feat: added postgres and terraform

2023-06-23 15:20:40 +02:00 · 2023-06-23 15:20:40 +02:00 · 3e42d55e7c
parent 63e961e9a2
commit 3e42d55e7c
10 changed files with 248 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -7,3 +7,6 @@ venv

 *.egg-info
 __pycache__
+
+.terraform
+.terraform.lock.hcl
--- a/pipeline/docker-compose.yml
+++ b/pipeline/docker-compose.yml
@ -37,3 +37,33 @@ services:
    depends_on:
      airflow-init:
        condition: service_completed_successfully
+
+  postgres:
+    image: postgres:15.3-alpine
+    ports:
+      - 5432:5432
+    volumes:
+      - ./state/postgres/data:/var/lib/postgresql/data
+    environment:
+      - "POSTGRES_PASSWORD=postgres"
+      - "POSTGRES_USER=postgres"
+
+  terraform:
+    image: hashicorp/terraform
+    entrypoint: /usr/local/bin/terraform-entrypoint.sh
+    restart: "no"
+    working_dir: /terraform
+    volumes:
+      - ./scripts/terraform-entrypoint.sh:/usr/local/bin/terraform-entrypoint.sh:ro
+      - ./terraform:/terraform
+      - ./state/tfstate:/terraform/tfstate
+    depends_on:
+      airflow-webserver:
+        condition: service_started
+      postgres:
+        condition: service_started
+    environment:
+      - "TF_VAR_pg_host=postgres"
+      - "TF_VAR_pg_port=5432"
+      - "TF_VAR_pg_password=postgres"
+      - "TF_VAR_pg_username=postgres"
--- a/pipeline/scripts/airflow-init.sh
+++ b/pipeline/scripts/airflow-init.sh
@ -7,3 +7,6 @@ airflow db init

 # Allow non-authenticated access to UI for Airflow 2.*
 sed -i.bak -E 's/^(# )?(AUTH_ROLE_PUBLIC) = .*$/\2 = "Admin"/' /home/airflow/airflow/webserver_config.py
+
+# Allow unauthenticated API access for terraform
+sed -i.bak -E 's/^(auth_backends) = .*$/\1 = airflow.api.auth.backend.default/' /home/airflow/airflow/airflow.cfg
--- a/pipeline/scripts/terraform-entrypoint.sh
+++ b/pipeline/scripts/terraform-entrypoint.sh
@ -0,0 +1,12 @@
+#!/bin/sh
+
+# We need to wait for a while and potentially retry to make sure both
+# postgresql and airflow are ready so that terraform can operate on them
+
+while :; do
+    sleep 10
+    terraform init &&
+        terraform plan &&
+        terraform apply -auto-approve &&
+        break
+done
--- a/pipeline/terraform/main.tf
+++ b/pipeline/terraform/main.tf
@ -0,0 +1,32 @@
+terraform {
+  backend "local" {
+    path = "tfstate/terraform.state"
+  }
+  required_providers {
+    postgresql = {
+      source  = "cyrilgdn/postgresql"
+      version = ">= 1.19.0"
+    }
+  }
+}
+
+module "postgresql" {
+  source            = "./modules/postgresql"
+  host              = var.pg_host
+  port              = var.pg_port
+  username          = var.pg_username
+  password          = var.pg_password
+  pipeline_username = var.pipeline_pg_username
+  pipeline_password = var.pipeline_pg_password
+  pipeline_db       = var.pipeline_pg_db
+  pipeline_schema   = var.pipeline_pg_schema
+}
+
+module "airflow" {
+  source      = "./modules/airflow"
+  pg_host     = var.pg_host
+  pg_port     = var.pg_port
+  pg_username = var.pipeline_pg_username
+  pg_password = var.pipeline_pg_password
+  pg_db       = var.pipeline_pg_db
+}
--- a/pipeline/terraform/modules/airflow/main.tf
+++ b/pipeline/terraform/modules/airflow/main.tf
@ -0,0 +1,21 @@
+terraform {
+  required_providers {
+    airflow = {
+      source  = "DrFaust92/airflow"
+      version = ">= 0.12.5"
+    }
+  }
+}
+
+provider "airflow" {
+  base_endpoint = "http://airflow-webserver:8080"
+}
+
+resource "airflow_connection" "pg_connection" {
+  connection_id = "pg_db"
+  conn_type     = "postgres"
+  host          = format("%s:%s", var.pg_host, var.pg_port)
+  schema        = var.pg_db
+  login         = var.pg_username
+  password      = var.pg_password
+}
--- a/pipeline/terraform/modules/airflow/variables.tf
+++ b/pipeline/terraform/modules/airflow/variables.tf
@ -0,0 +1,25 @@
+variable "pg_host" {
+  type        = string
+  description = "postgresql host"
+}
+
+variable "pg_port" {
+  type        = string
+  description = "postgresql port"
+}
+
+variable "pg_username" {
+  type        = string
+  description = "postgresql pipeline username"
+}
+
+variable "pg_password" {
+  type        = string
+  description = "postgresql pipeline password"
+  sensitive   = true
+}
+
+variable "pg_db" {
+  type        = string
+  description = "postgresql pipeline db"
+}
--- a/pipeline/terraform/modules/postgresql/main.tf
+++ b/pipeline/terraform/modules/postgresql/main.tf
@ -0,0 +1,33 @@
+terraform {
+  required_providers {
+    postgresql = {
+      source  = "cyrilgdn/postgresql"
+      version = ">= 1.19.0"
+    }
+  }
+}
+
+provider "postgresql" {
+  host     = var.host
+  port     = var.port
+  username = var.username
+  password = var.password
+  sslmode  = "disable"
+}
+
+resource "postgresql_role" "pg_pipeline_user" {
+  name     = var.pipeline_username
+  password = var.pipeline_password
+  login    = true
+}
+
+resource "postgresql_database" "pg_pipeline_db" {
+  name  = var.pipeline_db
+  owner = postgresql_role.pg_pipeline_user.name
+}
+
+resource "postgresql_schema" "pg_pipeline_schema" {
+  name     = var.pipeline_schema
+  database = postgresql_database.pg_pipeline_db.name
+  owner    = postgresql_role.pg_pipeline_user.name
+}
--- a/pipeline/terraform/modules/postgresql/variables.tf
+++ b/pipeline/terraform/modules/postgresql/variables.tf
@ -0,0 +1,42 @@
+variable "host" {
+  type        = string
+  description = "postgresql host"
+}
+
+variable "port" {
+  type        = number
+  description = "postgresql post"
+  default     = 5432
+}
+
+variable "password" {
+  type        = string
+  description = "postgresql admin password"
+  sensitive   = true
+}
+
+variable "username" {
+  type        = string
+  description = "postgresql admin username"
+}
+
+variable "pipeline_username" {
+  type        = string
+  description = "postgresql pipeline username"
+}
+
+variable "pipeline_password" {
+  type        = string
+  description = "postgresql pipeline password"
+  sensitive   = true
+}
+
+variable "pipeline_db" {
+  type        = string
+  description = "postgresql pipeline db"
+}
+
+variable "pipeline_schema" {
+  type        = string
+  description = "postgresql pipeline db"
+}
--- a/pipeline/terraform/variables.tf
+++ b/pipeline/terraform/variables.tf
@ -0,0 +1,47 @@
+variable "pg_host" {
+  type        = string
+  description = "postgresql host"
+}
+
+variable "pg_port" {
+  type        = number
+  description = "postgresql post"
+  default     = 5432
+}
+
+variable "pg_password" {
+  type        = string
+  description = "postgresql admin password"
+  sensitive   = true
+}
+
+variable "pg_username" {
+  type        = string
+  description = "postgresql admin username"
+  sensitive   = true
+}
+
+variable "pipeline_pg_username" {
+  type        = string
+  description = "postgresql pipeline username"
+  default     = "sustainability_score"
+}
+
+variable "pipeline_pg_password" {
+  type        = string
+  description = "postgresql pipeline password"
+  default     = "sustainability_score"
+  sensitive   = true
+}
+
+variable "pipeline_pg_db" {
+  type        = string
+  description = "postgresql pipeline db name"
+  default     = "sustainability_score"
+}
+
+variable "pipeline_pg_schema" {
+  type        = string
+  description = "postgresql pipeline schema name"
+  default     = "sustainability_score"
+}