[PRMP-120] Reordering the GoCD pipeline tasks to resolve Terraform ru…

…n ordering issue (#109)

---------
Co-authored-by: Andy Flint <andrew.flint2@nhs.net>

Dockerfile

@@ -32,22 +32,17 @@ RUN apk add --no-cache \
 COPY build/                   /app/build
 
 COPY scripts/load-api-keys.sh      /app/scripts/load-api-keys.sh
-COPY scripts/run-server-with-db.sh /usr/bin/run-ehr-server
+COPY scripts/run-server.sh /usr/bin/run-ehr-server
 
 COPY ./certs/deductions.crt /usr/local/share/ca-certificates/deductions.crt
 RUN update-ca-certificates
 
 ENV NODE_EXTRA_CA_CERTS=/usr/local/share/ca-certificates/deductions.crt
 
 ENV AUTHORIZATION_KEYS="auth-key-1" \
-  SKIP_DB_MIGRATION="" \
   NODE_ENV="prod" \
   NHS_ENVIRONMENT="" \
   S3_BUCKET_NAME="" \
-  DATABASE_USER="" \
-  DATABASE_PASSWORD="" \
-  DATABASE_NAME="" \
-  DATABASE_HOST="" \
   LOCALSTACK_URL=""
 
 WORKDIR /app

gocd/deploy.pipeline.gocd.yml

@@ -8,11 +8,6 @@ common:
           source: terraform/certs_deployment.tfplan
           destination: terraform/
     tasks:
-      - exec:
-          command: /bin/bash
-          arguments:
-            - -c
-            - ./tasks create_secrets
       - exec:
           command: /bin/bash
           arguments:
@@ -33,62 +28,62 @@ common:
           arguments:
             - -c
             - ./tasks tf_apply_certs
-  plan: &plan
+  plan_db: &plan_db
     resources:
       - docker
     artifacts:
       - build:
-          source: terraform/deployment.tfplan
-          destination: terraform/
+          source: terraform-db-roles/db-roles.tfplan
+          destination: terraform-db-roles/
     tasks:
       - exec:
           command: /bin/bash
           arguments:
             - -c
-            - ./tasks tf_plan create
-  deploy: &deploy
+            - ./tasks tf_plan_db_roles create
+  deploy_db: &deploy_db
     resources:
       - docker
     tasks:
       - fetch:
-          stage: plan
-          job: plan
-          source: terraform/deployment.tfplan
-          destination: terraform/
+          stage: plan_db
+          job: plan_db
+          source: terraform-db-roles/db-roles.tfplan
+          destination: terraform-db-roles/
           is_file: yes
       - exec:
           command: /bin/bash
           arguments:
             - -c
-            - ./tasks tf_apply
-  plan_db: &plan_db
+            - ./tasks tf_apply_db_roles
+  plan: &plan
     resources:
       - docker
     artifacts:
       - build:
-          source: terraform-db-roles/db-roles.tfplan
-          destination: terraform-db-roles/
+          source: terraform/deployment.tfplan
+          destination: terraform/
     tasks:
       - exec:
           command: /bin/bash
           arguments:
             - -c
-            - ./tasks tf_plan_db_roles create
-  deploy_db: &deploy_db
+            - ./tasks tf_plan create
+  deploy: &deploy
     resources:
       - docker
     tasks:
       - fetch:
-          stage: plan_db
-          job: plan_db
-          source: terraform-db-roles/db-roles.tfplan
-          destination: terraform-db-roles/
+          stage: plan
+          job: plan
+          source: terraform/deployment.tfplan
+          destination: terraform/
           is_file: yes
       - exec:
           command: /bin/bash
           arguments:
             - -c
-            - ./tasks tf_apply_db_roles
+            - ./tasks tf_apply
       - exec:
           command: /bin/bash
           arguments:

scripts/run-server-with-db.sh → scripts/run-server.sh

@@ -9,11 +9,9 @@ function jsonPrettify {
   echo "{message: $1, level: $2, timestamp: `timestamp`, service: ${NHS_SERVICE}, environment: ${NHS_ENVIRONMENT} } "
 }
 
-jsonPrettify "Skipping DB migrations, expecting them to have been run prior to app startup" INFO
-
 jsonPrettify "Loading API Keys" INFO
 source ./scripts/load-api-keys.sh
 
 jsonPrettify "Starting node.js server" INFO
 set -e
-exec node build/server.js
+exec node build/server.js

src/api/health-check/__tests__/health-check.test.js

@@ -109,24 +109,22 @@ describe('GET /health', () => {
     });
   });
 
-  describe('s3 and database are not available', () => {
+  describe('s3 is not available', () => {
     beforeEach(() => {
-      getHealthCheck.mockReturnValue(
-        Promise.resolve(expectedHealthCheckBase(false, false, false, false))
-      );
+      getHealthCheck.mockReturnValue(Promise.resolve(expectedHealthCheckBase(false, false)));
     });
 
-    it('should return 503 if both s3 and db are not writable', (done) => {
+    it('should return 503 if s3 is not writable', (done) => {
       request(app).get('/health').expect(503).end(done);
     });
 
-    it('should call logError with the health check result if both s3 and db are not writable', (done) => {
+    it('should call logError with the health check result if s3 is not writable', (done) => {
       request(app)
         .get('/health')
         .expect(() => {
           expect(logError).toHaveBeenCalledWith(
             'Health check failed',
-            expectedHealthCheckBase(false, false, false, false)
+            expectedHealthCheckBase(false, false)
           );
         })
         .end(done);
@@ -182,28 +180,8 @@ const expectedS3Base = (isWritable, isConnected) => {
     : s3Base;
 };
 
-const expectedHealthCheckBase = (
-  s3_writable = true,
-  s3_connected = true,
-  db_writable = true,
-  db_connected = true
-) => ({
+const expectedHealthCheckBase = (s3_writable = true, s3_connected = true) => ({
   details: {
-    filestore: expectedS3Base(s3_writable, s3_connected),
-    database: getExpectedDatabase(db_writable, db_connected)
+    filestore: expectedS3Base(s3_writable, s3_connected)
   }
 });
-
-const getExpectedDatabase = (isWritable, isConnected) => {
-  const baseConf = {
-    connection: isConnected,
-    writable: isWritable
-  };
-
-  return !isWritable
-    ? {
-        ...baseConf,
-        error: mockErrorResponse
-      }
-    : baseConf;
-};

src/services/health-check/get-health-check.js

@@ -12,7 +12,7 @@ export function getHealthCheck() {
     logInfo('Health check status', s3HealthCheckResult);
     return {
       version: '1',
-      description: 'Health of EHR Repo service',
+      description: 'Health of the EHR Repo S3 Bucket',
       nhsEnvironment: config.nhsEnvironment,
       details: {
         filestore: s3HealthCheckResult

src/swagger.json

@@ -10,7 +10,7 @@
     "/health": {
       "get": {
         "tags": [],
-        "summary": "Check filestore and database is available",
+        "summary": "Check filestore is available",
         "consumes": ["application/json"],
         "responses": {
           "200": {
@@ -23,7 +23,7 @@
             }
           },
           "503": {
-            "description": "Filestore or Database is currently unavailable",
+            "description": "Filestore is currently unavailable",
             "schema": {
               "$ref": "#/definitions/HealthStatus"
             }
@@ -450,23 +450,6 @@
                   "type": "object"
                 }
               }
-            },
-            "database": {
-              "type": "object",
-              "properties": {
-                "type": {
-                  "type": "string"
-                },
-                "connection": {
-                  "type": "boolean"
-                },
-                "writable": {
-                  "type": "boolean"
-                },
-                "error": {
-                  "type": "object"
-                }
-              }
             }
           }
         }

tasks

@@ -209,17 +209,13 @@ function tf_plan {
 
 function tf_plan_db_roles {
   operation=$1
-  db_host=$(_get_aws_ssm_secret "/repo/${NHS_ENVIRONMENT}/output/prm-deductions-ehr-repository/db-host")
-  db_username=$(_get_aws_ssm_secret "/repo/${NHS_ENVIRONMENT}/user-input/ehr-repo-db-username")
-  db_password=$(_get_aws_ssm_secret "/repo/${NHS_ENVIRONMENT}/user-input/ehr-repo-db-password")
-  db_name=$(_get_aws_ssm_secret "/repo/${NHS_ENVIRONMENT}/output/prm-deductions-ehr-repository/db-name")
 
   tf_init_db_roles
   terraform get # modules
   if [[ "${operation}" == "create" ]]; then
-    terraform plan -var db_host=$db_host -var db_username=$db_username -var db_password=$db_password -var environment=$NHS_ENVIRONMENT -var db_name=$db_name -out="db-roles.tfplan"
+    terraform plan -var environment=$NHS_ENVIRONMENT -out="db-roles.tfplan"
   elif [[ "${operation}" == "destroy" ]]; then
-    terraform plan -var db_host=$db_host -var db_username=$db_username -var db_password=$db_password -var environment=$NHS_ENVIRONMENT -var db_name=$db_name -out="db-roles.tfplan" -destroy
+    terraform plan -var environment=$NHS_ENVIRONMENT -out="db-roles.tfplan" -destroy
   else
     echo "Unknown operation (should be create or destroy), got: ${operation}"
     exit 1
@@ -462,15 +458,6 @@ case "${command}" in
       nslookup "ehr-repo.${DOMAIN_INFIX}.patient-deductions.nhs.uk"
       curl -i --fail "https://ehr-repo.${DOMAIN_INFIX}.patient-deductions.nhs.uk/health"
       ;;
-  _create_secrets)
-      _assume_environment_role $NHS_ENVIRONMENT
-      generate_username_ssm_param "/repo/${NHS_ENVIRONMENT}/user-input/ehr-repo-db-username"
-      generate_secret_ssm_param "/repo/${NHS_ENVIRONMENT}/user-input/ehr-repo-db-password"
-      ;;
-  create_secrets)
-      check_env
-      dojo -c Dojofile-infra "./tasks _create_secrets"
-      ;;
   _tf)
       tf_init
       bash

terraform-db-roles/data.tf

@@ -1,5 +1 @@
 data "aws_caller_identity" "current" {}
-
-data "aws_ssm_parameter" "db_cluster_resource_id" {
-  name = "/repo/${var.environment}/output/${var.repo_name}/db-resource-cluster-id"
-}

terraform-db-roles/main.tf

@@ -3,25 +3,11 @@ provider "aws" {
   region  = var.region
 }
 
-provider "postgresql" {
-  host            = var.db_host
-  port            = var.db_port
-  database        = var.db_name
-  username        = var.db_username
-  password        = var.db_password
-  connect_timeout = 15
-  superuser       = false
-}
-
 terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
       version = "3.44.0"
     }
-    postgresql = {
-      source  = "cyrilgdn/postgresql"
-      version = "1.13.0"
-    }
   }
 }