From f4e2f26e9b2d2cb09968bef2c14bf505143fcc13 Mon Sep 17 00:00:00 2001
From: Colin Saliceti <c.saliceti@gmail.com>
Date: Thu, 25 Feb 2016 15:42:45 +0000
Subject: [PATCH] Init database pipeline tasks

The previous postgres job was doing some work to initialise
the databases: create roles, create databases, enable extensions.

Most of this work should have been done with the postgres terraform
provider, but it has bugs and can't destroy the resources properly:
https://github.com/hashicorp/terraform/issues/5340

When this is fixed, we can move the create role and db tasks to
terraform, but we still need to enable extensions.
---
 concourse/pipelines/deploy-cloudfoundry.yml   | 35 +++++++++++++++++++
 .../cf-manifest/scripts/create-cf-dbs.sh      | 33 +++++++++++++++++
 2 files changed, 68 insertions(+)
 create mode 100755 manifests/cf-manifest/scripts/create-cf-dbs.sh

diff --git a/concourse/pipelines/deploy-cloudfoundry.yml b/concourse/pipelines/deploy-cloudfoundry.yml
index 430728f105..3a60ca14ad 100644
--- a/concourse/pipelines/deploy-cloudfoundry.yml
+++ b/concourse/pipelines/deploy-cloudfoundry.yml
@@ -205,6 +205,41 @@ jobs:
           params:
             file: terraform/cf.tfstate
 
+      - task: extract-cf-terraform-outputs
+        config:
+          platform: linux
+          image: docker:///ruby#2.2.3-slim
+          inputs:
+            - name: paas-cf
+            - name: cf-tfstate
+          run:
+            path: sh
+            args:
+            - -e
+            - -c
+            - |
+              SCPATH="./paas-cf/concourse/scripts"
+              SCFILE="extract_tf_vars_from_terraform_state.rb"
+              $SCPATH/$SCFILE < cf-tfstate/cf.tfstate > cf.tfstate.sh
+              ls -l cf.tfstate.sh
+
+      - task: init-db
+        config:
+          image: docker:///governmentpaas/psql
+          inputs:
+            - name: terraform-variables
+            - name: paas-cf
+            - name: extract-cf-terraform-outputs
+          run:
+            path: sh
+            args:
+            - -e
+            - -c
+            - |
+              . terraform-variables/cf-secrets.tfvars.sh
+              . extract-cf-terraform-outputs/cf.tfstate.sh
+
+              paas-cf/manifests/cf-manifest/scripts/create-cf-dbs.sh
   - name: generate-cf-certs
     serial_groups: [ deploy ]
     serial: true
diff --git a/manifests/cf-manifest/scripts/create-cf-dbs.sh b/manifests/cf-manifest/scripts/create-cf-dbs.sh
new file mode 100755
index 0000000000..bc79495bf3
--- /dev/null
+++ b/manifests/cf-manifest/scripts/create-cf-dbs.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+set -e
+
+# Check environment variables
+export PGPASSWORD=${TF_VAR_secrets_cf_db_master_password:?}
+api_pass=${TF_VAR_secrets_cf_db_api_password:?}
+uaa_pass=${TF_VAR_secrets_cf_db_uaa_password:?}
+db_address=${TF_VAR_cf_db_address:?}
+
+# See: https://github.com/koalaman/shellcheck/wiki/SC2086#exceptions
+psql_adm() { psql -h "${db_address}" -U dbadmin "$@"; }
+
+# Create roles
+psql_adm -d postgres -c "SELECT rolname FROM pg_roles WHERE rolname = 'api'" \
+  | grep -q 'api' || psql_adm -d postgres \
+  -c "CREATE USER api WITH PASSWORD '${api_pass}' ROLE dbadmin"
+
+psql_adm -d postgres -c "SELECT rolname FROM pg_roles WHERE rolname = 'uaa'" \
+  | grep -q 'uaa' || psql_adm -d postgres \
+  -c "CREATE USER uaa WITH PASSWORD '${uaa_pass}' ROLE dbadmin"
+
+for db in api uaa; do
+
+  # Create database
+  psql_adm -d postgres -l | grep -q " ${db} " || \
+    psql_adm -d postgres -c "CREATE DATABASE ${db} OWNER ${db}"
+
+  # Enable extensions
+  for ext in citext pgcrypto pg_stat_statements; do
+    psql_adm -d "${db}" -c "CREATE EXTENSION IF NOT EXISTS ${ext}"
+  done
+
+done