resource "random_password" "password" { length = 16 special = true override_special = "$*()=+[]{}<>?" } resource "postgresql_role" "user" { name = var.username password = random_password.password.result login = true } resource "postgresql_database" "database" { name = var.database_name template = "template0" encoding = "UTF8" lc_collate = var.collate lc_ctype = var.ctype connection_limit = -1 allow_connections = true } resource "postgresql_grant" "readonly_tables" { database = postgresql_database.database.name role = postgresql_role.user.name schema = var.schema object_type = "database" privileges = var.privileges } resource "postgresql_grant" "grant_all_public_schema" { database = postgresql_database.database.name role = postgresql_role.user.name object_type = "schema" schema = var.schema privileges = ["CREATE", "USAGE"] }