Add a sandbox environment for manual testing on cloud.gov

2025-12-09 06:33:52 -05:00 · 2022-11-08 11:45:37 -05:00
parent 6d33a4621b
commit 00e14dbaf7
6 changed files with 106 additions and 8 deletions
--- a/app/config.py
+++ b/app/config.py
@@ -145,11 +145,15 @@ class Production(Config):

 class Staging(Production):
    BASIC_AUTH_FORCE = True
-    HEADER_COLOUR = '#6F72AF'  # $mauve
+    HEADER_COLOUR = '#00ff00'  # $green


 class Demo(Staging):
-    pass
+    HEADER_COLOUR = '#6F72AF'  # $mauve
+
+
+class Sandbox(Staging):
+    HEADER_COLOUR = '#ff0000'  # $red


 class Scanning(Production):
@@ -167,5 +171,6 @@ configs = {
    'scanning': Scanning,
    'staging': Staging,
    'demo': Demo,
+    'sandbox': Sandbox,
    'production': Production
 }
--- a/deploy-config/sandbox.yml
+++ b/deploy-config/sandbox.yml
@@ -0,0 +1,11 @@
+env: sandbox
+instances: 1
+memory: 1G
+public_admin_route: notify-sandbox.app.cloud.gov
+ADMIN_CLIENT_USERNAME: notify-admin
+ADMIN_CLIENT_SECRET: dev-notify-secret-key
+DANGEROUS_SALT: dev-notify-salt
+SECRET_KEY: dev-notify-secret-key
+BASIC_AUTH_USERNAME: sandbox
+BASIC_AUTH_PASSWORD: sandbox
+REDIS_ENABLED: 1
--- a/terraform/create_service_account.sh
+++ b/terraform/create_service_account.sh
@@ -7,14 +7,18 @@ $0: Create a Service User Account for a given space

 Usage:
  $0 -h
-  $0 -s <SPACE NAME> -u <USER NAME> [-r <ROLE NAME>] [-o <ORG NAME>]
+  $0 -s <SPACE NAME> -u <USER NAME> [-r <ROLE NAME>] [-o <ORG NAME>] [-m]

 Options:
 -h: show help and exit
 -s <SPACE NAME>: configure the space to act on. Required
 -u <USER NAME>: set the service user name. Required
 -r <ROLE NAME>: set the service user's role to either space-deployer or space-auditor. Default: space-deployer
+-m: If provided, make the service user an OrgManager
 -o <ORG NAME>: configure the organization to act on. Default: $org
+
+Notes:
+OrgManager is required for terraform to create <env>-egress spaces
 "

 set -e
@@ -23,8 +27,9 @@ set -o pipefail
 space=""
 service=""
 role="space-deployer"
+org_manager="false"

-while getopts ":hs:u:r:o:" opt; do
+while getopts ":hms:u:r:o:" opt; do
  case "$opt" in
    s)
      space=${OPTARG}
@@ -38,6 +43,9 @@ while getopts ":hs:u:r:o:" opt; do
    o)
      org=${OPTARG}
      ;;
+    m)
+      org_manager="true"
+      ;;
    h)
      echo "$usage"
      exit 0
@@ -60,13 +68,17 @@ cf create-service-key $service service-account-key 1>&2

 # output service key to stdout in secrets.auto.tfvars format
 creds=`cf service-key $service service-account-key | tail -n 4`
-username=`echo $creds | jq '.username'`
-password=`echo $creds | jq '.password'`
+username=`echo $creds | jq -r '.username'`
+password=`echo $creds | jq -r '.password'`
+
+if [[ $org_manager = "true" ]]; then
+  cf set-org-role $username $org OrgManager 1>&2
+fi

 cat << EOF
 # generated with $0 -s $space -u $service -r $role -o $org
 # revoke with $(dirname $0)/destroy_service_account.sh -s $space -u $service -o $org

-cf_user = $username
-cf_password = $password
+cf_user = "$username"
+cf_password = "$password"
 EOF
--- a/terraform/sandbox/main.tf
+++ b/terraform/sandbox/main.tf
@@ -0,0 +1,48 @@
+locals {
+  cf_org_name      = "gsa-tts-benefits-studio-prototyping"
+  cf_space_name    = "notify-sandbox"
+  env              = "sandbox"
+  app_name         = "notify-admin"
+  recursive_delete = true
+}
+
+module "redis" {
+  source = "github.com/18f/terraform-cloudgov//redis"
+
+  cf_user          = var.cf_user
+  cf_password      = var.cf_password
+  cf_org_name      = local.cf_org_name
+  cf_space_name    = local.cf_space_name
+  env              = local.env
+  app_name         = local.app_name
+  recursive_delete = local.recursive_delete
+  redis_plan_name  = "redis-dev"
+}
+
+module "logo_upload_bucket" {
+  source = "github.com/18f/terraform-cloudgov//s3"
+
+  cf_user          = var.cf_user
+  cf_password      = var.cf_password
+  cf_org_name      = local.cf_org_name
+  cf_space_name    = local.cf_space_name
+  recursive_delete = local.recursive_delete
+  s3_service_name  = "${local.app_name}-logo-upload-bucket-${local.env}"
+}
+
+# ##########################################################################
+# The following lines need to be commented out for the initial `terraform apply`
+# It can be re-enabled after:
+# 1) the api app has first been deployed
+# 2) the admin app has first been deployed
+###########################################################################
+# module "api_network_route" {
+#   source = "../shared/container_networking"
+
+#   cf_user              = var.cf_user
+#   cf_password          = var.cf_password
+#   cf_org_name          = local.cf_org_name
+#   cf_space_name        = local.cf_space_name
+#   source_app_name      = "${local.app_name}-${local.env}"
+#   destination_app_name = "notify-api-${local.env}"
+# }
--- a/terraform/sandbox/providers.tf
+++ b/terraform/sandbox/providers.tf
@@ -0,0 +1,17 @@
+terraform {
+  required_version = "~> 1.0"
+  required_providers {
+    cloudfoundry = {
+      source  = "cloudfoundry-community/cloudfoundry"
+      version = "0.15.5"
+    }
+  }
+
+  backend "s3" {
+    bucket  = "cg-6b759c13-6253-4a64-9bda-dd1f620185b0"
+    key     = "admin.tfstate.sandbox"
+    encrypt = "true"
+    region  = "us-gov-west-1"
+    profile = "notify-terraform-backend"
+  }
+}
--- a/terraform/sandbox/variables.tf
+++ b/terraform/sandbox/variables.tf
@@ -0,0 +1,5 @@
+variable "cf_password" {
+  type      = string
+  sensitive = true
+}
+variable "cf_user" {}