fix terraform (#25)

terraform/init.sh

@@ -2,8 +2,8 @@
 
 set -e
 
-which jq > /dev/null 2>&1 || echo "ERROR: cannot find jq in PATH." && exit 1
-which cloud-sql-proxy > /dev/null 2>&1 || echo "ERROR: cannot find cloud-sql-proxy in PATH." && exit 1
+which jq > /dev/null 2>&1 || (echo "ERROR: cannot find jq in PATH." && exit 1)
+which cloud-sql-proxy > /dev/null 2>&1 || (echo "ERROR: cannot find cloud-sql-proxy in PATH." && exit 1)
 
 if [[ -z "$PROJECT_ID" ]]; then
     echo "Must provide PROJECT_ID in environment" 1>&2
@@ -22,6 +22,7 @@ gcloud services enable \
     iam.googleapis.com \
     run.googleapis.com \
     servicenetworking.googleapis.com \
+    serviceusage.googleapis.com \
     sqladmin.googleapis.com \
     vpcaccess.googleapis.com
 

terraform/main.tf

@@ -29,10 +29,18 @@ module "db" {
   source           = "./modules/db"
 }
 
+module "migrations" {
+  db_conn_str_auth_proxy = module.db.db_conn_str_auth_proxy
+  db_connection_name     = module.db.db_connection_name
+  main_database          = module.db.main_database
+  credentials_file       = var.credentials_file
+  source                 = "./modules/migrations"
+}
+
 module "processor" {
   db_conn_str_private   = module.db.db_conn_str_private
   contract_address      = var.contract_address
-  migrations_complete   = module.db.migrations_complete
+  main_database         = module.db.main_database
   grpc_auth_token       = var.grpc_auth_token
   grpc_data_service_url = var.grpc_data_service_url
   source                = "./modules/processor"
@@ -47,7 +55,7 @@ module "no_auth_policy" {
 
 module "postgrest" {
   db_conn_str_private  = module.db.db_conn_str_private
-  migrations_complete  = module.db.migrations_complete
+  migrations_complete  = module.migrations.migrations_complete
   no_auth_policy_data  = module.no_auth_policy.policy_data
   postgrest_max_rows   = var.postgrest_max_rows
   region               = var.region
@@ -68,7 +76,7 @@ module "grafana" {
   db_private_ip_and_port      = module.db.db_private_ip_and_port
   grafana_admin_password      = var.grafana_admin_password
   grafana_public_password     = var.grafana_public_password
-  migrations_complete         = module.db.migrations_complete
+  migrations_complete         = module.migrations.migrations_complete
   no_auth_policy_data         = module.no_auth_policy.policy_data
   region                      = var.region
   source                      = "./modules/grafana"

terraform/modules/db/main.tf

@@ -108,42 +108,6 @@ resource "google_service_networking_connection" "sql_network_connection" {
   service                 = "servicenetworking.googleapis.com"
 }
 
-# Run migrations for the first time.
-resource "terraform_data" "run_migrations" {
-  depends_on = [google_sql_database.database]
-  provisioner "local-exec" {
-    # Relative to DSS terraform project root.
-    command = file("modules/db/run-migrations.sh")
-    environment = {
-      DATABASE_URL       = local.db_conn_str_auth_proxy,
-      DB_CONNECTION_NAME = local.db_connection_name,
-      CREDENTIALS_FILE   = var.credentials_file
-    }
-  }
-}
-
-# Re-run migrations after database initialization.
-#
-# Tracked as a separate resource so that followup migrations can be run
-# by simply destroying and re-applying this resource. The destroy/re-apply
-# approach doesn't work for the initial migrations resource since other
-# resources depend on initial migrations and they would have to be deleted
-# too if initial migrations were, hence this duplicate.
-#
-# Upon database creation, migrations will be run twice, but this is not a
-# problem because diesel only runs new migrations upon subsequent calls to the
-# same database.
-resource "terraform_data" "re_run_migrations" {
-  depends_on = [terraform_data.run_migrations]
-  provisioner "local-exec" {
-    command = file("modules/db/run-migrations.sh")
-    environment = {
-      DATABASE_URL       = local.db_conn_str_auth_proxy,
-      DB_CONNECTION_NAME = local.db_connection_name,
-      CREDENTIALS_FILE   = var.credentials_file
-    }
-  }
-}
 
 resource "google_compute_subnetwork" "sql_connector_subnetwork" {
   name          = "sql-connector-subnetwork"
@@ -159,7 +123,7 @@ resource "google_project_service" "vpc" {
 }
 
 resource "google_vpc_access_connector" "sql_vpc_connector" {
-  depends_on = [terraform_data.run_migrations, google_project_service.vpc]
+  depends_on = [google_project_service.vpc]
   name       = "sql-vpc-connector"
   subnet {
     name = google_compute_subnetwork.sql_connector_subnetwork.name

terraform/modules/db/outputs.tf

@@ -18,8 +18,8 @@ output "db_private_ip_and_port" {
   value = local.db_private_ip_and_port
 }
 
-output "migrations_complete" {
-  value = terraform_data.run_migrations
+output "main_database" {
+  value = google_sql_database.database
 }
 
 output "sql_vpc_connector_id" {

terraform/modules/migrations/main.tf

@@ -0,0 +1,36 @@
+# Run migrations for the first time.
+resource "terraform_data" "run_migrations" {
+  depends_on = [var.main_database]
+  provisioner "local-exec" {
+    # Relative to DSS terraform project root.
+    command = file("modules/migrations/run-migrations.sh")
+    environment = {
+      DATABASE_URL       = var.db_conn_str_auth_proxy,
+      DB_CONNECTION_NAME = var.db_connection_name,
+      CREDENTIALS_FILE   = var.credentials_file
+    }
+  }
+}
+
+# Re-run migrations after database initialization.
+#
+# Tracked as a separate resource so that followup migrations can be run
+# by simply destroying and re-applying this resource. The destroy/re-apply
+# approach doesn't work for the initial migrations resource since other
+# resources depend on initial migrations and they would have to be deleted
+# too if initial migrations were, hence this duplicate.
+#
+# Upon database creation, migrations will be run twice, but this is not a
+# problem because diesel only runs new migrations upon subsequent calls to the
+# same database.
+resource "terraform_data" "re_run_migrations" {
+  depends_on = [terraform_data.run_migrations]
+  provisioner "local-exec" {
+    command = file("modules/migrations/run-migrations.sh")
+    environment = {
+      DATABASE_URL       = var.db_conn_str_auth_proxy,
+      DB_CONNECTION_NAME = var.db_connection_name,
+      CREDENTIALS_FILE   = var.credentials_file
+    }
+  }
+}

terraform/modules/migrations/outputs.tf

@@ -0,0 +1,3 @@
+output "migrations_complete" {
+  value = terraform_data.run_migrations
+}

terraform/modules/migrations/variables.tf

@@ -0,0 +1,7 @@
+variable "db_conn_str_auth_proxy" {}
+
+variable "db_connection_name" {}
+
+variable "main_database" {}
+
+variable "credentials_file" {}

terraform/modules/postgrest/variables.tf

@@ -6,6 +6,8 @@ variable "no_auth_policy_data" {}
 
 variable "postgrest_max_rows" {}
 
+variable "project_id" {}
+
 variable "region" {}
 
 variable "sql_vpc_connector_id" {}

terraform/modules/processor/main.tf

@@ -1,6 +1,6 @@
 # https://github.com/hashicorp/terraform-provider-google/issues/5832
 resource "terraform_data" "instance" {
-  depends_on = [var.migrations_complete]
+  depends_on = [var.main_database]
   # Store zone since variables not accessible at destroy time.
   input = var.zone
   provisioner "local-exec" {

terraform/modules/processor/variables.tf

@@ -6,7 +6,7 @@ variable "grpc_auth_token" {}
 
 variable "grpc_data_service_url" {}
 
-variable "migrations_complete" {}
+variable "main_database" {}
 
 variable "starting_version" {}