arcodange-org/factory
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(multi-env): Phase D1 — provision erp-sandbox Postgres DB + role #17

Merged
arcodange merged 1 commits from claude/phaseD-erp-sandbox-postgres into main 2026-06-28 17:10:02 +02:00
Conversation 0 Commits 1 Files Changed 1 +1 -1
arcodange commented 2026-06-28 17:06:26 +02:00
Owner
Copy Link

Summary

Phase D1 of ADR-0002 — the first step that creates real sandbox resources (Phase B was inert plumbing). erp gains envs = ["prod", "sandbox"] in postgres/iac/terraform.tfvars, so the elision flatten materialises a second instance.

What the apply adds (additive only)

instance database owner role
erp (unchanged) erp erp_role
erp-sandbox (new) erp-sandbox erp_sandbox_role

So the plan is ~6 resources to add for erp-sandbox (postgresql_role, postgresql_database, postgresql_grant_role, postgresql_function pgbouncer lookup, + 2 grants) and 0 changed / 0 destroyed on every existing app including prod erp. Verified the flatten output with a standalone tofu apply before pushing.

Merge gate

The CI tofu apply (postgres.yaml) must show the erp-sandbox additions and zero changes/destroys elsewhere. I'll dispatch it on this branch and confirm before merging.

Phase D sequence

  • D1 (this PR) — Postgres DB + role
  • D2 (tools) — Vault runtime policy + widened CI ops for erp-sandbox
  • D3 (erp) — Vault k8s auth role + postgres/creds/erp-sandbox + kvv2/erp-sandbox/config
  • D4 (factory) — ArgoCD erp-sandbox Application (GitOps)

🤖 Generated with Claude Code

## Summary **Phase D1** of [ADR-0002](https://gitea.arcodange.lab/arcodange-org/factory/src/branch/main/vibe/ADR/0002-per-application-environments.md) — the first step that **creates real sandbox resources** (Phase B was inert plumbing). `erp` gains `envs = ["prod", "sandbox"]` in `postgres/iac/terraform.tfvars`, so the elision flatten materialises a second instance. ### What the apply adds (additive only) | instance | database | owner role | |---|---|---| | `erp` (unchanged) | `erp` | `erp_role` | | **`erp-sandbox` (new)** | `erp-sandbox` | `erp_sandbox_role` | So the plan is **~6 resources to add** for erp-sandbox (`postgresql_role`, `postgresql_database`, `postgresql_grant_role`, `postgresql_function` pgbouncer lookup, + 2 grants) and **0 changed / 0 destroyed** on every existing app including prod `erp`. Verified the flatten output with a standalone `tofu apply` before pushing. ### Merge gate The CI `tofu apply` (postgres.yaml) must show the erp-sandbox additions and **zero changes/destroys elsewhere**. I'll dispatch it on this branch and confirm before merging. ### Phase D sequence - **D1 (this PR)** — Postgres DB + role - D2 (tools) — Vault runtime policy + widened CI ops for erp-sandbox - D3 (erp) — Vault k8s auth role + `postgres/creds/erp-sandbox` + `kvv2/erp-sandbox/config` - D4 (factory) — ArgoCD `erp-sandbox` Application (GitOps) 🤖 Generated with [Claude Code](https://claude.com/claude-code)
arcodange added 1 commit 2026-06-28 17:06:39 +02:00
feat(multi-env): Phase D1 — provision erp-sandbox Postgres DB + role 00a838799b 
Activates the sandbox environment for the ERP on the Postgres side
(ADR-0002 Phase D). `erp` gains `envs = ["prod", "sandbox"]`, so the
elision flatten now materialises a second instance `erp-sandbox`:
  - database `erp-sandbox`
  - owner role `erp_sandbox_role` (snake-case per the convention)
  - pgbouncer user_lookup function + grants for the new DB

The prod `erp` instance is unchanged (db `erp`, role `erp_role`) — the
apply is purely additive (~6 resources for erp-sandbox, 0 changed,
0 destroyed on everything else). Verified the flatten output with a
standalone tofu apply before pushing.

This is D1 of the Phase D activation. D2 (tools Vault policies),
D3 (erp iac creds + KV), D4 (ArgoCD Application) follow in order.

Refs ADR-0002 (factory#15), Phase B (factory#16).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
arcodange merged commit a38c8b39f1 into main 2026-06-28 17:10:02 +02:00
arcodange deleted branch claude/phaseD-erp-sandbox-postgres 2026-06-28 17:10:18 +02:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
arcodange
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: arcodange-org/factory#17
Delete Branch "claude/phaseD-erp-sandbox-postgres"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?