Skip to content

Commit

Permalink
DACP: Delete db migration scripts, add dummy data instead (#3767)
Browse files Browse the repository at this point in the history
  • Loading branch information
@matt-k1998 @pavmoj
matt-k1998 authored and pavmoj committed Oct 24, 2023
1 parent 80d8607 commit fd5261e
Show file tree
Hide file tree
Showing 9 changed files with 1,798 additions and 126 deletions.
1,777 changes: 1,777 additions & 0 deletions terraform/environments/dacp/dacp_dummydata.sql
View file

Large diffs are not rendered by default.

22 changes: 0 additions & 22 deletions terraform/environments/dacp/migrate_db.sh
View file

This file was deleted.

4 changes: 2 additions & 2 deletions terraform/environments/dacp/providers.tf
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
provider "aws" {
region = "eu-west-2"
access_key = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["ACCESS_KEY"]
secret_key = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["SECRET_KEY"]
# access_key = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["ACCESS_KEY"]
# secret_key = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["SECRET_KEY"]
alias = "tacticalproducts"
}
64 changes: 7 additions & 57 deletions terraform/environments/dacp/rds.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,40 +20,10 @@ resource "aws_db_subnet_group" "dbsubnetgroup" {
subnet_ids = data.aws_subnets.shared-public.ids
}

//SG for accessing the tacticalproducts source DB:
resource "aws_security_group" "modernisation_dacp_access" {
provider = aws.tacticalproducts
name = "modernisation_dacp_access-${local.environment}"
description = "Allow dacp on modernisation platform to access the source database"

ingress {
from_port = 5432
to_port = 5432
protocol = "tcp"
description = "Allow dacp on modernisation platform to connect to source database"
cidr_blocks = ["${jsondecode(data.http.myip.response_body)["ip"]}/32"]
}

egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}

resource "aws_security_group" "postgresql_db_sc" {
name = "postgres_security_group"
description = "control access to the database"
vpc_id = data.aws_vpc.shared.id

ingress {
from_port = 5432
to_port = 5432
protocol = "tcp"
description = "MOJ Digital VPN access"
cidr_blocks = [local.application_data.accounts[local.environment].moj_ip]
}
ingress {
from_port = 5432
to_port = 5432
Expand Down Expand Up @@ -94,39 +64,19 @@ data "http" "myip" {
}

resource "null_resource" "setup_db" {
depends_on = [aws_db_instance.dacp_db]

provisioner "local-exec" {
interpreter = ["bash", "-c"]
command = "chmod +x ./migrate_db.sh; ./migrate_db.sh"
count = local.is-development ? 1 : 0

environment = {
SOURCE_DB_HOSTNAME = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["SOURCE_DB_HOSTNAME"]
SOURCE_DB_NAME = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["SOURCE_DB_NAME"]
SOURCE_DB_USERNAME = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["SOURCE_DB_USERNAME"]
SOURCE_DB_PASSWORD = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["SOURCE_DB_PASSWORD"]
DB_HOSTNAME = aws_db_instance.dacp_db.address
DB_NAME = aws_db_instance.dacp_db.db_name
DACP_DB_USERNAME = local.application_data.accounts[local.environment].db_username
DACP_DB_PASSWORD = random_password.password.result
}
}
triggers = {
always_run = "${timestamp()}"
}
}
depends_on = [aws_db_instance.dacp_db]

// executes a local script to set up the security group for the source RDS instance.
resource "null_resource" "setup_source_rds_security_group" {
provisioner "local-exec" {
interpreter = ["bash", "-c"]
command = "chmod +x ./setup-security-group-${local.environment}.sh; ./setup-security-group-${local.environment}.sh"
command = "chmod +x ./setup-dev-db.sh; ./setup-dev-db.sh"

environment = {
RDS_SECURITY_GROUP = aws_security_group.modernisation_dacp_access.id
RDS_SOURCE_ACCOUNT_ACCESS_KEY = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["ACCESS_KEY"]
RDS_SOURCE_ACCOUNT_SECRET_KEY = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["SECRET_KEY"]
RDS_SOURCE_ACCOUNT_REGION = "eu-west-2"
DB_HOSTNAME = aws_db_instance.dacp_db.address
DB_NAME = aws_db_instance.dacp_db.db_name
DACP_DB_USERNAME = aws_db_instance.dacp_db.username
DACP_DB_PASSWORD = random_password.password.result
}
}
triggers = {
Expand Down
9 changes: 0 additions & 9 deletions terraform/environments/dacp/secrets.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,12 +27,3 @@ data "aws_secretsmanager_secret_version" "get_rds_credentials" {
depends_on = [aws_secretsmanager_secret_version.rds_credentials]
secret_id = data.aws_secretsmanager_secret.get_dacp_db_secrets.id
}

// retrieve secrets for the tactical products database
data "aws_secretsmanager_secret" "get_tactical_products_db_secrets" {
arn = "arn:aws:secretsmanager:eu-west-2:${data.aws_caller_identity.current.account_id}:secret:tactical-products-db-secrets-${local.application_data.accounts[local.environment].tactical_products_db_secrets_arn}"
}

data "aws_secretsmanager_secret_version" "get_tactical_products_rds_credentials" {
secret_id = data.aws_secretsmanager_secret.get_tactical_products_db_secrets.id
}
12 changes: 12 additions & 0 deletions terraform/environments/dacp/setup-dev-db.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
#!/bin/bash

export PGPASSWORD=$DACP_DB_PASSWORD;
# if database contains schema dbo then store schema name inside variable.
SCHEMA=$(psql -h ${DB_HOSTNAME} -p 5432 -U $DACP_DB_USERNAME -d $DB_NAME -c "SELECT schema_name FROM information_schema.schemata WHERE schema_name = 'dbo'" | grep -o 'dbo')
echo "Schema = $SCHEMA"

if [ "$SCHEMA" == "dbo" ]; then
echo "The Schema dbo is already present in the database"
else
psql -h ${DB_HOSTNAME} -p 5432 -U $DACP_DB_USERNAME -d $DB_NAME -c "\i dacp_dummydata.sql;";
fi
12 changes: 0 additions & 12 deletions terraform/environments/dacp/setup-security-group-development.sh
View file

This file was deleted.

12 changes: 0 additions & 12 deletions terraform/environments/dacp/setup-security-group-preproduction.sh
View file

This file was deleted.

12 changes: 0 additions & 12 deletions terraform/environments/dacp/setup-security-group-production.sh
View file

This file was deleted.

0 comments on commit fd5261e

Please sign in to comment.