From 43201f37fa8a8fb443cd49a151848d295252b866 Mon Sep 17 00:00:00 2001 From: Ryan Ahearn Date: Wed, 2 Nov 2022 14:42:32 -0400 Subject: [PATCH] Switch terraform over to cloud.gov org --- terraform/bootstrap/import.sh | 4 +-- terraform/bootstrap/main.tf | 4 +-- terraform/bootstrap/run.sh | 2 +- terraform/bootstrap/teardown_creds.sh | 2 +- terraform/bootstrap/variables.tf | 4 ++- terraform/create_service_account.sh | 2 +- terraform/demo/main.tf | 48 +++++++++++++++++++++++++++ terraform/demo/providers.tf | 17 ++++++++++ terraform/demo/variables.tf | 5 +++ terraform/destroy_service_account.sh | 2 +- terraform/production/main.tf | 8 ++--- terraform/production/providers.tf | 2 +- terraform/set_space_egress.sh | 2 +- terraform/staging/main.tf | 30 ++++++++++------- terraform/staging/providers.tf | 2 +- 15 files changed, 106 insertions(+), 28 deletions(-) create mode 100644 terraform/demo/main.tf create mode 100644 terraform/demo/providers.tf create mode 100644 terraform/demo/variables.tf diff --git a/terraform/bootstrap/import.sh b/terraform/bootstrap/import.sh index 88b1e40d2..9140711f5 100755 --- a/terraform/bootstrap/import.sh +++ b/terraform/bootstrap/import.sh @@ -4,8 +4,8 @@ read -p "Are you sure you want to import terraform state (y/n)? " verify if [[ $verify == "y" ]]; then echo "Importing bootstrap state" - ./run.sh import module.s3.cloudfoundry_service_instance.bucket 31204bcc-aae3-4cd3-8b59-5055a338d44f - ./run.sh import cloudfoundry_service_key.bucket_creds 483a6ac5-4ba0-48ad-9850-ef87b51aaa08 + ./run.sh import module.s3.cloudfoundry_service_instance.bucket 6b759c13-6253-4a64-9bda-dd1f620185b0 + ./run.sh import cloudfoundry_service_key.bucket_creds a8e40295-68b7-42ba-8955-d82ba262e948 ./run.sh plan else echo "Not importing bootstrap state" diff --git a/terraform/bootstrap/main.tf b/terraform/bootstrap/main.tf index f00fff4c5..f51d5bd2d 100644 --- a/terraform/bootstrap/main.tf +++ b/terraform/bootstrap/main.tf @@ -9,8 +9,8 @@ module "s3" { cf_api_url = local.cf_api_url cf_user = var.cf_user cf_password = var.cf_password - cf_org_name = "gsa-10x-prototyping" - cf_space_name = "10x-notifications" + cf_org_name = "gsa-tts-benefits-studio-prototyping" + cf_space_name = "notify-management" s3_service_name = local.s3_service_name } diff --git a/terraform/bootstrap/run.sh b/terraform/bootstrap/run.sh index 404987590..1ac395444 100755 --- a/terraform/bootstrap/run.sh +++ b/terraform/bootstrap/run.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash if [[ ! -f "secrets.auto.tfvars" ]]; then - ../create_service_account.sh -s 10x-notifications -u config-bootstrap-deployer > secrets.auto.tfvars + ../create_service_account.sh -s notify-management -u config-bootstrap-deployer > secrets.auto.tfvars fi if [[ $# -gt 0 ]]; then diff --git a/terraform/bootstrap/teardown_creds.sh b/terraform/bootstrap/teardown_creds.sh index 196e3756f..77207a69b 100755 --- a/terraform/bootstrap/teardown_creds.sh +++ b/terraform/bootstrap/teardown_creds.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash -../destroy_service_account.sh -s 10x-notifications -u config-bootstrap-deployer +../destroy_service_account.sh -s notify-management -u config-bootstrap-deployer rm secrets.auto.tfvars diff --git a/terraform/bootstrap/variables.tf b/terraform/bootstrap/variables.tf index 2fe500544..a24f2f3f8 100644 --- a/terraform/bootstrap/variables.tf +++ b/terraform/bootstrap/variables.tf @@ -1,2 +1,4 @@ -variable "cf_password" {} +variable "cf_password" { + sensitive = true +} variable "cf_user" {} diff --git a/terraform/create_service_account.sh b/terraform/create_service_account.sh index 1a6b0eb1c..fafe83adf 100755 --- a/terraform/create_service_account.sh +++ b/terraform/create_service_account.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -org="gsa-10x-prototyping" +org="gsa-tts-benefits-studio-prototyping" usage=" $0: Create a Service User Account for a given space diff --git a/terraform/demo/main.tf b/terraform/demo/main.tf new file mode 100644 index 000000000..14ed3cea4 --- /dev/null +++ b/terraform/demo/main.tf @@ -0,0 +1,48 @@ +locals { + cf_org_name = "gsa-tts-benefits-studio-prototyping" + cf_space_name = "notify-demo" + env = "demo" + app_name = "notify-admin" + recursive_delete = false +} + +module "redis" { + source = "github.com/18f/terraform-cloudgov//redis" + + cf_user = var.cf_user + cf_password = var.cf_password + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + env = local.env + app_name = local.app_name + recursive_delete = local.recursive_delete + redis_plan_name = "redis-dev" +} + +module "logo_upload_bucket" { + source = "github.com/18f/terraform-cloudgov//s3" + + cf_user = var.cf_user + cf_password = var.cf_password + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + recursive_delete = local.recursive_delete + s3_service_name = "${local.app_name}-logo-upload-bucket-${local.env}" +} + +# ########################################################################## +# The following lines need to be commented out for the initial `terraform apply` +# It can be re-enabled after: +# 1) the api app has first been deployed +# 2) the admin app has first been deployed +########################################################################### +# module "api_network_route" { +# source = "../shared/container_networking" + +# cf_user = var.cf_user +# cf_password = var.cf_password +# cf_org_name = local.cf_org_name +# cf_space_name = local.cf_space_name +# source_app_name = "${local.app_name}-${local.env}" +# destination_app_name = "notify-api-${local.env}" +# } diff --git a/terraform/demo/providers.tf b/terraform/demo/providers.tf new file mode 100644 index 000000000..5a7691ff0 --- /dev/null +++ b/terraform/demo/providers.tf @@ -0,0 +1,17 @@ +terraform { + required_version = "~> 1.0" + required_providers { + cloudfoundry = { + source = "cloudfoundry-community/cloudfoundry" + version = "0.15.5" + } + } + + backend "s3" { + bucket = "cg-6b759c13-6253-4a64-9bda-dd1f620185b0" + key = "admin.tfstate.demo" + encrypt = "true" + region = "us-gov-west-1" + profile = "notify-terraform-backend" + } +} diff --git a/terraform/demo/variables.tf b/terraform/demo/variables.tf new file mode 100644 index 000000000..bd8f74131 --- /dev/null +++ b/terraform/demo/variables.tf @@ -0,0 +1,5 @@ +variable "cf_password" { + type = string + sensitive = true +} +variable "cf_user" {} diff --git a/terraform/destroy_service_account.sh b/terraform/destroy_service_account.sh index caeb12901..e8db20474 100755 --- a/terraform/destroy_service_account.sh +++ b/terraform/destroy_service_account.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -org="gsa-10x-prototyping" +org="gsa-tts-benefits-studio-prototyping" usage=" $0: Destroy a Service User Account in a given space diff --git a/terraform/production/main.tf b/terraform/production/main.tf index 377654b01..88ccb5ae5 100644 --- a/terraform/production/main.tf +++ b/terraform/production/main.tf @@ -1,8 +1,8 @@ locals { - cf_org_name = "TKTK" - cf_space_name = "TKTK" + cf_org_name = "gsa-tts-benefits-studio-prototyping" + cf_space_name = "notify-prod" env = "production" - app_name = "notifications-admin" + app_name = "notify-admin" recursive_delete = false } @@ -44,7 +44,7 @@ module "logo_upload_bucket" { # cf_org_name = local.cf_org_name # cf_space_name = local.cf_space_name # source_app_name = "${local.app_name}-${local.env}" -# destination_app_name = "notifications-api-${local.env}" +# destination_app_name = "notify-api-${local.env}" # } # ########################################################################## diff --git a/terraform/production/providers.tf b/terraform/production/providers.tf index 685d356f9..276ad5105 100644 --- a/terraform/production/providers.tf +++ b/terraform/production/providers.tf @@ -8,7 +8,7 @@ terraform { } backend "s3" { - bucket = "cg-31204bcc-aae3-4cd3-8b59-5055a338d44f" + bucket = "cg-6b759c13-6253-4a64-9bda-dd1f620185b0" key = "admin.tfstate.prod" encrypt = "true" region = "us-gov-west-1" diff --git a/terraform/set_space_egress.sh b/terraform/set_space_egress.sh index 7eeaaf989..e3893e809 100755 --- a/terraform/set_space_egress.sh +++ b/terraform/set_space_egress.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -org="gsa-10x-prototyping" +org="gsa-tts-benefits-studio-prototyping" usage=" $0: Set egress rules for given space diff --git a/terraform/staging/main.tf b/terraform/staging/main.tf index d2a62db7f..a23570ca7 100644 --- a/terraform/staging/main.tf +++ b/terraform/staging/main.tf @@ -1,8 +1,8 @@ locals { - cf_org_name = "gsa-10x-prototyping" - cf_space_name = "10x-notifications" + cf_org_name = "gsa-tts-benefits-studio-prototyping" + cf_space_name = "notify-staging" env = "staging" - app_name = "notifications-admin" + app_name = "notify-admin" recursive_delete = true } @@ -30,13 +30,19 @@ module "logo_upload_bucket" { s3_service_name = "${local.app_name}-logo-upload-bucket-${local.env}" } -module "api_network_route" { - source = "../shared/container_networking" +# ########################################################################## +# The following lines need to be commented out for the initial `terraform apply` +# It can be re-enabled after: +# 1) the api app has first been deployed +# 2) the admin app has first been deployed +########################################################################### +# module "api_network_route" { +# source = "../shared/container_networking" - cf_user = var.cf_user - cf_password = var.cf_password - cf_org_name = local.cf_org_name - cf_space_name = local.cf_space_name - source_app_name = "${local.app_name}-${local.env}" - destination_app_name = "notifications-api-${local.env}" -} +# cf_user = var.cf_user +# cf_password = var.cf_password +# cf_org_name = local.cf_org_name +# cf_space_name = local.cf_space_name +# source_app_name = "${local.app_name}-${local.env}" +# destination_app_name = "notify-api-${local.env}" +# } diff --git a/terraform/staging/providers.tf b/terraform/staging/providers.tf index 826e74267..ab8e8ced0 100644 --- a/terraform/staging/providers.tf +++ b/terraform/staging/providers.tf @@ -8,7 +8,7 @@ terraform { } backend "s3" { - bucket = "cg-31204bcc-aae3-4cd3-8b59-5055a338d44f" + bucket = "cg-6b759c13-6253-4a64-9bda-dd1f620185b0" key = "admin.tfstate.stage" encrypt = "true" region = "us-gov-west-1"