[PRMP-120] Readding the postgresql provider, which is required for de…

…commissioning resources already in the state (#111)

* [PRMP-120] Readding the postgresql provider, which is required for decommissioning resources already in the state

* [PRMP-120-TF-FIX] Add manual approval steps for deploy and deploy_db

---------

Co-authored-by: Kris Bloe <kris.bloe@answerdigital.com>
Co-authored-by: Mohammad Iqbal <mohammad.iqbal27@nhs.net>

gocd/deploy.pipeline.gocd.yml

@@ -130,6 +130,9 @@ pipelines:
           jobs:
             plan_db: *plan_db
       - deploy_db:
+          approval:
+            type: manual
+            allow_only_on_success: true
           clean_workspace: true
           jobs:
             deploy_db: *deploy_db
@@ -138,6 +141,9 @@ pipelines:
           jobs:
             plan: *plan
       - deploy:
+          approval:
+            type: manual
+            allow_only_on_success: true
           clean_workspace: true
           jobs:
             deploy: *deploy

tasks

@@ -209,13 +209,17 @@ function tf_plan {
 
 function tf_plan_db_roles {
   operation=$1
+  db_host=$(_get_aws_ssm_secret "/repo/${NHS_ENVIRONMENT}/output/prm-deductions-ehr-repository/db-host")
+  db_username=$(_get_aws_ssm_secret "/repo/${NHS_ENVIRONMENT}/user-input/ehr-repo-db-username")
+  db_password=$(_get_aws_ssm_secret "/repo/${NHS_ENVIRONMENT}/user-input/ehr-repo-db-password")
+  db_name=$(_get_aws_ssm_secret "/repo/${NHS_ENVIRONMENT}/output/prm-deductions-ehr-repository/db-name")
 
   tf_init_db_roles
   terraform get # modules
   if [[ "${operation}" == "create" ]]; then
-    terraform plan -var environment=$NHS_ENVIRONMENT -out="db-roles.tfplan"
+    terraform plan -var db_host=$db_host -var db_username=$db_username -var db_password=$db_password -var environment=$NHS_ENVIRONMENT -var db_name=$db_name -out="db-roles.tfplan"
   elif [[ "${operation}" == "destroy" ]]; then
-    terraform plan -var environment=$NHS_ENVIRONMENT -out="db-roles.tfplan" -destroy
+    terraform plan -var db_host=$db_host -var db_username=$db_username -var db_password=$db_password -var environment=$NHS_ENVIRONMENT -var db_name=$db_name -out="db-roles.tfplan" -destroy
   else
     echo "Unknown operation (should be create or destroy), got: ${operation}"
     exit 1

terraform-db-roles/main.tf

@@ -3,11 +3,25 @@ provider "aws" {
   region  = var.region
 }
 
+provider "postgresql" {
+  host            = var.db_host
+  port            = var.db_port
+  database        = var.db_name
+  username        = var.db_username
+  password        = var.db_password
+  connect_timeout = 15
+  superuser       = false
+}
+
 terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
       version = "3.44.0"
     }
+    postgresql = {
+      source  = "cyrilgdn/postgresql"
+      version = "1.13.0"
+    }
   }
-}
+}

terraform-db-roles/variables.tf

@@ -14,3 +14,13 @@ variable "component_name" {
 }
 
 variable "environment" {}
+
+## RDS
+variable "db_name" {}
+variable "db_host" {}
+variable "db_username" {}
+variable "db_password" {}
+variable "db_port" {
+  type    = string
+  default = "5432"
+}