mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-07-13 09:50:08 -04:00
Merge pull request #170 from GSA/studio-cloud-gov
Set up Studio cloud.gov environment
This commit is contained in:
68
.github/workflows/deploy-demo.yml
vendored
Normal file
68
.github/workflows/deploy-demo.yml
vendored
Normal file
@@ -0,0 +1,68 @@
|
||||
name: Deploy to demo environment
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ production ]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
deploy:
|
||||
runs-on: ubuntu-latest
|
||||
environment: demo
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
with:
|
||||
fetch-depth: 2
|
||||
|
||||
- name: Check for changes to Terraform
|
||||
id: changed-terraform-files
|
||||
uses: tj-actions/changed-files@v1.1.2
|
||||
with:
|
||||
files: terraform/demo
|
||||
- name: Terraform init
|
||||
if: steps.changed-terraform-files.outputs.any_changed == 'true'
|
||||
working-directory: terraform/demo
|
||||
env:
|
||||
AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
|
||||
AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
|
||||
run: terraform init
|
||||
- name: Terraform apply
|
||||
if: steps.changed-terraform-files.outputs.any_changed == 'true'
|
||||
working-directory: terraform/demo
|
||||
env:
|
||||
AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
|
||||
AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
|
||||
TF_VAR_cf_user: ${{ secrets.CLOUDGOV_USERNAME }}
|
||||
TF_VAR_cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
|
||||
run: terraform apply -auto-approve -input=false
|
||||
|
||||
- uses: ./.github/actions/setup-project
|
||||
|
||||
- name: Deploy to cloud.gov
|
||||
uses: 18f/cg-deploy-action@main
|
||||
env:
|
||||
DANGEROUS_SALT: ${{ secrets.DANGEROUS_SALT }}
|
||||
SECRET_KEY: ${{ secrets.SECRET_KEY }}
|
||||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
ADMIN_CLIENT_SECRET: ${{ secrets.ADMIN_CLIENT_SECRET }}
|
||||
BASIC_AUTH_PASSWORD: ${{ secrets.BASIC_AUTH_PASSWORD }}
|
||||
REDIS_ENABLED: ${{ secrets.REDIS_ENABLED }}
|
||||
with:
|
||||
cf_username: ${{ secrets.CLOUDGOV_USERNAME }}
|
||||
cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
|
||||
cf_org: gsa-tts-benefits-studio-prototyping
|
||||
cf_space: notify-demo
|
||||
push_arguments: >-
|
||||
--vars-file deploy-config/staging.yml
|
||||
--var DANGEROUS_SALT="$DANGEROUS_SALT"
|
||||
--var SECRET_KEY="$SECRET_KEY"
|
||||
--var AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID"
|
||||
--var AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY"
|
||||
--var REDIS_ENABLED="$REDIS_ENABLED"
|
||||
--var ADMIN_CLIENT_USERNAME="notify-admin"
|
||||
--var ADMIN_CLIENT_SECRET="$ADMIN_CLIENT_SECRET"
|
||||
--var BASIC_AUTH_USERNAME="curiousabout"
|
||||
--var BASIC_AUTH_PASSWORD="$BASIC_AUTH_PASSWORD"
|
||||
31
.github/workflows/deploy.yml
vendored
31
.github/workflows/deploy.yml
vendored
@@ -15,13 +15,8 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
if: ${{ github.event.workflow_run.conclusion == 'success' }}
|
||||
|
||||
environment: staging
|
||||
steps:
|
||||
- name: Install container dependencies
|
||||
run: |
|
||||
sudo apt-get update \
|
||||
&& sudo apt-get install -y --no-install-recommends \
|
||||
libcurl4-openssl-dev
|
||||
|
||||
- uses: actions/checkout@v3
|
||||
with:
|
||||
fetch-depth: 2
|
||||
@@ -48,31 +43,25 @@ jobs:
|
||||
TF_VAR_cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
|
||||
run: terraform apply -auto-approve -input=false
|
||||
|
||||
- name: Set up Python 3.9
|
||||
uses: actions/setup-python@v3
|
||||
with:
|
||||
python-version: "3.9"
|
||||
|
||||
- name: Install application dependencies
|
||||
run: make bootstrap
|
||||
- uses: ./.github/actions/setup-project
|
||||
|
||||
- name: Deploy to cloud.gov
|
||||
uses: 18f/cg-deploy-action@main
|
||||
env:
|
||||
DANGEROUS_SALT: ${{ secrets.PROD_DANGEROUS_SALT }}
|
||||
SECRET_KEY: ${{ secrets.PROD_SECRET_KEY }}
|
||||
DANGEROUS_SALT: ${{ secrets.DANGEROUS_SALT }}
|
||||
SECRET_KEY: ${{ secrets.SECRET_KEY }}
|
||||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
ADMIN_CLIENT_SECRET: ${{ secrets.PROD_ADMIN_CLIENT_SECRET }}
|
||||
ADMIN_CLIENT_SECRET: ${{ secrets.ADMIN_CLIENT_SECRET }}
|
||||
BASIC_AUTH_PASSWORD: ${{ secrets.BASIC_AUTH_PASSWORD }}
|
||||
REDIS_ENABLED: ${{ secrets.REDIS_ENABLED }}
|
||||
with:
|
||||
cf_username: ${{ secrets.CLOUDGOV_USERNAME }}
|
||||
cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
|
||||
cf_org: gsa-10x-prototyping
|
||||
cf_space: 10x-notifications
|
||||
cf_org: gsa-tts-benefits-studio-prototyping
|
||||
cf_space: notify-staging
|
||||
push_arguments: >-
|
||||
--var env=staging
|
||||
--vars-file deploy-config/staging.yml
|
||||
--var DANGEROUS_SALT="$DANGEROUS_SALT"
|
||||
--var SECRET_KEY="$SECRET_KEY"
|
||||
--var AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID"
|
||||
@@ -87,4 +76,6 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
if: ${{ github.event.workflow_run.conclusion == 'failure' }}
|
||||
steps:
|
||||
- run: echo 'Checks failed, not deploying'
|
||||
- uses: actions/github-script@v6
|
||||
with:
|
||||
script: core.setFailed('Checks failed, not deploying')
|
||||
|
||||
79
.github/workflows/terraform-demo.yml
vendored
Normal file
79
.github/workflows/terraform-demo.yml
vendored
Normal file
@@ -0,0 +1,79 @@
|
||||
name: Run Terraform plan in demo
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
branches: [ production ]
|
||||
paths: [ 'terraform/**' ]
|
||||
|
||||
defaults:
|
||||
run:
|
||||
working-directory: terraform/demo
|
||||
|
||||
jobs:
|
||||
terraform:
|
||||
name: Terraform plan
|
||||
runs-on: ubuntu-latest
|
||||
environment: demo
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
|
||||
- name: Terraform format
|
||||
id: format
|
||||
run: terraform fmt -check
|
||||
|
||||
- name: Terraform init
|
||||
id: init
|
||||
env:
|
||||
AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
|
||||
AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
|
||||
run: terraform init
|
||||
|
||||
- name: Terraform validate
|
||||
id: validation
|
||||
run: terraform validate -no-color
|
||||
|
||||
- name: Terraform plan
|
||||
id: plan
|
||||
env:
|
||||
AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
|
||||
AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
|
||||
TF_VAR_cf_user: ${{ secrets.CLOUDGOV_USERNAME }}
|
||||
TF_VAR_cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
|
||||
run: terraform plan -no-color -input=false 2>&1 | tee plan_output.txt
|
||||
|
||||
- name: Read Terraform plan output file
|
||||
id: terraform_output
|
||||
uses: juliangruber/read-file-action@v1
|
||||
if: ${{ always() }}
|
||||
with:
|
||||
path: ./terraform/demo/plan_output.txt
|
||||
|
||||
# inspiration: https://learn.hashicorp.com/tutorials/terraform/github-actions#review-actions-workflow
|
||||
- name: Update PR
|
||||
uses: actions/github-script@v6
|
||||
# we would like to update the PR even when a prior step failed
|
||||
if: ${{ always() }}
|
||||
with:
|
||||
script: |
|
||||
const output = `Terraform Format and Style: ${{ steps.format.outcome }}
|
||||
Terraform Initialization: ${{ steps.init.outcome }}
|
||||
Terraform Validation: ${{ steps.validation.outcome }}
|
||||
Terraform Plan: ${{ steps.plan.outcome }}
|
||||
|
||||
<details><summary>Show Plan</summary>
|
||||
|
||||
\`\`\`\n
|
||||
${{ steps.terraform_output.outputs.content }}
|
||||
\`\`\`
|
||||
|
||||
</details>
|
||||
|
||||
*Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
|
||||
|
||||
github.rest.issues.createComment({
|
||||
issue_number: context.issue.number,
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
body: output
|
||||
})
|
||||
10
.github/workflows/terraform-production.yml
vendored
10
.github/workflows/terraform-production.yml
vendored
@@ -2,7 +2,7 @@ name: Run Terraform plan in production
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
branches: [ production ]
|
||||
branches: [ production-disabled-for-now ]
|
||||
paths: [ 'terraform/**' ]
|
||||
|
||||
defaults:
|
||||
@@ -38,8 +38,8 @@ jobs:
|
||||
env:
|
||||
AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
|
||||
AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
|
||||
TF_VAR_cf_user: ${{ secrets.CF_USERNAME }}
|
||||
TF_VAR_cf_password: ${{ secrets.CF_PASSWORD }}
|
||||
TF_VAR_cf_user: ${{ secrets.CLOUDGOV_USERNAME }}
|
||||
TF_VAR_cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
|
||||
run: terraform plan -no-color -input=false 2>&1 | tee plan_output.txt
|
||||
|
||||
- name: Read Terraform plan output file
|
||||
@@ -51,7 +51,7 @@ jobs:
|
||||
|
||||
# inspiration: https://learn.hashicorp.com/tutorials/terraform/github-actions#review-actions-workflow
|
||||
- name: Update PR
|
||||
uses: actions/github-script@v4
|
||||
uses: actions/github-script@v6
|
||||
# we would like to update the PR even when a prior step failed
|
||||
if: ${{ always() }}
|
||||
with:
|
||||
@@ -71,7 +71,7 @@ jobs:
|
||||
|
||||
*Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
|
||||
|
||||
github.issues.createComment({
|
||||
github.rest.issues.createComment({
|
||||
issue_number: context.issue.number,
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
|
||||
5
.github/workflows/terraform-staging.yml
vendored
5
.github/workflows/terraform-staging.yml
vendored
@@ -13,6 +13,7 @@ jobs:
|
||||
terraform:
|
||||
name: Terraform plan
|
||||
runs-on: ubuntu-latest
|
||||
environment: staging
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
@@ -50,7 +51,7 @@ jobs:
|
||||
|
||||
# inspiration: https://learn.hashicorp.com/tutorials/terraform/github-actions#review-actions-workflow
|
||||
- name: Update PR
|
||||
uses: actions/github-script@v4
|
||||
uses: actions/github-script@v6
|
||||
# we would like to update the PR even when a prior step failed
|
||||
if: ${{ always() }}
|
||||
with:
|
||||
@@ -70,7 +71,7 @@ jobs:
|
||||
|
||||
*Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
|
||||
|
||||
github.issues.createComment({
|
||||
github.rest.issues.createComment({
|
||||
issue_number: context.issue.number,
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
|
||||
@@ -148,6 +148,10 @@ class Staging(Production):
|
||||
HEADER_COLOUR = '#6F72AF' # $mauve
|
||||
|
||||
|
||||
class Demo(Staging):
|
||||
pass
|
||||
|
||||
|
||||
class Scanning(Production):
|
||||
BASIC_AUTH_FORCE = False
|
||||
HTTP_PROTOCOL = 'http'
|
||||
@@ -162,5 +166,6 @@ configs = {
|
||||
'test': Test,
|
||||
'scanning': Scanning,
|
||||
'staging': Staging,
|
||||
'demo': Demo,
|
||||
'production': Production
|
||||
}
|
||||
|
||||
4
deploy-config/demo.yml
Normal file
4
deploy-config/demo.yml
Normal file
@@ -0,0 +1,4 @@
|
||||
env: demo
|
||||
instances: 1
|
||||
memory: 1G
|
||||
public_admin_route: notify-demo.app.cloud.gov
|
||||
4
deploy-config/production.yml
Normal file
4
deploy-config/production.yml
Normal file
@@ -0,0 +1,4 @@
|
||||
env: production
|
||||
instances: 2
|
||||
memory: 1G
|
||||
public_admin_route: notify.app.cloud.gov
|
||||
4
deploy-config/staging.yml
Normal file
4
deploy-config/staging.yml
Normal file
@@ -0,0 +1,4 @@
|
||||
env: staging
|
||||
instances: 1
|
||||
memory: 1G
|
||||
public_admin_route: notify-staging.app.cloud.gov
|
||||
29
manifest.yml
29
manifest.yml
@@ -1,45 +1,44 @@
|
||||
---
|
||||
applications:
|
||||
- name: notifications-admin-((env))
|
||||
- name: notify-admin-((env))
|
||||
buildpack: python_buildpack
|
||||
memory: 1G
|
||||
instances: ((instances))
|
||||
memory: ((memory))
|
||||
health-check-type: http
|
||||
health-check-http-endpoint: '/_status?simple=true'
|
||||
health-check-invocation-timeout: 10
|
||||
routes:
|
||||
- route: notifications-admin.app.cloud.gov
|
||||
- route: ((public_admin_route))
|
||||
|
||||
services:
|
||||
- notifications-admin-redis-((env))
|
||||
- notifications-api-csv-upload-bucket-((env))
|
||||
- notifications-api-contact-list-bucket-((env))
|
||||
- notifications-admin-logo-upload-bucket-((env))
|
||||
- notify-admin-redis-((env))
|
||||
- notify-api-csv-upload-bucket-((env))
|
||||
- notify-api-contact-list-bucket-((env))
|
||||
- notify-admin-logo-upload-bucket-((env))
|
||||
|
||||
env:
|
||||
NOTIFY_ENVIRONMENT: ((env))
|
||||
NOTIFY_APP_NAME: admin
|
||||
NOTIFY_LOG_PATH: /home/vcap/logs/app.log
|
||||
NOTIFY_LOG_LEVEL: INFO
|
||||
FLASK_APP: application.py
|
||||
FLASK_ENV: production
|
||||
DEPLOY_ENV: ((env))
|
||||
REDIS_ENABLED: ((REDIS_ENABLED))
|
||||
|
||||
NOTIFY_ENVIRONMENT: ((env))
|
||||
ADMIN_BASE_URL: https://((public_admin_route))
|
||||
API_HOST_NAME: https://notify-api-((env)).apps.internal:61443
|
||||
|
||||
# Credentials variables
|
||||
ADMIN_CLIENT_SECRET: ((ADMIN_CLIENT_SECRET))
|
||||
ADMIN_CLIENT_USERNAME: ((ADMIN_CLIENT_USERNAME))
|
||||
ADMIN_BASE_URL: https://notifications-admin.app.cloud.gov
|
||||
API_HOST_NAME: https://notifications-api-((env)).apps.internal:61443
|
||||
DANGEROUS_SALT: ((DANGEROUS_SALT))
|
||||
SECRET_KEY: ((SECRET_KEY))
|
||||
BASIC_AUTH_USERNAME: ((BASIC_AUTH_USERNAME))
|
||||
BASIC_AUTH_PASSWORD: ((BASIC_AUTH_PASSWORD))
|
||||
|
||||
AWS_REGION: us-west-2
|
||||
AWS_ACCESS_KEY_ID: ((AWS_ACCESS_KEY_ID))
|
||||
AWS_SECRET_ACCESS_KEY: ((AWS_SECRET_ACCESS_KEY))
|
||||
BASIC_AUTH_USERNAME: ((BASIC_AUTH_USERNAME))
|
||||
BASIC_AUTH_PASSWORD: ((BASIC_AUTH_PASSWORD))
|
||||
|
||||
NOTIFY_BILLING_DETAILS: []
|
||||
NOTIFY_BILLING_DETAILS: '[]'
|
||||
|
||||
REQUESTS_CA_BUNDLE: "/etc/ssl/certs/ca-certificates.crt"
|
||||
|
||||
@@ -4,8 +4,8 @@ read -p "Are you sure you want to import terraform state (y/n)? " verify
|
||||
|
||||
if [[ $verify == "y" ]]; then
|
||||
echo "Importing bootstrap state"
|
||||
./run.sh import module.s3.cloudfoundry_service_instance.bucket 31204bcc-aae3-4cd3-8b59-5055a338d44f
|
||||
./run.sh import cloudfoundry_service_key.bucket_creds 483a6ac5-4ba0-48ad-9850-ef87b51aaa08
|
||||
./run.sh import module.s3.cloudfoundry_service_instance.bucket 6b759c13-6253-4a64-9bda-dd1f620185b0
|
||||
./run.sh import cloudfoundry_service_key.bucket_creds a8e40295-68b7-42ba-8955-d82ba262e948
|
||||
./run.sh plan
|
||||
else
|
||||
echo "Not importing bootstrap state"
|
||||
|
||||
@@ -9,8 +9,8 @@ module "s3" {
|
||||
cf_api_url = local.cf_api_url
|
||||
cf_user = var.cf_user
|
||||
cf_password = var.cf_password
|
||||
cf_org_name = "gsa-10x-prototyping"
|
||||
cf_space_name = "10x-notifications"
|
||||
cf_org_name = "gsa-tts-benefits-studio-prototyping"
|
||||
cf_space_name = "notify-management"
|
||||
s3_service_name = local.s3_service_name
|
||||
}
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
if [[ ! -f "secrets.auto.tfvars" ]]; then
|
||||
../create_service_account.sh -s 10x-notifications -u config-bootstrap-deployer > secrets.auto.tfvars
|
||||
../create_service_account.sh -s notify-management -u config-bootstrap-deployer > secrets.auto.tfvars
|
||||
fi
|
||||
|
||||
if [[ $# -gt 0 ]]; then
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
../destroy_service_account.sh -s 10x-notifications -u config-bootstrap-deployer
|
||||
../destroy_service_account.sh -s notify-management -u config-bootstrap-deployer
|
||||
|
||||
rm secrets.auto.tfvars
|
||||
|
||||
@@ -1,2 +1,4 @@
|
||||
variable "cf_password" {}
|
||||
variable "cf_password" {
|
||||
sensitive = true
|
||||
}
|
||||
variable "cf_user" {}
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
org="gsa-10x-prototyping"
|
||||
org="gsa-tts-benefits-studio-prototyping"
|
||||
|
||||
usage="
|
||||
$0: Create a Service User Account for a given space
|
||||
|
||||
48
terraform/demo/main.tf
Normal file
48
terraform/demo/main.tf
Normal file
@@ -0,0 +1,48 @@
|
||||
locals {
|
||||
cf_org_name = "gsa-tts-benefits-studio-prototyping"
|
||||
cf_space_name = "notify-demo"
|
||||
env = "demo"
|
||||
app_name = "notify-admin"
|
||||
recursive_delete = false
|
||||
}
|
||||
|
||||
module "redis" {
|
||||
source = "github.com/18f/terraform-cloudgov//redis"
|
||||
|
||||
cf_user = var.cf_user
|
||||
cf_password = var.cf_password
|
||||
cf_org_name = local.cf_org_name
|
||||
cf_space_name = local.cf_space_name
|
||||
env = local.env
|
||||
app_name = local.app_name
|
||||
recursive_delete = local.recursive_delete
|
||||
redis_plan_name = "redis-dev"
|
||||
}
|
||||
|
||||
module "logo_upload_bucket" {
|
||||
source = "github.com/18f/terraform-cloudgov//s3"
|
||||
|
||||
cf_user = var.cf_user
|
||||
cf_password = var.cf_password
|
||||
cf_org_name = local.cf_org_name
|
||||
cf_space_name = local.cf_space_name
|
||||
recursive_delete = local.recursive_delete
|
||||
s3_service_name = "${local.app_name}-logo-upload-bucket-${local.env}"
|
||||
}
|
||||
|
||||
# ##########################################################################
|
||||
# The following lines need to be commented out for the initial `terraform apply`
|
||||
# It can be re-enabled after:
|
||||
# 1) the api app has first been deployed
|
||||
# 2) the admin app has first been deployed
|
||||
###########################################################################
|
||||
# module "api_network_route" {
|
||||
# source = "../shared/container_networking"
|
||||
|
||||
# cf_user = var.cf_user
|
||||
# cf_password = var.cf_password
|
||||
# cf_org_name = local.cf_org_name
|
||||
# cf_space_name = local.cf_space_name
|
||||
# source_app_name = "${local.app_name}-${local.env}"
|
||||
# destination_app_name = "notify-api-${local.env}"
|
||||
# }
|
||||
17
terraform/demo/providers.tf
Normal file
17
terraform/demo/providers.tf
Normal file
@@ -0,0 +1,17 @@
|
||||
terraform {
|
||||
required_version = "~> 1.0"
|
||||
required_providers {
|
||||
cloudfoundry = {
|
||||
source = "cloudfoundry-community/cloudfoundry"
|
||||
version = "0.15.5"
|
||||
}
|
||||
}
|
||||
|
||||
backend "s3" {
|
||||
bucket = "cg-6b759c13-6253-4a64-9bda-dd1f620185b0"
|
||||
key = "admin.tfstate.demo"
|
||||
encrypt = "true"
|
||||
region = "us-gov-west-1"
|
||||
profile = "notify-terraform-backend"
|
||||
}
|
||||
}
|
||||
5
terraform/demo/variables.tf
Normal file
5
terraform/demo/variables.tf
Normal file
@@ -0,0 +1,5 @@
|
||||
variable "cf_password" {
|
||||
type = string
|
||||
sensitive = true
|
||||
}
|
||||
variable "cf_user" {}
|
||||
@@ -1,6 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
org="gsa-10x-prototyping"
|
||||
org="gsa-tts-benefits-studio-prototyping"
|
||||
|
||||
usage="
|
||||
$0: Destroy a Service User Account in a given space
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
locals {
|
||||
cf_org_name = "TKTK"
|
||||
cf_space_name = "TKTK"
|
||||
cf_org_name = "gsa-tts-benefits-studio-prototyping"
|
||||
cf_space_name = "notify-prod"
|
||||
env = "production"
|
||||
app_name = "notifications-admin"
|
||||
app_name = "notify-admin"
|
||||
recursive_delete = false
|
||||
}
|
||||
|
||||
@@ -44,7 +44,7 @@ module "logo_upload_bucket" {
|
||||
# cf_org_name = local.cf_org_name
|
||||
# cf_space_name = local.cf_space_name
|
||||
# source_app_name = "${local.app_name}-${local.env}"
|
||||
# destination_app_name = "notifications-api-${local.env}"
|
||||
# destination_app_name = "notify-api-${local.env}"
|
||||
# }
|
||||
|
||||
# ##########################################################################
|
||||
|
||||
@@ -8,7 +8,7 @@ terraform {
|
||||
}
|
||||
|
||||
backend "s3" {
|
||||
bucket = "cg-31204bcc-aae3-4cd3-8b59-5055a338d44f"
|
||||
bucket = "cg-6b759c13-6253-4a64-9bda-dd1f620185b0"
|
||||
key = "admin.tfstate.prod"
|
||||
encrypt = "true"
|
||||
region = "us-gov-west-1"
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
org="gsa-10x-prototyping"
|
||||
org="gsa-tts-benefits-studio-prototyping"
|
||||
|
||||
usage="
|
||||
$0: Set egress rules for given space
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
locals {
|
||||
cf_org_name = "gsa-10x-prototyping"
|
||||
cf_space_name = "10x-notifications"
|
||||
cf_org_name = "gsa-tts-benefits-studio-prototyping"
|
||||
cf_space_name = "notify-staging"
|
||||
env = "staging"
|
||||
app_name = "notifications-admin"
|
||||
app_name = "notify-admin"
|
||||
recursive_delete = true
|
||||
}
|
||||
|
||||
@@ -30,13 +30,19 @@ module "logo_upload_bucket" {
|
||||
s3_service_name = "${local.app_name}-logo-upload-bucket-${local.env}"
|
||||
}
|
||||
|
||||
module "api_network_route" {
|
||||
source = "../shared/container_networking"
|
||||
# ##########################################################################
|
||||
# The following lines need to be commented out for the initial `terraform apply`
|
||||
# It can be re-enabled after:
|
||||
# 1) the api app has first been deployed
|
||||
# 2) the admin app has first been deployed
|
||||
###########################################################################
|
||||
# module "api_network_route" {
|
||||
# source = "../shared/container_networking"
|
||||
|
||||
cf_user = var.cf_user
|
||||
cf_password = var.cf_password
|
||||
cf_org_name = local.cf_org_name
|
||||
cf_space_name = local.cf_space_name
|
||||
source_app_name = "${local.app_name}-${local.env}"
|
||||
destination_app_name = "notifications-api-${local.env}"
|
||||
}
|
||||
# cf_user = var.cf_user
|
||||
# cf_password = var.cf_password
|
||||
# cf_org_name = local.cf_org_name
|
||||
# cf_space_name = local.cf_space_name
|
||||
# source_app_name = "${local.app_name}-${local.env}"
|
||||
# destination_app_name = "notify-api-${local.env}"
|
||||
# }
|
||||
|
||||
@@ -8,7 +8,7 @@ terraform {
|
||||
}
|
||||
|
||||
backend "s3" {
|
||||
bucket = "cg-31204bcc-aae3-4cd3-8b59-5055a338d44f"
|
||||
bucket = "cg-6b759c13-6253-4a64-9bda-dd1f620185b0"
|
||||
key = "admin.tfstate.stage"
|
||||
encrypt = "true"
|
||||
region = "us-gov-west-1"
|
||||
|
||||
Reference in New Issue
Block a user