Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DACP: delete db migration scripts, add dummy data instead #3767

Merged
merged 6 commits into from
Oct 24, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1,777 changes: 1,777 additions & 0 deletions terraform/environments/dacp/dacp_dummydata.sql

Large diffs are not rendered by default.

22 changes: 0 additions & 22 deletions terraform/environments/dacp/migrate_db.sh

This file was deleted.

4 changes: 2 additions & 2 deletions terraform/environments/dacp/providers.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
provider "aws" {
region = "eu-west-2"
access_key = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["ACCESS_KEY"]
secret_key = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["SECRET_KEY"]
# access_key = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["ACCESS_KEY"]
# secret_key = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["SECRET_KEY"]
alias = "tacticalproducts"
}
64 changes: 7 additions & 57 deletions terraform/environments/dacp/rds.tf
Original file line number Diff line number Diff line change
Expand Up @@ -20,40 +20,10 @@ resource "aws_db_subnet_group" "dbsubnetgroup" {
subnet_ids = data.aws_subnets.shared-public.ids
}

//SG for accessing the tacticalproducts source DB:
resource "aws_security_group" "modernisation_dacp_access" {
provider = aws.tacticalproducts
name = "modernisation_dacp_access-${local.environment}"
description = "Allow dacp on modernisation platform to access the source database"

ingress {
from_port = 5432
to_port = 5432
protocol = "tcp"
description = "Allow dacp on modernisation platform to connect to source database"
cidr_blocks = ["${jsondecode(data.http.myip.response_body)["ip"]}/32"]
}

egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}

resource "aws_security_group" "postgresql_db_sc" {
name = "postgres_security_group"
description = "control access to the database"
vpc_id = data.aws_vpc.shared.id

ingress {
from_port = 5432
to_port = 5432
protocol = "tcp"
description = "MOJ Digital VPN access"
cidr_blocks = [local.application_data.accounts[local.environment].moj_ip]
}
ingress {
from_port = 5432
to_port = 5432
Expand Down Expand Up @@ -94,39 +64,19 @@ data "http" "myip" {
}

resource "null_resource" "setup_db" {
depends_on = [aws_db_instance.dacp_db]

provisioner "local-exec" {
interpreter = ["bash", "-c"]
command = "chmod +x ./migrate_db.sh; ./migrate_db.sh"
count = local.is-development ? 1 : 0

environment = {
SOURCE_DB_HOSTNAME = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["SOURCE_DB_HOSTNAME"]
SOURCE_DB_NAME = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["SOURCE_DB_NAME"]
SOURCE_DB_USERNAME = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["SOURCE_DB_USERNAME"]
SOURCE_DB_PASSWORD = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["SOURCE_DB_PASSWORD"]
DB_HOSTNAME = aws_db_instance.dacp_db.address
DB_NAME = aws_db_instance.dacp_db.db_name
DACP_DB_USERNAME = local.application_data.accounts[local.environment].db_username
DACP_DB_PASSWORD = random_password.password.result
}
}
triggers = {
always_run = "${timestamp()}"
}
}
depends_on = [aws_db_instance.dacp_db]

// executes a local script to set up the security group for the source RDS instance.
resource "null_resource" "setup_source_rds_security_group" {
provisioner "local-exec" {
interpreter = ["bash", "-c"]
command = "chmod +x ./setup-security-group-${local.environment}.sh; ./setup-security-group-${local.environment}.sh"
command = "chmod +x ./setup-dev-db.sh; ./setup-dev-db.sh"

environment = {
RDS_SECURITY_GROUP = aws_security_group.modernisation_dacp_access.id
RDS_SOURCE_ACCOUNT_ACCESS_KEY = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["ACCESS_KEY"]
RDS_SOURCE_ACCOUNT_SECRET_KEY = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["SECRET_KEY"]
RDS_SOURCE_ACCOUNT_REGION = "eu-west-2"
DB_HOSTNAME = aws_db_instance.dacp_db.address
DB_NAME = aws_db_instance.dacp_db.db_name
DACP_DB_USERNAME = aws_db_instance.dacp_db.username
DACP_DB_PASSWORD = random_password.password.result
}
}
triggers = {
Expand Down
9 changes: 0 additions & 9 deletions terraform/environments/dacp/secrets.tf
Original file line number Diff line number Diff line change
Expand Up @@ -27,12 +27,3 @@ data "aws_secretsmanager_secret_version" "get_rds_credentials" {
depends_on = [aws_secretsmanager_secret_version.rds_credentials]
secret_id = data.aws_secretsmanager_secret.get_dacp_db_secrets.id
}

// retrieve secrets for the tactical products database
data "aws_secretsmanager_secret" "get_tactical_products_db_secrets" {
arn = "arn:aws:secretsmanager:eu-west-2:${data.aws_caller_identity.current.account_id}:secret:tactical-products-db-secrets-${local.application_data.accounts[local.environment].tactical_products_db_secrets_arn}"
}

data "aws_secretsmanager_secret_version" "get_tactical_products_rds_credentials" {
secret_id = data.aws_secretsmanager_secret.get_tactical_products_db_secrets.id
}
12 changes: 12 additions & 0 deletions terraform/environments/dacp/setup-dev-db.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
#!/bin/bash

export PGPASSWORD=$DACP_DB_PASSWORD;
# if database contains schema dbo then store schema name inside variable.
SCHEMA=$(psql -h ${DB_HOSTNAME} -p 5432 -U $DACP_DB_USERNAME -d $DB_NAME -c "SELECT schema_name FROM information_schema.schemata WHERE schema_name = 'dbo'" | grep -o 'dbo')
echo "Schema = $SCHEMA"

if [ "$SCHEMA" == "dbo" ]; then
echo "The Schema dbo is already present in the database"
else
psql -h ${DB_HOSTNAME} -p 5432 -U $DACP_DB_USERNAME -d $DB_NAME -c "\i dacp_dummydata.sql;";
fi
12 changes: 0 additions & 12 deletions terraform/environments/dacp/setup-security-group-development.sh

This file was deleted.

This file was deleted.

12 changes: 0 additions & 12 deletions terraform/environments/dacp/setup-security-group-production.sh

This file was deleted.