Merge pull request #14 from hmcts/init-db

Initial db creation and secret mappings

charts/opal-account-enquiry/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "1.0"
 description: A Helm chart for opal-account-enquiry app
 name: opal-account-enquiry
 home: https://github.com/hmcts/opal-account-enquiry
-version: 0.0.11
+version: 0.0.12
 maintainers:
   - name: HMCTS Opal Team
 dependencies:

charts/opal-account-enquiry/values.dev.template.yaml

@@ -2,6 +2,11 @@ java:
   # Don't modify below here
   image: ${IMAGE_NAME}
   ingressHost: ${SERVICE_FQDN}
+  keyVaults:
+    opal:
+      secrets:
+        - name: app-insights-connection-string
+          alias: app-insights-connection-string
   environment:
     OPAL_DB_HOST: "{{ .Release.Name }}-postgresql"
     OPAL_DB_NAME: "{{ .Values.postgresql.auth.database}}"

charts/opal-account-enquiry/values.yaml

@@ -7,5 +7,15 @@ java:
       secrets:
         - name: app-insights-connection-string
           alias: app-insights-connection-string
+        - name: account-enquiry-POSTGRES-HOST
+          alias: OPAL_DB_HOST
+        - name: account-enquiry-POSTGRES-PASS
+          alias: OPAL_DB_PASSWORD
+        - name: account-enquiry-POSTGRES-PORT
+          alias: OPAL_DB_PORT 
+        - name: account-enquiry-POSTGRES-USER
+          alias: OPAL_DB_USERNAME
+        - name: account-enquiry-POSTGRES-DATABASE
+          alias: OPAL_DB_DATABASE
   environment:
     RUN_DB_MIGRATION_ON_STARTUP: false

infrastructure/main.tf

@@ -1,3 +1,77 @@
 provider "azurerm" {
   features {}
 }
+
+provider "azurerm" {
+  features {}
+  skip_provider_registration = true
+  alias                      = "postgres_network"
+  subscription_id            = var.aks_subscription_id
+}
+
+locals {
+  db_name = "opal"
+}
+
+module "opal_db" {
+  providers = {
+    azurerm.postgres_network = azurerm.postgres_network
+  }
+
+  source = "git@github.com:hmcts/terraform-module-postgresql-flexible?ref=master"
+  env    = var.env
+
+  product       = var.product
+  component     = var.component
+  business_area = "sds"
+
+  pgsql_databases = [
+    {
+      name: local.db_name
+    }
+  ]
+
+  pgsql_version = "15"
+
+  # The ID of the principal to be granted admin access to the database server.
+  # On Jenkins it will be injected for you automatically as jenkins_AAD_objectId.
+  # Otherwise change the below:
+  admin_user_object_id = var.jenkins_AAD_objectId
+
+  common_tags = var.common_tags
+}
+
+data "azurerm_key_vault" "key_vault" {
+  name                = "${var.product}-${var.env}"
+  resource_group_name = "${var.product}-${var.env}"
+}
+
+resource "azurerm_key_vault_secret" "POSTGRES-USER" {
+  name         = "opal-db-POSTGRES-USER"
+  value        = module.opal_db.username
+  key_vault_id = data.azurerm_key_vault.key_vault.id
+}
+
+resource "azurerm_key_vault_secret" "POSTGRES-PASS" {
+  name         = "${var.component}-POSTGRES-PASS"
+  value        = module.opal_db.password
+  key_vault_id = data.azurerm_key_vault.key_vault.id
+}
+
+resource "azurerm_key_vault_secret" "POSTGRES_HOST" {
+  name         = "${var.component}-POSTGRES-HOST"
+  value        = module.opal_db.fqdn
+  key_vault_id = data.azurerm_key_vault.key_vault.id
+}
+
+resource "azurerm_key_vault_secret" "POSTGRES_PORT" {
+  name         = "${var.component}-POSTGRES-PORT"
+  value        = 5432
+  key_vault_id = data.azurerm_key_vault.key_vault.id
+}
+
+resource "azurerm_key_vault_secret" "POSTGRES_DATABASE" {
+  name         = "${var.component}-POSTGRES-DATABASE"
+  value        = local.db_name
+  key_vault_id = data.azurerm_key_vault.key_vault.id
+}

infrastructure/variables.tf

@@ -14,3 +14,8 @@ variable "common_tags" {
   type = map(string)
 }
 
+variable "aks_subscription_id" {}
+
+variable "jenkins_AAD_objectId" {
+  description = "(Required) The Azure AD object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies."
+}