patst/main.tf

## main.tf
# start postgres db locally with:
# docker run --name postgres -d -p 5432:5432 -e POSTGRES_PASSWORD=asdf123! -e POSTGRES_USER=pgadmin postgres:11
# cleanup with:
# PGPASSWORD=asdf123! psql -h 127.0.0.1  --no-password -p 5432 -U pgadmin --dbname mydb --command='DROP TABLE accounts'
terraform {
  backend "local" {}
  required_providers {
    postgresql = {
      source = "cyrilgdn/postgresql"
    }
  }
}

output "login_cmd" {
  value = "PGPASSWORD=asdf123! psql -h localhost --no-password -p 5432 -U pgadmin -d ${postgresql_database.db.name}"
}

provider "postgresql" {
  host              = "localhost"
  port              = 5432
  username          =  "pgadmin"
  password          = "asdf123!"
  database_username = "pgadmin"
  sslmode           = "disable"
  connect_timeout   = 15
  superuser         = false
}

resource "postgresql_database" "db" {
  name = "mydb"
}

resource "postgresql_grant" "revoke_public_schema" {
  database    = postgresql_database.db.name
  role        = "public"
  schema      = "public"
  object_type = "schema"
  privileges  = []
}

resource "postgresql_grant" "revoke_public_database" {
  depends_on  = [postgresql_grant.revoke_public_schema]
  database    = postgresql_database.db.name
  role        = "public"
  object_type = "database"
  privileges  = []
}

resource "postgresql_role" "pg_user" {
  depends_on  = [postgresql_grant.revoke_public_database]
  name        = "myuser"
  login       = true
  password    = "qwert123!"
  roles       = []
  search_path = ["public"]
}

resource "postgresql_grant" "grant-public-schema-privileges" {
  depends_on  = [postgresql_role.pg_user]
  database    = postgresql_database.db.name
  role        = postgresql_role.pg_user.name
  schema      = "public"
  object_type = "schema"
  privileges  = ["USAGE", "CREATE"] # "create" to create tables in the schema
}

resource "postgresql_grant" "pg_user_grant_connect_to_role_on_database" {
  depends_on  = [postgresql_grant.grant-public-schema-privileges]
  database    = postgresql_database.db.name
  role        = postgresql_role.pg_user.name
  object_type = "database"
  privileges  = ["CONNECT"] # "create" removed to create further schema
}

resource "null_resource" "create-table" {
  depends_on = [postgresql_grant.grant-public-schema-privileges,
    postgresql_grant.pg_user_grant_connect_to_role_on_database]
  provisioner "local-exec" {
    command = <<-EOT
  PGPASSWORD=qwert123! psql -h localhost --no-password -p 5432 -U myuser --dbname ${postgresql_database.db.name} --command='CREATE TABLE accounts (user_id serial PRIMARY KEY)'
EOT
  }
}
	# start postgres db locally with:
	# docker run --name postgres -d -p 5432:5432 -e POSTGRES_PASSWORD=asdf123! -e POSTGRES_USER=pgadmin postgres:11
	# cleanup with:
	# PGPASSWORD=asdf123! psql -h 127.0.0.1 --no-password -p 5432 -U pgadmin --dbname mydb --command='DROP TABLE accounts'
	terraform {
	backend "local" {}
	required_providers {
	postgresql = {
	source = "cyrilgdn/postgresql"
	}
	}
	}

	output "login_cmd" {
	value = "PGPASSWORD=asdf123! psql -h localhost --no-password -p 5432 -U pgadmin -d ${postgresql_database.db.name}"
	}

	provider "postgresql" {
	host = "localhost"
	port = 5432
	username = "pgadmin"
	password = "asdf123!"
	database_username = "pgadmin"
	sslmode = "disable"
	connect_timeout = 15
	superuser = false
	}

	resource "postgresql_database" "db" {
	name = "mydb"
	}

	resource "postgresql_grant" "revoke_public_schema" {
	database = postgresql_database.db.name
	role = "public"
	schema = "public"
	object_type = "schema"
	privileges = []
	}

	resource "postgresql_grant" "revoke_public_database" {
	depends_on = [postgresql_grant.revoke_public_schema]
	database = postgresql_database.db.name
	role = "public"
	object_type = "database"
	privileges = []
	}

	resource "postgresql_role" "pg_user" {
	depends_on = [postgresql_grant.revoke_public_database]
	name = "myuser"
	login = true
	password = "qwert123!"
	roles = []
	search_path = ["public"]
	}

	resource "postgresql_grant" "grant-public-schema-privileges" {
	depends_on = [postgresql_role.pg_user]
	database = postgresql_database.db.name
	role = postgresql_role.pg_user.name
	schema = "public"
	object_type = "schema"
	privileges = ["USAGE", "CREATE"] # "create" to create tables in the schema
	}

	resource "postgresql_grant" "pg_user_grant_connect_to_role_on_database" {
	depends_on = [postgresql_grant.grant-public-schema-privileges]
	database = postgresql_database.db.name
	role = postgresql_role.pg_user.name
	object_type = "database"
	privileges = ["CONNECT"] # "create" removed to create further schema
	}

	resource "null_resource" "create-table" {
	depends_on = [postgresql_grant.grant-public-schema-privileges,
	postgresql_grant.pg_user_grant_connect_to_role_on_database]
	provisioner "local-exec" {
	command = <<-EOT
	PGPASSWORD=qwert123! psql -h localhost --no-password -p 5432 -U myuser --dbname ${postgresql_database.db.name} --command='CREATE TABLE accounts (user_id serial PRIMARY KEY)'
	EOT
	}
	}