-
Notifications
You must be signed in to change notification settings - Fork 63
Expand file tree
/
Copy pathcreate-or-update-database-roles
More file actions
executable file
·55 lines (50 loc) · 2.1 KB
/
create-or-update-database-roles
File metadata and controls
executable file
·55 lines (50 loc) · 2.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
#!/bin/bash
# -----------------------------------------------------------------------------
# Script that invokes the database role-manager AWS Lambda function to create
# or update the Postgres user roles for a particular environment.
# The Lambda function is created by the infra/app/database root module and is
# defined in the infra/app/database child module.
#
# Positional parameters:
# app_name (required) – the name of subdirectory of /infra that holds the
# application's infrastructure code.
# environment (required) - the name of the application environment (e.g. dev,
# staging, prod)
# -----------------------------------------------------------------------------
set -euo pipefail
app_name="$1"
environment="$2"
terraform -chdir="infra/${app_name}/app-config" init > /dev/null
terraform -chdir="infra/${app_name}/app-config" apply -auto-approve > /dev/null
./bin/terraform-init "infra/${app_name}/database" "${environment}"
db_role_manager_function_name=$(terraform -chdir="infra/${app_name}/database" output -raw role_manager_function_name)
db_config=$(terraform -chdir="infra/${app_name}/app-config" output -json environment_configs | jq -r ".${environment}.database_config")
payload="{\"action\":\"manage\",\"config\":${db_config}}"
echo "================================"
echo "Creating/updating database users"
echo "================================"
echo "Input parameters"
echo " app_name=${app_name}"
echo " environment=${environment}"
echo
echo "Invoking Lambda function: ${db_role_manager_function_name}"
echo " Payload: ${payload}"
echo
cli_response=$(aws lambda invoke \
--function-name "${db_role_manager_function_name}" \
--no-cli-pager \
--log-type Tail \
--payload "$(echo -n "${payload}" | base64)" \
--output json \
response.json)
# Print logs out (they are returned base64 encoded)
echo "${cli_response}" | jq -r '.LogResult' | base64 --decode
echo
echo "Lambda function response:"
cat response.json
rm response.json
# Exit with nonzero status if function failed
function_error=$(echo "${cli_response}" | jq -r '.FunctionError')
if [ "${function_error}" != "null" ]; then
exit 1
fi