Merge pull request #21 from alphagov/govsi-717-create-redis-in-for-am

chrisclayson · web-flow · commit e13a12d76164 · 2021-08-19T14:24:11.000+01:00
GOVSI-717: Create Terraform and add Redis
diff --git a/.gitignore b/.gitignore
@@ -120,4 +120,10 @@ logs*.json
 *.xlsx
 
 keys/
-.vscode/
+.vscode/
+
+# Terraform related files
+ci/terraform/.terraform
+*.tfstate
+*.tfstate.backup
+ci/terraform/*.plan
diff --git a/ci/tasks/deploy-account-management.yml b/ci/tasks/deploy-account-management.yml
@@ -0,0 +1,42 @@
+platform: linux
+image_resource:
+  type: registry-image
+  source:
+    repository: hashicorp/terraform
+    tag: 1.0.4
+    username: ((docker-hub-username))
+    password: ((docker-hub-password))    
+params:
+  DEPLOYER_ROLE_ARN: ((deployer-role-arn-non-prod))
+  DEPLOY_ENVIRONMENT: build
+  CF_USERNAME: ((cf-username))
+  CF_PASSWORD: ((cf-password))
+  CF_ORG_NAME: ((cf-org-name))
+inputs:
+  - name: account-managment-release
+outputs:
+  - name: terraform-outputs
+run:
+  path: /bin/sh
+  args:
+    - -euc
+    - |
+      mkdir src
+      tar xfz account-managment-release/source.tar.gz --strip-components=1 -C src/
+      cd "src/ci/terraform/"
+      terraform init -input=false \
+        -backend-config "role_arn=${DEPLOYER_ROLE_ARN}" \
+        -backend-config "bucket=digital-identity-dev-tfstate" \
+        -backend-config "key=acct-mgmt-${DEPLOY_ENVIRONMENT}-terraform.tfstate" \
+        -backend-config "encrypt=true" \
+        -backend-config "region=eu-west-2"
+
+      terraform apply -auto-approve \
+        -var "deployer_role_arn=${DEPLOYER_ROLE_ARN}" \
+        -var "cf_space=${DEPLOY_ENVIRONMENT}" \
+        -var "cf_username=${CF_USERNAME}" \
+        -var "cf_password=${CF_PASSWORD}" \
+        -var "cf_org_name=${CF_ORG_NAME}" \
+        -var-file ${DEPLOY_ENVIRONMENT}.tfvars
+
+      terraform output --json > ../../../../terraform-outputs/${DEPLOY_ENVIRONMENT}-terraform-outputs.json
diff --git a/ci/terraform/.terraform-version b/ci/terraform/.terraform-version
@@ -0,0 +1 @@
+1.0.4
diff --git a/ci/terraform/.terraform.lock.hcl b/ci/terraform/.terraform.lock.hcl
diff --git a/ci/terraform/build.tfvars b/ci/terraform/build.tfvars
@@ -0,0 +1,3 @@
+redis_service_plan = "tiny-ha-5.x"
+cf_space_name      = build
+cf_domain          = "build.auth.ida.digital.cabinet-office.gov.uk"
diff --git a/ci/terraform/cf-data.tf b/ci/terraform/cf-data.tf
@@ -0,0 +1,12 @@
+data "cloudfoundry_org" "org" {
+  name = var.cf_org_name
+}
+
+data "cloudfoundry_space" "space" {
+  name = var.cf_space_name
+  org  = data.cloudfoundry_org.org.id
+}
+
+data "cloudfoundry_domain" "cloudapps" {
+  name = var.cf_domain
+}
diff --git a/ci/terraform/integration.tfvars b/ci/terraform/integration.tfvars
@@ -0,0 +1,3 @@
+redis_service_plan = "tiny-ha-5.x"
+cf_space_name      = integration
+cf_domain          = "integration.auth.ida.digital.cabinet-office.gov.uk"
diff --git a/ci/terraform/redis.tf b/ci/terraform/redis.tf
@@ -0,0 +1,10 @@
+data "cloudfoundry_service" "redis" {
+  name = "redis"
+}
+
+resource "cloudfoundry_service_instance" "redis" {
+  name         = "${var.cf_space_name}-redis"
+  space        = data.cloudfoundry_space.space.id
+  service_plan = data.cloudfoundry_service.redis.service_plans["tiny-5_x"]
+}
+
diff --git a/ci/terraform/sandpit.hcl b/ci/terraform/sandpit.hcl
@@ -0,0 +1,4 @@
+bucket  = "digital-identity-dev-tfstate"
+key     = "acct-mgmt-sandpit-terraform.tfstate"
+encrypt = true
+region  = "eu-west-2"
diff --git a/ci/terraform/sandpit.tfvars b/ci/terraform/sandpit.tfvars
@@ -0,0 +1,3 @@
+cf_org_name = "gds-digital-identity-authentication"
+cf_domain = "sandpit.auth.ida.digital.cabinet-office.gov.uk"
+cf_space_name = "sandpit"
diff --git a/ci/terraform/site.tf b/ci/terraform/site.tf
@@ -0,0 +1,38 @@
+terraform {
+  required_version = ">= 1.0.4"
+
+  required_providers {
+    aws = {
+      source = "hashicorp/aws"
+      version = ">= 3.54.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 3.1.0"
+    }
+    cloudfoundry = {
+      source  = "cloudfoundry-community/cloudfoundry"
+      version = "0.14.2"
+    }
+  }
+
+  backend "s3" {
+  }
+}
+
+provider "aws" {
+  region = var.aws_region
+
+  assume_role {
+    role_arn = var.deployer_role_arn
+  }
+}
+
+provider "cloudfoundry" {
+  api_url      = "https://api.london.cloud.service.gov.uk"
+  user         = var.cf_username
+  password     = var.cf_password
+  app_logs_max = 250
+}
+
+provider "random" {}
diff --git a/ci/terraform/variables.tf b/ci/terraform/variables.tf
@@ -0,0 +1,33 @@
+variable "aws_region" {
+  default = "eu-west-2"
+}
+
+variable "deployer_role_arn" {
+  default = null
+}
+
+variable "cf_username" {
+  description = "deployer username"
+}
+
+variable "cf_password" {
+  description = "deployer password org"
+}
+
+variable "cf_org_name" {
+  description = "target org"
+}
+
+variable "cf_space_name" {
+  description = "target space"
+}
+
+variable "cf_domain" {
+}
+
+variable "redis_service_plan" {
+  type        = string
+  default     = "tiny-5.x"
+  description = "The PaaS service plan (instance size) to use for Redis. For a full list of options, run 'cf marketplace -e redis'"
+}
+

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+redis_service_plan = "tiny-ha-5.x"`
	`2`	`+cf_space_name = build`
	`3`	`+cf_domain = "build.auth.ida.digital.cabinet-office.gov.uk"`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+redis_service_plan = "tiny-ha-5.x"`
	`2`	`+cf_space_name = integration`
	`3`	`+cf_domain = "integration.auth.ida.digital.cabinet-office.gov.uk"`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+cf_org_name = "gds-digital-identity-authentication"`
	`2`	`+cf_domain = "sandpit.auth.ida.digital.cabinet-office.gov.uk"`
	`3`	`+cf_space_name = "sandpit"`