domed-city 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 7216036ceb6858cda42ec4ca107ef3ac98cab6be
+  data.tar.gz: c7ba0c37d0871bad6e1822133488a6186fe45abd
+SHA512:
+  metadata.gz: 9c5b0bd930972a77768a9605a3d5f4875bd6c98689d876f8e58fad3b424663e9af76b87aef7fbd32f79e79f1cd6bd2e937b22c4ad35ee73d61d525cbb12944df
+  data.tar.gz: a9cc15593eca39c0b7fa8b3acefca0361d1539ad07c68934d9d04df30df9e170bb3cb389a4de39308c300912c112507310a50aa211c0882c9ccf4b357da5f5ff

data/.gitignore

@@ -0,0 +1,10 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+.idea

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.travis.yml

@@ -0,0 +1,3 @@
+language: ruby
+rvm:
+  - 2.1.4

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in dome.gemspec
+gemspec

data/LICENSE

@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 ITV
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+

data/README.md

@@ -0,0 +1,14 @@
+# dome
+Simple Terraform API wrapper in Ruby.
+
+## Purpose
+
+To consolidate, improve and enforce standards around ITV's use of Terraform (via Rake) across product teams.
+
+## Naming
+
+From [Wikipedia](https://en.wikipedia.org/wiki/Domed_city):
+
+```
+...the dome is airtight and pressurized, creating a habitat that can be controlled for air temperature, composition and quality, typically due to an external atmosphere (or lack thereof) that is inimical to habitation for one or more reasons.
+```

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

data/bin/dome

@@ -0,0 +1,49 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require 'trollop'
+require "dome"
+
+#  desc "creates the S3 bucket relevant for the environment; if the S3 state exists it pulls the remote S3 state locally"
+#  task :bootstrap_s3_state do
+#
+#  desc "creates the TF plan in a local file"
+#  task :plan do
+#
+#  desc "creates the TF plan, to destroy resources, in a local file"
+#  task :plandestroy do
+#
+#  desc "applies a TF plan"
+#  task :apply do
+#
+#  desc "applies a destructive TF immediately"
+#  task :destroy do
+#
+#  desc "updates the TF binary dependencies"
+#  task :update do
+
+opts = Trollop::options do
+  version Dome::VERSION
+  banner <<-EOS
+Dome wraps the Terraform API and performs useful stuff.
+
+Usage:
+       dome [command]
+where [commands] are:
+EOS
+
+  opt :plan, "Creates the Terraform plan in a local file"
+  opt :apply, "Applies the Terraform plan"
+  opt :destroy, "Applies a destructive Terraform plan"
+  opt :plan_destroy, "TODO"
+  opt :update, "TODO (maybe?)"
+end
+
+if opts[:plan]
+  Dome::Environment.validate_environment
+  puts 'plan called'
+elsif opts[:apply]
+  puts 'apply called'
+else
+  Trollop::educate
+end

data/dome.gemspec

@@ -0,0 +1,28 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'dome/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "domed-city"
+  spec.version       = Dome::VERSION
+  spec.authors       = ["Ben Snape"]
+  spec.email         = ["ben.snape@itv.com"]
+
+  spec.summary       = %q{A simple Terraform API wrapper and helpers for ITV.}
+  spec.homepage      = "https://github.com/ITV/dome"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.9"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+
+  spec.add_dependency 'trollop'
+  spec.add_dependency 'aws-profile_parser'
+  spec.add_dependency 'aws-sdk'
+  spec.add_dependency 'colorize'
+end

data/lib/dome.rb

@@ -0,0 +1,8 @@
+require 'dome/version'
+require 'dome/environment'
+require 'dome/terraform'
+
+require 'aws-sdk'
+require 'colorize'
+require 'aws/profile_parser'
+require 'fileutils'

data/lib/dome/environment.rb

@@ -0,0 +1,132 @@
+module Dome
+  class Environment
+
+    def self.validate_environment
+      current_dir = File.absolute_path(ENV['PWD'])
+      environment = current_dir.to_s.split('/')[-1]
+      account     = current_dir.to_s.split('/')[-2]
+
+      valid_accounts    = ['deirdre-dev', 'deirdre-prd']
+      valid_env_nonprod = ['infradev', 'sit', 'qa', 'stg']
+      valid_env_prod    = ['infraprd', 'prd']
+
+      if account
+        if is_valid_account?(account)
+          puts "found valid account #{account}, moving on ...".colorize(:green)
+        else
+          invalid_account_notification
+        end
+      else
+        fail "\n#{account} is no a valid account\n\n".colorize(:red)
+      end
+
+      if environment
+        if is_valid_env?(environment)
+          puts "found valid environment #{environment}, moving on ...".colorize(:green)
+        else
+          invalid_environment_notification
+        end
+      else
+        fail "\n #{environment} is not a valid environment for the account: #{account}\n\n".colorize(:red)
+      end
+
+      current_env_dir = "#{account}/#{environment}"
+      @varfile        = "-var-file=params/env.tfvars"
+    end
+
+    def self.cd_to_tf_dir
+      Dir.chdir(current_env_dir) if Dir.pwd != current_env_dir
+    end
+
+    def self.purge_terraform
+      FileUtils.rm_rf ".terraform/"
+    end
+
+    def self.set_env
+      fail "Unable to set an account!" if account.nil?
+      set_creds
+    end
+
+    def self.set_creds
+      accounts = AWS::ProfileParser.new
+      begin
+        @aws_creds = accounts.get(account)
+      rescue StandardError
+        raise "No credentials found for #{account}"
+      end
+      ENV['AWS_ACCESS_KEY_ID']     = @aws_creds[:access_key_id]
+      ENV['AWS_SECRET_ACCESS_KEY'] = @aws_creds[:secret_access_key]
+      ENV['AWS_DEFAULT_REGION']    = @aws_creds[:region]
+    end
+
+    def self.is_valid_account?(account)
+      valid_accounts.include?(account)
+    end
+
+    def self.is_valid_env?(environment)
+      if valid_accounts[valid_accounts.index(account)] == 'deirdre-dev'
+        valid_env_nonprod.include?(environment)
+      elsif valid_accounts[valid_accounts.index(account)] == 'deirdre-prd'
+        valid_env_prod.include?(environment)
+      end
+    end
+
+    def self.invalid_account_notification
+      puts "\n#{account} is not a valid account\n\n".colorize(:red)
+      puts "valid accounts are: "
+      p valid_accounts
+      puts "please set your .aws/config to one of the valid accounts described above!"
+      puts "if you've correctly set your .aws/config then make sure you've cd into the correct directory matching the env name from .aws/config"
+      exit 1
+    end
+
+    def self.invalid_environment_notification
+      puts "\n#{environment} is not a valid environment\n\n".colorize(:red)
+      puts "valid environments are:"
+      if account == 'deirdre-dev'
+        p valid_env_nonprod
+      elsif account == 'deirdre-prd'
+        p valid_env_prod
+      end
+      exit 1
+    end
+
+    def self.s3_bucket_exists?(tfstate_bucket)
+      s3_client = Aws::S3::Client.new(@aws_creds)
+      resp      = s3_client.list_buckets
+      resp.buckets.each { |bucket| return true if bucket.name == tfstate_bucket }
+      false
+    end
+
+    def self.s3_tf_create_remote_state_bucket(tfstate_bucket, tfstate_s3_obj)
+      puts "initial boostrap of the S3 bucket".colorize(:green)
+      s3_client = Aws::S3::Client.new(@aws_creds)
+      begin
+        s3_client.create_bucket({
+                                  bucket: tfstate_bucket,
+                                  acl:    "private"
+                                })
+      rescue Aws::S3::Errors::BucketAlreadyExists => e
+        puts "type of exception #{e.class}".colorize(:red)
+        puts "backtrace for this exception:".colorize(:red)
+        puts e.backtrace
+        puts "\nmake sure the bucket name is unique per whole AWS S3 service, see here for docs on uniqueness https://docs.aws.amazon.com/AmazonS3/latest/gsg/CreatingABucket.html\n\n".colorize(:red)
+        exit 1
+      end
+      puts "enabling versioning on the S3 bucket - http://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html".colorize(:green)
+      s3_client.put_bucket_versioning({
+                                        bucket:                   tfstate_bucket,
+                                        versioning_configuration: {
+                                          mfa_delete: "Disabled",
+                                          status:     "Enabled"
+                                        },
+                                      })
+      puts "creating an empty S3 object".colorize(:green)
+      s3_client.put_object({
+                             bucket: tfstate_bucket,
+                             key:    tfstate_s3_obj,
+                             body:   ""
+                           })
+    end
+  end
+end

data/lib/dome/terraform.rb

@@ -0,0 +1,96 @@
+module Dome
+  class Terraform
+    def self.plan
+      puts "--- running task :plan".colorize(:light_cyan)
+      set_env
+      Dir.chdir(CURRENT_ENV_DIR)
+      puts "purging older terraform module cache dir ...".colorize(:green)
+      purge_terraform
+      puts "purging older terraform plan ...".colorize(:green)
+      FileUtils.rm_f(PLAN)
+      puts "updating terraform external modules ...".colorize(:green)
+      Rake::Task['tf:update'].invoke
+
+      cmd = "terraform remote config"\
+          " -backend=S3"\
+          " -backend-config='bucket=#{tfstate_bucket}' -backend-config='key=#{tfstate_s3_obj}'"
+      puts "Command to execute: #{cmd}"
+      bool = system(cmd)
+      fail "something went wrong when fetching the S3 state" unless bool
+      cmd = "terraform plan -module-depth=1 -refresh=true -out=#{PLAN} #{@varfile}"
+      puts "\nCommand to execute: \n #{cmd}\n\n"
+      bool = system(cmd)
+      fail "something went wrong when creating the TF plan" unless bool
+    end
+
+    def self.apply
+      puts "--- running task :apply".colorize(:light_cyan)
+      set_env
+      cd_to_tf_dir
+      set_env
+      cmd = "terraform apply #{PLAN}"
+      puts "\n Command to execute: #{cmd}\n\n"
+      bool = system(cmd)
+      fail "something went wrong when applying the TF plan" unless bool
+    end
+
+    def self.plan_destroy
+      puts "--- running task :plandestroy".colorize(:light_cyan)
+      set_env
+      Dir.chdir(CURRENT_ENV_DIR)
+      puts "purging older terraform module cache dir ...".colorize(:green)
+      purge_terraform
+      puts "purging older terraform plan ...".colorize(:green)
+      FileUtils.rm_f(PLAN)
+      puts "updating terraform external modules ...".colorize(:green)
+      Rake::Task['tf:update'].invoke
+      p PLAN
+      cmd = "terraform plan -destroy -module-depth=1 -out=#{PLAN} #{@varfile}"
+      puts "\nCommand to execute: \n #{cmd}\n\n"
+      bool = system(cmd)
+      fail "something went wrong when creating the TF plan" unless bool
+    end
+
+    def self.destroy
+      puts "--- running task :destroy".colorize(:light_cyan)
+      puts "here is the destroy plan that terraform will carry out"
+      plan_destroy
+      apply
+    end
+
+    def self.update
+      puts "--- running task :update".colorize(:light_cyan)
+      cmd = "terraform get -update=true"
+      puts "\nCommand to execute: \n #{cmd}\n\n"
+      bool = system(cmd)
+      fail "something went wrong when pulling remote TF modules" unless bool
+    end
+
+    def self.bootstrap_s3_state
+      set_env
+      if s3_bucket_exists?(tfstate_bucket)
+        puts "Bootstrap attempted, but config for account: #{ACCOUNT.colorize(:green)} and environment: #{ENVIRONMENT.colorize(:green)} already exists in S3 bucket: #{tfstate_bucket.colorize(:green)}"
+        puts "synchronising the remote S3 state ..."
+        cd_to_tf_dir
+        cmd = "terraform remote config"\
+            " -backend=S3"\
+            " -backend-config='bucket=#{tfstate_bucket}' -backend-config='key=#{tfstate_s3_obj}'"\
+            " -state=#{STATE_FILE_DIR}/#{REMOTE_STATE_FILE}"
+        # still not clear for me if the -state in the above cmd matters
+        puts "Command to execute: #{cmd}"
+        bool = system(cmd)
+        fail "something went wrong when creating the S3 state" unless bool
+      else
+        s3_tf_create_remote_state_bucket(tfstate_bucket, tfstate_s3_obj)
+        puts "\nsetting up the initial terraform S3 state in the S3 bucket: #{tfstate_bucket.colorize(:green)} for account:#{ACCOUNT.colorize(:green)} and environment:#{ENVIRONMENT.colorize(:green)} ..."
+        cd_to_tf_dir
+        cmd = "terraform remote config"\
+          " -backend=S3"\
+          " -backend-config='bucket=#{tfstate_bucket}' -backend-config='key=#{tfstate_s3_obj}'"
+        puts "Command to execute: #{cmd}"
+        bool = system(cmd)
+        fail "something went wrong when creating the S3 state" unless bool
+      end
+    end
+  end
+end

data/lib/dome/version.rb

@@ -0,0 +1,3 @@
+module Dome
+  VERSION = "0.1.0"
+end

metadata

@@ -0,0 +1,154 @@
+--- !ruby/object:Gem::Specification
+name: domed-city
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Ben Snape
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2015-10-30 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: trollop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: aws-profile_parser
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: colorize
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- ben.snape@itv.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- bin/dome
+- dome.gemspec
+- lib/dome.rb
+- lib/dome/environment.rb
+- lib/dome/terraform.rb
+- lib/dome/version.rb
+homepage: https://github.com/ITV/dome
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.6
+signing_key: 
+specification_version: 4
+summary: A simple Terraform API wrapper and helpers for ITV.
+test_files: []