2021-04-13 01:18:32 +02:00
package rds
import (
" encoding/json "
" dagger.io/dagger "
" dagger.io/aws "
)
#CreateDB : {
// AWS Config
config : aws . #Config
// DB name
2021-05-26 12:23:44 +02:00
name : string @ dagger ( input )
2021-04-13 01:18:32 +02:00
// ARN of the database instance
2021-05-26 12:23:44 +02:00
dbArn : string @ dagger ( input )
2021-04-13 01:18:32 +02:00
// ARN of the database secret (for connecting via rds api)
2021-05-26 12:23:44 +02:00
secretArn : string @ dagger ( input )
2021-04-13 01:18:32 +02:00
2021-05-26 12:23:44 +02:00
dbType : " mysql " | " postgres " @ dagger ( input )
2021-04-13 01:18:32 +02:00
// Name of the DB created
2021-05-26 12:23:44 +02:00
out : string @ dagger ( output )
2021-04-13 01:18:32 +02:00
aws . #Script & {
" config " : config
files : {
" /inputs/name " : name
" /inputs/db_arn " : dbArn
" /inputs/secret_arn " : secretArn
" /inputs/db_type " : dbType
}
export : " /db_created "
code : #"""
set + o pipefail
dbType = " $(cat /inputs/db_type) "
echo " dbType: $dbType "
sql = " CREATE DATABASE \ `$(cat /inputs/name) \ ` "
if [ " $dbType " = postgres ] ; then
sql = " CREATE DATABASE \" $(cat /inputs/name) \" "
fi
2021-04-22 18:44:18 +02:00
cp / inputs / name / db_created
2021-04-13 01:18:32 +02:00
aws rds - data execute - statement \
- - resource - arn " $(cat /inputs/db_arn) " \
- - secret - arn " $(cat /inputs/secret_arn) " \
- - sql " $sql " \
- - database " $dbType " \
- - no - include - result - metadata \
| & tee / tmp / out
exit_code = $ { PIPESTATUS [ 0 ] }
if [ $exit_code - ne 0 ] ; then
2021-04-22 18:44:18 +02:00
grep - q " database exists \ |already exists " / tmp / out || exit $exit_code
2021-04-13 01:18:32 +02:00
fi
""" #
}
}
#CreateUser : {
// AWS Config
config : aws . #Config
// Username
username : dagger . #Secret
// Password
password : dagger . #Secret
// ARN of the database instance
dbArn : string
// ARN of the database secret (for connecting via rds api)
secretArn : string
grantDatabase : string | * ""
dbType : " mysql " | " postgres "
// Outputed username
out : string
aws . #Script & {
" config " : config
files : {
" /inputs/username " : username
" /inputs/password " : password
" /inputs/db_arn " : dbArn
" /inputs/secret_arn " : secretArn
" /inputs/grant_database " : grantDatabase
" /inputs/db_type " : dbType
}
export : " /username "
code : #"""
set + o pipefail
dbType = " $(cat /inputs/db_type) "
echo " dbType: $dbType "
sql = " CREATE USER '$(cat /inputs/username)'@'%' IDENTIFIED BY '$(cat /inputs/password)' "
if [ " $dbType " = postgres ] ; then
sql = " CREATE USER \" $(cat /inputs/username) \" WITH PASSWORD '$(cat /inputs/password)' "
fi
2021-04-22 18:44:18 +02:00
cp / inputs / username / username
2021-04-13 01:18:32 +02:00
aws rds - data execute - statement \
- - resource - arn " $(cat /inputs/db_arn) " \
- - secret - arn " $(cat /inputs/secret_arn) " \
- - sql " $sql " \
- - database " $dbType " \
- - no - include - result - metadata \
| & tee tmp / out
exit_code = $ { PIPESTATUS [ 0 ] }
if [ $exit_code - ne 0 ] ; then
2021-04-22 18:44:18 +02:00
grep - q " Operation CREATE USER failed for \ |ERROR " tmp / out || exit $exit_code
2021-04-13 01:18:32 +02:00
fi
sql = " SET PASSWORD FOR '$(cat /inputs/username)'@'%' = PASSWORD('$(cat /inputs/password)') "
if [ " $dbType " = postgres ] ; then
sql = " ALTER ROLE \" $(cat /inputs/username) \" WITH PASSWORD '$(cat /inputs/password)' "
fi
aws rds - data execute - statement \
- - resource - arn " $(cat /inputs/db_arn) " \
- - secret - arn " $(cat /inputs/secret_arn) " \
- - sql " $sql " \
- - database " $dbType " \
- - no - include - result - metadata
sql = " GRANT ALL ON \ `$(cat /inputs/grant_database) \ `.* to '$(cat /inputs/username)'@'%' "
if [ " $dbType " = postgres ] ; then
sql = " GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO \" $(cat /inputs/username) \" ; GRANT ALL PRIVILEGES ON DATABASE \" $(cat /inputs/grant_database) \" to \" $(cat /inputs/username) \" ; GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO \" $(cat /inputs/username) \" ; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON TABLES TO \" $(cat /inputs/username) \" ; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON SEQUENCES TO \" $(cat /inputs/username) \" ; GRANT USAGE ON SCHEMA public TO \" $(cat /inputs/username) \" ; "
fi
if [ - s / inputs / grant_database ] ; then
aws rds - data execute - statement \
- - resource - arn " $(cat /inputs/db_arn) " \
- - secret - arn " $(cat /inputs/secret_arn) " \
- - sql " $sql " \
- - database " $dbType " \
- - no - include - result - metadata
fi
""" #
}
}
#Instance : {
// AWS Config
config : aws . #Config
// ARN of the database instance
dbArn : string
// DB hostname
hostname : info . hostname
// DB port
port : info . port
info : {
hostname : string
port : int
}
info : json . Unmarshal ( out )
out : string
aws . #Script & {
" config " : config
files : " /inputs/db_arn " : dbArn
export : " /out "
code : #"""
db_arn = " $(cat /inputs/db_arn) "
data = $ ( aws rds describe - db - clusters - - filters " Name=db-cluster-id,Values=$db_arn " )
echo " $data " | jq - r '.DBClusters[].Endpoint' > / tmp / out
echo " $data " | jq - r '.DBClusters[].Port' > > / tmp / out
cat / tmp / out | jq - sR 'split("\n") | {hostname: .[0], port: (.[1] | tonumber)}' > / out
""" #
}
}