setup tefca jdbc database connection strings and update db url name

CDCgov · Sep 24, 2024 · dcad4f3 · dcad4f3
1 parent b341656
commit dcad4f3
Showing 7 changed files with 65 additions and 11 deletions.
diff --git a/terraform/aws/implementation/main.tf b/terraform/aws/implementation/main.tf
@@ -43,6 +43,9 @@ module "eks" {
   ecr_viewer_s3_role_arn     = module.s3.ecr_viewer_s3_role_arn
   tefca_viewer_db_role_arn   = module.rds.tefca_viewer_db_role_arn
   tefca_db_connection_string = module.rds.tefca_db_connection_string
+  tefca_jdbc_db_url          = module.rds.tefca_jdbc_db_url
+  tefca_jdbc_db_password     = module.rds.tefca_jdbc_db_password
+  tefca_jdbc_db_user         = module.rds.tefca_jdbc_db_user
   domain_name                = local.domain_name
   ecr_bucket_name            = module.s3.ecr_bucket_name
   enable_cognito             = var.enable_cognito

diff --git a/terraform/aws/implementation/modules/eks/README.md b/terraform/aws/implementation/modules/eks/README.md
@@ -79,6 +79,9 @@
 | <a name="input_smarty_auth_id"></a> [smarty\_auth\_id](#input\_smarty\_auth\_id) | value of the SmartyStreets Auth ID | `any` | n/a | yes |
 | <a name="input_smarty_auth_token"></a> [smarty\_auth\_token](#input\_smarty\_auth\_token) | value of the SmartyStreets Auth Token | `any` | n/a | yes |
 | <a name="input_tefca_db_connection_string"></a> [tefca\_db\_connection\_string](#input\_tefca\_db\_connection\_string) | Connection string to the tefca database | `any` | n/a | yes |
+| <a name="input_tefca_jdbc_db_password"></a> [tefca\_jdbc\_db\_password](#input\_tefca\_jdbc\_db\_password) | JDBC password for flyway to the tefca database | `any` | n/a | yes |
+| <a name="input_tefca_jdbc_db_url"></a> [tefca\_jdbc\_db\_url](#input\_tefca\_jdbc\_db\_url) | JDBC connection string for flyway to the tefca database | `any` | n/a | yes |
+| <a name="input_tefca_jdbc_db_user"></a> [tefca\_jdbc\_db\_user](#input\_tefca\_jdbc\_db\_user) | JDBC username for flyway to the tefca database | `any` | n/a | yes |
 | <a name="input_tefca_viewer_db_role_arn"></a> [tefca\_viewer\_db\_role\_arn](#input\_tefca\_viewer\_db\_role\_arn) | The db Role ARN for the Tefca Viewer Service | `any` | n/a | yes |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | ID of the VPC | `string` | n/a | yes |
 

diff --git a/terraform/aws/implementation/modules/eks/main.tf b/terraform/aws/implementation/modules/eks/main.tf
@@ -298,30 +298,46 @@ data "external" "latest_phdi_release" {
 resource "helm_release" "building_blocks" {
   depends_on      = [terraform_data.wait_for_load_balancer_controller]
   for_each        = var.services_to_chart
-  repository      = "https://github.com/CDCgov/phdi-charts/tree/alis/upgrades/2565/85"
+  repository      = "https://cdcgov.github.io/phdi-charts/"
   name            = "phdi-playground-${terraform.workspace}-${each.key}"
   chart           = each.value
   version         = data.external.chart_versions.result[each.value]
   force_update    = true
   recreate_pods   = true
   cleanup_on_fail = true
 
-  set {
-    name  = "databaseUrl"
+  set_sensitive {
+    name  = "jdbcDatabaseUrl"
+    value = var.tefca_jdbc_db_url
+  }
+
+  set_sensitive {
+    name  = "jdbcDatabasePassword"
+    value = var.tefca_jdbc_db_password
+  }
+
+  set_sensitive {
+    name  = "jdbcDatabaseUser"
+    value = var.tefca_jdbc_db_user
+  }
+
+  set_sensitive {
+    name  = "databaseConnectionString"
     value = var.tefca_db_connection_string
   }
 
   set {
     name  = "image.tag"
-    value = data.external.latest_phdi_release.result.tagName
+    # value = data.external.latest_phdi_release.result.tagName
+    value = "v1.6.7"
   }
 
-  set {
+  set_sensitive {
     name  = "smartyAuthId"
     value = var.smarty_auth_id
   }
 
-  set {
+  set_sensitive {
     name  = "smartyToken"
     value = var.smarty_auth_token
   }
@@ -337,6 +353,8 @@ resource "helm_release" "building_blocks" {
   }
 
   #  Values needed for orchestration service
+  # "phdi-playground-${terraform.workspace}-${each.key}-${each.key}-service"
+  # phdi-playground-dev-ecr-viewer-ecr-viewer-service
   set {
     name  = "fhirConverterUrl"
     value = "https://${var.domain_name}/fhir-converter"

diff --git a/terraform/aws/implementation/modules/eks/variables.tf b/terraform/aws/implementation/modules/eks/variables.tf
@@ -89,4 +89,16 @@ variable "cognito_domain" {
 
 variable "tefca_db_connection_string" {
   description = "Connection string to the tefca database"
+}
+
+variable "tefca_jdbc_db_url" {
+  description = "JDBC connection string for flyway to the tefca database"
+}
+
+variable "tefca_jdbc_db_password" {
+  description = "JDBC password for flyway to the tefca database"
+}
+
+variable "tefca_jdbc_db_user" {
+  description = "JDBC username for flyway to the tefca database"
 }
diff --git a/terraform/aws/implementation/modules/rds/README.md b/terraform/aws/implementation/modules/rds/README.md
@@ -48,5 +48,8 @@ No modules.
 | Name | Description |
 |------|-------------|
 | <a name="output_tefca_db_connection_string"></a> [tefca\_db\_connection\_string](#output\_tefca\_db\_connection\_string) | n/a |
+| <a name="output_tefca_jdbc_db_password"></a> [tefca\_jdbc\_db\_password](#output\_tefca\_jdbc\_db\_password) | n/a |
+| <a name="output_tefca_jdbc_db_url"></a> [tefca\_jdbc\_db\_url](#output\_tefca\_jdbc\_db\_url) | n/a |
+| <a name="output_tefca_jdbc_db_user"></a> [tefca\_jdbc\_db\_user](#output\_tefca\_jdbc\_db\_user) | n/a |
 | <a name="output_tefca_viewer_db_role_arn"></a> [tefca\_viewer\_db\_role\_arn](#output\_tefca\_viewer\_db\_role\_arn) | n/a |
 <!-- END_TF_DOCS -->
diff --git a/terraform/aws/implementation/modules/rds/main.tf b/terraform/aws/implementation/modules/rds/main.tf
@@ -7,7 +7,7 @@ resource "aws_db_instance" "tefca-viewer-db" {
   engine                    = var.engine_type
   engine_version            = var.engine_version
   username                  = var.db_username
-  password                  = random_string.setup_rds_password.result
+  password                  = random_password.setup_rds_password.result
   db_subnet_group_name      = aws_db_subnet_group.this.name
   vpc_security_group_ids    = [aws_security_group.ds_sg.id]
   parameter_group_name      = aws_db_parameter_group.this.name
@@ -40,7 +40,7 @@ resource "aws_security_group" "ds_sg" {
     from_port   = 5432
     to_port     = 5432
     protocol    = "tcp"
-    cidr_blocks = ["10.0.0.0/16"]
+    cidr_blocks = ["176.24.0.0/16"]
   }
 
   # Allow all outbound traffic
@@ -65,9 +65,9 @@ resource "aws_db_subnet_group" "this" {
 
 # TODO: Update for Production to AWS Secrets Manager 
 # This resource's attribute(s) default value is true 
-resource "random_string" "setup_rds_password" {
+resource "random_password" "setup_rds_password" {
   length = 13 #update as needed
 
   # Character set that excludes problematic characters like quotes, backslashes, etc.
-  override_special = "_!@#-$%^&*()[]{}"
+  override_special = "()[]{}"
 }
diff --git a/terraform/aws/implementation/modules/rds/output.tf b/terraform/aws/implementation/modules/rds/output.tf
@@ -3,6 +3,21 @@ output "tefca_viewer_db_role_arn" {
 }
 
 output "tefca_db_connection_string" {
-  value     = "postgresql://${aws_db_instance.tefca-viewer-db.username}:${aws_db_instance.tefca-viewer-db.password}@${aws_db_instance.tefca-viewer-db.endpoint}:5432/${aws_db_instance.tefca-viewer-db.db_name}"
+  value     = "postgresql://${aws_db_instance.tefca-viewer-db.username}:${aws_db_instance.tefca-viewer-db.password}@${aws_db_instance.tefca-viewer-db.endpoint}/${aws_db_instance.tefca-viewer-db.db_name}"
   sensitive = true
 }
+
+output "tefca_jdbc_db_url" {
+  value     = "jdbc:postgres://${aws_db_instance.tefca-viewer-db.endpoint}/${aws_db_instance.tefca-viewer-db.db_name}"
+  sensitive = true
+}
+
+output "tefca_jdbc_db_user" {
+  value = aws_db_instance.tefca-viewer-db.username
+  sensitive = true
+}
+
+output "tefca_jdbc_db_password" {
+  value = aws_db_instance.tefca-viewer-db.password
+  sensitive = true
+}