197 lines
4.8 KiB
CUE
197 lines
4.8 KiB
CUE
|
package rds
|
||
|
|
||
|
import (
|
||
|
"encoding/json"
|
||
|
"dagger.io/dagger"
|
||
|
"dagger.io/aws"
|
||
|
)
|
||
|
|
||
|
#CreateDB: {
|
||
|
// AWS Config
|
||
|
config: aws.#Config
|
||
|
|
||
|
// DB name
|
||
|
name: string
|
||
|
|
||
|
// ARN of the database instance
|
||
|
dbArn: string
|
||
|
|
||
|
// ARN of the database secret (for connecting via rds api)
|
||
|
secretArn: string
|
||
|
|
||
|
dbType: "mysql" | "postgres"
|
||
|
|
||
|
// Name of the DB created
|
||
|
out: string
|
||
|
|
||
|
aws.#Script & {
|
||
|
"config": config
|
||
|
|
||
|
files: {
|
||
|
"/inputs/name": name
|
||
|
"/inputs/db_arn": dbArn
|
||
|
"/inputs/secret_arn": secretArn
|
||
|
"/inputs/db_type": dbType
|
||
|
}
|
||
|
|
||
|
export: "/db_created"
|
||
|
|
||
|
code: #"""
|
||
|
set +o pipefail
|
||
|
|
||
|
dbType="$(cat /inputs/db_type)"
|
||
|
echo "dbType: $dbType"
|
||
|
|
||
|
sql="CREATE DATABASE \`$(cat /inputs/name)\`"
|
||
|
if [ "$dbType" = postgres ]; then
|
||
|
sql="CREATE DATABASE \"$(cat /inputs/name)\""
|
||
|
fi
|
||
|
|
||
|
aws rds-data execute-statement \
|
||
|
--resource-arn "$(cat /inputs/db_arn)" \
|
||
|
--secret-arn "$(cat /inputs/secret_arn)" \
|
||
|
--sql "$sql" \
|
||
|
--database "$dbType" \
|
||
|
--no-include-result-metadata \
|
||
|
|& tee /tmp/out
|
||
|
exit_code=${PIPESTATUS[0]}
|
||
|
if [ $exit_code -ne 0 ]; then
|
||
|
cat /tmp/out
|
||
|
grep -q "database exists\|already exists" /tmp/out
|
||
|
[ $? -ne 0 ] && exit $exit_code
|
||
|
fi
|
||
|
cp /inputs/name /db_created
|
||
|
"""#
|
||
|
}
|
||
|
}
|
||
|
|
||
|
#CreateUser: {
|
||
|
// AWS Config
|
||
|
config: aws.#Config
|
||
|
|
||
|
// Username
|
||
|
username: dagger.#Secret
|
||
|
|
||
|
// Password
|
||
|
password: dagger.#Secret
|
||
|
|
||
|
// ARN of the database instance
|
||
|
dbArn: string
|
||
|
|
||
|
// ARN of the database secret (for connecting via rds api)
|
||
|
secretArn: string
|
||
|
|
||
|
grantDatabase: string | *""
|
||
|
|
||
|
dbType: "mysql" | "postgres"
|
||
|
|
||
|
// Outputed username
|
||
|
out: string
|
||
|
|
||
|
aws.#Script & {
|
||
|
"config": config
|
||
|
|
||
|
files: {
|
||
|
"/inputs/username": username
|
||
|
"/inputs/password": password
|
||
|
"/inputs/db_arn": dbArn
|
||
|
"/inputs/secret_arn": secretArn
|
||
|
"/inputs/grant_database": grantDatabase
|
||
|
"/inputs/db_type": dbType
|
||
|
}
|
||
|
|
||
|
export: "/username"
|
||
|
|
||
|
code: #"""
|
||
|
set +o pipefail
|
||
|
|
||
|
dbType="$(cat /inputs/db_type)"
|
||
|
echo "dbType: $dbType"
|
||
|
|
||
|
sql="CREATE USER '$(cat /inputs/username)'@'%' IDENTIFIED BY '$(cat /inputs/password)'"
|
||
|
if [ "$dbType" = postgres ]; then
|
||
|
sql="CREATE USER \"$(cat /inputs/username)\" WITH PASSWORD '$(cat /inputs/password)'"
|
||
|
fi
|
||
|
|
||
|
aws rds-data execute-statement \
|
||
|
--resource-arn "$(cat /inputs/db_arn)" \
|
||
|
--secret-arn "$(cat /inputs/secret_arn)" \
|
||
|
--sql "$sql" \
|
||
|
--database "$dbType" \
|
||
|
--no-include-result-metadata \
|
||
|
|& tee tmp/out
|
||
|
exit_code=${PIPESTATUS[0]}
|
||
|
if [ $exit_code -ne 0 ]; then
|
||
|
cat tmp/out
|
||
|
grep -q "Operation CREATE USER failed for\|ERROR" tmp/out
|
||
|
[ $? -ne 0 ] && exit $exit_code
|
||
|
fi
|
||
|
cp /inputs/username /username
|
||
|
|
||
|
sql="SET PASSWORD FOR '$(cat /inputs/username)'@'%' = PASSWORD('$(cat /inputs/password)')"
|
||
|
if [ "$dbType" = postgres ]; then
|
||
|
sql="ALTER ROLE \"$(cat /inputs/username)\" WITH PASSWORD '$(cat /inputs/password)'"
|
||
|
fi
|
||
|
|
||
|
aws rds-data execute-statement \
|
||
|
--resource-arn "$(cat /inputs/db_arn)" \
|
||
|
--secret-arn "$(cat /inputs/secret_arn)" \
|
||
|
--sql "$sql" \
|
||
|
--database "$dbType" \
|
||
|
--no-include-result-metadata
|
||
|
|
||
|
sql="GRANT ALL ON \`$(cat /inputs/grant_database)\`.* to '$(cat /inputs/username)'@'%'"
|
||
|
if [ "$dbType" = postgres ]; then
|
||
|
sql="GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO \"$(cat /inputs/username)\"; GRANT ALL PRIVILEGES ON DATABASE \"$(cat /inputs/grant_database)\" to \"$(cat /inputs/username)\"; GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO \"$(cat /inputs/username)\"; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON TABLES TO \"$(cat /inputs/username)\"; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON SEQUENCES TO \"$(cat /inputs/username)\"; GRANT USAGE ON SCHEMA public TO \"$(cat /inputs/username)\";"
|
||
|
fi
|
||
|
|
||
|
if [ -s /inputs/grant_database ]; then
|
||
|
aws rds-data execute-statement \
|
||
|
--resource-arn "$(cat /inputs/db_arn)" \
|
||
|
--secret-arn "$(cat /inputs/secret_arn)" \
|
||
|
--sql "$sql" \
|
||
|
--database "$dbType" \
|
||
|
--no-include-result-metadata
|
||
|
fi
|
||
|
"""#
|
||
|
}
|
||
|
}
|
||
|
|
||
|
#Instance: {
|
||
|
// AWS Config
|
||
|
config: aws.#Config
|
||
|
|
||
|
// ARN of the database instance
|
||
|
dbArn: string
|
||
|
|
||
|
// DB hostname
|
||
|
hostname: info.hostname
|
||
|
|
||
|
// DB port
|
||
|
port: info.port
|
||
|
|
||
|
info: {
|
||
|
hostname: string
|
||
|
port: int
|
||
|
}
|
||
|
|
||
|
info: json.Unmarshal(out)
|
||
|
out: string
|
||
|
|
||
|
aws.#Script & {
|
||
|
"config": config
|
||
|
|
||
|
files: "/inputs/db_arn": dbArn
|
||
|
|
||
|
export: "/out"
|
||
|
|
||
|
code: #"""
|
||
|
db_arn="$(cat /inputs/db_arn)"
|
||
|
data=$(aws rds describe-db-clusters --filters "Name=db-cluster-id,Values=$db_arn" )
|
||
|
echo "$data" | jq -r '.DBClusters[].Endpoint' > /tmp/out
|
||
|
echo "$data" | jq -r '.DBClusters[].Port' >> /tmp/out
|
||
|
cat /tmp/out | jq -sR 'split("\n") | {hostname: .[0], port: (.[1] | tonumber)}' > /out
|
||
|
"""#
|
||
|
}
|
||
|
}
|