From 58b81cb4b6f79e4dc85f45638626008684eab48d Mon Sep 17 00:00:00 2001 From: dcordz <17937472+dcordz@users.noreply.github.com> Date: Sun, 17 Nov 2024 14:53:01 -0500 Subject: [PATCH] padawan - add tf to .gitignore, remove tf from git --- .gitignore | 3 + tf/main.tf | 71 ------ tf/main.tfvars | 0 tf/modules/backup/main.tf | 26 --- tf/modules/backup/variables.tf | 16 -- tf/modules/backup/versions.tf | 8 - tf/modules/buckets/main.tf | 41 ---- tf/modules/buckets/variables.tf | 9 - tf/modules/cloud_run/main.tf | 375 ------------------------------ tf/modules/cloud_run/variables.tf | 8 - tf/modules/iam/main.tf | 41 ---- tf/modules/iam/variables.tf | 3 - tf/modules/secrets/main.tf | 118 ---------- tf/modules/secrets/outputs.tf | 21 -- tf/modules/secrets/variables.tf | 12 - tf/terraform.sh | 50 ---- tf/variables.tf | 24 -- tf/versions.tf | 18 -- 18 files changed, 3 insertions(+), 841 deletions(-) delete mode 100644 tf/main.tf delete mode 100644 tf/main.tfvars delete mode 100644 tf/modules/backup/main.tf delete mode 100644 tf/modules/backup/variables.tf delete mode 100644 tf/modules/backup/versions.tf delete mode 100644 tf/modules/buckets/main.tf delete mode 100644 tf/modules/buckets/variables.tf delete mode 100644 tf/modules/cloud_run/main.tf delete mode 100644 tf/modules/cloud_run/variables.tf delete mode 100644 tf/modules/iam/main.tf delete mode 100644 tf/modules/iam/variables.tf delete mode 100644 tf/modules/secrets/main.tf delete mode 100644 tf/modules/secrets/outputs.tf delete mode 100644 tf/modules/secrets/variables.tf delete mode 100755 tf/terraform.sh delete mode 100644 tf/variables.tf delete mode 100644 tf/versions.tf diff --git a/.gitignore b/.gitignore index 58dcc47c..1599854c 100644 --- a/.gitignore +++ b/.gitignore @@ -63,4 +63,7 @@ wireguard.conf newrelic.yml +# Not using Terraform/Google Cloud +tf/ + !**/**/.keep \ No newline at end of file diff --git a/tf/main.tf b/tf/main.tf deleted file mode 100644 index 056998da..00000000 --- a/tf/main.tf +++ /dev/null @@ -1,71 +0,0 @@ -provider "google" { - project = var.project - region = var.region - - default_labels = { - environment = var.environment - terraform = "true" - } -} - -provider "digitalocean" { - token = var.digitalocean_token - - spaces_access_id = var.digitalocean_spaces_access_id - spaces_secret_key = var.digitalocean_spaces_secret_key -} - -module "secrets" { - source = "./modules/secrets" - - project = var.project - region = var.region - environment = var.environment - - digitalocean_spaces_access_id = var.digitalocean_spaces_access_id - digitalocean_spaces_secret_key = var.digitalocean_spaces_secret_key -} - -module "iam" { - count = var.environment == "prod" ? 1 : 0 - - source = "./modules/iam" - - project = var.project - region = var.region - environment = var.environment -} - -module "buckets" { - source = "./modules/buckets" - - project = var.project - region = var.region - environment = var.environment -} - -module "backup" { - source = "./modules/backup" - - providers = { - digitalocean = digitalocean - } - - project = var.project - region = var.region - environment = var.environment - - digitalocean_token = var.digitalocean_token - digitalocean_spaces_access_id = var.digitalocean_spaces_access_id - digitalocean_spaces_secret_key = var.digitalocean_spaces_secret_key -} - -module "cloud_run" { - source = "./modules/cloud_run" - - project = var.project - region = var.region - environment = var.environment - - secrets = module.secrets.secrets -} diff --git a/tf/main.tfvars b/tf/main.tfvars deleted file mode 100644 index e69de29b..00000000 diff --git a/tf/modules/backup/main.tf b/tf/modules/backup/main.tf deleted file mode 100644 index fb74b18c..00000000 --- a/tf/modules/backup/main.tf +++ /dev/null @@ -1,26 +0,0 @@ - - -######################################################################## -# DIGITAL OCEAN SQLITE BACKUP -######################################################################## - -resource "digitalocean_spaces_bucket" "sqlite" { - provider = digitalocean - - name = "${var.environment}-sway-sqlite-backup" - region = "nyc3" - - acl = "private" -} - -resource "digitalocean_spaces_bucket_cors_configuration" "test" { - bucket = digitalocean_spaces_bucket.sqlite.id - region = "nyc3" - - cors_rule { - allowed_headers = ["*"] - allowed_methods = ["GET", "PUT", "POST", "HEAD"] - allowed_origins = ["*"] - max_age_seconds = 3000 - } -} diff --git a/tf/modules/backup/variables.tf b/tf/modules/backup/variables.tf deleted file mode 100644 index 2c02b49c..00000000 --- a/tf/modules/backup/variables.tf +++ /dev/null @@ -1,16 +0,0 @@ -variable "region" {} -variable "project" {} -variable "environment" {} - -variable "digitalocean_token" { - type = string - sensitive = true -} -variable "digitalocean_spaces_access_id" { - type = string - sensitive = true -} -variable "digitalocean_spaces_secret_key" { - type = string - sensitive = true -} diff --git a/tf/modules/backup/versions.tf b/tf/modules/backup/versions.tf deleted file mode 100644 index d2bf4997..00000000 --- a/tf/modules/backup/versions.tf +++ /dev/null @@ -1,8 +0,0 @@ -terraform { - required_providers { - digitalocean = { - source = "digitalocean/digitalocean" - version = "~> 2" - } - } -} \ No newline at end of file diff --git a/tf/modules/buckets/main.tf b/tf/modules/buckets/main.tf deleted file mode 100644 index 2f6c0680..00000000 --- a/tf/modules/buckets/main.tf +++ /dev/null @@ -1,41 +0,0 @@ -######################################################################## -# GOOGLE CLOUD SQLITE -######################################################################## - -resource "google_storage_bucket" "assets" { - name = var.environment == "prod" ? "sway-assets" : "${var.environment}-sway-assets" - location = var.region - - public_access_prevention = "inherited" - - cors { - max_age_seconds = 3600 - method = [ - "GET", - "PUT", - ] - origin = [ - "https://localhost:3000", - "https://app.sway.vote", - ] - response_header = [ - "Content-Type", - "x-goog-resumable", - ] - } -} - -resource "google_storage_bucket" "sqlite" { - name = var.environment == "prod" ? "sway-sqlite" : "${var.environment}-sway-sqlite" - location = var.region - - public_access_prevention = "enforced" -} - -######################################################################## -# TERRAFORM BUCKET -######################################################################## - -data "google_storage_bucket" "terraform" { - name = "sway-terraform" -} diff --git a/tf/modules/buckets/variables.tf b/tf/modules/buckets/variables.tf deleted file mode 100644 index 104dd9a4..00000000 --- a/tf/modules/buckets/variables.tf +++ /dev/null @@ -1,9 +0,0 @@ -variable "region" { - -} -variable "project" { - -} -variable "environment" { - -} diff --git a/tf/modules/cloud_run/main.tf b/tf/modules/cloud_run/main.tf deleted file mode 100644 index 756e4634..00000000 --- a/tf/modules/cloud_run/main.tf +++ /dev/null @@ -1,375 +0,0 @@ -locals { - google_bucket_name = var.environment == "prod" ? "sway-sqlite" : "${var.environment}-sway-sqlite" - digitalocean_bucket_name = "${var.environment}-sway-sqlite-backup" -} - -resource "google_cloud_run_service" "app" { - provider = google-beta - - name = var.environment == "prod" ? "sway" : "sway-${var.environment}" - location = var.region - project = var.project - autogenerate_revision_name = false - - template { - spec { - # 0 thread-safe, the system should manage the max concurrency. This is the default value. - container_concurrency = 80 - - containers { - name = "sway-1" - image = "us-central1-docker.pkg.dev/sway-421916/sway/sway:latest" - - # PUBLIC ENV VARS - - env { - name = "RAILS_ENV" - value = "production" - } - - # SECRET ENV VARS - - env { - name = "ADMIN_PHONES" - value_from { - secret_key_ref { - key = "latest" - name = "ADMIN_PHONES" - } - } - } - env { - name = "GOOGLE_MAPS_API_KEY" - value_from { - secret_key_ref { - key = "latest" - name = "GOOGLE_MAPS_API_KEY" - } - } - } - env { - name = "GOOGLE_RECAPTCHA_SECRET_KEY" - value_from { - secret_key_ref { - key = "latest" - name = "GOOGLE_RECAPTCHA_SECRET_KEY" - } - } - } - env { - name = "SECRET_KEY_BASE" - value_from { - secret_key_ref { - key = "latest" - name = "SECRET_KEY_BASE" - } - } - } - env { - name = "SWAY_DATABASE_PASSWORD" - value_from { - secret_key_ref { - key = "latest" - name = "SWAY_DATABASE_PASSWORD" - } - } - } - env { - name = "TWILIO_ACCOUNT_SID" - value_from { - secret_key_ref { - key = "latest" - name = "TWILIO_ACCOUNT_SID" - } - } - } - env { - name = "TWILIO_AUTH_TOKEN" - value_from { - secret_key_ref { - key = "latest" - name = "TWILIO_AUTH_TOKEN" - } - } - } - env { - name = "TWILIO_VERIFY_SERVICE_SID" - value_from { - secret_key_ref { - key = "latest" - name = "TWILIO_VERIFY_SERVICE_SID" - } - } - } - env { - name = "VAPID_PRIVATE_KEY" - value_from { - secret_key_ref { - key = "latest" - name = "VAPID_PRIVATE_KEY" - } - } - } - env { - name = "VAPID_PUBLIC_KEY" - value_from { - secret_key_ref { - key = "latest" - name = "VAPID_PUBLIC_KEY" - } - } - } - env { - name = "VITE_GOOGLE_MAPS_API_KEY" - value_from { - secret_key_ref { - key = "latest" - name = "VITE_GOOGLE_MAPS_API_KEY" - } - } - } - env { - name = "VITE_GOOGLE_RECAPTCHA_SITE_KEY" - value_from { - secret_key_ref { - key = "latest" - name = "VITE_GOOGLE_RECAPTCHA_SITE_KEY" - } - } - } - - startup_probe { - initial_delay_seconds = 0 - timeout_seconds = 240 - period_seconds = 240 - failure_threshold = 1 - - tcp_socket { - port = 3000 - } - } - - liveness_probe { - failure_threshold = 9 - http_get { - path = "/up" - port = "3000" - } - } - - volume_mounts { - name = local.google_bucket_name - mount_path = "/rails/storage" - } - - ports { - name = "http1" # default, use h2c for http/2 - container_port = "3000" - } - - resources { - limits = { - cpu : "1000m", - memory : "512Mi" - } - } - } - - volumes { - name = local.google_bucket_name - - csi { - driver = "gcsfuse.run.googleapis.com" - read_only = false - volume_attributes = { - "bucketName" = local.google_bucket_name - } - } - } - } - } - - metadata { - annotations = { - "run.googleapis.com/execution-environment" : "gen2", - "run.googleapis.com/launch-stage" : "BETA", - "autoscaling.knative.dev/maxScale": 1 - } - - labels = { - environment = var.environment - terraform = true - } - } - - traffic { - percent = 100 - latest_revision = true - } - - # lifecycle { - # ignore_changes = [ - # metadata.0.annotations, - # ] - # } -} - -data "google_iam_policy" "noauth" { - binding { - role = "roles/run.invoker" - members = [ - "allUsers", - ] - } -} - -resource "google_cloud_run_service_iam_policy" "noauth" { - location = google_cloud_run_service.app.location - project = google_cloud_run_service.app.project - service = google_cloud_run_service.app.name - - policy_data = data.google_iam_policy.noauth.policy_data -} - -# resource "google_cloud_run_domain_mapping" "app" { -# name = "${var.environment == "prod" ? "app" : var.environment}.sway.vote" -# location = var.region -# project = var.project - -# metadata { -# namespace = var.project -# } - -# spec { -# route_name = var.environment == "prod" ? "sway" : "sway-${var.environment}" -# force_override = false -# certificate_mode = "AUTOMATIC" -# } -# } - -####################################################################################################################################### -# SQLITE BACKUP WITH LITESTREAM -# https://fractaledmind.github.io/2023/09/09/enhancing-rails-sqlite-setting-up-litestream/ -# https://litestream.io/ -# https://litestream.io/guides/docker/ -# https://litestream.io/guides/gcs/ -# -# Testing with docker locally: -# docker run \ -# -it --rm \ -# -v /Users/dave/plebtech/sway/storage:/data \ -# -e LITESTREAM_ACCESS_KEY_ID=DO00JDVDG829HKL28PXX \ -# -e LITESTREAM_SECRET_ACCESS_KEY=5wVxG6HVQkid5KLKDJTq4OGE9nGMoyTwYeEXDFhMYDo \ -# litestream/litestream replicate /data/development.sqlite3 s3://prod-sway-sqlite-backup.nyc3.digitaloceanspaces.com/local -####################################################################################################################################### - -resource "google_cloud_run_v2_job" "backup" { - provider = google-beta - - name = "${var.environment}-sqlite-backup" - location = var.region - project = var.project - - launch_stage = "BETA" - - template { - - task_count = 1 - parallelism = 1 - - template { - execution_environment = "EXECUTION_ENVIRONMENT_GEN2" - timeout = "60s" - service_account = "cloud-job-executor@${var.project}.iam.gserviceaccount.com" - max_retries = 0 - - containers { - image = "amazon/aws-cli" - name = local.digitalocean_bucket_name - - command = [ - "aws", - "s3", - "cp", - "/sway/${var.environment == "prod" ? "production" : var.environment}.sqlite3", - "s3://${local.digitalocean_bucket_name}/production.db", - "--endpoint-url", - "https://nyc3.digitaloceanspaces.com", - "--region", - "nyc3" - ] - - - env { - name = "AWS_ACCESS_KEY_ID" - value_source { - secret_key_ref { - secret = var.secrets.LITESTREAM_ACCESS_KEY_ID - version = "latest" - } - } - } - - env { - name = "AWS_SECRET_ACCESS_KEY" - value_source { - secret_key_ref { - secret = var.secrets.LITESTREAM_SECRET_ACCESS_KEY - version = "latest" - } - } - } - - resources { - limits = { - cpu = "1000m" - memory = "1Gi" - } - } - - volume_mounts { - name = local.google_bucket_name - mount_path = "/sway" - } - } - - volumes { - name = local.google_bucket_name - gcs { - bucket = local.google_bucket_name - read_only = true - } - } - } - } - - lifecycle { - ignore_changes = [ - launch_stage, - ] - } -} - -resource "google_cloud_scheduler_job" "backup_job" { - name = "${local.google_bucket_name}-backup-job" - schedule = "0 8 * * *" - time_zone = "Etc/UTC" - attempt_deadline = "180s" # default - - retry_config { - retry_count = 0 - max_retry_duration = "0s" - min_backoff_duration = "5s" - max_backoff_duration = "3600s" - max_doublings = 5 - } - - http_target { - http_method = "POST" - uri = "https://us-${var.region}-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/${var.project}/jobs/${google_cloud_run_v2_job.backup.name}:run" - oauth_token { - service_account_email = "cloud-job-executor@${var.project}.iam.gserviceaccount.com" - scope = "https://www.googleapis.com/auth/cloud-platform" - } - } -} diff --git a/tf/modules/cloud_run/variables.tf b/tf/modules/cloud_run/variables.tf deleted file mode 100644 index b079aca8..00000000 --- a/tf/modules/cloud_run/variables.tf +++ /dev/null @@ -1,8 +0,0 @@ -variable "region" {} -variable "project" {} -variable "environment" {} - -variable "secrets" { - type = map(string) - sensitive = true -} \ No newline at end of file diff --git a/tf/modules/iam/main.tf b/tf/modules/iam/main.tf deleted file mode 100644 index 35160a2a..00000000 --- a/tf/modules/iam/main.tf +++ /dev/null @@ -1,41 +0,0 @@ - -################################################################################ -# Roles for invoking jobs in google cloud -# https://cloud.google.com/run/docs/execute/jobs-on-schedule#required_roles -# -resource "google_service_account" "job_executor" { - account_id = "cloud-job-executor" - project = var.project - display_name = "cloud-job-executor" - description = "Cloud Job Executor" -} - -resource "google_project_iam_member" "job_executor_admin" { - project = var.project - role = "roles/cloudscheduler.admin" - member = "serviceAccount:${google_service_account.job_executor.email}" -} - -resource "google_project_iam_member" "job_executor_invoker" { - project = var.project - role = "roles/run.invoker" - member = "serviceAccount:${google_service_account.job_executor.email}" -} -resource "google_project_iam_member" "job_executor_secrets" { - project = var.project - role = "roles/secretmanager.secretAccessor" - member = "serviceAccount:${google_service_account.job_executor.email}" -} - -# -################################################################################ - - -# docker run \ -# -it --rm \ -# --platform linux/amd64 \ -# -v /Users/dave/plebtech/sway/storage:/data \ -# -e LITESTREAM_ACCESS_KEY_ID=DO00JDVDG829HKL28PXX \ -# -e LITESTREAM_SECRET_ACCESS_KEY=5wVxG6HVQkid5KLKDJTq4OGE9nGMoyTwYeEXDFhMYDo \ -# --entrypoint /bin/bash \ -# mirror.gcr.io/litestream/litestream@sha256:a932d9801f9d8f11ed0566aa105ef866c097c00ef1191b88a8aa0ff8e78b4071 \ No newline at end of file diff --git a/tf/modules/iam/variables.tf b/tf/modules/iam/variables.tf deleted file mode 100644 index 98df8382..00000000 --- a/tf/modules/iam/variables.tf +++ /dev/null @@ -1,3 +0,0 @@ -variable "region" {} -variable "project" {} -variable "environment" {} \ No newline at end of file diff --git a/tf/modules/secrets/main.tf b/tf/modules/secrets/main.tf deleted file mode 100644 index 376ec8d6..00000000 --- a/tf/modules/secrets/main.tf +++ /dev/null @@ -1,118 +0,0 @@ - -############################################################################################################## -# Created via TF -############################################################################################################## - -resource "google_secret_manager_secret" "LITESTREAM_ACCESS_KEY_ID" { - secret_id = "LITESTREAM_ACCESS_KEY_ID" - replication { - auto {} - } -} - -resource "google_secret_manager_secret_version" "LITESTREAM_ACCESS_KEY_ID" { - secret = google_secret_manager_secret.LITESTREAM_ACCESS_KEY_ID.id - secret_data = var.digitalocean_spaces_access_id -} - -############################## - -resource "google_secret_manager_secret" "LITESTREAM_SECRET_ACCESS_KEY" { - secret_id = "LITESTREAM_SECRET_ACCESS_KEY" - replication { - auto {} - } -} - -resource "google_secret_manager_secret_version" "LITESTREAM_SECRET_ACCESS_KEY" { - secret = google_secret_manager_secret.LITESTREAM_SECRET_ACCESS_KEY.id - secret_data = var.digitalocean_spaces_secret_key -} - -############################################################################################################## -# Created via console and imported into Terraform -############################################################################################################## - -resource "google_secret_manager_secret" "ADMIN_PHONES" { - secret_id = "ADMIN_PHONES" - replication { - auto {} - } -} - -resource "google_secret_manager_secret" "GOOGLE_MAPS_API_KEY" { - secret_id = "GOOGLE_MAPS_API_KEY" - replication { - auto {} - } -} - -resource "google_secret_manager_secret" "GOOGLE_RECAPTCHA_SECRET_KEY" { - secret_id = "GOOGLE_RECAPTCHA_SECRET_KEY" - replication { - auto {} - } -} - -resource "google_secret_manager_secret" "SECRET_KEY_BASE" { - secret_id = "SECRET_KEY_BASE" - replication { - auto {} - } -} - -resource "google_secret_manager_secret" "SWAY_DATABASE_PASSWORD" { - secret_id = "SWAY_DATABASE_PASSWORD" - replication { - auto {} - } -} - -resource "google_secret_manager_secret" "TWILIO_ACCOUNT_SID" { - secret_id = "TWILIO_ACCOUNT_SID" - replication { - auto {} - } -} - -resource "google_secret_manager_secret" "TWILIO_AUTH_TOKEN" { - secret_id = "TWILIO_AUTH_TOKEN" - replication { - auto {} - } -} - -resource "google_secret_manager_secret" "TWILIO_VERIFY_SERVICE_SID" { - secret_id = "TWILIO_VERIFY_SERVICE_SID" - replication { - auto {} - } -} - -resource "google_secret_manager_secret" "VAPID_PRIVATE_KEY" { - secret_id = "VAPID_PRIVATE_KEY" - replication { - auto {} - } -} - -resource "google_secret_manager_secret" "VAPID_PUBLIC_KEY" { - secret_id = "VAPID_PUBLIC_KEY" - replication { - auto {} - } -} - -resource "google_secret_manager_secret" "VITE_GOOGLE_MAPS_API_KEY" { - secret_id = "VITE_GOOGLE_MAPS_API_KEY" - replication { - auto {} - } -} - -resource "google_secret_manager_secret" "VITE_GOOGLE_RECAPTCHA_SITE_KEY" { - secret_id = "VITE_GOOGLE_RECAPTCHA_SITE_KEY" - replication { - auto {} - } -} diff --git a/tf/modules/secrets/outputs.tf b/tf/modules/secrets/outputs.tf deleted file mode 100644 index a0dd644e..00000000 --- a/tf/modules/secrets/outputs.tf +++ /dev/null @@ -1,21 +0,0 @@ -output "secrets" { - sensitive = true - - value = { - ADMIN_PHONES: google_secret_manager_secret.ADMIN_PHONES.id, - GOOGLE_MAPS_API_KEY: google_secret_manager_secret.GOOGLE_MAPS_API_KEY.id, - GOOGLE_RECAPTCHA_SECRET_KEY: google_secret_manager_secret.GOOGLE_RECAPTCHA_SECRET_KEY.id, - SECRET_KEY_BASE: google_secret_manager_secret.SECRET_KEY_BASE.id, - SWAY_DATABASE_PASSWORD: google_secret_manager_secret.SWAY_DATABASE_PASSWORD.id, - TWILIO_ACCOUNT_SID: google_secret_manager_secret.TWILIO_ACCOUNT_SID.id, - TWILIO_AUTH_TOKEN: google_secret_manager_secret.TWILIO_AUTH_TOKEN.id, - TWILIO_VERIFY_SERVICE_SID: google_secret_manager_secret.TWILIO_VERIFY_SERVICE_SID.id, - VAPID_PRIVATE_KEY: google_secret_manager_secret.VAPID_PRIVATE_KEY.id, - VAPID_PUBLIC_KEY: google_secret_manager_secret.VAPID_PUBLIC_KEY.id, - VITE_GOOGLE_MAPS_API_KEY: google_secret_manager_secret.VITE_GOOGLE_MAPS_API_KEY.id, - VITE_GOOGLE_RECAPTCHA_SITE_KEY: google_secret_manager_secret.VITE_GOOGLE_RECAPTCHA_SITE_KEY.id, - SWAY_DATABASE_PASSWORD: google_secret_manager_secret.SWAY_DATABASE_PASSWORD.id, - LITESTREAM_ACCESS_KEY_ID: google_secret_manager_secret.LITESTREAM_ACCESS_KEY_ID.id, - LITESTREAM_SECRET_ACCESS_KEY: google_secret_manager_secret.LITESTREAM_SECRET_ACCESS_KEY.id, - } -} \ No newline at end of file diff --git a/tf/modules/secrets/variables.tf b/tf/modules/secrets/variables.tf deleted file mode 100644 index af8537a5..00000000 --- a/tf/modules/secrets/variables.tf +++ /dev/null @@ -1,12 +0,0 @@ -variable "region" {} -variable "project" {} -variable "environment" {} - -variable "digitalocean_spaces_access_id" { - type = string - sensitive = true -} -variable "digitalocean_spaces_secret_key" { - type = string - sensitive = true -} \ No newline at end of file diff --git a/tf/terraform.sh b/tf/terraform.sh deleted file mode 100755 index 9fe37799..00000000 --- a/tf/terraform.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/usr/bin/env zsh - -export GOOGLE_APPLICATION_CREDENTIALS="${HOME}/.config/gcloud/application_default_credentials.json" - -COMMAND=${1-"plan"} -ENV=${2-"prod"} # dev, prod, general - -echo "" -echo "########################################################################" -echo "Running terraform command - ${COMMAND} - for environment - ${ENV}" -echo "########################################################################" -echo "" - -echo "Selecting Terraform Workspace - ${ENV}" -terraform workspace select -or-create ${ENV} - -echo "Running terraform command - ${COMMAND}" -if [ ${COMMAND} = "init" ]; then - # terraform ${COMMAND} -var-file=main.tfvars -var-file=secrets.tfvars -var="environment=${ENV}" - terraform ${COMMAND} -upgrade -var-file=main.tfvars -var-file=secrets.tfvars -var="environment=${ENV}" - -elif [ ${COMMAND} = "validate" ]; then - terraform ${COMMAND} - -elif [ ${COMMAND} = "plan" ]; then - terraform ${COMMAND} -var-file=main.tfvars -var-file=secrets.tfvars -var="environment=${ENV}" -out=plans/${ENV} - -elif [ ${COMMAND} = "apply" ]; then - terraform ${COMMAND} -auto-approve plans/${ENV} - -elif [ ${COMMAND} = "destroy" ]; then - terraform ${COMMAND} -var-file=main.tfvars -var-file=secrets.tfvars -var="environment=${ENV}" - -elif [ ${COMMAND} = "staterm" ]; then - MODULE_PATH=${3} - terraform state rm "${MODULE_PATH}" - -elif [ ${COMMAND} = "statels" ]; then - MODULE_PATH=${3} - terraform state list - -elif [ ${COMMAND} = "import" ]; then - TO_MODULE=${3} - FROM_AWS=${4} - echo "terraform import "${TO_MODULE}" "${FROM_AWS}"" - terraform import -var-file=secrets.tfvars "${TO_MODULE}" "${FROM_AWS}" - -else - echo "Unsupported terraform command received - '${COMMAND}'. Must be one of (init | plan | apply | destroy)" -fi diff --git a/tf/variables.tf b/tf/variables.tf deleted file mode 100644 index 2aebbce7..00000000 --- a/tf/variables.tf +++ /dev/null @@ -1,24 +0,0 @@ -variable "environment" { - default = "prod" -} - -variable "project" { - default = "sway-421916" -} - -variable "region" { - default = "us-central1" -} - -variable "digitalocean_token" { - type = string - sensitive = true -} -variable "digitalocean_spaces_access_id" { - type = string - sensitive = true -} -variable "digitalocean_spaces_secret_key" { - type = string - sensitive = true -} diff --git a/tf/versions.tf b/tf/versions.tf deleted file mode 100644 index 68a71bf9..00000000 --- a/tf/versions.tf +++ /dev/null @@ -1,18 +0,0 @@ -terraform { - required_version = "~> 1.8" - - backend "gcs" { - bucket = "sway-terraform" - prefix = "terraform/state" - } - required_providers { - google = { - source = "hashicorp/google" - version = "~> 5" - } - digitalocean = { - source = "digitalocean/digitalocean" - version = "~> 2" - } - } -} \ No newline at end of file