cmdb-insight/scripts/setup-postgresql.sh

#!/bin/bash
# Azure PostgreSQL Setup Script for CMDB Insight
# Creates PostgreSQL Flexible Server and configures it for production

set -e

# Configuration
RESOURCE_GROUP="zdl-cmdb-insight-prd-euwe-rg"
SERVER_NAME="zdl-cmdb-insight-prd-psql"
ADMIN_USER="cmdbadmin"
LOCATION="westeurope"
KEY_VAULT="zdl-cmdb-insight-prd-kv"
BACKEND_APP_NAME="zdl-cmdb-insight-prd-backend-webapp"

echo "🐘 Setting up Azure PostgreSQL for CMDB Insight..."
echo ""

# Step 1: Generate secure password
echo "🔐 Step 1: Generating secure password..."
ADMIN_PASSWORD=$(openssl rand -base64 32)
echo "✅ Password generated (will be stored in Key Vault)"
echo ""

# Step 2: Create PostgreSQL Flexible Server
echo "📦 Step 2: Creating PostgreSQL Flexible Server..."
az postgres flexible-server create \
  --resource-group $RESOURCE_GROUP \
  --name $SERVER_NAME \
  --location $LOCATION \
  --admin-user $ADMIN_USER \
  --admin-password $ADMIN_PASSWORD \
  --sku-name Standard_B1ms \
  --tier Burstable \
  --storage-size 32 \
  --version 15 \
  --public-access 0.0.0.0 \
  --high-availability Disabled \
  --output none

if [ $? -eq 0 ]; then
  echo "✅ PostgreSQL server created: ${SERVER_NAME}.postgres.database.azure.com"
else
  echo "❌ Failed to create PostgreSQL server"
  exit 1
fi

# Step 3: Create database
echo ""
echo "📊 Step 3: Creating database..."
echo "   Note: Single database is used by default (contains all tables)"
az postgres flexible-server db create \
  --resource-group $RESOURCE_GROUP \
  --server-name $SERVER_NAME \
  --database-name cmdb_insight \
  --output none

echo "✅ Database created: cmdb_insight"

# Step 4: Configure firewall (allow Azure services)
echo ""
echo "🔥 Step 4: Configuring firewall rules..."
az postgres flexible-server firewall-rule create \
  --resource-group $RESOURCE_GROUP \
  --name $SERVER_NAME \
  --rule-name AllowAzureServices \
  --start-ip-address 0.0.0.0 \
  --end-ip-address 0.0.0.0 \
  --output none

echo "✅ Firewall rule created (allows Azure services)"

# Step 5: Store credentials in Key Vault
echo ""
echo "🔐 Step 5: Storing credentials in Key Vault..."
az keyvault secret set \
  --vault-name $KEY_VAULT \
  --name DatabasePassword \
  --value "$ADMIN_PASSWORD" \
  --output none

# Create connection string
CONNECTION_STRING="postgresql://${ADMIN_USER}:${ADMIN_PASSWORD}@${SERVER_NAME}.postgres.database.azure.com:5432/cmdb_insight?sslmode=require"
az keyvault secret set \
  --vault-name $KEY_VAULT \
  --name DatabaseUrl \
  --value "$CONNECTION_STRING" \
  --output none

echo "✅ Credentials stored in Key Vault"

# Step 6: Configure App Service app settings
echo ""
echo "⚙️  Step 6: Configuring App Service app settings..."

# Get Key Vault URL
KV_URL=$(az keyvault show --name $KEY_VAULT --query properties.vaultUri -o tsv)

# Configure database settings
az webapp config appsettings set \
  --name $BACKEND_APP_NAME \
  --resource-group $RESOURCE_GROUP \
  --settings \
    DATABASE_TYPE=postgres \
    DATABASE_HOST="${SERVER_NAME}.postgres.database.azure.com" \
    DATABASE_PORT=5432 \
    DATABASE_NAME=cmdb_insight \
    DATABASE_USER=$ADMIN_USER \
    DATABASE_PASSWORD="@Microsoft.KeyVault(SecretUri=${KV_URL}secrets/DatabasePassword/)" \
    DATABASE_SSL=true \
  --output none

echo "✅ App settings configured"

# Summary
echo ""
echo "✅ PostgreSQL setup completed successfully!"
echo ""
echo "📋 Summary:"
echo "   Server: ${SERVER_NAME}.postgres.database.azure.com"
echo "   Admin User: $ADMIN_USER"
echo "   Database: cmdb_insight (single database for all data)"
echo "   Password: Stored in Key Vault ($KEY_VAULT)"
echo ""
echo "⚠️  Next Steps:"
echo "   1. Grant Key Vault access to App Service (if not done yet)"
echo "   2. Restart the backend app to connect to PostgreSQL:"
echo "      az webapp restart --name $BACKEND_APP_NAME --resource-group $RESOURCE_GROUP"
echo "   3. Check logs to verify connection:"
echo "      az webapp log tail --name $BACKEND_APP_NAME --resource-group $RESOURCE_GROUP"
echo ""