diff --git a/_check.tf b/_check.tf new file mode 100644 index 0000000..80c76a0 --- /dev/null +++ b/_check.tf @@ -0,0 +1,6 @@ +check "database_data" { + assert { + condition = (local.database_data.non_integrated_viewer == "false" && length(local.database_data.metadata_database_type) == 0) || (local.database_data.non_integrated_viewer == "true" && length(local.database_data.metadata_database_type) > 0) + error_message = "When non_integrated_viewer is false, no other database data should be provided. When non_integrated_viewer is true, metadata_database_type, metadata_database_schema, and secrets_manager_* variables should be provided." + } +} diff --git a/_local.tf b/_local.tf index 88dfa46..e02d7c4 100644 --- a/_local.tf +++ b/_local.tf @@ -8,6 +8,8 @@ locals { registry_url = var.disable_ecr == false ? "${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.region}.amazonaws.com" : "ghcr.io/cdcgov/phdi" registry_username = data.aws_ecr_authorization_token.this.user_name registry_password = data.aws_ecr_authorization_token.this.password + database_data = var.postgres_database_data.non_integrated_viewer == "true" ? var.postgres_database_data : var.sqlserver_database_data + service_data = length(var.service_data) > 0 ? var.service_data : { ecr-viewer = { short_name = "ecrv", @@ -36,7 +38,7 @@ locals { }, { name = "NEXT_PUBLIC_NON_INTEGRATED_VIEWER", - value = var.non_integrated_viewer + value = local.database_data.non_integrated_viewer }, { name = "SOURCE", @@ -53,6 +55,30 @@ locals { { name = "NEXT_PUBLIC_BASEPATH", value = var.ecr_viewer_basepath + }, + { + name = "METADATA_DATABASE_TYPE", + value = local.database_data.non_integrated_viewer == "true" ? local.database_data.metadata_database_type : "" + }, + { + name = "METADATA_DATABASE_SCHEMA", + value = local.database_data.non_integrated_viewer == "true" ? local.database_data.metadata_database_schema : "" + }, + { + name = "DATABASE_URL", + value = local.database_data.metadata_database_type == "postgres" ? local.database_data.secrets_manager_postgres_database_url_arn : "" + }, + { + name = "SQL_SERVER_USER", + value = local.database_data.metadata_database_type == "sqlserver" ? local.database_data.secrets_manager_sqlserver_user_arn : "" + }, + { + name = "SQL_SERVER_PASSWORD", + value = local.database_data.metadata_database_type == "sqlserver" ? local.database_data.secrets_manager_sqlserver_password_arn : "" + }, + { + name = "SQL_SERVER_HOST", + value = local.database_data.metadata_database_type == "sqlserver" ? local.database_data.secrets_manager_sqlserver_host_arn : "" } ] }, diff --git a/_variable.tf b/_variable.tf index 416f7d9..2db53a1 100644 --- a/_variable.tf +++ b/_variable.tf @@ -113,6 +113,40 @@ variable "service_data" { default = {} } +variable "postgres_database_data" { + type = object({ + non_integrated_viewer = string + metadata_database_type = string + metadata_database_schema = string + secrets_manager_postgres_database_url_arn = string + }) + default = { + non_integrated_viewer = "false" + metadata_database_type = "" + metadata_database_schema = "" + secrets_manager_postgres_database_url_arn = "" + } +} + +variable "sqlserver_database_data" { + type = object({ + non_integrated_viewer = string + metadata_database_type = string + metadata_database_schema = string + secrets_manager_sqlserver_user_arn = string + secrets_manager_sqlserver_password_arn = string + secrets_manager_sqlserver_host_arn = string + }) + default = { + non_integrated_viewer = "false" + metadata_database_type = "" + metadata_database_schema = "" + secrets_manager_sqlserver_user_arn = "" + secrets_manager_sqlserver_password_arn = "" + secrets_manager_sqlserver_host_arn = "" + } +} + variable "certificate_arn" { type = string description = "ARN of the SSL certificate that enables ssl termination on the ALB" @@ -148,11 +182,11 @@ variable "tags" { default = {} } -variable "non_integrated_viewer" { - type = string - description = "A flag to determine if the viewer is the non-integrated version" - default = "false" -} +# variable "non_integrated_viewer" { +# type = string +# description = "A flag to determine if the viewer is the non-integrated version" +# default = "false" +# } variable "ecr_viewer_basepath" { type = string