From c5e9befec8bf7fe6a7decb2872e5f6832ab7042e Mon Sep 17 00:00:00 2001
From: eternaltyro <eternaltyro@protonmail.ch>
Date: Wed, 19 Jul 2023 15:36:34 +0100
Subject: [PATCH] Improve envvar handling for container instances

- Add a local resource to construct Redis connection string appropriate
  for celery
- Add sensitive envvars and use pre-defined values along with
  arbitrary values defined as variables
- Use existing resource addresses to populate envvar values
---
 infra/production/container.tf | 36 +++++++++++++++++++++++++++++++++--
 infra/production/variables.tf |  6 ++++++
 2 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/infra/production/container.tf b/infra/production/container.tf
index bed8e950..49286fa0 100644
--- a/infra/production/container.tf
+++ b/infra/production/container.tf
@@ -1,3 +1,17 @@
+locals {
+  redis_connection_endpoint = join("", [
+    "rediss://",
+    ":",
+    azurerm_redis_cache.raw-data-queue.primary_access_key,
+    "@",
+    azurerm_redis_cache.raw-data-queue.hostname,
+    ":",
+    azurerm_redis_cache.raw-data-queue.ssl_port,
+    "/0?ssl_cert_reqs=required"
+    ]
+  )
+}
+
 resource "azurerm_container_group" "app" {
   name                = join("-", [var.project_name, var.deployment_environment])
   resource_group_name = azurerm_resource_group.raw-data.name
@@ -18,7 +32,24 @@ resource "azurerm_container_group" "app" {
       protocol = "TCP"
     }
 
-    environment_variables = var.container_envvar
+    environment_variables = merge(
+      var.container_envvar,
+      {
+        PGHOST     = azurerm_postgresql_flexible_server.raw-data.fqdn
+        PGPORT     = "5432"
+        PGUSER     = lookup(var.admin_usernames, "database")
+        PGDATABASE = azurerm_postgresql_flexible_server_database.default-db.name
+      }
+    )
+
+    secure_environment_variables = merge(
+      var.container_sensitive_envvar,
+      {
+        PGPASSWORD            = azurerm_key_vault_secret.raw-data-db.value
+        CELERY_BROKER_URL     = local.redis_connection_endpoint
+        CELERY_RESULT_BACKEND = local.redis_connection_endpoint
+      }
+    )
   }
 
   container {
@@ -34,7 +65,8 @@ resource "azurerm_container_group" "app" {
       protocol = "TCP"
     }
 
-    environment_variables = var.container_envvar
+    environment_variables        = var.container_envvar
+    secure_environment_variables = var.container_sensitive_envvar
   }
 
   tags = {
diff --git a/infra/production/variables.tf b/infra/production/variables.tf
index bc6be696..33060a54 100644
--- a/infra/production/variables.tf
+++ b/infra/production/variables.tf
@@ -87,3 +87,9 @@ variable "container_envvar" {
   description = "Environment Variables to pass to the container"
   type        = map(string)
 }
+
+variable "container_sensitive_envvar" {
+  description = "Environment Variables to pass to the container"
+  type        = map(string)
+}
+