feat: add resources for risk module

Author: thenav56

base-infrastructure/terraform/app_resources.tf

@@ -8,6 +8,7 @@ locals {
     dfs_moses = "32053268-3970-48f3-9b09-c4280cd0b67d"
   }
 
+  risk_module_db_name     = "riskmodule"
   alerthub_db_name        = "alerthubdb"
   montandon_db_name       = "montandondb"
   sdt_db_name             = "sdtdb"
@@ -27,6 +28,39 @@ module "risk_module_resources" {
   environment         = var.environment
   resource_group_name = module.resources.resource_group
 
+  database_config = {
+    create_database = true
+    database_name   = local.risk_module_db_name
+    server_id       = module.resources.risk_module_db_server_id
+  }
+
+  storage_config = {
+    container_refs = [
+      {
+        container_ref = "storage"
+        access_type   = "blob"
+      }
+    ]
+
+    enabled              = true
+    storage_account_id   = module.resources.risk_module_storage_account_id
+    storage_account_name = module.resources.risk_module_storage_account_name
+  }
+
+  secrets = {
+    # DB
+    DATABASE_NAME     = local.risk_module_db_name
+    DATABASE_HOST     = module.resources.risk_module_db_host
+    DATABASE_USER     = module.resources.risk_module_db_user
+    DATABASE_PASSWORD = module.resources.risk_module_db_user_password
+    DATABASE_PORT     = 5432
+  }
+
+
+  vault_admin_ids = [
+    local.user_principal_ids.tc_navin,
+    local.user_principal_ids.tc_ranjan,
+  ]
 }
 
 module "alert_hub_resources" {

base-infrastructure/terraform/output.tf

@@ -11,11 +11,12 @@ output "alert_hub_app_resource_details" {
 
 output "risk_module_app_resource_details" {
   value = {
-    database_name      = module.risk_module_resources.database_name
-    key_vault_name     = module.risk_module_resources.key_vault_name
-    storage_containers = module.risk_module_resources.storage_containers
-    tenant_id          = module.risk_module_resources.tenant_id
-    workload_id        = module.risk_module_resources.workload_client_id
+    database_name        = module.risk_module_resources.database_name
+    key_vault_name       = module.risk_module_resources.key_vault_name
+    storage_account_name = module.risk_module_resources.storage_account_name
+    storage_containers   = module.risk_module_resources.storage_containers
+    tenant_id            = module.risk_module_resources.tenant_id
+    workload_id          = module.risk_module_resources.workload_client_id
   }
 }
 

base-infrastructure/terraform/resources/database.tf

@@ -219,3 +219,53 @@ resource "azurerm_postgresql_flexible_server_configuration" "montandon_eoapi_db_
   server_id = azurerm_postgresql_flexible_server.montandon_eoapi.id
   value     = "POSTGIS"
 }
+
+
+# Database for Risk Module --------------------------------------
+resource "random_password" "risk_module_db_user" {
+  length  = 16
+  special = true
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "azurerm_postgresql_flexible_server" "risk_module" {
+  name                          = "risk-module-${var.environment}-psql-flexible-server"
+  resource_group_name           = data.azurerm_resource_group.ifrcgo.name
+  location                      = data.azurerm_resource_group.ifrcgo.location
+  administrator_login           = "postgres"
+  administrator_password        = random_password.risk_module_db_user.result
+  backup_retention_days         = 35
+  auto_grow_enabled             = true
+  sku_name                      = "GP_Standard_D2ds_v5"
+  delegated_subnet_id           = azurerm_subnet.postgres.id
+  private_dns_zone_id           = azurerm_private_dns_zone.ifrcgo.id
+  public_network_access_enabled = false
+  zone                          = 1
+
+  lifecycle {
+    ignore_changes = [
+      version
+    ]
+  }
+
+  depends_on = [
+    azurerm_private_dns_zone_virtual_network_link.ifrcgo
+  ]
+}
+
+resource "azurerm_postgresql_flexible_server_firewall_rule" "risk_module_db_vnet_rule" {
+  name             = "risk-module-${var.environment}-psql-vnet-access-fw-rule"
+  server_id        = azurerm_postgresql_flexible_server.risk_module.id
+  start_ip_address = cidrhost(azurerm_virtual_network.ifrcgo-cluster.address_space[0], 0)
+  end_ip_address   = cidrhost(azurerm_virtual_network.ifrcgo-cluster.address_space[0], -1)
+}
+
+# Enable extensions for risk_module db
+resource "azurerm_postgresql_flexible_server_configuration" "risk_module_db_extensions" {
+  name      = "azure.extensions"
+  server_id = azurerm_postgresql_flexible_server.risk_module.id
+  value     = "POSTGIS"
+}

base-infrastructure/terraform/resources/output.tf

@@ -117,3 +117,31 @@ output "sdt_storage_account_id" {
 output "sdt_storage_account_name" {
   value = azurerm_storage_account.sdt.name
 }
+
+# Risk Module ----------------------------------------
+
+# DB
+output "risk_module_db_server_id" {
+  value = azurerm_postgresql_flexible_server.risk_module.id
+}
+
+output "risk_module_db_host" {
+  value = azurerm_postgresql_flexible_server.risk_module.fqdn
+}
+
+output "risk_module_db_user" {
+  value = azurerm_postgresql_flexible_server.risk_module.administrator_login
+}
+
+output "risk_module_db_user_password" {
+  value = random_password.risk_module_db_user.result
+}
+
+# Storage
+output "risk_module_storage_account_id" {
+  value = azurerm_storage_account.risk_module.id
+}
+
+output "risk_module_storage_account_name" {
+  value = azurerm_storage_account.risk_module.name
+}

base-infrastructure/terraform/resources/storage.tf

@@ -51,3 +51,17 @@ resource "azurerm_storage_account" "montandon" {
   account_tier             = "Standard"
   account_replication_type = "LRS"
 }
+
+# Risk module --------------------------------------
+resource "random_integer" "risk_module_storage_account_suffix" {
+  min = 1000
+  max = 9999
+}
+
+resource "azurerm_storage_account" "risk_module" {
+  name                     = "riskmodule${var.environment}${random_integer.risk_module_storage_account_suffix.result}"
+  resource_group_name      = data.azurerm_resource_group.ifrcgo.name
+  location                 = data.azurerm_resource_group.ifrcgo.location
+  account_tier             = "Standard"
+  account_replication_type = "LRS"
+}