Merge branch 'develop' into release-10.0.0-beta

nasa · Jun 13, 2024 · 435e173 · 435e173
2 parents 8b70107 + 1e2795c
commit 435e173
Show file tree

Hide file tree

Showing 11 changed files with 27 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -66,6 +66,7 @@ Once the Aurora V1 database has been migrated/upgrade to Aurora V2 you can verif
 - *ORCA-795* - Modified Graphql task policy to allow for S3 imports.
 - *ORCA-797* - Removed s3 credential variables from `deployment-with-cumulus.md` and `s3-credentials.md` documentations since they are no longer used in Aurora v2 DB.
 - *ORCA-873* - Modified build task script to copy schemas into a schema folder to resolve errors.
+- *ORCA-872* - Updated grapql version, modified policy in `modules/iam/main.tf` to resolve errors, and added DB role attachment to `modules/graphql_0/main.tf`
 
 ### Deprecated
 

diff --git a/graphql/bin/create_and_push_docker_image.sh b/graphql/bin/create_and_push_docker_image.sh
@@ -41,5 +41,5 @@ image_name=graphql
 run_and_check_returncode "cp -r ../shared_libraries shared_libraries"
 trap 'rm -rf shared_libraries' EXIT
 run_and_check_returncode "docker build -t $image_name --build-arg VERSION_NUMBER=$version_number ."
-run_and_check_returncode "docker tag $image_name ghcr.io/nasa/cumulus-orca/$image_name:$version_number"
-run_and_check_returncode "docker push ghcr.io/nasa/cumulus-orca/$image_name:$version_number"
+run_and_check_returncode "docker tag $image_name ghcr.io/nasa/orca/$image_name:$version_number"
+run_and_check_returncode "docker push ghcr.io/nasa/orca/$image_name:$version_number"
diff --git a/graphql/requirements.txt b/graphql/requirements.txt
@@ -3,6 +3,6 @@ strawberry-graphql[debug-server]==0.133.5
 fastapi==0.85.0
 pydantic==1.10.2
 SQLAlchemy~=2.0.5
-../shared_libraries[database]
+./shared_libraries[database]
 psycopg2
 boto3~=1.18.65
diff --git a/main.tf b/main.tf
@@ -30,6 +30,7 @@ module "orca" {
   rds_security_group_id    = var.rds_security_group_id
   system_bucket            = var.system_bucket
   vpc_id                   = var.vpc_id
+  db_cluster_identifier    = var.db_cluster_identifier 
 
   ## OPTIONAL
   tags = local.tags

diff --git a/modules/graphql_0/main.tf b/modules/graphql_0/main.tf
@@ -85,3 +85,9 @@ resource "aws_iam_role_policy" "rds_s3_import_role_policy" {
   role   = aws_iam_role.gql_tasks_role.id
   policy = data.aws_iam_policy_document.rds_s3_import_role_policy_document.json
 }
+
+resource "aws_rds_cluster_role_association" "orca_iam_association" {
+  db_cluster_identifier = var.db_cluster_identifier
+  feature_name          = "s3Import"
+  role_arn              = aws_iam_role.gql_tasks_role.arn
+}
diff --git a/modules/graphql_0/variables.tf b/modules/graphql_0/variables.tf
@@ -21,3 +21,8 @@ variable "tags" {
   type        = map(string)
   description = "Tags to be applied to resources that support tags."
 }
+
+variable "db_cluster_identifier" {
+  type = string
+  description = "DB Cluster Identifier (Cluster Name) to associate with the IAM Role"
+}
diff --git a/modules/graphql_1/main.tf b/modules/graphql_1/main.tf
@@ -215,7 +215,7 @@ resource "aws_ecs_task_definition" "gql_task" {
 [
   {
     "name": "orca-gql",
-    "image": "ghcr.io/nasa/cumulus-orca/graphql:0.0.32",
+    "image": "ghcr.io/nasa/orca/graphql:0.33",
     "cpu": 512,
     "memory": 256,
     "networkMode": "awsvpc",

diff --git a/modules/iam/main.tf b/modules/iam/main.tf
@@ -195,4 +195,4 @@ resource "aws_iam_role_policy" "step_functions_role" {
   name   = "${var.prefix}_orca_step_policy"
   role   = aws_iam_role.step_functions.id
   policy = data.aws_iam_policy_document.step_functions_policy.json
-}
+}
diff --git a/modules/orca/main.tf b/modules/orca/main.tf
@@ -154,6 +154,7 @@ module "orca_graphql_0" {
   permissions_boundary_arn = var.permissions_boundary_arn
   prefix                   = var.prefix
   vpc_id                   = var.vpc_id
+  db_cluster_identifier    = var.db_cluster_identifier 
 
   ## OPTIONAL
   tags = var.tags

diff --git a/modules/orca/variables.tf b/modules/orca/variables.tf
@@ -36,6 +36,10 @@ variable "vpc_id" {
   description = "Virtual Private Cloud AWS ID"
 }
 
+variable "db_cluster_identifier" {
+  type = string
+  description = "DB Cluster Identifier to associate with the IAM Role"
+}
 
 ## OPTIONAL - Default variable value is set in ../variables.tf to keep default values centralized.
 variable "tags" {

diff --git a/variables.tf b/variables.tf
@@ -42,6 +42,10 @@ variable "vpc_id" {
   description = "Virtual Private Cloud AWS ID"
 }
 
+variable "db_cluster_identifier" {
+  type = string
+  description = "DB Cluster Identifier to associate with the IAM Role"
+}
 
 ## OPTIONAL
 variable "aws_profile" {