Updated the Postgres binary to use trustify image

Signed-off-by: mrrajan <86094767+mrrajan@users.noreply.github.com.>

Author: mrrajan

.editorconfig

@@ -0,0 +1,3 @@
+[*]
+end_of_line = lf
+insert_final_newline = true

.gitignore

@@ -21,3 +21,5 @@ context/
 .vscode/
 .idea
 .ansible
+*.yml  text eol=lf
+*.yaml text eol=lf

roles/tpa_single_node/tasks/importer/importer.yml

@@ -1,22 +1,29 @@
 ---
-- name: Copy create-importers.sql to Server
-  ansible.builtin.copy:
-    content: "{{ lookup('ansible.builtin.template', 'configs/create-importers.sql') }}"
-    dest: "{{ tpa_single_node_config_dir }}/create-importers.sql"
-    remote_src: true
+- name: Create configmap to create importers
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/manifests/init/create_importer/Configmap.yaml.j2"
+    dest: "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/create_importers.yaml"
     mode: "0600"
+  register: configmap_create_importers
 
-- name: Run create-importers.sql
-  ansible.builtin.command: "psql postgresql://{{ tpa_single_node_pg_user }}:{{ tpa_single_node_pg_user_passwd }}@\
-      {{ tpa_single_node_pg_host }}:{{ tpa_single_node_pg_port }}/{{ tpa_single_node_pg_db }}?sslmode={{ tpa_single_node_pg_ssl_mode }} \
-      -v ON_ERROR_STOP=1 \
-      -f {{ tpa_single_node_config_dir }}/create-importers.sql"
-  changed_when: false
-  no_log: true
-  register: result
-  retries: 2
-  delay: 5
-  until: result.rc == 0
+- name: Set configmaps to create importers
+  ansible.builtin.set_fact:
+    create_importers_configmaps: >-
+      {{
+        [
+          tpa_single_node_kube_manifest_dir + '/ConfigMaps/create_importers.yaml'
+        ]
+      }}
+
+- name: Create importers
+  ansible.builtin.include_tasks: install_manifest.yml
+  vars:
+    podman_spec:
+      state: started
+      systemd_file: create-importers
+      network: "{{ tpa_single_node_podman_network }}"
+      kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/init/create_importer/Deployment.yaml.j2') | from_yaml }}"
+      configmaps: "{{ create_importers_configmaps }}"
 
 - name: Set configmaps for importer
   ansible.builtin.set_fact:

roles/tpa_single_node/tasks/importer/importers.yml

@@ -1,22 +1,29 @@
 ---
-- name: Copy create-importers.sql to Server
-  ansible.builtin.copy:
-    content: "{{ lookup('ansible.builtin.template', 'configs/create-importers.sql') }}"
-    dest: "{{ tpa_single_node_config_dir }}/create-importers.sql"
-    remote_src: true
+- name: Create configmap to create importers
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/manifests/init/create_importer/Configmap.yaml.j2"
+    dest: "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/create_importers.yaml"
     mode: "0600"
+  register: configmap_create_importers
 
-- name: Run create-importers.sql
-  ansible.builtin.command: "psql postgresql://{{ tpa_single_node_pg_user }}:{{ tpa_single_node_pg_user_passwd }}@\
-      {{ tpa_single_node_pg_host }}:{{ tpa_single_node_pg_port }}/{{ tpa_single_node_pg_db }}?sslmode={{ tpa_single_node_pg_ssl_mode }} \
-      -v ON_ERROR_STOP=1 \
-      -f {{ tpa_single_node_config_dir }}/create-importers.sql"
-  changed_when: false
-  no_log: true
-  register: result
-  retries: 2
-  delay: 5
-  until: result.rc == 0
+- name: Set configmaps to create importers
+  ansible.builtin.set_fact:
+    create_importers_configmaps: >-
+      {{
+        [
+          tpa_single_node_kube_manifest_dir + '/ConfigMaps/create_importers.yaml'
+        ]
+      }}
+
+- name: Create importers
+  ansible.builtin.include_tasks: install_manifest.yml
+  vars:
+    podman_spec:
+      state: started
+      systemd_file: create-importers
+      network: "{{ tpa_single_node_podman_network }}"
+      kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/init/create_importer/Deployment.yaml.j2') | from_yaml }}"
+      configmaps: "{{ create_importers_configmaps }}"
 
 - name: Set configmaps for importers
   ansible.builtin.set_fact:

roles/tpa_single_node/tasks/infra/db.yml

@@ -1,25 +1,26 @@
 ---
-- name: Copy init-db.sql to Server
-  ansible.builtin.copy:
-    content: "{{ lookup('ansible.builtin.template', 'configs/init-db.sql') }}"
-    dest: "{{ tpa_single_node_config_dir }}/init-db.sql"
-    remote_src: true
+- name: Create configmap to create database
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/manifests/init/create_database/Configmap.yaml.j2"
+    dest: "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/create_database.yaml"
     mode: "0600"
+  register: configmap_create_db
 
-- name: Run init-db.sql
-  ansible.builtin.command: "psql postgresql://{{ tpa_single_node_pg_admin }}:{{ tpa_single_node_pg_admin_passwd }}@\
-      {{ tpa_single_node_pg_host }}:{{ tpa_single_node_pg_port }}/{{ tpa_single_node_pg_admin_db }}?sslmode={{ tpa_single_node_pg_ssl_mode }} \
-      -v ON_ERROR_STOP=1 \
-      -v db_name={{ tpa_single_node_pg_db }} \
-      -v db_user={{ tpa_single_node_pg_user }} \
-      -v db_password={{ tpa_single_node_pg_user_passwd }} \
-      -f {{ tpa_single_node_config_dir }}/init-db.sql"
-  changed_when: false
-  no_log: true
+- name: Set configmaps to create database
+  ansible.builtin.set_fact:
+    create_db_configmaps: >-
+      {{
+        [
+          tpa_single_node_kube_manifest_dir + '/ConfigMaps/create_database.yaml'
+        ]
+      }}
 
-- name: Testing DB to make sure it is available
-  ansible.builtin.command: "psql postgresql://{{ tpa_single_node_pg_user }}:{{ tpa_single_node_pg_user_passwd }}@\
-    {{ tpa_single_node_pg_host }}:{{ tpa_single_node_pg_port }}/{{ tpa_single_node_pg_db }}?sslmode={{ tpa_single_node_pg_ssl_mode }} -c 'SELECT 1'"
-  register: select_output
-  changed_when: false
-  no_log: true
+- name: Create database
+  ansible.builtin.include_tasks: install_manifest.yml
+  vars:
+    podman_spec:
+      state: started
+      systemd_file: create-db
+      network: "{{ tpa_single_node_podman_network }}"
+      kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/init/create_database/Deployment.yaml.j2') | from_yaml }}"
+      configmaps: "{{ create_db_configmaps }}"

roles/tpa_single_node/tasks/infra/migrate-db.yml

@@ -6,6 +6,6 @@
       state: stopped
       systemd_file: migrate-db
       network: "{{ tpa_single_node_podman_network }}"
-      kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/init/dataset/Deployment.yaml.j2') | from_yaml }}"
+      kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/init/migrate_database/Deployment.yaml.j2') | from_yaml }}"
       # configmaps:
       #   - "{{ tpa_single_node_kube_manifest_dir }}/ConfigMaps/custom-trust-anchor.yaml"

roles/tpa_single_node/tasks/os.yml

@@ -1,14 +1,4 @@
 ---
-- name: Install repository key
-  ansible.builtin.rpm_key:
-    key: https://download.postgresql.org/pub/repos/yum/keys/PGDG-RPM-GPG-KEY-RHEL
-    state: present
-
-- name: Install pgdg repository package
-  ansible.builtin.dnf:
-    name: https://download.postgresql.org/pub/repos/yum/reporpms/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm
-    state: present
-
 - name: Install podman-plugins package
   ansible.builtin.package:
     name: podman-plugins

roles/tpa_single_node/templates/configs/create-importers.sql

@@ -0,0 +1,50 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: create-db
+  namespace: "{{ tpa_single_node_namespace }}"
+  labels:
+    app.kubernetes.io/name: create-db
+    app.kubernetes.io/component: database
+    app.kubernetes.io/instance: redhat-trusted-profile-analyzer    
+    app.kubernetes.io/version: 2.0.1
+data:
+  init.sql: |
+    -- ensure we have the database
+    SELECT 'CREATE DATABASE ' || :'db_name'
+    WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = :'db_name')\gexec
+
+    -- create the user (if it doesn't exist)
+    CREATE OR REPLACE FUNCTION add_user_if_not_exists(username NAME) RETURNS integer
+        AS $$
+    BEGIN
+        IF NOT EXISTS (SELECT FROM pg_roles
+            WHERE rolname = username) THEN
+
+            EXECUTE FORMAT('CREATE ROLE "%I" LOGIN', username);
+
+        END IF;
+        RETURN NULL;
+    END;
+    $$ language plpgsql;
+
+    SELECT add_user_if_not_exists(:'db_user');
+
+    -- now set the password
+    ALTER USER :db_user WITH PASSWORD :'db_password';
+
+    -- grant permission to connect
+    GRANT CONNECT ON DATABASE :db_name TO :db_user;
+
+    -- grant permissions on database
+    \connect :db_name
+
+    GRANT USAGE ON SCHEMA public TO :db_user;
+
+    -- grant on existing tables
+    GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO :db_user;
+
+    -- grant on future tables
+    ALTER DEFAULT PRIVILEGES
+        IN SCHEMA public
+        GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO :db_user;