From 49862afaea8d389e5da5a393c94d70608969336f Mon Sep 17 00:00:00 2001
From: Maksimelyan Tamashevich <maksimelyan_tamashevich@epam.com>
Date: Mon, 27 Sep 2021 21:20:30 +0300
Subject: [PATCH 1/2] GONRG-3376 Develop TF for backup service

---
 modules/osdu/helm-backup.tf | 127 ++++++++++++++++++++++++++++++++++++
 modules/osdu/inputs.tf      |  15 +++++
 2 files changed, 142 insertions(+)
 create mode 100644 modules/osdu/helm-backup.tf

diff --git a/modules/osdu/helm-backup.tf b/modules/osdu/helm-backup.tf
new file mode 100644
index 00000000..d36c80c4
--- /dev/null
+++ b/modules/osdu/helm-backup.tf
@@ -0,0 +1,127 @@
+locals {
+  backup_name  = "backup"
+  backup_image = "community.opengroup.org:5555/osdu/platform/deployment-and-operations/backup-service/osdu-gcp:latest"
+  backup_roles_name = [
+    "roles/datastore.owner",
+    "roles/storage.admin",
+    "roles/cloudsql.admin"
+  ]
+}
+
+resource "google_service_account" "backup_sa" {
+  # GCP service account ids must be < 30 chars matching regex ^[a-z](?:[-a-z0-9]{4,28}[a-z0-9])$
+  # KSA do not have this naming restriction.
+  depends_on   = [google_container_node_pool.cluster_node_pool]
+  account_id   = "workload-${local.backup_name}-sa"
+  display_name = substr("GCP SA bound to K8S SA for ${local.backup_name}", 0, 100)
+  project      = var.service_google_project
+}
+
+resource "kubernetes_service_account" "backup-k8s" {
+  depends_on = [
+    google_container_node_pool.cluster_node_pool,
+    google_service_account.backup_sa
+  ]
+  metadata {
+    name      = "gke-${local.backup_name}-sa"
+    namespace = "default"
+    annotations = {
+      "iam.gke.io/gcp-service-account" = google_service_account.backup_sa.email
+    }
+  }
+}
+
+resource "google_project_iam_member" "iam-member-backup" {
+  depends_on = [
+    google_container_node_pool.cluster_node_pool,
+    google_service_account.backup_sa
+  ]
+  for_each = toset(local.backup_roles_name)
+  project  = var.service_google_project
+  role     = each.value
+  member   = "serviceAccount:${google_service_account.backup_sa.email}"
+}
+
+resource "google_service_account_iam_member" "backup-k8s" {
+  depends_on         = [kubernetes_service_account.backup-k8s]
+  service_account_id = google_service_account.backup_sa.name
+  role               = "roles/iam.workloadIdentityUser"
+  member             = "serviceAccount:${var.service_google_project}.svc.id.goog[default/${kubernetes_service_account.backup-k8s.metadata[0].name}]"
+}
+
+# Apply configmap from helm chart
+resource "helm_release" "backup-config" {
+  depends_on    = [google_container_node_pool.cluster_node_pool]
+  name          = "backup-configmap"
+  repository    = "https://community.opengroup.org/osdu/platform/deployment-and-operations/backup-service/-/jobs/artifacts/gcp-helm-release-0-1/raw/helm-charts/?job=osdu-gcp-helm-charts"
+  chart         = "gcp-backup-configmap"
+  namespace     = "default"
+  recreate_pods = true
+  set {
+    name  = "conf.app_name"
+    value = local.backup_name
+  }
+  set {
+    name  = "data.project_id"
+    value = var.service_google_project
+  }
+  set {
+    name  = "data.log_level"
+    value = var.log_level
+  }
+  set {
+    name  = "data.backup_bucket"
+    value = "${var.service_google_project}-backup-service"
+  }
+  set {
+    name  = "data.sql_backup_kind"
+    value = var.sql_backup_kind
+  }
+  set {
+    name  = "data.sql_restore_backup_kind"
+    value = var.sql_restore_backup_kind
+  }
+  set {
+    name  = "data.sql_databasename"
+    value = "postgres"
+  }
+  set {
+    name  = "data.sql_instanceconnectionname"
+    value = "${var.service_google_project}:${var.service_google_project_region}:int-pgdb"
+  }
+  set {
+    name  = "data.datastore_namespace"
+    value = var.backup_datastore_namespace
+  }
+  set {
+    name  = "data.google_audiences"
+    value = var.audiences
+  }
+}
+
+# Apply deploy from helm chart
+resource "helm_release" "backup-deploy" {
+  depends_on = [
+    helm_release.ent-deploy,
+    helm_release.partition-deploy,
+    helm_release.backup-config
+  ]
+  name          = "backup-deploy"
+  repository    = "https://community.opengroup.org/osdu/platform/deployment-and-operations/backup-service/-/jobs/artifacts/gcp-helm-release-0-1/raw/helm-charts/?job=osdu-gcp-helm-charts"
+  chart         = "gcp-backup-deploy"
+  namespace     = "default"
+  recreate_pods = true
+
+  set {
+    name  = "data.image"
+    value = local.backup_image
+  }
+  set {
+    name  = "data.serviceAccountName"
+    value = kubernetes_service_account.backup-k8s.metadata[0].name
+  }
+  set {
+    name  = "conf.app_name"
+    value = local.backup_name
+  }
+}
diff --git a/modules/osdu/inputs.tf b/modules/osdu/inputs.tf
index 03e5f566..7651afe7 100644
--- a/modules/osdu/inputs.tf
+++ b/modules/osdu/inputs.tf
@@ -189,3 +189,18 @@ variable "composer_image" {
   type    = string
   default = "composer-1.17.0-preview.10-airflow-2.1.1"
 }
+
+# backup-service variables
+variable "sql_backup_kind" {
+  type    = string
+  default = "sql#backupRun"
+}
+variable "sql_restore_backup_kind" {
+  type    = string
+  default = "sql#restoreBackupContext"
+}
+variable "backup_datastore_namespace" {
+  type    = string
+  default = "osdu"
+}
+# end of backup-service variables
\ No newline at end of file
-- 
GitLab


From 7ac6f08cf0a1e87d0df6bf654dec6a6456395d4a Mon Sep 17 00:00:00 2001
From: Maksimelyan Tamashevich <maksimelyan_tamashevich@epam.com>
Date: Tue, 28 Sep 2021 22:58:26 +0300
Subject: [PATCH 2/2] GONRG-3376 Cleanup unused variables

---
 modules/osdu/helm-backup.tf | 12 ++----------
 modules/osdu/inputs.tf      | 15 ---------------
 2 files changed, 2 insertions(+), 25 deletions(-)

diff --git a/modules/osdu/helm-backup.tf b/modules/osdu/helm-backup.tf
index d36c80c4..17818af6 100644
--- a/modules/osdu/helm-backup.tf
+++ b/modules/osdu/helm-backup.tf
@@ -73,25 +73,17 @@ resource "helm_release" "backup-config" {
     name  = "data.backup_bucket"
     value = "${var.service_google_project}-backup-service"
   }
-  set {
-    name  = "data.sql_backup_kind"
-    value = var.sql_backup_kind
-  }
   set {
     name  = "data.sql_restore_backup_kind"
-    value = var.sql_restore_backup_kind
+    value = "sql#restoreBackupContext"
   }
   set {
     name  = "data.sql_databasename"
     value = "postgres"
   }
-  set {
-    name  = "data.sql_instanceconnectionname"
-    value = "${var.service_google_project}:${var.service_google_project_region}:int-pgdb"
-  }
   set {
     name  = "data.datastore_namespace"
-    value = var.backup_datastore_namespace
+    value = var.data_partition_id
   }
   set {
     name  = "data.google_audiences"
diff --git a/modules/osdu/inputs.tf b/modules/osdu/inputs.tf
index 7651afe7..03e5f566 100644
--- a/modules/osdu/inputs.tf
+++ b/modules/osdu/inputs.tf
@@ -189,18 +189,3 @@ variable "composer_image" {
   type    = string
   default = "composer-1.17.0-preview.10-airflow-2.1.1"
 }
-
-# backup-service variables
-variable "sql_backup_kind" {
-  type    = string
-  default = "sql#backupRun"
-}
-variable "sql_restore_backup_kind" {
-  type    = string
-  default = "sql#restoreBackupContext"
-}
-variable "backup_datastore_namespace" {
-  type    = string
-  default = "osdu"
-}
-# end of backup-service variables
\ No newline at end of file
-- 
GitLab