setup postgres and sqlserver data variable for connecting to a metada…

…ta database
CDCgov · Nov 21, 2024 · 8b9d5e4 · 8b9d5e4
1 parent bc07eba
commit 8b9d5e4
Show file tree

Hide file tree

Showing 8 changed files with 212 additions and 10 deletions.
diff --git a/README.md b/README.md
diff --git a/_check.tf b/_check.tf
@@ -0,0 +1,12 @@
+check "database_data_non_integrated_viewer" {
+  assert {
+    condition     = (
+      (local.database_data.non_integrated_viewer == "false" && 
+        length(local.database_data.metadata_database_type) == 0) || 
+      (local.database_data.non_integrated_viewer == "true" && 
+        length(local.database_data.metadata_database_type) > 0 && 
+        length(local.database_data.metadata_database_schema) > 0)
+    )
+    error_message = "When non_integrated_viewer is false, no other database data should be provided. When non_integrated_viewer is true, metadata_database_type, metadata_database_schema, and secrets_manager_* variables should be provided."
+  }
+}
diff --git a/_local.tf b/_local.tf
@@ -8,6 +8,8 @@ locals {
   registry_url      = var.disable_ecr == false ? "${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.region}.amazonaws.com" : "ghcr.io/cdcgov/phdi"
   registry_username = data.aws_ecr_authorization_token.this.user_name
   registry_password = data.aws_ecr_authorization_token.this.password
+  database_data = var.postgres_database_data.non_integrated_viewer == "true" ? var.postgres_database_data : var.sqlserver_database_data
+
   service_data = length(var.service_data) > 0 ? var.service_data : {
     ecr-viewer = {
       short_name     = "ecrv",
@@ -36,7 +38,7 @@ locals {
         },
         {
           name  = "NEXT_PUBLIC_NON_INTEGRATED_VIEWER",
-          value = var.non_integrated_viewer
+          value = local.database_data.non_integrated_viewer
         },
         {
           name  = "SOURCE",
@@ -53,6 +55,30 @@ locals {
         {
           name  = "NEXT_PUBLIC_BASEPATH",
           value = var.ecr_viewer_basepath
+        },
+        {
+          name = "METADATA_DATABASE_TYPE",
+          value = local.database_data.non_integrated_viewer == "true" ? local.database_data.metadata_database_type : ""
+        },
+        {
+          name = "METADATA_DATABASE_SCHEMA",
+          value = local.database_data.non_integrated_viewer == "true" ? local.database_data.metadata_database_schema : ""
+        },
+        {
+          name = "DATABASE_URL",
+          value = local.database_data.metadata_database_type == "postgres" ? local.database_data.secrets_manager_postgres_database_url_arn : ""
+        },
+        {
+          name = "SQL_SERVER_USER",
+          value = local.database_data.metadata_database_type == "sqlserver" ? local.database_data.secrets_manager_sqlserver_user_arn : ""
+        },
+        {
+          name = "SQL_SERVER_PASSWORD",
+          value = local.database_data.metadata_database_type == "sqlserver" ? local.database_data.secrets_manager_sqlserver_password_arn : ""
+        },
+        {
+          name = "SQL_SERVER_HOST",
+          value = local.database_data.metadata_database_type == "sqlserver" ? local.database_data.secrets_manager_sqlserver_host_arn : ""
         }
       ]
     },

diff --git a/_variable.tf b/_variable.tf
@@ -113,10 +113,44 @@ variable "service_data" {
   default     = {}
 }
 
+variable "postgres_database_data" {
+  type = object({
+    non_integrated_viewer                     = string
+    metadata_database_type                    = string
+    metadata_database_schema                  = string
+    secrets_manager_postgres_database_url_arn = string
+  })
+  default = {
+    non_integrated_viewer                     = "false"
+    metadata_database_type                    = ""
+    metadata_database_schema                  = ""
+    secrets_manager_postgres_database_url_arn = ""
+  }
+}
+
+variable "sqlserver_database_data" {
+  type = object({
+    non_integrated_viewer                  = string
+    metadata_database_type                 = string
+    metadata_database_schema               = string
+    secrets_manager_sqlserver_user_arn     = string
+    secrets_manager_sqlserver_password_arn = string
+    secrets_manager_sqlserver_host_arn     = string
+  })
+  default = {
+    non_integrated_viewer                  = "false"
+    metadata_database_type                 = ""
+    metadata_database_schema               = ""
+    secrets_manager_sqlserver_user_arn     = ""
+    secrets_manager_sqlserver_password_arn = ""
+    secrets_manager_sqlserver_host_arn     = ""
+  }
+}
+
 variable "certificate_arn" {
   type        = string
   description = "ARN of the SSL certificate that enables ssl termination on the ALB"
-  default = ""
+  default     = ""
 }
 
 variable "vpc_id" {
@@ -148,12 +182,6 @@ variable "tags" {
   default     = {}
 }
 
-variable "non_integrated_viewer" {
-  type        = string
-  description = "A flag to determine if the viewer is the non-integrated version"
-  default     = "false"
-}
-
 variable "ecr_viewer_basepath" {
   type        = string
   description = "The basepath for the ecr-viewer"

diff --git a/alb.tf b/alb.tf
@@ -120,7 +120,7 @@ resource "aws_alb_listener_rule" "http" {
 }
 
 resource "aws_alb_listener" "https" {
-  count            = var.certificate_arn != "" ? 1 : 0
+  count             = var.certificate_arn != "" ? 1 : 0
   load_balancer_arn = aws_alb.ecs.arn
   port              = "443"
   protocol          = "HTTPS"

diff --git a/tffmt.sh b/tffmt.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+terraform fmt
diff --git a/tflint.sh b/tflint.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+tflint -f compact
diff --git a/tfutil.sh b/tfutil.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+terraform fmt
+terraform-docs markdown table --output-file README.md --output-mode inject .
+tflint -f compact