-
Notifications
You must be signed in to change notification settings - Fork 27
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
The previous postgres job was doing some work to initialise the databases: create roles, create databases, enable extensions. Most of this work should have been done with the postgres terraform provider, but it has bugs and can't destroy the resources properly: hashicorp/terraform#5340 When this is fixed, we can move the create role and db tasks to terraform, but we still need to enable extensions.
- Loading branch information
Showing
2 changed files
with
68 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
#!/bin/sh | ||
set -e | ||
|
||
# Check environment variables | ||
export PGPASSWORD=${TF_VAR_secrets_cf_db_master_password:?} | ||
api_pass=${TF_VAR_secrets_cf_db_api_password:?} | ||
uaa_pass=${TF_VAR_secrets_cf_db_uaa_password:?} | ||
db_address=${TF_VAR_cf_db_address:?} | ||
|
||
# shellcheck tip: https://github.com/koalaman/shellcheck/wiki/SC2086#exceptions | ||
psql_adm() { psql -h "${db_address}" -U dbadmin "$@"; } | ||
|
||
# Create roles | ||
psql_adm -d postgres -c "SELECT rolname FROM pg_roles WHERE rolname = 'api'" \ | ||
| grep -q 'api' || psql_adm -d postgres \ | ||
-c "CREATE USER api WITH PASSWORD '${api_pass}' ROLE dbadmin" | ||
|
||
psql_adm -d postgres -c "SELECT rolname FROM pg_roles WHERE rolname = 'uaa'" \ | ||
| grep -q 'uaa' || psql_adm -d postgres \ | ||
-c "CREATE USER uaa WITH PASSWORD '${uaa_pass}' ROLE dbadmin" | ||
|
||
for db in api uaa; do | ||
|
||
# Create database | ||
psql_adm -d postgres -l | grep -q " ${db} " || \ | ||
psql_adm -d postgres -c "CREATE DATABASE ${db} OWNER ${db}" | ||
|
||
# Enable extensions | ||
for ext in citext pgcrypto pg_stat_statements; do | ||
psql_adm -d "${db}" -c "CREATE EXTENSION IF NOT EXISTS ${ext}" | ||
done | ||
|
||
done |