From 19f079026e28a0152f7d3374f1b8af323155df7c Mon Sep 17 00:00:00 2001
From: John Kerry <john.kerry@hashicorp.com>
Date: Thu, 30 May 2024 16:07:23 -0400
Subject: [PATCH 1/2] enhancing the database special character allow list

---
 modules/database/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/database/main.tf b/modules/database/main.tf
index 9be58baf..f3439f5e 100644
--- a/modules/database/main.tf
+++ b/modules/database/main.tf
@@ -4,7 +4,7 @@
 resource "random_string" "tfe_pg_password" {
   length           = 24
   special          = true
-  override_special = "?!%&*"
+  override_special = "!#$%&*()-_=+[]{}<>?"
 }
 
 resource "azurerm_postgresql_flexible_server" "tfe" {

From 443b6f83846e35e5ae91bc4f17155d6be48ac916 Mon Sep 17 00:00:00 2001
From: John Kerry <john.kerry@hashicorp.com>
Date: Mon, 3 Jun 2024 20:14:08 -0400
Subject: [PATCH 2/2] explicitly setting public network access to false

---
 modules/database/main.tf | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/modules/database/main.tf b/modules/database/main.tf
index f3439f5e..109cdf0c 100644
--- a/modules/database/main.tf
+++ b/modules/database/main.tf
@@ -12,16 +12,17 @@ resource "azurerm_postgresql_flexible_server" "tfe" {
   name                = "${var.friendly_name_prefix}-pg"
   resource_group_name = var.resource_group_name
 
-  administrator_login    = var.database_user
-  administrator_password = random_string.tfe_pg_password.result
-  backup_retention_days  = var.database_backup_retention_days
-  delegated_subnet_id    = var.database_subnet_id
-  private_dns_zone_id    = var.database_private_dns_zone_id
-  sku_name               = var.database_machine_type
-  storage_mb             = var.database_size_mb
-  tags                   = var.tags
-  version                = var.database_version
-  zone                   = var.database_availability_zone
+  administrator_login           = var.database_user
+  administrator_password        = random_string.tfe_pg_password.result
+  public_network_access_enabled = false
+  backup_retention_days         = var.database_backup_retention_days
+  delegated_subnet_id           = var.database_subnet_id
+  private_dns_zone_id           = var.database_private_dns_zone_id
+  sku_name                      = var.database_machine_type
+  storage_mb                    = var.database_size_mb
+  tags                          = var.tags
+  version                       = var.database_version
+  zone                          = var.database_availability_zone
 }
 
 resource "azurerm_postgresql_flexible_server_configuration" "tfe" {