "...", "username": "..."}} locals { # try() нужен: vault_secrets["users"] появляется только ПОСЛЕ создания первого пользователя. # На первом apply ключа ещё нет → пустая map. Пароль подтянется при следующем apply. pg_creds_map = try(jsondecode(lookup(nubes_postgres.npg.vault_secrets, "users", "{}")), {}) pg_username = nubes_postgres_user.pg_user.username pg_password = try(local.pg_creds_map[local.pg_username]["password"], "") pg_host = nubes_postgres.npg.state_out_flat["internalConnect.master"] pg_database = nubes_postgres_database.db.db_name } resource "nubes_postgres" "npg" { resource_name = "pg-sless-demo" # s3_uid = "s01325" s3_uid = var.s3_uid resource_realm = var.realm resource_instances = 1 resource_memory = 512 resource_c_p_u = 500 resource_disk = "1" app_version = "17" json_parameters = jsonencode({ log_connections = "off" log_disconnections = "off" }) enable_pg_pooler_master = false enable_pg_pooler_slave = false allow_no_s_s_l = false auto_scale = false auto_scale_percentage = 10 auto_scale_tech_window = 0 auto_scale_quota_gb = "1" need_external_address_master = false # suspend_on_destroy = false operation_timeout = "11m" adopt_existing_on_create = true } resource "nubes_postgres_user" "pg_user" { postgres_id = nubes_postgres.npg.id username = "user0" role = "ddl_user" adopt_existing_on_create = true } resource "nubes_postgres_database" "db" { postgres_id = nubes_postgres.npg.id db_name = "db0" db_owner = nubes_postgres_user.pg_user.username adopt_existing_on_create = true # suspend_on_destroy = false }