From 41483f4972be85acbcc7d90c77100ff3e8ac5306 Mon Sep 17 00:00:00 2001
From: Ieuan Byers <ieuan.byers@justice.gov.uk>
Date: Fri, 12 Apr 2024 08:36:09 +0100
Subject: [PATCH 1/3] Create replica flex server in expanded subnet

---
 infrastructure/db.tf | 114 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 114 insertions(+)

diff --git a/infrastructure/db.tf b/infrastructure/db.tf
index 6677008d..28f73221 100644
--- a/infrastructure/db.tf
+++ b/infrastructure/db.tf
@@ -109,4 +109,118 @@ resource "azurerm_key_vault_secret" "postgres-database" {
   name         = "bpm-POSTGRES-DATABASE"
   value        = "camunda"
   key_vault_id = module.vault.key_vault_id
+}
+
+module "postgresql_flexible_expanded" {
+  providers = {
+    azurerm.postgres_network = azurerm.postgres_network
+  }
+
+  source               = "git@github.com:hmcts/terraform-module-postgresql-flexible?ref=master"
+  env                  = var.env
+  product              = var.product
+  name                 = "hmcts-${var.product}-v15-flexible"
+  component            = var.component
+  business_area        = "CFT"
+  location             = var.location
+  pgsql_admin_username = "camundaadmin"
+  pgsql_storage_mb     = var.pgsql_storage_mb
+  pgsql_sku            = var.pgsql_sku
+  create_mode          = var.pgsql_create_mode
+  subnet_suffix        = "expanded"
+
+  common_tags          = var.common_tags
+  admin_user_object_id = var.jenkins_AAD_objectId
+  pgsql_databases = [
+    {
+      name : "camunda"
+    }
+  ]
+  // server_configuration values set based on SKU (CPU/RAM) and Max Connections
+  pgsql_server_configuration = [
+    {
+      name  = "shared_buffers"
+      value = lookup(var.pgsql_server_configuration, "shared_buffers")
+    },
+    {
+      name  = "work_mem"
+      value = "7489"
+    },
+    {
+      name  = "maintenance_work_mem"
+      value = "512000"
+    },
+    {
+      name  = "effective_cache_size"
+      value = "3932160"
+    },
+    {
+      name  = "max_parallel_workers"
+      value = "0"
+    },
+    {
+      name  = "max_parallel_workers_per_gather"
+      value = "0"
+    },
+    {
+      name  = "random_page_cost"
+      value = "1.1"
+    },
+    {
+      name  = "wal_buffers"
+      value = "16384"
+    },
+    {
+      name  = "min_wal_size"
+      value = "1024"
+    },
+    {
+      name  = "max_wal_size"
+      value = lookup(var.pgsql_server_configuration, "max_wal_size")
+    },
+    {
+      name  = "effective_io_concurrency"
+      value = "200"
+    },
+    {
+      name  = "backslash_quote"
+      value = "on"
+    },
+    {
+      name  = "azure.extensions"
+      value = "PG_BUFFERCACHE,PG_STAT_STATEMENTS,PLPGSQL"
+    }
+  ]
+  pgsql_firewall_rules = []
+  pgsql_version        = "15"
+}
+
+resource "azurerm_key_vault_secret" "postgres-v15-user" {
+  name         = "bpm-POSTGRES-V15-USER"
+  value        = module.postgresql_flexible_expanded.username
+  key_vault_id = module.vault.key_vault_id
+}
+
+resource "azurerm_key_vault_secret" "postgres-v15-password" {
+  name         = "bpm-POSTGRES-V15-PASS"
+  value        = module.postgresql_flexible_expanded.password
+  key_vault_id = module.vault.key_vault_id
+}
+
+resource "azurerm_key_vault_secret" "postgres-v15-host" {
+  name         = "bpm-POSTGRES-V15-HOST"
+  value        = module.postgresql_flexible_expanded.fqdn
+  key_vault_id = module.vault.key_vault_id
+}
+
+resource "azurerm_key_vault_secret" "postgres-v15-port" {
+  name         = "bpm-POSTGRES-V15-PORT"
+  value        = "5432"
+  key_vault_id = module.vault.key_vault_id
+}
+
+resource "azurerm_key_vault_secret" "postgres-v15-database" {
+  name         = "bpm-POSTGRES-V15-DATABASE"
+  value        = "camunda"
+  key_vault_id = module.vault.key_vault_id
 }
\ No newline at end of file

From 49b2f6c00c75776c857a42208f7820ce097f2642 Mon Sep 17 00:00:00 2001
From: Ieuan Byers <ieuan.byers@justice.gov.uk>
Date: Fri, 12 Apr 2024 08:39:09 +0100
Subject: [PATCH 2/3] Remove duplicate secrets

---
 infrastructure/db.tf | 18 ------------------
 1 file changed, 18 deletions(-)

diff --git a/infrastructure/db.tf b/infrastructure/db.tf
index 28f73221..fc12a195 100644
--- a/infrastructure/db.tf
+++ b/infrastructure/db.tf
@@ -205,22 +205,4 @@ resource "azurerm_key_vault_secret" "postgres-v15-password" {
   name         = "bpm-POSTGRES-V15-PASS"
   value        = module.postgresql_flexible_expanded.password
   key_vault_id = module.vault.key_vault_id
-}
-
-resource "azurerm_key_vault_secret" "postgres-v15-host" {
-  name         = "bpm-POSTGRES-V15-HOST"
-  value        = module.postgresql_flexible_expanded.fqdn
-  key_vault_id = module.vault.key_vault_id
-}
-
-resource "azurerm_key_vault_secret" "postgres-v15-port" {
-  name         = "bpm-POSTGRES-V15-PORT"
-  value        = "5432"
-  key_vault_id = module.vault.key_vault_id
-}
-
-resource "azurerm_key_vault_secret" "postgres-v15-database" {
-  name         = "bpm-POSTGRES-V15-DATABASE"
-  value        = "camunda"
-  key_vault_id = module.vault.key_vault_id
 }
\ No newline at end of file

From 2fca2017c4f80ac73225f33ad94cad19754433e4 Mon Sep 17 00:00:00 2001
From: Ieuan Byers <ieuan.byers@justice.gov.uk>
Date: Fri, 9 Aug 2024 15:04:14 +0100
Subject: [PATCH 3/3] Upgrade provider version

---
 infrastructure/provider.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/provider.tf b/infrastructure/provider.tf
index 85b12f60..6ccc08f1 100644
--- a/infrastructure/provider.tf
+++ b/infrastructure/provider.tf
@@ -22,7 +22,7 @@ terraform {
     }
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "3.96.0"
+      version = "3.115.0"
     }
   }