From 705a8ab227eb77c0209821ca43944c4a6a16a166 Mon Sep 17 00:00:00 2001 From: Bogdan Crisan Date: Wed, 5 Jun 2024 22:51:39 +0200 Subject: [PATCH] fix terraform (#25) --- terraform/init.sh | 5 ++- terraform/main.tf | 14 +++++-- terraform/modules/db/main.tf | 38 +------------------ terraform/modules/db/outputs.tf | 4 +- terraform/modules/migrations/main.tf | 36 ++++++++++++++++++ terraform/modules/migrations/outputs.tf | 3 ++ .../{db => migrations}/run-migrations.sh | 0 terraform/modules/migrations/variables.tf | 7 ++++ terraform/modules/postgrest/variables.tf | 2 + terraform/modules/processor/main.tf | 2 +- terraform/modules/processor/variables.tf | 2 +- 11 files changed, 67 insertions(+), 46 deletions(-) create mode 100644 terraform/modules/migrations/main.tf create mode 100644 terraform/modules/migrations/outputs.tf rename terraform/modules/{db => migrations}/run-migrations.sh (100%) create mode 100644 terraform/modules/migrations/variables.tf diff --git a/terraform/init.sh b/terraform/init.sh index 3a2de98..1fc2059 100755 --- a/terraform/init.sh +++ b/terraform/init.sh @@ -2,8 +2,8 @@ set -e -which jq > /dev/null 2>&1 || echo "ERROR: cannot find jq in PATH." && exit 1 -which cloud-sql-proxy > /dev/null 2>&1 || echo "ERROR: cannot find cloud-sql-proxy in PATH." && exit 1 +which jq > /dev/null 2>&1 || (echo "ERROR: cannot find jq in PATH." && exit 1) +which cloud-sql-proxy > /dev/null 2>&1 || (echo "ERROR: cannot find cloud-sql-proxy in PATH." && exit 1) if [[ -z "$PROJECT_ID" ]]; then echo "Must provide PROJECT_ID in environment" 1>&2 @@ -22,6 +22,7 @@ gcloud services enable \ iam.googleapis.com \ run.googleapis.com \ servicenetworking.googleapis.com \ + serviceusage.googleapis.com \ sqladmin.googleapis.com \ vpcaccess.googleapis.com diff --git a/terraform/main.tf b/terraform/main.tf index 827c413..c9a6a75 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -29,10 +29,18 @@ module "db" { source = "./modules/db" } +module "migrations" { + db_conn_str_auth_proxy = module.db.db_conn_str_auth_proxy + db_connection_name = module.db.db_connection_name + main_database = module.db.main_database + credentials_file = var.credentials_file + source = "./modules/migrations" +} + module "processor" { db_conn_str_private = module.db.db_conn_str_private contract_address = var.contract_address - migrations_complete = module.db.migrations_complete + main_database = module.db.main_database grpc_auth_token = var.grpc_auth_token grpc_data_service_url = var.grpc_data_service_url source = "./modules/processor" @@ -47,7 +55,7 @@ module "no_auth_policy" { module "postgrest" { db_conn_str_private = module.db.db_conn_str_private - migrations_complete = module.db.migrations_complete + migrations_complete = module.migrations.migrations_complete no_auth_policy_data = module.no_auth_policy.policy_data postgrest_max_rows = var.postgrest_max_rows region = var.region @@ -68,7 +76,7 @@ module "grafana" { db_private_ip_and_port = module.db.db_private_ip_and_port grafana_admin_password = var.grafana_admin_password grafana_public_password = var.grafana_public_password - migrations_complete = module.db.migrations_complete + migrations_complete = module.migrations.migrations_complete no_auth_policy_data = module.no_auth_policy.policy_data region = var.region source = "./modules/grafana" diff --git a/terraform/modules/db/main.tf b/terraform/modules/db/main.tf index 7a1ecde..cc62421 100644 --- a/terraform/modules/db/main.tf +++ b/terraform/modules/db/main.tf @@ -108,42 +108,6 @@ resource "google_service_networking_connection" "sql_network_connection" { service = "servicenetworking.googleapis.com" } -# Run migrations for the first time. -resource "terraform_data" "run_migrations" { - depends_on = [google_sql_database.database] - provisioner "local-exec" { - # Relative to DSS terraform project root. - command = file("modules/db/run-migrations.sh") - environment = { - DATABASE_URL = local.db_conn_str_auth_proxy, - DB_CONNECTION_NAME = local.db_connection_name, - CREDENTIALS_FILE = var.credentials_file - } - } -} - -# Re-run migrations after database initialization. -# -# Tracked as a separate resource so that followup migrations can be run -# by simply destroying and re-applying this resource. The destroy/re-apply -# approach doesn't work for the initial migrations resource since other -# resources depend on initial migrations and they would have to be deleted -# too if initial migrations were, hence this duplicate. -# -# Upon database creation, migrations will be run twice, but this is not a -# problem because diesel only runs new migrations upon subsequent calls to the -# same database. -resource "terraform_data" "re_run_migrations" { - depends_on = [terraform_data.run_migrations] - provisioner "local-exec" { - command = file("modules/db/run-migrations.sh") - environment = { - DATABASE_URL = local.db_conn_str_auth_proxy, - DB_CONNECTION_NAME = local.db_connection_name, - CREDENTIALS_FILE = var.credentials_file - } - } -} resource "google_compute_subnetwork" "sql_connector_subnetwork" { name = "sql-connector-subnetwork" @@ -159,7 +123,7 @@ resource "google_project_service" "vpc" { } resource "google_vpc_access_connector" "sql_vpc_connector" { - depends_on = [terraform_data.run_migrations, google_project_service.vpc] + depends_on = [google_project_service.vpc] name = "sql-vpc-connector" subnet { name = google_compute_subnetwork.sql_connector_subnetwork.name diff --git a/terraform/modules/db/outputs.tf b/terraform/modules/db/outputs.tf index 72b3579..e9dbb4a 100644 --- a/terraform/modules/db/outputs.tf +++ b/terraform/modules/db/outputs.tf @@ -18,8 +18,8 @@ output "db_private_ip_and_port" { value = local.db_private_ip_and_port } -output "migrations_complete" { - value = terraform_data.run_migrations +output "main_database" { + value = google_sql_database.database } output "sql_vpc_connector_id" { diff --git a/terraform/modules/migrations/main.tf b/terraform/modules/migrations/main.tf new file mode 100644 index 0000000..442473d --- /dev/null +++ b/terraform/modules/migrations/main.tf @@ -0,0 +1,36 @@ +# Run migrations for the first time. +resource "terraform_data" "run_migrations" { + depends_on = [var.main_database] + provisioner "local-exec" { + # Relative to DSS terraform project root. + command = file("modules/migrations/run-migrations.sh") + environment = { + DATABASE_URL = var.db_conn_str_auth_proxy, + DB_CONNECTION_NAME = var.db_connection_name, + CREDENTIALS_FILE = var.credentials_file + } + } +} + +# Re-run migrations after database initialization. +# +# Tracked as a separate resource so that followup migrations can be run +# by simply destroying and re-applying this resource. The destroy/re-apply +# approach doesn't work for the initial migrations resource since other +# resources depend on initial migrations and they would have to be deleted +# too if initial migrations were, hence this duplicate. +# +# Upon database creation, migrations will be run twice, but this is not a +# problem because diesel only runs new migrations upon subsequent calls to the +# same database. +resource "terraform_data" "re_run_migrations" { + depends_on = [terraform_data.run_migrations] + provisioner "local-exec" { + command = file("modules/migrations/run-migrations.sh") + environment = { + DATABASE_URL = var.db_conn_str_auth_proxy, + DB_CONNECTION_NAME = var.db_connection_name, + CREDENTIALS_FILE = var.credentials_file + } + } +} diff --git a/terraform/modules/migrations/outputs.tf b/terraform/modules/migrations/outputs.tf new file mode 100644 index 0000000..1d24af2 --- /dev/null +++ b/terraform/modules/migrations/outputs.tf @@ -0,0 +1,3 @@ +output "migrations_complete" { + value = terraform_data.run_migrations +} diff --git a/terraform/modules/db/run-migrations.sh b/terraform/modules/migrations/run-migrations.sh similarity index 100% rename from terraform/modules/db/run-migrations.sh rename to terraform/modules/migrations/run-migrations.sh diff --git a/terraform/modules/migrations/variables.tf b/terraform/modules/migrations/variables.tf new file mode 100644 index 0000000..164dc09 --- /dev/null +++ b/terraform/modules/migrations/variables.tf @@ -0,0 +1,7 @@ +variable "db_conn_str_auth_proxy" {} + +variable "db_connection_name" {} + +variable "main_database" {} + +variable "credentials_file" {} diff --git a/terraform/modules/postgrest/variables.tf b/terraform/modules/postgrest/variables.tf index ba203f0..2fe8d6d 100644 --- a/terraform/modules/postgrest/variables.tf +++ b/terraform/modules/postgrest/variables.tf @@ -6,6 +6,8 @@ variable "no_auth_policy_data" {} variable "postgrest_max_rows" {} +variable "project_id" {} + variable "region" {} variable "sql_vpc_connector_id" {} diff --git a/terraform/modules/processor/main.tf b/terraform/modules/processor/main.tf index 89d7560..04a6dd0 100644 --- a/terraform/modules/processor/main.tf +++ b/terraform/modules/processor/main.tf @@ -1,6 +1,6 @@ # https://github.com/hashicorp/terraform-provider-google/issues/5832 resource "terraform_data" "instance" { - depends_on = [var.migrations_complete] + depends_on = [var.main_database] # Store zone since variables not accessible at destroy time. input = var.zone provisioner "local-exec" { diff --git a/terraform/modules/processor/variables.tf b/terraform/modules/processor/variables.tf index 84d3913..13d73e1 100644 --- a/terraform/modules/processor/variables.tf +++ b/terraform/modules/processor/variables.tf @@ -6,7 +6,7 @@ variable "grpc_auth_token" {} variable "grpc_data_service_url" {} -variable "migrations_complete" {} +variable "main_database" {} variable "starting_version" {}