Merge pull request #32 from commitdev/fix/db-name

davidcheung · web-flow · commit b2cee21982b1 · 2020-08-07T16:20:56.000-04:00
bug: fix where DB_NAME is not always project name
diff --git a/db-ops/create-db-user.sh b/db-ops/create-db-user.sh
@@ -3,13 +3,14 @@
 # docker image with postgres client only
 DOCKER_IMAGE_TAG=governmentpaas/psql:latest
 
-DB_ENDPOINT=$(aws rds describe-db-instances --region=$REGION --query "DBInstances[?DBName=='$PROJECT_NAME'].Endpoint.Address" | jq -r '.[0]')
+DB_ENDPOINT=database.$PROJECT_NAME
+DB_NAME=$(aws rds describe-db-instances --region=$REGION --query "DBInstances[?DBInstanceIdentifier=='$PROJECT_NAME-$ENVIRONMENT'].DBName" | jq -r '.[0]')
 SECRET_ID=$(aws secretsmanager list-secrets --region $REGION  --query "SecretList[?Name=='$PROJECT_NAME-$ENVIRONMENT-rds-$SEED'].Name" | jq -r ".[0]")
 # RDS MASTER
 MASTER_RDS_USERNAME=master_user
 SECRET_PASSWORD=$(aws secretsmanager get-secret-value --region=$REGION --secret-id=$SECRET_ID | jq -r ".SecretString")
 # APPLICATION DB ADMIN
-DB_APP_USERNAME=$PROJECT_NAME
+DB_APP_USERNAME=$DB_NAME
 DB_APP_PASSWORD=$(LC_ALL=C tr -dc 'A-Za-z0-9' < /dev/urandom | base64 | head -c 16)
 
 # Fill in env-vars to db user creation manifest
@@ -19,13 +20,13 @@ eval "echo \"$(cat ./db-ops/job-create-db.yml.tpl)\"" > ./k8s-job-create-db.yml
 # 2. Secret in db-ops: db-create-users (with master password, and a .sql file
 # 3. Job in db-ops: db-create-users (runs the .sql file against the RDS given master_password from env)
 # 4. Secret in Application namespace with DB_USERNAME / DB_PASSWORD 
-kubectl create -f ./k8s-job-create-db.yml
+kubectl apply -f ./k8s-job-create-db.yml
 
 # Deleting the entire db-ops namespace, leaving ONLY application-namespace's secret behind
 kubectl -n db-ops wait --for=condition=complete --timeout=10s job db-create-users
 if [ $? -eq 0 ]
 then 
-  kubectl delete namespace db-ops
+  kubectl get namespace db-ops
 else 
   echo "Failed to create application database user, please see 'kubectl logs -n db-ops -l job-name=db-create-users'"
 fi
diff --git a/db-ops/job-create-db.yml.tpl b/db-ops/job-create-db.yml.tpl
@@ -12,7 +12,7 @@ type: Opaque
 stringData: 
   create-user.sql: |
     create user $DB_APP_USERNAME with encrypted password '$DB_APP_PASSWORD';
-    grant all privileges on database $PROJECT_NAME to $DB_APP_USERNAME;
+    grant all privileges on database $DB_NAME to $DB_APP_USERNAME;
   RDS_MASTER_PASSWORD: $SECRET_PASSWORD
 ---
 apiVersion: v1
@@ -45,7 +45,7 @@ spec:
         - sh
         args: 
         - '-c' 
-        - psql -U$MASTER_RDS_USERNAME -h $DB_ENDPOINT $PROJECT_NAME -a -f/db-ops/create-user.sql > /dev/null
+        - psql -U$MASTER_RDS_USERNAME -h $DB_ENDPOINT $DB_NAME -a -f/db-ops/create-user.sql > /dev/null
         env:
         - name: PGPASSWORD
           valueFrom:
@@ -62,3 +62,36 @@ spec:
             secretName: db-create-users
       restartPolicy: Never
   backoffLimit: 1
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: db-pod
+  namespace: $PROJECT_NAME
+spec:
+# this is purposely left at 0 so it can be enabled for troubleshooting purposes
+  replicas: 0
+  selector:
+    matchLabels:
+      app: db-pod
+  template:
+    metadata:
+      labels:
+        app: db-pod
+    spec:
+      automountServiceAccountToken: false
+      containers:
+      - command:
+        - tail
+        - -f
+        - /dev/null
+        image: governmentpaas/psql:latest
+        imagePullPolicy: Always
+        name: db-pod
+        env:
+        - name: PGPASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: $PROJECT_NAME
+              key: DATABASE_PASSWORD
+
