Add basic terraform bootstrap and staging environments

2026-02-04 10:21:14 -05:00 · 2022-09-14 10:09:09 -04:00
parent e79adfaed5
commit e85244a3f7
17 changed files with 525 additions and 0 deletions
--- a/terraform/bootstrap/import.sh
+++ b/terraform/bootstrap/import.sh
@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+read -p "Are you sure you want to import terraform state (y/n)? " verify
+
+if [[ $verify == "y" ]]; then
+  echo "Importing bootstrap state"
+  ./run.sh import module.s3.cloudfoundry_service_instance.bucket 31204bcc-aae3-4cd3-8b59-5055a338d44f
+  ./run.sh import cloudfoundry_service_key.bucket_creds 483a6ac5-4ba0-48ad-9850-ef87b51aaa08
+  ./run.sh plan
+else
+  echo "Not importing bootstrap state"
+fi
--- a/terraform/bootstrap/main.tf
+++ b/terraform/bootstrap/main.tf
@@ -0,0 +1,24 @@
+locals {
+  cf_api_url      = "https://api.fr.cloud.gov"
+  s3_service_name = "notify-terraform-state"
+}
+
+module "s3" {
+  source = "github.com/18f/terraform-cloudgov//s3"
+
+  cf_api_url      = local.cf_api_url
+  cf_user         = var.cf_user
+  cf_password     = var.cf_password
+  cf_org_name     = "gsa-10x-prototyping"
+  cf_space_name   = "10x-notifications"
+  s3_service_name = local.s3_service_name
+}
+
+resource "cloudfoundry_service_key" "bucket_creds" {
+  name             = "${local.s3_service_name}-access"
+  service_instance = module.s3.bucket_id
+}
+
+output "bucket_credentials" {
+  value = cloudfoundry_service_key.bucket_creds.credentials
+}
--- a/terraform/bootstrap/providers.tf
+++ b/terraform/bootstrap/providers.tf
@@ -0,0 +1,16 @@
+terraform {
+  required_version = "~> 1.0"
+  required_providers {
+    cloudfoundry = {
+      source  = "cloudfoundry-community/cloudfoundry"
+      version = "0.15.5"
+    }
+  }
+}
+
+provider "cloudfoundry" {
+  api_url      = local.cf_api_url
+  user         = var.cf_user
+  password     = var.cf_password
+  app_logs_max = 30
+}
--- a/terraform/bootstrap/run.sh
+++ b/terraform/bootstrap/run.sh
@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+if [[ ! -f "secrets.auto.tfvars" ]]; then
+  ../create_service_account.sh -s 10x-notifications -u config-bootstrap-deployer > secrets.auto.tfvars
+fi
+
+if [[ $# -gt 0 ]]; then
+  echo "Running terraform $@"
+  terraform $@
+else
+  echo "Not running terraform"
+fi
--- a/terraform/bootstrap/teardown_creds.sh
+++ b/terraform/bootstrap/teardown_creds.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+../destroy_service_account.sh -s 10x-notifications -u config-bootstrap-deployer
+
+rm secrets.auto.tfvars
--- a/terraform/bootstrap/variables.tf
+++ b/terraform/bootstrap/variables.tf
@@ -0,0 +1,2 @@
+variable "cf_password" {}
+variable "cf_user" {}