setup tefca jdbc database connection strings and update db url name

alismx · alismx · commit d2dc967339fd · 2024-09-21T17:05:02.000-07:00
diff --git a/terraform/aws/implementation/main.tf b/terraform/aws/implementation/main.tf
@@ -43,6 +43,9 @@ module "eks" {
   ecr_viewer_s3_role_arn     = module.s3.ecr_viewer_s3_role_arn
   tefca_viewer_db_role_arn   = module.rds.tefca_viewer_db_role_arn
   tefca_db_connection_string = module.rds.tefca_db_connection_string
+  tefca_jdbc_db_url          = module.rds.tefca_jdbc_db_url
+  tefca_jdbc_db_password     = module.rds.tefca_jdbc_db_password
+  tefca_jdbc_db_user         = module.rds.tefca_jdbc_db_user
   domain_name                = local.domain_name
   ecr_bucket_name            = module.s3.ecr_bucket_name
   enable_cognito             = var.enable_cognito
diff --git a/terraform/aws/implementation/modules/eks/README.md b/terraform/aws/implementation/modules/eks/README.md
@@ -79,6 +79,9 @@
 | <a name="input_smarty_auth_id"></a> [smarty\_auth\_id](#input\_smarty\_auth\_id) | value of the SmartyStreets Auth ID | `any` | n/a | yes |
 | <a name="input_smarty_auth_token"></a> [smarty\_auth\_token](#input\_smarty\_auth\_token) | value of the SmartyStreets Auth Token | `any` | n/a | yes |
 | <a name="input_tefca_db_connection_string"></a> [tefca\_db\_connection\_string](#input\_tefca\_db\_connection\_string) | Connection string to the tefca database | `any` | n/a | yes |
+| <a name="input_tefca_jdbc_db_password"></a> [tefca\_jdbc\_db\_password](#input\_tefca\_jdbc\_db\_password) | JDBC password for flyway to the tefca database | `any` | n/a | yes |
+| <a name="input_tefca_jdbc_db_url"></a> [tefca\_jdbc\_db\_url](#input\_tefca\_jdbc\_db\_url) | JDBC connection string for flyway to the tefca database | `any` | n/a | yes |
+| <a name="input_tefca_jdbc_db_user"></a> [tefca\_jdbc\_db\_user](#input\_tefca\_jdbc\_db\_user) | JDBC username for flyway to the tefca database | `any` | n/a | yes |
 | <a name="input_tefca_viewer_db_role_arn"></a> [tefca\_viewer\_db\_role\_arn](#input\_tefca\_viewer\_db\_role\_arn) | The db Role ARN for the Tefca Viewer Service | `any` | n/a | yes |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | ID of the VPC | `string` | n/a | yes |
 
diff --git a/terraform/aws/implementation/modules/eks/main.tf b/terraform/aws/implementation/modules/eks/main.tf
@@ -298,16 +298,31 @@ data "external" "latest_phdi_release" {
 resource "helm_release" "building_blocks" {
   depends_on      = [terraform_data.wait_for_load_balancer_controller]
   for_each        = var.services_to_chart
-  repository      = "https://github.com/CDCgov/phdi-charts/tree/alis/upgrades/2565/85"
+  repository      = "https://cdcgov.github.io/phdi-charts/"
   name            = "phdi-playground-${terraform.workspace}-${each.key}"
   chart           = each.value
   version         = data.external.chart_versions.result[each.value]
   force_update    = true
   recreate_pods   = true
   cleanup_on_fail = true
 
-  set {
-    name  = "databaseUrl"
+  set_sensitive {
+    name  = "jdbcDatabaseUrl"
+    value = var.tefca_jdbc_db_url
+  }
+
+  set_sensitive {
+    name  = "jdbcDatabasePassword"
+    value = var.tefca_jdbc_db_password
+  }
+
+  set_sensitive {
+    name  = "jdbcDatabaseUser"
+    value = var.tefca_jdbc_db_user
+  }
+
+  set_sensitive {
+    name  = "databaseConnectionString"
     value = var.tefca_db_connection_string
   }
 
@@ -316,12 +331,12 @@ resource "helm_release" "building_blocks" {
     value = data.external.latest_phdi_release.result.tagName
   }
 
-  set {
+  set_sensitive {
     name  = "smartyAuthId"
     value = var.smarty_auth_id
   }
 
-  set {
+  set_sensitive {
     name  = "smartyToken"
     value = var.smarty_auth_token
   }
@@ -337,6 +352,8 @@ resource "helm_release" "building_blocks" {
   }
 
   #  Values needed for orchestration service
+  # "phdi-playground-${terraform.workspace}-${each.key}-${each.key}-service"
+  # phdi-playground-dev-ecr-viewer-ecr-viewer-service
   set {
     name  = "fhirConverterUrl"
     value = "https://${var.domain_name}/fhir-converter"
diff --git a/terraform/aws/implementation/modules/eks/variables.tf b/terraform/aws/implementation/modules/eks/variables.tf
@@ -89,4 +89,16 @@ variable "cognito_domain" {
 
 variable "tefca_db_connection_string" {
   description = "Connection string to the tefca database"
+}
+
+variable "tefca_jdbc_db_url" {
+  description = "JDBC connection string for flyway to the tefca database"
+}
+
+variable "tefca_jdbc_db_password" {
+  description = "JDBC password for flyway to the tefca database"
+}
+
+variable "tefca_jdbc_db_user" {
+  description = "JDBC username for flyway to the tefca database"
 }
diff --git a/terraform/aws/implementation/modules/rds/README.md b/terraform/aws/implementation/modules/rds/README.md
@@ -48,5 +48,8 @@ No modules.
 | Name | Description |
 |------|-------------|
 | <a name="output_tefca_db_connection_string"></a> [tefca\_db\_connection\_string](#output\_tefca\_db\_connection\_string) | n/a |
+| <a name="output_tefca_jdbc_db_password"></a> [tefca\_jdbc\_db\_password](#output\_tefca\_jdbc\_db\_password) | n/a |
+| <a name="output_tefca_jdbc_db_url"></a> [tefca\_jdbc\_db\_url](#output\_tefca\_jdbc\_db\_url) | n/a |
+| <a name="output_tefca_jdbc_db_user"></a> [tefca\_jdbc\_db\_user](#output\_tefca\_jdbc\_db\_user) | n/a |
 | <a name="output_tefca_viewer_db_role_arn"></a> [tefca\_viewer\_db\_role\_arn](#output\_tefca\_viewer\_db\_role\_arn) | n/a |
 <!-- END_TF_DOCS -->
diff --git a/terraform/aws/implementation/modules/rds/main.tf b/terraform/aws/implementation/modules/rds/main.tf
@@ -40,7 +40,7 @@ resource "aws_security_group" "ds_sg" {
     from_port   = 5432
     to_port     = 5432
     protocol    = "tcp"
-    cidr_blocks = ["10.0.0.0/16"]
+    cidr_blocks = ["176.24.0.0/16"]
   }
 
   # Allow all outbound traffic
@@ -69,5 +69,5 @@ resource "random_string" "setup_rds_password" {
   length = 13 #update as needed
 
   # Character set that excludes problematic characters like quotes, backslashes, etc.
-  override_special = "_!@#-$%^&*()[]{}"
+  override_special = "()[]{}"
 }
diff --git a/terraform/aws/implementation/modules/rds/output.tf b/terraform/aws/implementation/modules/rds/output.tf
@@ -3,6 +3,21 @@ output "tefca_viewer_db_role_arn" {
 }
 
 output "tefca_db_connection_string" {
-  value     = "postgresql://${aws_db_instance.tefca-viewer-db.username}:${aws_db_instance.tefca-viewer-db.password}@${aws_db_instance.tefca-viewer-db.endpoint}:5432/${aws_db_instance.tefca-viewer-db.db_name}"
+  value     = "postgresql://${aws_db_instance.tefca-viewer-db.username}:${aws_db_instance.tefca-viewer-db.password}@${aws_db_instance.tefca-viewer-db.endpoint}/${aws_db_instance.tefca-viewer-db.db_name}"
   sensitive = true
 }
+
+output "tefca_jdbc_db_url" {
+  value     = "jdbc:postgresql://${aws_db_instance.tefca-viewer-db.endpoint}/${aws_db_instance.tefca-viewer-db.db_name}"
+  sensitive = true
+}
+
+output "tefca_jdbc_db_user" {
+  value = aws_db_instance.tefca-viewer-db.username
+  sensitive = true
+}
+
+output "tefca_jdbc_db_password" {
+  value = aws_db_instance.tefca-viewer-db.password
+  sensitive = true
+}

Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,7 @@ resource "aws_security_group" "ds_sg" {`
`40`	`40`	`from_port = 5432`
`41`	`41`	`to_port = 5432`
`42`	`42`	`protocol = "tcp"`
`43`		`- cidr_blocks = ["10.0.0.0/16"]`
	`43`	`+ cidr_blocks = ["176.24.0.0/16"]`
`44`	`44`	`}`
`45`	`45`
`46`	`46`	`# Allow all outbound traffic`
`@@ -69,5 +69,5 @@ resource "random_string" "setup_rds_password" {`
`69`	`69`	`length = 13 #update as needed`
`70`	`70`
`71`	`71`	`# Character set that excludes problematic characters like quotes, backslashes, etc.`
`72`		`- override_special = "_!@#-$%^&*()[]{}"`
	`72`	`+ override_special = "()[]{}"`
`73`	`73`	`}`