From c76c9e1865c4f7c318f07bd5fba9894a88939061 Mon Sep 17 00:00:00 2001
From: Marcel Boehm <marcel.hofmann@inovex.de>
Date: Tue, 27 Jun 2023 17:09:20 +0200
Subject: [PATCH] expand example with verification step

---
 README.md       | 25 ++++++++++++++++++++++++-
 example/main.tf | 20 +++++++++++++++-----
 output.tf       |  7 ++++++-
 3 files changed, 45 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index c8922ea..5012ba0 100644
--- a/README.md
+++ b/README.md
@@ -9,4 +9,27 @@ for PostgreSQL outlines an example that works when you have a server connected
 to the LAN, but the required setup for Managed Kubernetes Nodepools is a bit
 more complicated, so this module encapsulates this.
 
-For an example, check out the sample [main.tf](./example/main.tf).
+## Example
+
+For a full E2E example, check out the sample [main.tf](./example/main.tf).
+
+After this is applied (takes about 30 minutes), you can do the following to
+confirm the database can be reached from a pod:
+
+**NOTE:** This exposes your password in the Pod spec, this is NOT recommended
+
+```shell
+export KUBECONFIG="$(terraform output -raw kubeconfig_path)"
+
+kubectl run -i -t psql-test \
+    --rm \
+    --image=jbergknoff/postgresql-client \
+    --env "PGPASSWORD=$(terraform output -raw pg_password)" \
+    --command psql \
+    -- -U root -h "$(terraform output -raw pg_ip)" postgres
+
+# you should now have a psql shell open and can run e.g.
+postgres=> \conninfo
+You are connected to database "postgres" as user "root" on host "10.7.222.5" at port "5432".
+SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)
+```
diff --git a/example/main.tf b/example/main.tf
index 27cc2df..91804d7 100644
--- a/example/main.tf
+++ b/example/main.tf
@@ -5,6 +5,10 @@ terraform {
       source  = "ionos-cloud/ionoscloud"
       version = ">=6.4.0"
     }
+    local = {
+      source  = "local"
+      version = ">=2.4.0"
+    }
   }
 }
 
@@ -77,7 +81,7 @@ resource "ionoscloud_pg_cluster" "example" {
   connections {
     datacenter_id = ionoscloud_datacenter.example.id
     lan_id        = ionoscloud_lan.example.id
-    cidr          = module.ip.result[0]
+    cidr          = module.ip.result_with_cidr[0]
   }
 
   credentials {
@@ -87,7 +91,7 @@ resource "ionoscloud_pg_cluster" "example" {
 }
 
 output "pg_ip" {
-  value = ionoscloud_pg_cluster.example.connections[0].cidr
+  value = module.ip.result[0]
 }
 
 output "pg_password" {
@@ -99,7 +103,13 @@ data "ionoscloud_k8s_cluster" "example" {
   id = ionoscloud_k8s_cluster.example.id
 }
 
-output "kubeconfig" {
-  value     = data.ionoscloud_k8s_cluster.example.kube_config
-  sensitive = true
+resource "local_sensitive_file" "kubeconfig" {
+  content              = data.ionoscloud_k8s_cluster.example.kube_config
+  filename             = pathexpand("~/.kube/${data.ionoscloud_k8s_cluster.example.name}.json")
+  file_permission      = "0600"
+  directory_permission = "0750"
+}
+
+output "kubeconfig_path" {
+  value = local_sensitive_file.kubeconfig.filename
 }
diff --git a/output.tf b/output.tf
index 1e4292b..9ac41ad 100644
--- a/output.tf
+++ b/output.tf
@@ -1,4 +1,9 @@
-output "result" {
+output "result_with_cidr" {
   description = "The resulting IPs including their subnet. This value can be directly used e.g. for creating a managed PostgreSQL cluster."
   value       = local.result_ips_cidr
 }
+
+output "result" {
+  description = "The resulting IPs without their subnet."
+  value       = local.result_ips
+}