From 4dfd4f1e1b05b3d8c4faff2a40d7a1ee3fa7f352 Mon Sep 17 00:00:00 2001
From: Toby Bellwood <toby.bellwood@amazee.io>
Date: Thu, 16 May 2024 16:06:41 -0700
Subject: [PATCH] chore: support read-only api-db connections

---
 README.md                                   | 10 +++++++++-
 cmd/lagoon-opensearch-sync/dump-projects.go |  6 +++---
 cmd/lagoon-opensearch-sync/sync.go          |  6 +++---
 3 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 1b52b40..f48983e 100644
--- a/README.md
+++ b/README.md
@@ -40,7 +40,15 @@ The deployment requires:
 | `KEYCLOAK_CLIENT_SECRET`         | Client secret of `lagoon-opensearch-sync` Keycloak client. |                                                                             |
 | `OPENSEARCH_ADMIN_PASSWORD`      | Password for the Opensearch `admin` user.                  |                                                                             |
 
-3. Command `/lagoon-opensearch-sync`.
+3. If you are utilising a read-only connection to the api-db, either via a read-replica, or dedicated account:
+
+| Name                             | Description                                                | Example                                                                     |
+| ---                              | ---                                                        | ---                                                                         |
+| `API_DB_RO_ADDRESS`                 | Internal service name of an API DB read-only replica.                       | `lagoon-core-api-db`                                                        |
+| `API_DB_RO_USERNAME`                | Read-only user for the API DB.                                    |  |
+| `API_DB_RO_PASSWORD`                | Password for the read-only user for the API DB.                                    |    |
+
+4. Command `/lagoon-opensearch-sync`.
 
 ## Advanced usage
 
diff --git a/cmd/lagoon-opensearch-sync/dump-projects.go b/cmd/lagoon-opensearch-sync/dump-projects.go
index 5ccdc0c..d5269d6 100644
--- a/cmd/lagoon-opensearch-sync/dump-projects.go
+++ b/cmd/lagoon-opensearch-sync/dump-projects.go
@@ -13,10 +13,10 @@ import (
 
 // DumpProjectsCmd represents the `dump-projects` command.
 type DumpProjectsCmd struct {
-	APIDBAddress  string `kong:"required,env='API_DB_ADDRESS',help='Lagoon API DB Address (host[:port])'"`
+	APIDBAddress  string `kong:"required,env='API_DB_RO_ADDRESS,API_DB_ADDRESS',help='Lagoon API DB Address (host[:port])'"`
 	APIDBDatabase string `kong:"default='infrastructure',env='API_DB_DATABASE',help='Lagoon API DB Database Name'"`
-	APIDBPassword string `kong:"required,env='API_DB_PASSWORD',help='Lagoon API DB Password'"`
-	APIDBUsername string `kong:"default='api',env='API_DB_USERNAME',help='Lagoon API DB Username'"`
+	APIDBPassword string `kong:"required,env='API_DB_RO_PASSWORD,API_DB_PASSWORD',help='Lagoon API DB Password'"`
+	APIDBUsername string `kong:"default='api',env='API_DB_RO_USERNAME,API_DB_USERNAME',help='Lagoon API DB Username'"`
 }
 
 // Run the dump-projects command.
diff --git a/cmd/lagoon-opensearch-sync/sync.go b/cmd/lagoon-opensearch-sync/sync.go
index 4451cd6..efed0e6 100644
--- a/cmd/lagoon-opensearch-sync/sync.go
+++ b/cmd/lagoon-opensearch-sync/sync.go
@@ -24,10 +24,10 @@ type SyncCmd struct {
 	Objects                     []string      `kong:"enum='tenants,roles,rolesmapping,indexpatterns,indextemplates',default='tenants,roles,rolesmapping,indexpatterns,indextemplates',help='Opensearch objects which will be synchronized'"`
 	LegacyIndexPatternDelimiter bool          `kong:"default='false',help='Use the legacy -* index pattern delimiter instead of -_-*'"`
 	// lagoon DB client fields
-	APIDBAddress  string `kong:"required,env='API_DB_ADDRESS',help='Lagoon API DB Address (host[:port])'"`
+	APIDBAddress  string `kong:"required,env='API_DB_RO_ADDRESS,API_DB_ADDRESS',help='Lagoon API DB Address (host[:port])'"`
 	APIDBDatabase string `kong:"default='infrastructure',env='API_DB_DATABASE',help='Lagoon API DB Database Name'"`
-	APIDBPassword string `kong:"required,env='API_DB_PASSWORD',help='Lagoon API DB Password'"`
-	APIDBUsername string `kong:"default='api',env='API_DB_USERNAME',help='Lagoon API DB Username'"`
+	APIDBPassword string `kong:"required,env='API_DB_RO_PASSWORD,API_DB_PASSWORD',help='Lagoon API DB Password'"`
+	APIDBUsername string `kong:"default='api',env='API_DB_RO_USERNAME,API_DB_USERNAME',help='Lagoon API DB Username'"`
 	// keycloak client fields
 	KeycloakClientID     string `kong:"default='lagoon-opensearch-sync',env='KEYCLOAK_CLIENT_ID',help='Keycloak OAuth2 Client ID'"`
 	KeycloakClientSecret string `kong:"required,env='KEYCLOAK_CLIENT_SECRET',help='Keycloak OAuth2 Client Secret'"`