GONRG-4695 partition bootstrap job to deployment

93eaf259 · Igor Zimovets (EPAM) · Mikhail Piatliou (EPAM) · 8a93805b · 93eaf259 · 93eaf259
Commit 93eaf259 authored 3 years ago by Igor Zimovets (EPAM) Committed by Mikhail Piatliou (EPAM) 3 years ago
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -21,9 +21,11 @@ variables:
  OSDU_GCP_TEST_SUBDIR: testing/$OSDU_GCP_SERVICE-test-$OSDU_GCP_VENDOR
  OSDU_GCP_HELM_PACKAGE_CHARTS: "devops/gcp/deploy devops/gcp/configmap"
  OSDU_GCP_HELM_NAMESPACE: default
-  OSDU_GCP_HELM_CONFIG_SERVICE_VARS: "--set data.partition_admin_accounts=$OSDU_GCP_PARTITION_ADMIN_ACCOUNTS --set data.google_cloud_project=$OSDU_GCP_PROJECT --set data.google_audiences=$GOOGLE_AUDIENCE --set data.log_level=INFO --set data.key_ring=$OSDU_GCP_PARTITION_KEY_RING --set data.kms_key=$OSDU_GCP_PARTITION_KMS_KEY"
-  OSDU_GCP_HELM_CONFIG_SERVICE_VARS_DEV2: "--set data.partition_admin_accounts=$OSDU_GCP_PARTITION_ADMIN_ACCOUNTS_DEV2 --set data.google_cloud_project=$OSDU_GCP_PROJECT --set data.google_audiences=$GOOGLE_AUDIENCE --set data.log_level=INFO --set data.key_ring=$OSDU_GCP_PARTITION_KEY_RING --set data.kms_key=$OSDU_GCP_PARTITION_KMS_KEY"
-  OSDU_GCP_HELM_DEPLOYMENT_SERVICE_VARS: "--set data.image=$CI_REGISTRY_IMAGE/osdu-gcp:$CI_COMMIT_SHORT_SHA --set data.serviceAccountName=$OSDU_GCP_SERVICE-k8s"
+  OSDU_GCP_HELM_CONFIG_SERVICE_VARS: "--set data.partition_admin_accounts=$OSDU_GCP_PARTITION_ADMIN_ACCOUNTS --set data.project_id=$OSDU_GCP_PROJECT --set data.google_audiences=$GOOGLE_AUDIENCE --set data.log_level=INFO --set data.key_ring=$OSDU_GCP_PARTITION_KEY_RING --set data.kms_key=$OSDU_GCP_PARTITION_KMS_KEY --set data.data_partition_id=$OSDU_GCP_TENANT"
+  OSDU_GCP_HELM_CONFIG_SERVICE_VARS_DEV2: "--set data.partition_admin_accounts=$OSDU_GCP_PARTITION_ADMIN_ACCOUNTS_DEV2 --set data.project_id=$OSDU_GCP_PROJECT --set data.google_audiences=$GOOGLE_AUDIENCE --set data.log_level=INFO --set data.key_ring=$OSDU_GCP_PARTITION_KEY_RING --set data.kms_key=$OSDU_GCP_PARTITION_KMS_KEY --set data.data_partition_id=$OSDU_GCP_TENANT --set conf.bootstrap_namespace=config"
+  OSDU_GCP_HELM_DEPLOYMENT_SERVICE_VARS: "--set data.image=$CI_REGISTRY_IMAGE/osdu-gcp:$CI_COMMIT_SHORT_SHA --set data.bootstrap_image=$CI_REGISTRY_IMAGE/osdu-gcp-bootstrap-partition:$CI_COMMIT_SHORT_SHA --set data.serviceAccountName=$OSDU_GCP_SERVICE-k8s --set data.bootstrapServiceAccountName=$OSDU_GCP_SERVICE-k8s"
+  # FIXME add value below to DEV2 pipeline
+  OSDU_GCP_HELM_DEPLOYMENT_SERVICE_VARS_DEV2: "--set data.bootstrap_image=$CI_REGISTRY_IMAGE/osdu-gcp-bootstrap-partition:$CI_COMMIT_SHORT_SHA --set data.bootstrapServiceAccountName=$OSDU_GCP_BOOTSTRAP_SERVICE_ACCOUNT --set conf.bootstrap_namespace=$OSDU_GCP_BOOTSTRAP_NAMESPACE"
  OSDU_GCP_HELM_CONFIG_SERVICE: partition-config
  OSDU_GCP_HELM_DEPLOYMENT_SERVICE: partition-deploy

@@ -58,6 +60,35 @@ include:
  - project: "osdu/platform/ci-cd-pipelines"
    file: "publishing/pages.yml"

+  - local: "/provider/partition-gcp/bootstrap/bootstrap_partition.yml"
+
+osdu-gcp-deploy-deployment:
+  variables:
+    OSDU_GCP_BOOTSTRAP_SERVICE: partition-bootstrap
+  needs: ["osdu-gcp-containerize-gitlab", "osdu-gcp-containerize-bootstrap-partition", "osdu-gcp-deploy-configmap"]
+  after_script:
+    - echo ----- Verify Bootstrap -----
+    - kubectl rollout status deployment.v1.apps/$OSDU_GCP_BOOTSTRAP_SERVICE -n $OSDU_GCP_HELM_NAMESPACE --timeout=900s
+    - POD=$(kubectl get pod --sort-by=.metadata.creationTimestamp -n $OSDU_GCP_HELM_NAMESPACE | grep $OSDU_GCP_BOOTSTRAP_SERVICE | tail -1 | awk '{print $1}')
+    - STATUS=$(kubectl wait -n $OSDU_GCP_HELM_NAMESPACE --for=condition=Ready pod/$POD --timeout=300s)
+    - echo $STATUS
+    - if [[ "$STATUS" != *"met"* ]]; then echo "POD didn't start correctly" ; exit 1 ; fi
+
+osdu-gcp-dev2-deploy-deployment:
+  variables:
+    OSDU_GCP_BOOTSTRAP_SERVICE: partition-bootstrap
+    OSDU_GCP_BOOTSTRAP_NAMESPACE: config
+    OSDU_GCP_BOOTSTRAP_SERVICE_ACCOUNT: workload-gke-bootstrap-sa
+  needs: ["osdu-gcp-containerize-gitlab", "osdu-gcp-containerize-bootstrap-partition", "osdu-gcp-dev2-deploy-configmap"]
+  after_script:
+    - echo ----- Verify Bootstrap -----
+    - kubectl rollout status deployment.v1.apps/$OSDU_GCP_BOOTSTRAP_SERVICE -n $OSDU_GCP_BOOTSTRAP_NAMESPACE --timeout=900s
+    - POD=$(kubectl get pod --sort-by=.metadata.creationTimestamp -n $OSDU_GCP_BOOTSTRAP_NAMESPACE | grep $OSDU_GCP_BOOTSTRAP_SERVICE | tail -1 | awk '{print $1}')
+    - STATUS=$(kubectl wait -n $OSDU_GCP_BOOTSTRAP_NAMESPACE --for=condition=Ready pod/$POD --timeout=300s)
+    - echo $STATUS
+    - if [[ "$STATUS" != *"met"* ]]; then echo "POD didn't start correctly" ; exit 1 ; fi
+
+
 osdu-gcp-test:
  variables:
    CLIENT_TENANT: osdu

--- a/NOTICE
+++ b/NOTICE
@@ -13,8 +13,6 @@ The following software have components provided under the terms of this license:
 ========================================================================
 Apache-1.1
 ========================================================================
-The following software have components provided under the terms of this license:
-
 - Apache Commons CLI (from https://commons.apache.org/proper/commons-cli/, https://repo1.maven.org/maven2/commons-cli/commons-cli)
 - Cobertura (from http://cobertura.sourceforge.net)
 - Default Plexus Container (from https://repo1.maven.org/maven2/org/codehaus/plexus/plexus-container-default)
@@ -291,7 +289,7 @@ The following software have components provided under the terms of this license:
 - Adapter: RxJava (from https://repo1.maven.org/maven2/com/squareup/retrofit2/adapter-rxjava)
 - Apache Ant + JUnit (from http://ant.apache.org/, https://ant.apache.org/)
 - Apache Ant Core
- Apache Ant Launcher (from http://ant.apache.org/)
+- Apache Ant Launcher (from http://ant.apache.org/, https://ant.apache.org/)
 - Apache Commons BeanUtils (from http://commons.apache.org/proper/commons-beanutils/, https://repo1.maven.org/maven2/commons-beanutils/commons-beanutils)
 - Apache Commons CLI (from https://commons.apache.org/proper/commons-cli/, https://repo1.maven.org/maven2/commons-cli/commons-cli)
 - Apache Commons Codec (from http://commons.apache.org/proper/commons-codec/, https://commons.apache.org/proper/commons-codec/)
@@ -671,8 +669,6 @@ The following software have components provided under the terms of this license:
 ========================================================================
 CC-BY-2.5
 ========================================================================
-The following software have components provided under the terms of this license:
-
 - FindBugs-jsr305 (from http://findbugs.sourceforge.net/)
 - MongoDB Java Driver (from http://mongodb.org/, http://www.mongodb.org)

@@ -686,15 +682,11 @@ CC-BY-4.0
 ========================================================================
 CC0-1.0
 ========================================================================
-The following software have components provided under the terms of this license:
-
 - reactive-streams (from http://www.reactive-streams.org/)

 ========================================================================
 CDDL-1.0
 ========================================================================
-The following software have components provided under the terms of this license:
-
 - Servlet Specification 2.5 API (from http://jetty.mortbay.org, https://repo1.maven.org/maven2/org/mortbay/jetty/servlet-api-2.5)

 ========================================================================
@@ -741,8 +733,6 @@ The following software have components provided under the terms of this license:
 ========================================================================
 EPL-2.0
 ========================================================================
-The following software have components provided under the terms of this license:
-
 - Expression Language 3.0 (from http://el-spec.java.net, http://uel.java.net, https://projects.eclipse.org/projects/ee4j.el)
 - JUnit Jupiter (Aggregator) (from https://junit.org/junit5/)
 - JUnit Jupiter API (from http://junit.org/junit5/, https://junit.org/junit5/)
@@ -768,8 +758,6 @@ The following software have components provided under the terms of this license:
 ========================================================================
 GPL-2.0-or-later
 ========================================================================
-The following software have components provided under the terms of this license:
-
 - SnakeYAML (from http://code.google.com/p/snakeyaml/, http://www.snakeyaml.org)

 ========================================================================
@@ -788,8 +776,6 @@ The following software have components provided under the terms of this license:
 ========================================================================
 GPL-3.0-only
 ========================================================================
-The following software have components provided under the terms of this license:
-
 - Expression Language 3.0 (from http://el-spec.java.net, http://uel.java.net, https://projects.eclipse.org/projects/ee4j.el)
 - Jakarta Annotations API (from https://projects.eclipse.org/projects/ee4j.ca)
 - Project Lombok (from http://projectlombok.org, https://projectlombok.org)
@@ -797,8 +783,6 @@ The following software have components provided under the terms of this license:
 ========================================================================
 JSON
 ========================================================================
-The following software have components provided under the terms of this license:
-
 - JSON in Java (from https://github.com/douglascrockford/JSON-java)

 ========================================================================
@@ -823,8 +807,6 @@ The following software have components provided under the terms of this license:
 ========================================================================
 LGPL-2.1-or-later
 ========================================================================
-The following software have components provided under the terms of this license:
-
 - Javassist (from http://www.javassist.org/)
 - SnakeYAML (from http://code.google.com/p/snakeyaml/, http://www.snakeyaml.org)

@@ -894,24 +876,18 @@ The following software have components provided under the terms of this license:
 ========================================================================
 MPL-1.1
 ========================================================================
-The following software have components provided under the terms of this license:
-
 - Cobertura (from http://cobertura.sourceforge.net)
 - Javassist (from http://www.javassist.org/)

 ========================================================================
 MPL-2.0
 ========================================================================
-The following software have components provided under the terms of this license:
-
 - Javassist (from http://www.javassist.org/)
 - OkHttp (from https://repo1.maven.org/maven2/com/squareup/okhttp3/okhttp, https://square.github.io/okhttp/)

 ========================================================================
 PHP-3.01
 ========================================================================
-The following software have components provided under the terms of this license:
-
 - Jakarta Activation API (from https://github.com/eclipse-ee4j/jaf, https://repo1.maven.org/maven2/jakarta/activation/jakarta.activation-api)
 - Jakarta XML Binding API (from https://repo1.maven.org/maven2/jakarta/xml/bind/jakarta.xml.bind-api, https://repo1.maven.org/maven2/org/jboss/spec/javax/xml/bind/jboss-jaxb-api_2.3_spec)

@@ -931,8 +907,6 @@ The following software have components provided under the terms of this license:
 ========================================================================
 SPL-1.0
 ========================================================================
-The following software have components provided under the terms of this license:
-
 - Servlet Specification 2.5 API (from http://jetty.mortbay.org, https://repo1.maven.org/maven2/org/mortbay/jetty/servlet-api-2.5)

 ========================================================================
@@ -948,8 +922,6 @@ The following software have components provided under the terms of this license:
 ========================================================================
 WTFPL
 ========================================================================
-The following software have components provided under the terms of this license:
-
 - Reflections (from http://code.google.com/p/reflections/, http://github.com/ronmamo/reflections)

 ========================================================================

--- a/devops/gcp/configmap/templates/partition-bootstrap-configmap.yml
+++ b/devops/gcp/configmap/templates/partition-bootstrap-configmap.yml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: "{{ .Values.conf.bootstrap_name }}"
+  name: "{{ .Values.conf.bootstrap_configmap }}"
+  namespace: "{{ .Values.conf.bootstrap_namespace }}"
+data:
+  PARTITION_NAME: "{{ .Values.conf.app_name }}"
+  PROJECT_ID: "{{ .Values.data.project_id }}"
+  DATA_PARTITION_ID: "{{ .Values.data.data_partition_id }}"
+  {{- if .Values.conf.on_prem_enabled }}
+  DOMAIN: "{{ .Values.data.domain }}"
+  ENVIRONMENT: "{{ .Values.data.environment }}"
+  CLIENT_ID: "{{ .Values.data.client_id }}"
+  {{- else }}
+  AUDIENCES: "{{ .Values.data.google_audiences }}"
+  DATAFIER_SA: "{{ .Values.data.datafier_sa }}"
+  {{- end }}
--- a/devops/gcp/configmap/templates/partition-variables.yml
+++ b/devops/gcp/configmap/templates/partition-variables.yml
@@ -12,7 +12,7 @@ data:
  PARTITION_PROPERTY_KIND: "{{ .Values.data.partition_property_kind }}"
  PARTITION_NAMESPACE: "{{ .Values.data.partition_namespace }}"
  {{- else }}
-  GOOGLE_CLOUD_PROJECT: "{{ .Values.data.google_cloud_project }}"
+  GOOGLE_CLOUD_PROJECT: "{{ .Values.data.project_id }}"
  PARTITION_ADMIN_ACCOUNTS: "{{ .Values.data.partition_admin_accounts }}"
  GOOGLE_AUDIENCES: "{{ .Values.data.google_audiences }}"
  SERVICE_ACCOUNT_TAIL: "{{ .Values.data.service_account_tail }}"

--- a/devops/gcp/configmap/values.yaml
+++ b/devops/gcp/configmap/values.yaml
 data:
-  google_cloud_project: ""
+  project_id: ""
  partition_admin_accounts: ""
  google_audiences: ""
  log_level: "INFO"
@@ -7,8 +7,19 @@ data:
  partition_property_kind: ""
  partition_namespace: ""
  spring_profiles_active: "gcp"
+  # bootstrap common
+  data_partition_id: ""
+  datafier_sa: "datafier"
+  # bootstrap variables onprem
+  domain: ""
+  environment: ""
+  client_id: ""

 conf:
  configmap: "partition-config"
  app_name: "partition"
+  # bootstrap common
+  bootstrap_name: "partition-bootstrap"
+  bootstrap_configmap: "partition-bootstrap-configmap"
+  bootstrap_namespace: "default"
  on_prem_enabled: false
--- a/devops/gcp/deploy/templates/partition-bootstrap-deployment.yml
+++ b/devops/gcp/deploy/templates/partition-bootstrap-deployment.yml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: "{{ .Values.conf.bootstrap_name }}"
+  namespace: "{{ .Values.conf.bootstrap_namespace }}"
+  annotations:
+    rollme: {{ randAlphaNum 5 | quote }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: "{{ .Values.conf.bootstrap_name }}"
+  template:
+    metadata:
+      labels:
+        app: "{{ .Values.conf.bootstrap_name }}"
+      annotations:
+        rollme: {{ randAlphaNum 5 | quote }}
+    spec:
+      containers:
+        - image: "{{ .Values.data.bootstrap_image }}"
+          name: "{{ .Values.conf.bootstrap_name }}"
+          envFrom:
+            - configMapRef:
+                name: "{{ .Values.conf.bootstrap_configmap }}"
+          resources:
+            requests:
+              cpu: "{{ .Values.data.bootstrap_requests_cpu }}"
+              memory: "{{ .Values.data.bootstrap_requests_memory }}"
+            limits:
+              cpu: "{{ .Values.data.bootstrap_limits_cpu }}"
+              memory: "{{ .Values.data.bootstrap_limits_memory }}"
+      restartPolicy: Always
+      serviceAccountName: "{{ .Values.data.bootstrapServiceAccountName }}"
--- a/devops/gcp/deploy/templates/service-account-bootstrap.yml
+++ b/devops/gcp/deploy/templates/service-account-bootstrap.yml
+{{- if .Values.conf.on_prem_enabled }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: "{{ .Values.data.bootstrapServiceAccountName }}"
+  namespace: "{{ .Values.conf.bootstrap_namespace }}"
+{{- end }}
--- a/devops/gcp/deploy/values.yaml
+++ b/devops/gcp/deploy/values.yaml
@@ -10,11 +10,22 @@ data:
  serviceAccountName: ""
  imagePullPolicy: "IfNotPresent"
  image: ""
+  # bootstrap common
+  bootstrap_requests_cpu: "0.03"
+  bootstrap_requests_memory: "120M"
+  bootstrap_limits_cpu: "0.1"
+  bootstrap_limits_memory: "200M"
+  bootstrap_image: ""
+  bootstrapServiceAccountName: "partition-bootstrap"

 conf:
  configmap: "partition-config"
  secret: "partition-postgres-secret"
  app_name: "partition"
+  # bootstrap common
+  bootstrap_name: "partition-bootstrap"
+  bootstrap_configmap: "partition-bootstrap-configmap"
+  bootstrap_namespace: "default"
  on_prem_enabled: false

 namespacePolicy:

--- a/provider/partition-gcp/bootstrap/Dockerfile
+++ b/provider/partition-gcp/bootstrap/Dockerfile
+FROM google/cloud-sdk:slim
+
+COPY ./provider/partition-gcp/bootstrap/bootstrap_partition.sh ./opt
+
+ENV PREFIX=$(pwd)
+
+RUN chmod 775 /opt/bootstrap_partition.sh
+
+CMD ["/bin/bash", "-c", "source /opt/bootstrap_partition.sh && sleep 365d"]
--- a/provider/partition-gcp/bootstrap/bootstrap_partition.sh
+++ b/provider/partition-gcp/bootstrap/bootstrap_partition.sh
+#!/usr/bin/env bash
+
+set -ex
+
+DATA_PARTITION_ID_UPPER=${DATA_PARTITION_ID^^}
+
+generate_post_data()
+{
+  cat <<EOF
+{
+  "properties": {
+    "projectId": {
+        "sensitive": false,
+        "value": "${PROJECT_ID}"
+    },
+    "serviceAccount": {
+        "sensitive": false,
+        "value": "${SERVICEACCOUNT}"
+    },
+    "complianceRuleSet": {
+        "sensitive": false,
+        "value": "shared"
+    },
+    "dataPartitionId": {
+        "sensitive": false,
+        "value": "${DATA_PARTITION_ID}"
+    },
+    "name": {
+        "sensitive": false,
+        "value": "${DATA_PARTITION_ID}"
+    },
+    "policy-service-enabled": {
+        "sensitive": false,
+        "value": "false"
+    },
+    "bucket": {
+        "sensitive": false,
+        "value": "${PROJECT_ID}-records"
+    },
+    "crmAccountID": {
+        "sensitive": false,
+        "value": "[${DATA_PARTITION_ID},${DATA_PARTITION_ID}]"
+    },
+    "osm.postgres.datasource.url": {
+      "sensitive": true,
+      "value": "POSTGRES_DATASOURCE_URL_${DATA_PARTITION_ID_UPPER}"
+    },
+    "osm.postgres.datasource.username": {
+      "sensitive": true,
+      "value": "POSTGRES_DB_USERNAME_${DATA_PARTITION_ID_UPPER}"
+    },
+    "osm.postgres.datasource.password": {
+      "sensitive": true,
+      "value": "POSTGRES_DB_PASSWORD_${DATA_PARTITION_ID_UPPER}"
+    },
+    "obm.minio.endpoint": {
+      "sensitive": false,
+      "value": "http://minio:9000"
+    },
+    "file.minio.endpoint": {
+      "sensitive": false,
+      "value": "https://s3.${DOMAIN}"
+    },
+    "obm.minio.accessKey": {
+      "sensitive": true,
+      "value": "MINIO_ACCESS_KEY"
+    },
+    "obm.minio.secretKey": {
+      "sensitive": true,
+      "value": "MINIO_SECRET_KEY"
+    },
+    "oqm.rabbitmq.amqp.host": {
+      "sensitive": false,
+      "value": "rabbitmq"
+    },
+    "oqm.rabbitmq.amqp.port": {
+      "sensitive": false,
+      "value": "5672"
+    },
+    "oqm.rabbitmq.amqp.path": {
+      "sensitive": false,
+      "value": ""
+    },
+    "oqm.rabbitmq.amqp.username": {
+      "sensitive": true,
+      "value": "RABBITMQ_ADMIN_USERNAME"
+    },
+    "oqm.rabbitmq.amqp.password": {
+      "sensitive": true,
+      "value": "RABBITMQ_ADMIN_PASSWORD"
+    },
+
+     "oqm.rabbitmq.admin.schema": {
+      "sensitive": false,
+      "value": "http"
+    },
+     "oqm.rabbitmq.admin.host": {
+      "sensitive": false,
+      "value": "rabbitmq"
+    },
+    "oqm.rabbitmq.admin.port": {
+      "sensitive": false,
+      "value": "15672"
+    },
+    "oqm.rabbitmq.admin.path": {
+      "sensitive": false,
+      "value": "/api"
+    },
+    "oqm.rabbitmq.admin.username": {
+      "sensitive": true,
+      "value": "RABBITMQ_ADMIN_USERNAME"
+    },
+    "oqm.rabbitmq.admin.password": {
+      "sensitive": true,
+      "value": "RABBITMQ_ADMIN_PASSWORD"
+    },
+    "elasticsearch.host": {
+      "sensitive": true,
+      "value": "ELASTIC_HOST_${DATA_PARTITION_ID_UPPER}"
+    },
+    "elasticsearch.port": {
+      "sensitive": true,
+      "value": "ELASTIC_PORT_${DATA_PARTITION_ID_UPPER}"
+    },
+    "elasticsearch.user": {
+      "sensitive": true,
+      "value": "ELASTIC_USER_${DATA_PARTITION_ID_UPPER}"
+    },
+    "elasticsearch.password": {
+      "sensitive": true,
+      "value": "ELASTIC_PASS_${DATA_PARTITION_ID_UPPER}"
+    }
+  }
+}
+EOF
+}
+
+echo "sleep to prevent 500 response from the partition service, due to timeout of creation for Workload Identity"
+sleep 20
+
+if [ "$ENVIRONMENT" == "anthos" ]
+then
+
+  SERVICEACCOUNT=$CLIENT_ID@service.local
+
+  status_code=$(curl -X POST \
+    --url "http://${PARTITION_NAME}/api/partition/v1/partitions/${DATA_PARTITION_ID}" --write-out "%{http_code}" --silent --output "/dev/null" \
+    -H "Content-Type: application/json" \
+    --data-raw "$(generate_post_data)")
+
+  if [ "$status_code" == 201 ]
+  then
+    echo "partition bootstrap was OK!"
+  elif [ "$status_code" == 409 ]
+  then
+    curl -X PATCH \
+    --url "http://${PARTITION_NAME}/api/partition/v1/partitions/${DATA_PARTITION_ID}" --write-out "%{http_code}" --silent --output "/dev/null" \
+    -H "Content-Type: application/json" \
+    --data-raw "$(generate_post_data)"
+    echo "partition was patched because datastore has already had some entities!"
+  else
+    exit 1
+  fi
+
+elif [ "$ENVIRONMENT" == "" ]
+then
+
+  IDENTITY_TOKEN=$(gcloud auth print-identity-token --audiences="${AUDIENCES}")
+
+  SERVICEACCOUNT=${DATAFIER_SA}@${PROJECT_ID}.iam.gserviceaccount.com
+
+  status_code=$(curl -X POST \
+     --url "http://${PARTITION_NAME}/api/partition/v1/partitions/${DATA_PARTITION_ID}" --write-out "%{http_code}" --silent --output "/dev/null" \
+     -H "Authorization: Bearer ${IDENTITY_TOKEN}" \
+     -H "Content-Type: application/json" \
+     --data-raw "$(generate_post_data)")
+
+  if [ "$status_code" == 201 ]
+  then
+    echo "partition bootstrap was OK!"
+  elif [ "$status_code" == 409 ]
+  then
+    curl -X PATCH \
+    --url "http://${PARTITION_NAME}/api/partition/v1/partitions/${DATA_PARTITION_ID}" --write-out "%{http_code}" --silent --output "/dev/null" \
+    -H "Authorization: Bearer ${IDENTITY_TOKEN}" \
+    -H "Content-Type: application/json" \
+    --data-raw "$(generate_post_data)"
+    echo "partition was patched because datastore has already had some entities!"
+  else
+    exit 1
+  fi
+fi
--- a/provider/partition-gcp/bootstrap/bootstrap_partition.yml
+++ b/provider/partition-gcp/bootstrap/bootstrap_partition.yml
+osdu-gcp-containerize-bootstrap-partition:
+  stage: containerize
+  needs: ["compile-and-unit-test"]
+  image: docker:19.03.15
+  tags: ["osdu-small"]
+  services:
+    - docker:20.10.7-dind
+  variables:
+    IMAGE_NAME: osdu-gcp-bootstrap-partition
+  script:
+    # Gitlab Container Registry
+    - export EXTRA_DOCKER_TAG=""; if [ "$CI_COMMIT_TAG" != "" ] ; then EXTRA_DOCKER_TAG="-t $CI_REGISTRY_IMAGE/$IMAGE_NAME:$CI_COMMIT_TAG" ; elif [ "$CI_COMMIT_REF_NAME" = "master" ] ; then EXTRA_DOCKER_TAG="-t $CI_REGISTRY_IMAGE/$IMAGE_NAME:latest" ; fi
+    - docker build -t $CI_REGISTRY_IMAGE/$IMAGE_NAME:$CI_COMMIT_SHORT_SHA $EXTRA_DOCKER_TAG --file provider/partition-gcp/bootstrap/Dockerfile .
+    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+    - docker push $CI_REGISTRY_IMAGE/$IMAGE_NAME
+  rules:
+    - if: "$OSDU_GCP == 'true'"
+      when: on_success