From a3c0d6f97a909b2b65be6da8e5e2872a133d5ecc Mon Sep 17 00:00:00 2001
From: Colin Saliceti <c.saliceti@gmail.com>
Date: Thu, 25 Feb 2016 15:42:45 +0000
Subject: [PATCH] Init database pipeline tasks

The previous postgres job was doing some work to initialise
the databases: create roles, create databases, enable extensions.

Most of this work should have been done with the postgres terraform
provider, but it has bugs and can't destroy the resources properly:
https://github.com/hashicorp/terraform/issues/5340

When this is fixed, we can move the create role and db tasks to
terraform, but we still need to enable extensions.
---
 concourse/pipelines/deploy-cloudfoundry.yml | 54 +++++++++++++++++++++
 1 file changed, 54 insertions(+)

diff --git a/concourse/pipelines/deploy-cloudfoundry.yml b/concourse/pipelines/deploy-cloudfoundry.yml
index 430728f105..040345fa72 100644
--- a/concourse/pipelines/deploy-cloudfoundry.yml
+++ b/concourse/pipelines/deploy-cloudfoundry.yml
@@ -205,6 +205,60 @@ jobs:
           params:
             file: terraform/cf.tfstate
 
+      - task: extract-cf-terraform-outputs
+        config:
+          platform: linux
+          image: docker:///ruby#2.2.3-slim
+          inputs:
+            - name: paas-cf
+            - name: cf-tfstate
+          run:
+            path: sh
+            args:
+            - -e
+            - -c
+            - |
+              SCPATH="./paas-cf/concourse/scripts"
+              SCFILE="extract_tf_vars_from_terraform_state.rb"
+              $SCPATH/$SCFILE < cf-tfstate/cf.tfstate > cf.tfstate.sh
+              ls -l cf.tfstate.sh
+
+      - task: init-db
+        config:
+          image: docker:///governmentpaas/psql
+          inputs:
+            - name: terraform-variables
+            - name: paas-cf
+            - name: extract-cf-terraform-outputs
+          run:
+            path: sh
+            args:
+            - -e
+            - -c
+            - |
+              . terraform-variables/cf-secrets.tfvars.sh
+              . extract-cf-terraform-outputs/cf.tfstate.sh
+              export PGPASSWORD=${TF_VAR_secrets_cf_db_master_password}
+              connect_str="-h ${TF_VAR_cf_db_address} -U dbadmin"
+
+              # Create roles
+              psql ${connect_str} -d postgres -c "SELECT rolname FROM pg_roles WHERE rolname = 'api'" \
+                | grep -q 'api' || psql ${connect_str} -d postgres \
+                -c "CREATE USER api WITH PASSWORD '${TF_VAR_secrets_cf_db_api_password}' ROLE dbadmin"
+              psql ${connect_str} -d postgres -c "SELECT rolname FROM pg_roles WHERE rolname = 'uaa'" \
+                | grep -q 'uaa' || psql ${connect_str} -d postgres \
+                -c "CREATE USER uaa WITH PASSWORD '${TF_VAR_secrets_cf_db_uaa_password}' ROLE dbadmin"
+
+              for db in api uaa; do
+                # Create database
+                psql ${connect_str} -d postgres -l | grep -q " ${db} " || \
+                  psql ${connect_str} -d postgres -c "CREATE DATABASE ${db} OWNER ${db}"
+                # Enable extensions
+                for ext in citext pgcrypto pg_stat_statements; do
+                  psql ${connect_str} -d ${db} -c "CREATE EXTENSION IF NOT EXISTS ${ext}"
+                done
+              done
+
   - name: generate-cf-certs
     serial_groups: [ deploy ]
     serial: true