Merge pull request #849 from GSA/fix-remaining-terraform

Fix remaining Terraform for production and demo

terraform/demo/main.tf

@@ -1,38 +1,46 @@
 locals {
-  cf_org_name      = "gsa-tts-benefits-studio"
-  cf_space_name    = "notify-demo"
-  env              = "demo"
-  app_name         = "notify-api"
-  recursive_delete = false
+  cf_org_name              = "gsa-tts-benefits-studio"
+  cf_space_name            = "notify-demo"
+  env                      = "demo"
+  app_name                 = "notify-api"
+  delete_recursive_allowed = false
+}
+
+data "cloudfoundry_space" "demo" {
+  org_name = local.cf_org_name
+  name     = local.cf_space_name
+}
+
+resource "cloudfoundry_space" "notify-demo" {
+  delete_recursive_allowed = local.delete_recursive_allowed
+  name                     = local.cf_space_name
+  org                      = data.cloudfoundry_org.org.id
 }
 
 module "database" {
   source = "github.com/18f/terraform-cloudgov//database?ref=v0.7.1"
 
-  cf_org_name      = local.cf_org_name
-  cf_space_name    = local.cf_space_name
-  name             = "${local.app_name}-rds-${local.env}"
-  recursive_delete = local.recursive_delete
-  rds_plan_name    = "micro-psql"
+  cf_org_name   = local.cf_org_name
+  cf_space_name = local.cf_space_name
+  name          = "${local.app_name}-rds-${local.env}"
+  rds_plan_name = "micro-psql"
 }
 
 module "redis" {
   source = "github.com/18f/terraform-cloudgov//redis?ref=v0.7.1"
 
-  cf_org_name      = local.cf_org_name
-  cf_space_name    = local.cf_space_name
-  name             = "${local.app_name}-redis-${local.env}"
-  recursive_delete = local.recursive_delete
-  redis_plan_name  = "redis-dev"
+  cf_org_name     = local.cf_org_name
+  cf_space_name   = local.cf_space_name
+  name            = "${local.app_name}-redis-${local.env}"
+  redis_plan_name = "redis-dev"
 }
 
 module "csv_upload_bucket" {
   source = "github.com/18f/terraform-cloudgov//s3?ref=v0.7.1"
 
-  cf_org_name      = local.cf_org_name
-  cf_space_name    = local.cf_space_name
-  recursive_delete = local.recursive_delete
-  name             = "${local.app_name}-csv-upload-bucket-${local.env}"
+  cf_org_name   = local.cf_org_name
+  cf_space_name = local.cf_space_name
+  name          = "${local.app_name}-csv-upload-bucket-${local.env}"
 }
 
 module "egress-space" {
@@ -40,6 +48,7 @@ module "egress-space" {
 
   cf_org_name              = local.cf_org_name
   cf_restricted_space_name = local.cf_space_name
+  delete_recursive_allowed = local.delete_recursive_allowed
   deployers = [
     var.cf_user,
     "steven.reilly@gsa.gov"
@@ -52,7 +61,6 @@ module "ses_email" {
   cf_org_name         = local.cf_org_name
   cf_space_name       = local.cf_space_name
   name                = "${local.app_name}-ses-${local.env}"
-  recursive_delete    = local.recursive_delete
   aws_region          = "us-west-2"
   email_domain        = "notify.sandbox.10x.gsa.gov"
   email_receipt_error = "notify-support@gsa.gov"
@@ -64,7 +72,6 @@ module "sns_sms" {
   cf_org_name         = local.cf_org_name
   cf_space_name       = local.cf_space_name
   name                = "${local.app_name}-sns-${local.env}"
-  recursive_delete    = local.recursive_delete
   aws_region          = "us-east-1"
   monthly_spend_limit = 25
 }

terraform/demo/providers.tf

@@ -3,7 +3,7 @@ terraform {
   required_providers {
     cloudfoundry = {
       source  = "cloudfoundry-community/cloudfoundry"
-      version = "0.53.0"
+      version = "0.53.1"
     }
   }
 

terraform/production/main.tf

@@ -1,45 +1,57 @@
 locals {
-  cf_org_name      = "gsa-tts-benefits-studio"
-  cf_space_name    = "notify-production"
-  env              = "production"
-  app_name         = "notify-api"
-  recursive_delete = false
+  cf_org_name              = "gsa-tts-benefits-studio"
+  cf_space_name            = "notify-production"
+  env                      = "production"
+  app_name                 = "notify-api"
+  delete_recursive_allowed = false
+  allow_ssh                = false
+}
+
+data "cloudfoundry_space" "production" {
+  org_name = local.cf_org_name
+  name     = local.cf_space_name
+}
+
+resource "cloudfoundry_space" "notify-production" {
+  allow_ssh                = local.allow_ssh
+  delete_recursive_allowed = local.delete_recursive_allowed
+  name                     = local.cf_space_name
+  org                      = data.cloudfoundry_org.org.id
 }
 
 module "database" {
   source = "github.com/18f/terraform-cloudgov//database?ref=v0.7.1"
 
-  cf_org_name      = local.cf_org_name
-  cf_space_name    = local.cf_space_name
-  name             = "${local.app_name}-rds-${local.env}"
-  recursive_delete = local.recursive_delete
-  rds_plan_name    = "small-psql-redundant"
+  cf_org_name   = local.cf_org_name
+  cf_space_name = local.cf_space_name
+  name          = "${local.app_name}-rds-${local.env}"
+  rds_plan_name = "small-psql-redundant"
 }
 
 module "redis" {
   source = "github.com/18f/terraform-cloudgov//redis?ref=v0.7.1"
 
-  cf_org_name      = local.cf_org_name
-  cf_space_name    = local.cf_space_name
-  name             = "${local.app_name}-redis-${local.env}"
-  recursive_delete = local.recursive_delete
-  redis_plan_name  = "redis-3node-large"
+  cf_org_name     = local.cf_org_name
+  cf_space_name   = local.cf_space_name
+  name            = "${local.app_name}-redis-${local.env}"
+  redis_plan_name = "redis-3node-large"
 }
 
 module "csv_upload_bucket" {
   source = "github.com/18f/terraform-cloudgov//s3?ref=v0.7.1"
 
-  cf_org_name      = local.cf_org_name
-  cf_space_name    = local.cf_space_name
-  recursive_delete = local.recursive_delete
-  name             = "${local.app_name}-csv-upload-bucket-${local.env}"
+  cf_org_name   = local.cf_org_name
+  cf_space_name = local.cf_space_name
+  name          = "${local.app_name}-csv-upload-bucket-${local.env}"
 }
 
 module "egress-space" {
   source = "../shared/egress_space"
 
+  allow_ssh                = local.allow_ssh
   cf_org_name              = local.cf_org_name
   cf_restricted_space_name = local.cf_space_name
+  delete_recursive_allowed = local.delete_recursive_allowed
   deployers = [
     var.cf_user
   ]
@@ -51,7 +63,6 @@ module "ses_email" {
   cf_org_name         = local.cf_org_name
   cf_space_name       = local.cf_space_name
   name                = "${local.app_name}-ses-${local.env}"
-  recursive_delete    = local.recursive_delete
   aws_region          = "us-gov-west-1"
   email_domain        = "notify.gov"
   mail_from_subdomain = "mail"
@@ -64,7 +75,6 @@ module "sns_sms" {
   cf_org_name         = local.cf_org_name
   cf_space_name       = local.cf_space_name
   name                = "${local.app_name}-sns-${local.env}"
-  recursive_delete    = local.recursive_delete
   aws_region          = "us-gov-west-1"
   monthly_spend_limit = 1000
 }

terraform/production/providers.tf

@@ -3,7 +3,7 @@ terraform {
   required_providers {
     cloudfoundry = {
       source  = "cloudfoundry-community/cloudfoundry"
-      version = "0.53.0"
+      version = "0.53.1"
     }
   }
 

terraform/shared/egress_space/main.tf

@@ -11,7 +11,8 @@ data "cloudfoundry_org" "org" {
 ###
 
 resource "cloudfoundry_space" "public_egress" {
-  delete_recursive_allowed = false
+  allow_ssh                = var.allow_ssh
+  delete_recursive_allowed = var.delete_recursive_allowed
   name                     = "${var.cf_restricted_space_name}-egress"
   org                      = data.cloudfoundry_org.org.id
 }

terraform/shared/egress_space/variables.tf

@@ -3,3 +3,15 @@ variable "cf_restricted_space_name" {}
 variable "deployers" {
   type = set(string)
 }
+
+variable "delete_recursive_allowed" {
+  type        = bool
+  default     = true
+  description = "Flag for allowing resources to be recursively deleted - not recommended in production environments"
+}
+
+variable "allow_ssh" {
+  type        = bool
+  default     = true
+  description = "Flag for allowing SSH access in a space - not recommended in production environments"
+}