add sanctuary db and user resources to terraform

app/api/.env-example

@@ -1,7 +1,10 @@
 POSTGRES_USER=postgres
 POSTGRES_PASSWORD=testpass
+POSTGRES_SANCTUARY_USER=sanctuary_user
+POSTGRES_SANCTUARY_PASSWORD=sanctuary_testpass
 POSTGRES_HOST=localhost
 POSTGRES_DB=example
+POSTGRES_SANCTUARY_DB=sanctuary-example
 POSTGRES_PORT=5432
 SECRET_KEY=space-pants
 MIN_PASSWORD_LEN=8

operations/README.md

@@ -61,3 +61,13 @@ in "config.gcs.tfbackend".
 4. Run "terraform init" if using ENV variables, or "terraform init -backend-config=config.gcs.tfbackend"
 if providing variables in that file, followed by "terraform plan" and "terraform apply".
 Terraform should move the state files to the storage bucket.
+
+### Additional terraform changes
+
+To apply new changes to the infrastructure you need to ensure that Terraform finds the state file located in the storage bucket.
+
+- Make sure you have the correct project selected:
+  - `gcloud config get-value project` to view current project.
+  - `gcloud config set project PROJECT_ID` to select project.
+- Initialize terraform with `terraform init` or `terraform init -backend-config="bucket=name_of_bucket" -backend-config="prefix=path/of/state/file"` if terraform cannot find the state file.
+- Run `terraform plan` to view changes and then `terraform apply`

operations/infra/application/cloud_run.tf

@@ -29,17 +29,32 @@ resource "google_sql_database_instance" "db-instance" {
   }
 }
 
+# Medical database
 resource "google_sql_database" "database" {
   name      = local.POSTGRES_DB
   instance  = "${google_sql_database_instance.db-instance.name}"
 }
 
+# Medical db user
 resource "google_sql_user" "users" {
   instance  = "${google_sql_database_instance.db-instance.name}"
   name      = local.POSTGRES_USER
   password  = var.POSTGRES_PASSWORD
 }
 
+# Sanctuary database
+resource "google_sql_database" "sanctuary_database" {
+  name      = local.POSTGRES_SANCTUARY_DB
+  instance  = "${google_sql_database_instance.db-instance.name}"
+}
+
+# Sanctuary db user
+resource "google_sql_user" "sanctuary_user" {
+  instance  = "${google_sql_database_instance.db-instance.name}"
+  name      = local.POSTGRES_SANCTUARY_USER
+  password  = var.POSTGRES_SANCTUARY_PASSWORD
+}
+
 #cloudrun service for the web container
 resource "google_cloud_run_service" "web" {
   name     = "project-ct"
@@ -79,17 +94,29 @@ resource "google_cloud_run_service" "api" {
           name  = "POSTGRES_USER"
           value = local.POSTGRES_USER
         }
+        env {
+          name  = "POSTGRES_SANCTUARY_USER"
+          value = local.POSTGRES_SANCTUARY_USER
+        }
         env {
           name = "POSTGRES_PASSWORD"
           value = var.POSTGRES_PASSWORD
         }
+        env {
+          name = "POSTGRES_SANCTUARY_PASSWORD"
+          value = var.POSTGRES_SANCTUARY_PASSWORD
+        }
         env {
           name = "POSTGRES_HOST"
           value = var.POSTGRES_HOST
         }
         env {
           name = "POSTGRES_DB"
           value = local.POSTGRES_DB 
+        }
+        env {
+          name = "POSTGRES_DB"
+          value = local.POSTGRES_SANCTUARY_DB 
         } 
         env {
           name  = "POSTGRES_PORT"

operations/infra/application/config.tf

@@ -46,5 +46,7 @@ resource "google_storage_bucket" "storage_bucket" {
 #See operations/README
 terraform {
  backend "gcs" {
+  bucket = "project-ct-beta-app-sb"
+  prefix = "terraform/state"
  }
 }

operations/infra/application/variables.tf

@@ -14,10 +14,13 @@ locals {
   GAR_location = "${ var.region }-docker.pkg.dev/${ var.project_id }/"
   service_account = "${ var.project_id }-deploy-sa"
   POSTGRES_DB = "${var.project_id}-db"
+  POSTGRES_SANCTUARY_DB = "${var.project_id}-sanctuary-db"
   POSTGRES_USER = "${var.project_id}-db-user"
+  POSTGRES_SANCTUARY_USER = "${var.project_id}-sanctuary-db-user"
   ARTIFACT_TAG = "prod"
 }
 variable "POSTGRES_PASSWORD" {}
+variable "POSTGRES_SANCTUARY_PASSWORD" {}
 variable "POSTGRES_HOST" {}
 variable "POSTGRES_PORT" {}
 variable "SECRET_KEY" {}