From a3491c9020ff12011230fbf17d880e71d7db3b73 Mon Sep 17 00:00:00 2001 From: Carter Grove Date: Sat, 21 Feb 2026 20:15:47 +0000 Subject: [PATCH] Allow additional trusted sources on database firewall The database firewall was exclusively managed by this project, causing conflicts when other services (e.g. cartergrove-me droplet) also needed access. Add a configurable additional_trusted_sources variable so external droplets, apps, or IPs can be granted access without clobbering existing rules. Co-Authored-By: Claude Opus 4.6 --- terraform/main.tf | 10 +++++++++- terraform/variables.tf | 10 ++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/terraform/main.tf b/terraform/main.tf index 425f989..177d9e0 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -40,7 +40,7 @@ resource "digitalocean_database_cluster" "postgres" { tags = var.tags } -# Database firewall - only allow App Platform +# Database firewall - allow App Platform apps resource "digitalocean_database_firewall" "postgres_fw" { cluster_id = digitalocean_database_cluster.postgres.id @@ -48,6 +48,14 @@ resource "digitalocean_database_firewall" "postgres_fw" { type = "app" value = digitalocean_app.mlb_stats.id } + + dynamic "rule" { + for_each = var.additional_trusted_sources + content { + type = rule.value.type + value = rule.value.value + } + } } # App Platform Application diff --git a/terraform/variables.tf b/terraform/variables.tf index 297fc7f..8098b85 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -99,6 +99,16 @@ variable "ga_measurement_id" { description = "Google Analytics 4 Measurement ID" } +# Additional Trusted Sources (for shared database access) +variable "additional_trusted_sources" { + description = "Additional sources that need access to the database. Each entry needs a type (app, droplet, k8s, ip_addr, tag) and value." + type = list(object({ + type = string + value = string + })) + default = [] +} + # Custom Domain variable "custom_domain" { description = "Custom domain for the application (e.g., stats.cartergrove.me)"