Initial db creation and secret mappings

[danlysiak]

Before creating a pull request make sure that:

• commit messages are meaningful and follow good commit message guidelines
• README and other documentation has been updated / added (if needed)
• tests have been updated / new tests has been added (if needed)

Please remove this line and everything above and fill the following sections:

JIRA link (if applicable)

Change description

Does this PR introduce a breaking change? (check one with "x")

[ ] Yes
[ ] No

[hmcts-jenkins-cnp]

Plan Result

Plan: 13 to add, 0 to change, 0 to destroy.

• Create
  • azurerm_key_vault_secret.POSTGRES-PASS
  • azurerm_key_vault_secret.POSTGRES-USER
  • azurerm_key_vault_secret.POSTGRES_DATABASE
  • azurerm_key_vault_secret.POSTGRES_HOST
  • azurerm_key_vault_secret.POSTGRES_PORT
  • module.opal_db.azurerm_postgresql_flexible_server.pgsql_server
  • module.opal_db.azurerm_postgresql_flexible_server_active_directory_administrator.pgsql_adadmin
  • module.opal_db.azurerm_postgresql_flexible_server_active_directory_administrator.pgsql_principal_admin[0]
  • module.opal_db.azurerm_postgresql_flexible_server_configuration.pgsql_server_config["backslash_quote"]
  • module.opal_db.azurerm_postgresql_flexible_server_database.pg_databases["opal"]
  • module.opal_db.azurerm_resource_group.rg[0]
  • module.opal_db.null_resource.set-user-permissions-additionaldbs["opal"]
  • module.opal_db.random_password.password

Change Result (Click me)

  # azurerm_key_vault_secret.POSTGRES-PASS will be created
  + resource "azurerm_key_vault_secret" "POSTGRES-PASS" {
      + id                      = (known after apply)
      + key_vault_id            = "/subscriptions/74dacd4f-a248-45bb-a2f0-af700dc4cf68/resourceGroups/opal-stg/providers/Microsoft.KeyVault/vaults/opal-stg"
      + name                    = "account-enquiry-POSTGRES-PASS"
      + resource_id             = (known after apply)
      + resource_versionless_id = (known after apply)
      + value                   = (sensitive value)
      + version                 = (known after apply)
      + versionless_id          = (known after apply)
    }

  # azurerm_key_vault_secret.POSTGRES-USER will be created
  + resource "azurerm_key_vault_secret" "POSTGRES-USER" {
      + id                      = (known after apply)
      + key_vault_id            = "/subscriptions/74dacd4f-a248-45bb-a2f0-af700dc4cf68/resourceGroups/opal-stg/providers/Microsoft.KeyVault/vaults/opal-stg"
      + name                    = "opal-db-POSTGRES-USER"
      + resource_id             = (known after apply)
      + resource_versionless_id = (known after apply)
      + value                   = (sensitive value)
      + version                 = (known after apply)
      + versionless_id          = (known after apply)
    }

  # azurerm_key_vault_secret.POSTGRES_DATABASE will be created
  + resource "azurerm_key_vault_secret" "POSTGRES_DATABASE" {
      + id                      = (known after apply)
      + key_vault_id            = "/subscriptions/74dacd4f-a248-45bb-a2f0-af700dc4cf68/resourceGroups/opal-stg/providers/Microsoft.KeyVault/vaults/opal-stg"
      + name                    = "account-enquiry-POSTGRES-DATABASE"
      + resource_id             = (known after apply)
      + resource_versionless_id = (known after apply)
      + value                   = (sensitive value)
      + version                 = (known after apply)
      + versionless_id          = (known after apply)
    }

  # azurerm_key_vault_secret.POSTGRES_HOST will be created
  + resource "azurerm_key_vault_secret" "POSTGRES_HOST" {
      + id                      = (known after apply)
      + key_vault_id            = "/subscriptions/74dacd4f-a248-45bb-a2f0-af700dc4cf68/resourceGroups/opal-stg/providers/Microsoft.KeyVault/vaults/opal-stg"
      + name                    = "account-enquiry-POSTGRES-HOST"
      + resource_id             = (known after apply)
      + resource_versionless_id = (known after apply)
      + value                   = (sensitive value)
      + version                 = (known after apply)
      + versionless_id          = (known after apply)
    }

  # azurerm_key_vault_secret.POSTGRES_PORT will be created
  + resource "azurerm_key_vault_secret" "POSTGRES_PORT" {
      + id                      = (known after apply)
      + key_vault_id            = "/subscriptions/74dacd4f-a248-45bb-a2f0-af700dc4cf68/resourceGroups/opal-stg/providers/Microsoft.KeyVault/vaults/opal-stg"
      + name                    = "account-enquiry-POSTGRES-PORT"
      + resource_id             = (known after apply)
      + resource_versionless_id = (known after apply)
      + value                   = (sensitive value)
      + version                 = (known after apply)
      + versionless_id          = (known after apply)
    }

  # module.opal_db.azurerm_postgresql_flexible_server.pgsql_server will be created
  + resource "azurerm_postgresql_flexible_server" "pgsql_server" {
      + administrator_login           = "pgadmin"
      + administrator_password        = (sensitive value)
      + auto_grow_enabled             = false
      + backup_retention_days         = 35
      + create_mode                   = "Default"
      + delegated_subnet_id           = "/subscriptions/74dacd4f-a248-45bb-a2f0-af700dc4cf68/resourceGroups/ss-stg-network-rg/providers/Microsoft.Network/virtualNetworks/ss-stg-vnet/subnets/postgresql"
      + fqdn                          = (known after apply)
      + geo_redundant_backup_enabled  = false
      + id                            = (known after apply)
      + location                      = "uksouth"
      + name                          = "opal-account-enquiry-stg"
      + private_dns_zone_id           = "/subscriptions/1baf5470-1c3e-40d3-a6f7-74bfbce4b348/resourceGroups/core-infra-intsvc-rg/providers/Microsoft.Network/privateDnsZones/private.postgres.database.azure.com"
      + public_network_access_enabled = (known after apply)
      + resource_group_name           = "opal-account-enquiry-data-stg"
      + sku_name                      = "GP_Standard_D2s_v3"
      + storage_mb                    = 65536
      + tags                          = {
          + "application"         = "opal"
          + "autoShutdown"        = "true"
          + "builtFrom"           = "https://github.com/HMCTS/opal-account-enquiry.git"
          + "businessArea"        = "Cross-Cutting"
          + "contactSlackChannel" = "#opal-help"
          + "environment"         = "staging"
          + "managedBy"           = "Green on Black"
        }
      + version                       = "15"

      + authentication {
          + active_directory_auth_enabled = true
          + password_auth_enabled         = true
          + tenant_id                     = "531ff96d-0ae9-462a-8d2d-bec7c0b42082"
        }

      + high_availability {
          + mode = "ZoneRedundant"
        }

      + maintenance_window {
          + day_of_week  = 0
          + start_hour   = 3
          + start_minute = 0
        }
    }

  # module.opal_db.azurerm_postgresql_flexible_server_active_directory_administrator.pgsql_adadmin will be created
  + resource "azurerm_postgresql_flexible_server_active_directory_administrator" "pgsql_adadmin" {
      + id                  = (known after apply)
      + object_id           = "e7ea2042-4ced-45dd-8ae3-e051c6551789"
      + principal_name      = "DTS Platform Operations"
      + principal_type      = "Group"
      + resource_group_name = "opal-account-enquiry-data-stg"
      + server_name         = "opal-account-enquiry-stg"
      + tenant_id           = "531ff96d-0ae9-462a-8d2d-bec7c0b42082"
    }

  # module.opal_db.azurerm_postgresql_flexible_server_active_directory_administrator.pgsql_principal_admin[0] will be created
  + resource "azurerm_postgresql_flexible_server_active_directory_administrator" "pgsql_principal_admin" {
      + id                  = (known after apply)
      + object_id           = "7ef3b6ce-3974-41ab-8512-c3ef4bb8ae01"
      + principal_name      = "jenkins-ptl-mi"
      + principal_type      = "ServicePrincipal"
      + resource_group_name = "opal-account-enquiry-data-stg"
      + server_name         = "opal-account-enquiry-stg"
      + tenant_id           = "531ff96d-0ae9-462a-8d2d-bec7c0b42082"
    }

  # module.opal_db.azurerm_postgresql_flexible_server_configuration.pgsql_server_config["backslash_quote"] will be created
  + resource "azurerm_postgresql_flexible_server_configuration" "pgsql_server_config" {
      + id        = (known after apply)
      + name      = "backslash_quote"
      + server_id = (known after apply)
      + value     = "on"
    }

  # module.opal_db.azurerm_postgresql_flexible_server_database.pg_databases["opal"] will be created
  + resource "azurerm_postgresql_flexible_server_database" "pg_databases" {
      + charset   = "utf8"
      + collation = "en_GB.utf8"
      + id        = (known after apply)
      + name      = "opal"
      + server_id = (known after apply)
    }

  # module.opal_db.azurerm_resource_group.rg[0] will be created
  + resource "azurerm_resource_group" "rg" {
      + id       = (known after apply)
      + location = "uksouth"
      + name     = "opal-account-enquiry-data-stg"
      + tags     = {
          + "application"         = "opal"
          + "autoShutdown"        = "true"
          + "builtFrom"           = "https://github.com/HMCTS/opal-account-enquiry.git"
          + "businessArea"        = "Cross-Cutting"
          + "contactSlackChannel" = "#opal-help"
          + "environment"         = "staging"
          + "managedBy"           = "Green on Black"
        }
    }

  # module.opal_db.null_resource.set-user-permissions-additionaldbs["opal"] will be created
  + resource "null_resource" "set-user-permissions-additionaldbs" {
      + id       = (known after apply)
      + triggers = {
          + "db_reader_user" = "DTS SDS DB Access Reader"
          + "name"           = "opal-account-enquiry"
          + "script_hash"    = "dbe0102f3129d4463913d5e01177e806bc6954005bdd98f20c242658634a1bbc"
        }
    }

  # module.opal_db.random_password.password will be created
  + resource "random_password" "password" {
      + bcrypt_hash      = (sensitive value)
      + id               = (known after apply)
      + length           = 20
      + lower            = true
      + min_lower        = 0
      + min_numeric      = 0
      + min_special      = 0
      + min_upper        = 0
      + number           = true
      + numeric          = true
      + override_special = "()-_"
      + result           = (sensitive value)
      + special          = true
      + upper            = true
    }

Plan: 13 to add, 0 to change, 0 to destroy.