From 00e14dbaf78800d3c535d5746b51ac425571cb97 Mon Sep 17 00:00:00 2001 From: Ryan Ahearn Date: Tue, 8 Nov 2022 11:45:37 -0500 Subject: [PATCH] Add a sandbox environment for manual testing on cloud.gov --- app/config.py | 9 ++++-- deploy-config/sandbox.yml | 11 +++++++ terraform/create_service_account.sh | 24 +++++++++++---- terraform/sandbox/main.tf | 48 +++++++++++++++++++++++++++++ terraform/sandbox/providers.tf | 17 ++++++++++ terraform/sandbox/variables.tf | 5 +++ 6 files changed, 106 insertions(+), 8 deletions(-) create mode 100644 deploy-config/sandbox.yml create mode 100644 terraform/sandbox/main.tf create mode 100644 terraform/sandbox/providers.tf create mode 100644 terraform/sandbox/variables.tf diff --git a/app/config.py b/app/config.py index b6cf6ba22..4625ab663 100644 --- a/app/config.py +++ b/app/config.py @@ -145,11 +145,15 @@ class Production(Config): class Staging(Production): BASIC_AUTH_FORCE = True - HEADER_COLOUR = '#6F72AF' # $mauve + HEADER_COLOUR = '#00ff00' # $green class Demo(Staging): - pass + HEADER_COLOUR = '#6F72AF' # $mauve + + +class Sandbox(Staging): + HEADER_COLOUR = '#ff0000' # $red class Scanning(Production): @@ -167,5 +171,6 @@ configs = { 'scanning': Scanning, 'staging': Staging, 'demo': Demo, + 'sandbox': Sandbox, 'production': Production } diff --git a/deploy-config/sandbox.yml b/deploy-config/sandbox.yml new file mode 100644 index 000000000..57f7149e4 --- /dev/null +++ b/deploy-config/sandbox.yml @@ -0,0 +1,11 @@ +env: sandbox +instances: 1 +memory: 1G +public_admin_route: notify-sandbox.app.cloud.gov +ADMIN_CLIENT_USERNAME: notify-admin +ADMIN_CLIENT_SECRET: dev-notify-secret-key +DANGEROUS_SALT: dev-notify-salt +SECRET_KEY: dev-notify-secret-key +BASIC_AUTH_USERNAME: sandbox +BASIC_AUTH_PASSWORD: sandbox +REDIS_ENABLED: 1 diff --git a/terraform/create_service_account.sh b/terraform/create_service_account.sh index fafe83adf..d69a90796 100755 --- a/terraform/create_service_account.sh +++ b/terraform/create_service_account.sh @@ -7,14 +7,18 @@ $0: Create a Service User Account for a given space Usage: $0 -h - $0 -s -u [-r ] [-o ] + $0 -s -u [-r ] [-o ] [-m] Options: -h: show help and exit -s : configure the space to act on. Required -u : set the service user name. Required -r : set the service user's role to either space-deployer or space-auditor. Default: space-deployer +-m: If provided, make the service user an OrgManager -o : configure the organization to act on. Default: $org + +Notes: +OrgManager is required for terraform to create -egress spaces " set -e @@ -23,8 +27,9 @@ set -o pipefail space="" service="" role="space-deployer" +org_manager="false" -while getopts ":hs:u:r:o:" opt; do +while getopts ":hms:u:r:o:" opt; do case "$opt" in s) space=${OPTARG} @@ -38,6 +43,9 @@ while getopts ":hs:u:r:o:" opt; do o) org=${OPTARG} ;; + m) + org_manager="true" + ;; h) echo "$usage" exit 0 @@ -60,13 +68,17 @@ cf create-service-key $service service-account-key 1>&2 # output service key to stdout in secrets.auto.tfvars format creds=`cf service-key $service service-account-key | tail -n 4` -username=`echo $creds | jq '.username'` -password=`echo $creds | jq '.password'` +username=`echo $creds | jq -r '.username'` +password=`echo $creds | jq -r '.password'` + +if [[ $org_manager = "true" ]]; then + cf set-org-role $username $org OrgManager 1>&2 +fi cat << EOF # generated with $0 -s $space -u $service -r $role -o $org # revoke with $(dirname $0)/destroy_service_account.sh -s $space -u $service -o $org -cf_user = $username -cf_password = $password +cf_user = "$username" +cf_password = "$password" EOF diff --git a/terraform/sandbox/main.tf b/terraform/sandbox/main.tf new file mode 100644 index 000000000..766aa2f29 --- /dev/null +++ b/terraform/sandbox/main.tf @@ -0,0 +1,48 @@ +locals { + cf_org_name = "gsa-tts-benefits-studio-prototyping" + cf_space_name = "notify-sandbox" + env = "sandbox" + app_name = "notify-admin" + recursive_delete = true +} + +module "redis" { + source = "github.com/18f/terraform-cloudgov//redis" + + cf_user = var.cf_user + cf_password = var.cf_password + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + env = local.env + app_name = local.app_name + recursive_delete = local.recursive_delete + redis_plan_name = "redis-dev" +} + +module "logo_upload_bucket" { + source = "github.com/18f/terraform-cloudgov//s3" + + cf_user = var.cf_user + cf_password = var.cf_password + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + recursive_delete = local.recursive_delete + s3_service_name = "${local.app_name}-logo-upload-bucket-${local.env}" +} + +# ########################################################################## +# The following lines need to be commented out for the initial `terraform apply` +# It can be re-enabled after: +# 1) the api app has first been deployed +# 2) the admin app has first been deployed +########################################################################### +# module "api_network_route" { +# source = "../shared/container_networking" + +# cf_user = var.cf_user +# cf_password = var.cf_password +# cf_org_name = local.cf_org_name +# cf_space_name = local.cf_space_name +# source_app_name = "${local.app_name}-${local.env}" +# destination_app_name = "notify-api-${local.env}" +# } diff --git a/terraform/sandbox/providers.tf b/terraform/sandbox/providers.tf new file mode 100644 index 000000000..f21cfe326 --- /dev/null +++ b/terraform/sandbox/providers.tf @@ -0,0 +1,17 @@ +terraform { + required_version = "~> 1.0" + required_providers { + cloudfoundry = { + source = "cloudfoundry-community/cloudfoundry" + version = "0.15.5" + } + } + + backend "s3" { + bucket = "cg-6b759c13-6253-4a64-9bda-dd1f620185b0" + key = "admin.tfstate.sandbox" + encrypt = "true" + region = "us-gov-west-1" + profile = "notify-terraform-backend" + } +} diff --git a/terraform/sandbox/variables.tf b/terraform/sandbox/variables.tf new file mode 100644 index 000000000..bd8f74131 --- /dev/null +++ b/terraform/sandbox/variables.tf @@ -0,0 +1,5 @@ +variable "cf_password" { + type = string + sensitive = true +} +variable "cf_user" {}