DP-833 , DP-691 Update PGAdmin and its support users (#923)

cabinetoffice · Nov 12, 2024 · 1769f5a · 1769f5a
1 parent 3e8661c
commit 1769f5a
Show file tree

Hide file tree

Showing 6 changed files with 116 additions and 76 deletions.
diff --git a/terragrunt/modules/ecs-service/listeners.tf b/terragrunt/modules/ecs-service/listeners.tf
@@ -17,14 +17,15 @@ resource "aws_lb_target_group" "this" {
   }
 
   health_check {
-    enabled           = true
-    interval          = var.healthcheck_interval
-    timeout           = var.healthcheck_timeout
-    healthy_threshold = var.healthcheck_healthy_threshold
-    path              = var.healthcheck_path
-    port              = var.host_port
-    protocol          = "HTTP"
-    matcher           = "200"
+    enabled             = true
+    interval            = var.healthcheck_interval
+    timeout             = var.healthcheck_timeout
+    healthy_threshold   = var.healthcheck_healthy_threshold
+    unhealthy_threshold = var.unhealthy_threshold
+    path                = var.healthcheck_path
+    port                = var.host_port
+    protocol            = "HTTP"
+    matcher             = "200"
   }
 
   lifecycle {

diff --git a/terragrunt/modules/ecs-service/variables.tf b/terragrunt/modules/ecs-service/variables.tf
@@ -126,6 +126,12 @@ variable "tags" {
   type        = map(string)
 }
 
+variable "unhealthy_threshold" {
+  description = "Number of consecutive health check failures required before considering a target unhealthy. The range is 2-10. Defaults to 3."
+  type        = number
+  default     = 3
+}
+
 variable "user_pool_arn" {
   default = null
   type    = string

diff --git a/terragrunt/modules/tools/service-pgadmin.tf b/terragrunt/modules/tools/service-pgadmin.tf
@@ -25,6 +25,7 @@ module "ecs_service_pgadmin" {
       lg_name                         = aws_cloudwatch_log_group.pgadmin.name
       lg_prefix                       = "tools"
       lg_region                       = data.aws_region.current.name
+      login_banner                    = "${upper(local.name_prefix)} ${title(var.environment)}"
       memory                          = var.pgadmin_config.memory
       name                            = var.pgadmin_config.name
     }
@@ -37,10 +38,10 @@ module "ecs_service_pgadmin" {
   ecs_listener_arn              = var.ecs_listener_arn
   ecs_service_base_sg_id        = var.ecs_sg_id
   family                        = "tools"
-  healthcheck_healthy_threshold = 5
+  healthcheck_healthy_threshold = 3
   healthcheck_interval          = 60
   healthcheck_path              = "/login"
-  healthcheck_timeout           = 30
+  healthcheck_timeout           = 40
   host_port                     = var.pgadmin_config.port
   memory                        = var.pgadmin_config.memory
   name                          = var.pgadmin_config.name
@@ -50,6 +51,7 @@ module "ecs_service_pgadmin" {
   role_ecs_task_arn             = var.role_ecs_task_arn
   role_ecs_task_exec_arn        = var.role_ecs_task_exec_arn
   tags                          = var.tags
+  unhealthy_threshold           = 6
   user_pool_arn                 = var.is_production ? var.user_pool_arn_pgadmin : null
   user_pool_client_id           = var.is_production ? var.user_pool_client_id_pgadmin : null
   user_pool_domain              = var.is_production ? var.user_pool_domain_pgadmin : null

diff --git a/terragrunt/modules/tools/templates/task-definitions/pgadmin.json.tftpl b/terragrunt/modules/tools/templates/task-definitions/pgadmin.json.tftpl
@@ -28,7 +28,9 @@
         {"name": "PGADMIN_DATABASE_HOST" , "value": "${pgadmin_database_host}"},
         {"name": "PGADMIN_DATABASE_NAME" , "value": "${pgadmin_database_name}"},
         {"name": "PGADMIN_CONFIG_SERVER_MODE" , "value": "True"},
-        {"name": "PGADMIN_LISTEN_PORT", "value": "${host_port}"}
+        {"name": "PGADMIN_LISTEN_PORT", "value": "${host_port}"},
+        {"name": "LOG_LEVEL", "value": "ERROR"},
+        {"name": "LOGIN_BANNER", "value": "${login_banner}"}
     ],
     "secrets": [
         {"name": "DB_ENTITY_VERIFICATION_USERNAME", "valueFrom": "${db_entity_verification_username}"},

diff --git a/terragrunt/tools/pgadmin/README.md b/terragrunt/tools/pgadmin/README.md
@@ -14,6 +14,22 @@ export PINNED_PGADMIN_VERSION=8.12.0
 
 ```shell
 docker build --build-arg PGADMIN_VERSION=${PINNED_PGADMIN_VERSION} -t cabinetoffice/cdp-pgadmin:${PINNED_PGADMIN_VERSION} .
+
+## If need local testing ...
+# docker run \
+#  -e DB_SIRSI_ADDRESS='sirsi-address' \
+#  -e DB_SIRSI_NAME='sirsi-db' \
+#  -e DB_SIRSI_USERNAME='sirsi-username' \
+#  -e DB_ENTITY_VERIFICATION_ADDRESS='ev-address' \
+#  -e DB_ENTITY_VERIFICATION_NAME='ev-db' \
+#  -e DB_ENTITY_VERIFICATION_USERNAME='ev-username' \
+#  -e PGADMIN_DATABASE_USERNAME='test-user' \
+#  -e PGADMIN_DATABASE_HOST='pgadmin-address' \
+#  -e PGADMIN_DATABASE_NAME='pgadmin-db' \
+#  -e PGADMIN_DEFAULT_EMAIL='admin@example.com' \
+#  -e PGADMIN_DEFAULT_PASSWORD='admin' \
+#  -e SUPPORT_USERNAMES='ali.bahman, reza.nakhjavani' \
+#  cabinetoffice/cdp-pgadmin:${PINNED_PGADMIN_VERSION}
 ```
 
 ## Deploy

diff --git a/terragrunt/tools/pgadmin/configs/custom-entrypoint.sh b/terragrunt/tools/pgadmin/configs/custom-entrypoint.sh
@@ -1,84 +1,97 @@
 #!/bin/sh
 
-echo "Configuring pgAdmin..."
-
-export CONFIG_DATABASE_URI="postgresql://${PGADMIN_DATABASE_USERNAME}:${PGADMIN_DATABASE_PASSWORD}@${PGADMIN_DATABASE_HOST}:5432/${PGADMIN_DATABASE_NAME}"
-
 clear_all_servers() {
-    echo "Removing all existing servers from pgAdmin configuration..."
-    PGPASSWORD="$PGADMIN_DATABASE_PASSWORD" psql -h "$PGADMIN_DATABASE_HOST" -U "$PGADMIN_DATABASE_USERNAME" -d "$PGADMIN_DATABASE_NAME" -c "DELETE FROM public.server;"
-    PGPASSWORD="$PGADMIN_DATABASE_PASSWORD" psql -h "$PGADMIN_DATABASE_HOST" -U "$PGADMIN_DATABASE_USERNAME" -d "$PGADMIN_DATABASE_NAME" -c "DELETE FROM public.user;"
+  echo "#### Removing all existing servers from pgAdmin Database ####"
+  PGPASSWORD="$PGADMIN_DATABASE_PASSWORD" psql -h "$PGADMIN_DATABASE_HOST" -U "$PGADMIN_DATABASE_USERNAME" -d "$PGADMIN_DATABASE_NAME" -c "DELETE FROM public.server;"
+  PGPASSWORD="$PGADMIN_DATABASE_PASSWORD" psql -h "$PGADMIN_DATABASE_HOST" -U "$PGADMIN_DATABASE_USERNAME" -d "$PGADMIN_DATABASE_NAME" -c "DELETE FROM public.servergroup;"
 }
 
+# Function to check if a server already exists in pgAdmin
+check_server_exists() {
+  server_name=$1
+  PGPASSWORD=$PGADMIN_DATABASE_PASSWORD psql -h $PGADMIN_DATABASE_HOST -U $PGADMIN_DATABASE_USERNAME -d $PGADMIN_DATABASE_NAME -tAc "SELECT 1 FROM public.server WHERE name = '${server_name}'" | grep -q 1
+  return $?
+}
+
+# Function to add a server to servers.json if it doesn't already exist
 add_server_to_json() {
-    local id=$1
-    local name=$2
-    local group=$3
-    local host=$4
-    local port=$5
-    local maintenance_db=$6
-    local username=$7
+  local id=$1
+  local name=$2
+  local group=$3
+  local host=$4
+  local port=$5
+  local maintenance_db=$6
+  local username=$7
 
-    echo "    \"$id\": {" >> /pgadmin4/servers.json
-    echo "      \"Name\": \"$name\"," >> /pgadmin4/servers.json
-    echo "      \"Group\": \"$group\"," >> /pgadmin4/servers.json
-    echo "      \"Host\": \"$host\"," >> /pgadmin4/servers.json
-    echo "      \"Port\": $port," >> /pgadmin4/servers.json
-    echo "      \"MaintenanceDB\": \"$maintenance_db\"," >> /pgadmin4/servers.json
-    echo "      \"Username\": \"$username\"," >> /pgadmin4/servers.json
-    echo "      \"SSLMode\": \"prefer\"" >> /pgadmin4/servers.json
-    echo "    }," >> /pgadmin4/servers.json
+  if check_server_exists "$name"; then
+    echo "$name server already exists. Skipping..."
+  else
+    echo "Adding $name server to servers.json..."
+  echo "    \"$id\": {" >>/pgadmin4/servers.json
+  echo "      \"Name\": \"$name\"," >>/pgadmin4/servers.json
+  echo "      \"Group\": \"$group\"," >>/pgadmin4/servers.json
+  echo "      \"Host\": \"$host\"," >>/pgadmin4/servers.json
+  echo "      \"Port\": $port," >>/pgadmin4/servers.json
+  echo "      \"MaintenanceDB\": \"$maintenance_db\"," >>/pgadmin4/servers.json
+  echo "      \"Username\": \"$username\"," >>/pgadmin4/servers.json
+  echo "      \"SSLMode\": \"prefer\"" >>/pgadmin4/servers.json
+  echo "    }," >>/pgadmin4/servers.json
+  fi
 }
 
 configure_servers_json() {
-    echo '{' > /pgadmin4/servers.json
-    echo '  "Servers": {' >> /pgadmin4/servers.json
+  echo "#### Generated servers.json: ####"
 
-    echo "Adding using default servers."
-    add_server_to_json "1" "PGAdmin" "Admin" "$PGADMIN_DATABASE_HOST" 5432 "$PGADMIN_DATABASE_NAME" "$PGADMIN_DATABASE_USERNAME"
-    add_server_to_json "2" "SIRSI" "CDP" "$DB_SIRSI_ADDRESS" 5432 "$DB_SIRSI_NAME" "$DB_SIRSI_USERNAME"
-    add_server_to_json "3" "Entity Verification" "CDP" "$DB_ENTITY_VERIFICATION_ADDRESS" 5432 "$DB_ENTITY_VERIFICATION_NAME" "$DB_ENTITY_VERIFICATION_USERNAME"
+  echo '{' >/pgadmin4/servers.json
+  echo '  "Servers": {' >>/pgadmin4/servers.json
 
-    if [ -z "$SUPPORT_USERNAMES" ]; then
-        echo "No support users provided"
-    else
-        echo "Adding servers for support users"
+  echo "#### Adding default servers ####"
+  add_server_to_json "1" "admin@cdp-sirsi-pgadmin" "Admin" "$PGADMIN_DATABASE_HOST" 5432 "$PGADMIN_DATABASE_NAME" "$PGADMIN_DATABASE_USERNAME"
+  add_server_to_json "2" "admin@cdp-sirsi" "Admin" "$DB_SIRSI_ADDRESS" 5432 "$DB_SIRSI_NAME" "$DB_SIRSI_USERNAME"
+  add_server_to_json "3" "admin@cdp-sirsi-entity-verification" "Admin" "$DB_ENTITY_VERIFICATION_ADDRESS" 5432 "$DB_ENTITY_VERIFICATION_NAME" "$DB_ENTITY_VERIFICATION_USERNAME"
+  add_server_to_json "4" "SIRSI" "CDP" "$DB_SIRSI_ADDRESS" 5432 "$DB_SIRSI_NAME" "${DB_SIRSI_USERNAME}_pgadmin"
+  add_server_to_json "5" "Entity Verification" "CDP" "$DB_ENTITY_VERIFICATION_ADDRESS" 5432 "$DB_ENTITY_VERIFICATION_NAME" "${DB_ENTITY_VERIFICATION_USERNAME}_pgadmin"
 
-        # Split the SUPPORT_USERNAMES by comma and loop over each username
-        id=4  # Start ID for dynamically added servers
-        for username in $(echo "$SUPPORT_USERNAMES" | tr ',' ' '); do
-            add_server_to_json "$id" "$username@cdp-sirsi" "Production Support" "$DB_SIRSI_ADDRESS" 5432 "$DB_SIRSI_NAME" "$username"
-            id=$((id + 1))
-            add_server_to_json "$id" "$username@cdp-entity-verification" "Production Support" "$DB_ENTITY_VERIFICATION_ADDRESS" 5432 "$DB_ENTITY_VERIFICATION_NAME" "$username"
-            id=$((id + 1))
-        done
-    fi
+  if [ -z "$SUPPORT_USERNAMES" ]; then
+    echo "#### No support users provided ####"
+  else
+    echo "#### Adding servers for support users ####"
 
-    sed -i '$ s/,$//' /pgadmin4/servers.json
-    echo "  }" >> /pgadmin4/servers.json
-    echo "}" >> /pgadmin4/servers.json
-}
+    id=6
+    for username in $(echo "$SUPPORT_USERNAMES" | tr ',' ' '); do
+      add_server_to_json "$id" "$username@cdp-sirsi" "Production Support" "$DB_SIRSI_ADDRESS" 5432 "$DB_SIRSI_NAME" "$username"
+      id=$((id + 1))
+      add_server_to_json "$id" "$username@cdp-entity-verification" "Production Support" "$DB_ENTITY_VERIFICATION_ADDRESS" 5432 "$DB_ENTITY_VERIFICATION_NAME" "$username"
+      id=$((id + 1))
+    done
+  fi
 
-clear_all_servers
-configure_servers_json
+  sed -i '$ s/,$//' /pgadmin4/servers.json
+  echo "  }" >>/pgadmin4/servers.json
+  echo "}" >>/pgadmin4/servers.json
+}
 
-echo "Generated servers.json:"
-cat /pgadmin4/servers.json
+write_local_config() {
+  echo "#### Updating local configurations ####"
 
-echo "pgAdmin configuration complete."
+  if [ ! -f /pgadmin4/config_local.py ]; then
+    touch /pgadmin4/config_local.py
+  fi
+  export CONFIG_DATABASE_URI="postgresql://${PGADMIN_DATABASE_USERNAME}:${PGADMIN_DATABASE_PASSWORD}@${PGADMIN_DATABASE_HOST}:5432/${PGADMIN_DATABASE_NAME}"
+  echo "import logging" >/pgadmin4/config_local.py
+  echo "CONFIG_DATABASE_URI = '${CONFIG_DATABASE_URI}'" >>/pgadmin4/config_local.py
+  echo "ALLOW_SAVE_PASSWORD = ${ALLOW_SAVE_PASSWORD:-False}" >>/pgadmin4/config_local.py
+  echo "DEBUG = ${DEBUG:-False}" >>/pgadmin4/config_local.py
+  echo "CONSOLE_LOG_LEVEL = logging.${LOG_LEVEL:-WARNING}" >>/pgadmin4/config_local.py
+  echo "FILE_LOG_LEVEL = logging.${LOG_LEVEL:-WARNING}" >>/pgadmin4/config_local.py
+  echo "LOGIN_BANNER = '${LOGIN_BANNER:-CDP-SIRSI PGAdmin}'" >>/pgadmin4/config_local.py
+}
 
+echo "#### Configuring pgAdmin... ####"
+# clear_all_servers # Use only to force a fresh start
+configure_servers_json
+write_local_config
+echo "#### Configuration of pgAdmin is complete! ####"
 
-docker run \
-  -e DB_SIRSI_ADDRESS='sirsi-address' \
-  -e DB_SIRSI_NAME='sirsi-db' \
-  -e DB_SIRSI_USERNAME='sirsi-username' \
-  -e DB_ENTITY_VERIFICATION_ADDRESS='ev-address' \
-  -e DB_ENTITY_VERIFICATION_NAME='ev-db' \
-  -e DB_ENTITY_VERIFICATION_USERNAME='ev-username' \
-  -e PGADMIN_DATABASE_USERNAME='test-user' \
-  -e PGADMIN_DATABASE_HOST='pgadmin-address' \
-  -e PGADMIN_DATABASE_NAME='pgadmin-db' \
-  -e PGADMIN_DEFAULT_EMAIL='admin@example.com' \
-  -e PGADMIN_DEFAULT_PASSWORD='admin' \
-  -e SUPPORT_USERNAMES='ali.bahman, reza.nakhjavani' \
-  cabinetoffice/cdp-pgadmin:${PINNED_PGADMIN_VERSION}
+echo "Handing over to pgAdmin."
+exec /entrypoint.sh "$@"