resource "random_password" "postgresql_service_passwords" {
  for_each = local.services_database
  length  = 32
  special = false
}

resource "postgresql_role" "service_roles" {
  for_each = local.services_database
  name     = each.key
  login    = true
  password = random_password.postgresql_service_passwords[each.key].result
}

resource "postgresql_database" "service_databases" {
  for_each = local.services_database
  name     = each.key
  owner    = postgresql_role.service_roles[each.key].name
}

resource "random_password" "postgresql_metrics_collector_password" {
  length  = 32
  special = false
}

resource "postgresql_role" "metrics_collector_role" {
  name     = "metrics_collector"
  login    = true
  password = random_password.postgresql_metrics_collector_password.result
  search_path = ["postgres_exporter", "pg_catalog"]
  roles = ["pg_monitor", "pg_read_all_stats"]
}

resource "postgresql_database" "metrics_collector_database" {
  name     = "metrics_collector"
  owner    = postgresql_role.metrics_collector_role.name
}