rails_template_18f 0.1.0 → 0.4.0

data/lib/generators/rails_template18f/cloud_gov_config/templates/spec/models/cloud_gov_config_spec.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+require "rails_helper"
+
+RSpec.describe CloudGovConfig, type: :model do
+  subject { described_class }
+
+  describe ".dig" do
+    context "VCAP_SERVICES is blank" do
+      it "returns nil" do
+        expect(subject.dig(:s3, :credentials, :bucket)).to be_nil
+      end
+    end
+
+    context "VCAP_SERVICES is set" do
+      let(:bucket_name) { "bucket-name" }
+      let(:vcap) {
+        {
+          s3: [
+            {
+              credentials: {
+                bucket: bucket_name
+              }
+            }
+          ]
+        }
+      }
+
+      around do |example|
+        ClimateControl.modify VCAP_SERVICES: vcap.to_json do
+          example.run
+        end
+      end
+
+      it "can find a path" do
+        expect(subject.dig(:s3, :credentials, :bucket)).to eq bucket_name
+      end
+
+      it "returns nil for a missing path" do
+        expect(subject.dig(:s3, :credentials, :other)).to be_nil
+      end
+    end
+  end
+end

data/lib/generators/rails_template18f/dap/dap_generator.rb

@@ -0,0 +1,72 @@
+# frozen_string_literal: true
+
+require "rails/generators"
+
+module RailsTemplate18f
+  module Generators
+    class DapGenerator < ::Rails::Generators::Base
+      include Base
+
+      class_option :agency_code, default: "GSA", desc: "Agency code to track DAP metrics"
+
+      desc <<~DESC
+        Description:
+          Install JS snippet for Digital Analytics Program (DAP)
+      DESC
+
+      def update_content_security_policy
+        csp_file = "config/initializers/content_security_policy.rb"
+        gsub_file csp_file, /(policy.img_src .*)$/, '\1, "https://www.google-analytics.com"'
+        gsub_file csp_file, /(policy.script_src .*)$/, '\1, "https://dap.digitalgov.gov", "https://www.google-analytics.com"'
+        if file_content(csp_file).match?(/policy.connect_src/)
+          gsub_file csp_file, /(policy.connect_src .*)$/, '\1, "https://dap.digitalgov.gov", "https://www.google-analytics.com"'
+        else
+          gsub_file csp_file, /((#?)(\s+)policy.script_src .*)$/, "\\1\n\\2\\3policy.connect_src :self, \"https://dap.digitalgov.gov\", \"https://www.google-analytics.com\""
+        end
+      end
+
+      def install_js_snippet
+        insert_into_file "app/views/layouts/application.html.erb", <<EODAP, before: /^\s+<\/head>/
+
+    <% if Rails.env.production? %>
+      <!-- We participate in the US government's analytics program. See the data at analytics.usa.gov. -->
+      <%= javascript_include_tag "https://dap.digitalgov.gov/Universal-Federated-Analytics-Min.js?agency=#{options[:agency_code]}", async: true, id:"_fed_an_ua_tag" %>
+    <% end %>
+EODAP
+      end
+
+      def update_readme
+        insertion_regex = /^## Documentation$/
+        if file_content("README.md").match?(insertion_regex)
+          insert_into_file "README.md", readme, before: insertion_regex
+        else
+          append_to_file "README.md", readme
+        end
+      end
+
+      def update_boundary_diagram
+        boundary_filename = "doc/compliance/apps/application.boundary.md"
+        insert_into_file boundary_filename, <<EOB, after: "Boundary(gsa_saas, \"GSA-authorized SaaS\") {\n"
+    System_Ext(dap, "DAP", "Analytics collection")
+EOB
+        insert_into_file boundary_filename, <<~EOB, before: "@enduml"
+          Rel(browser, dap, "reports usage", "https (443)")
+          Rel(developer, dap, "View traffic statistics", "https GET (443)")
+        EOB
+      end
+
+      no_tasks do
+        def readme
+          <<~EOM
+            ## Analytics
+
+            Digital Analytics Program (DAP) code has been included for the Production environment, associated with #{options[:agency_code]}.
+
+            If #{app_name.titleize} is for another agency, update the agency line in `app/views/layouts/application.html.erb`
+
+          EOM
+        end
+      end
+    end
+  end
+end

data/lib/generators/rails_template18f/github_actions/github_actions_generator.rb

@@ -1,10 +1,12 @@
 # frozen_string_literal: true
 
+require "rails/generators"
+
 module RailsTemplate18f
   module Generators
     class GithubActionsGenerator < ::Rails::Generators::Base
-      include ::Rails::Generators::AppName
-      include RailsTemplate18f::TerraformOptions
+      include Base
+      include PipelineOptions
 
       class_option :node_version, desc: "Node version to test against in actions"
 
@@ -13,10 +15,6 @@ module RailsTemplate18f
           Install Github Actions workflow files
       DESC
 
-      def self.source_root
-        @source_root ||= File.expand_path("templates", __dir__)
-      end
-
       def install_actions
         directory "github", ".github"
         if !terraform?
@@ -26,10 +24,28 @@ module RailsTemplate18f
       end
 
       def update_readme
-        insert_into_file "README.md", readme_cicd, after: "## CI/CD\n"
-        insert_into_file "README.md", readme_staging_deploy, after: "#### Staging\n"
-        insert_into_file "README.md", readme_prod_deploy, after: "#### Production\n"
-        insert_into_file "README.md", readme_credentials, after: "#### Credentials and other Secrets\n"
+        if file_content("README.md").match?(/^## CI\/CD$/)
+          insert_into_file "README.md", readme_cicd, after: "## CI/CD\n"
+          insert_into_file "README.md", readme_staging_deploy, after: "#### Staging\n"
+          insert_into_file "README.md", readme_prod_deploy, after: "#### Production\n"
+          insert_into_file "README.md", readme_credentials, after: "#### Credentials and other Secrets\n"
+        else
+          append_to_file "README.md", <<~EOM
+            ## CI/CD
+            #{readme_cicd}
+
+            ### Deployment
+
+            #### Staging
+            #{readme_staging_deploy}
+
+            #### Production
+            #{readme_prod_deploy}
+
+            #### Credentials and other Secrets
+            #{readme_credentials}
+          EOM
+        end
       end
 
       def update_boundary_diagram
@@ -48,7 +64,7 @@ EOB
         readme_filename = "terraform/README.md"
         insert_into_file readme_filename, "  |- .force-action-apply\n", after: "  |- secrets.auto.tfvars\n"
         insert_into_file readme_filename, <<~EOM, after: /- `secrets.auto.tfvars`.*$/
-          - `.force-action-apply` is a file that can be updated to force GitHub Actions to run `terraform apply` during the deploy phase
+          \n- `.force-action-apply` is a file that can be updated to force GitHub Actions to run `terraform apply` during the deploy phase
         EOM
       end
 

data/lib/generators/rails_template18f/i18n/i18n_generator.rb

@@ -0,0 +1,107 @@
+# frozen_string_literal: true
+
+require "rails/generators"
+require "bundler"
+
+module RailsTemplate18f
+  module Generators
+    class I18nGenerator < ::Rails::Generators::Base
+      include Base
+
+      class_option :languages, default: "es,fr,zh", desc: "Comma separated list of supported language short codes"
+
+      desc <<~DESC
+        Description:
+          Install translation framework and configuration for given languages.
+          Always installs configuration for English
+      DESC
+
+      def install_helper_gem_and_tasks
+        return if file_content("Gemfile").match?(/gem "i18n-tasks"/)
+        gem_group :development, :test do
+          gem "i18n-tasks", "~> 0.9"
+        end
+        Bundler.with_original_env do
+          in_root do
+            run "bundle install"
+            run "cp $(i18n-tasks gem-path)/templates/config/i18n-tasks.yml config/"
+            run "cp $(i18n-tasks gem-path)/templates/rspec/i18n_spec.rb spec/"
+          end
+        end
+        insert_into_file "config/i18n-tasks.yml", "\n#{indent("- app/assets/builds", 4)}", after: "exclude:"
+        uncomment_lines "config/i18n-tasks.yml", "ignore_missing:"
+        insert_into_file "config/i18n-tasks.yml", indent(<<~EOM), after: "ignore_missing:\n"
+          - 'shared.languages.*'
+          - 'shared.header.{title,close,demo_banner,menu}'
+        EOM
+      end
+
+      def install_translations
+        inside "config/locales" do
+          template "en.yml"
+          languages.each do |lang|
+            copy_file "#{lang}.yml"
+          end
+        end
+      end
+
+      def configure_i18n
+        application "config.i18n.fallbacks = [:en]"
+        available_regex = /^(\s*config.i18n.available_locales).*$/
+        if file_content("config/application.rb").match?(available_regex)
+          gsub_file "config/application.rb", available_regex, "\\1 = #{supported_languages}"
+        else
+          application "config.i18n.available_locales = #{supported_languages}"
+        end
+      end
+
+      def install_nav_helper
+        inject_into_module "app/helpers/application_helper.rb", "ApplicationHelper", indent(<<~'EOH')
+          def format_active_locale(locale_string)
+            link_classes = "usa-nav__link"
+            if locale_string.to_sym == I18n.locale
+              link_classes = "#{link_classes} usa-current"
+            end
+            link_to t("shared.languages.#{locale_string}"), root_path(locale: locale_string), class: link_classes
+          end
+        EOH
+      end
+
+      def install_around_action
+        return if languages.empty?
+        inject_into_class "app/controllers/application_controller.rb", "ApplicationController", indent(<<~EOM)
+          around_action :switch_locale
+
+          def switch_locale(&action)
+            locale = params[:locale] || I18n.default_locale
+            I18n.with_locale(locale, &action)
+          end
+        EOM
+      end
+
+      def install_route
+        return if languages.empty?
+        return if file_content("config/routes.rb").match?(/scope "\(:locale\)"/)
+        regex = /(^.+\.routes\.draw do\s*$)\n(.*)^end$/m
+        gsub_file "config/routes.rb", regex, <<~'EOR'
+          \1
+            scope "(:locale)", locale: /#{I18n.available_locales.join("|")}/ do
+              # Your application routes go here
+              \2
+            end
+          end
+        EOR
+      end
+
+      private
+
+      def supported_languages
+        @supported_languages ||= [:en, *languages]
+      end
+
+      def languages
+        @languages ||= options[:languages].split(",").map(&:to_sym)
+      end
+    end
+  end
+end

data/{templates → lib/generators/rails_template18f/i18n/templates}/config/locales/en.yml.tt

@@ -12,11 +12,11 @@ en:
       secure_heading: Secure .gov websites use HTTPS
       us_flag: U.S. Flag
     header:
-      title: <%= app_name.titleize %>
-      menu: Menu
       close: Close
-      primary: Primary navigation
       demo_banner: TEST SITE - Do not use real personal information (demo purposes only) - TEST SITE
+      menu: Menu
+      primary: Primary navigation
+      title: <%= app_name.titleize %>
     languages:
       en: English
       es: Español

data/{templates → lib/generators/rails_template18f/i18n/templates}/config/locales/es.yml

@@ -12,8 +12,8 @@ es:
       secure_heading: Los sitios web seguros .gov usan HTTPS
       us_flag: Bandera de Estados Unidos
     header:
-      menu: Menú
       close: Cerrar
-      primary: Navegacion primaria
       demo_banner: SITIO DE PRUEBA - No utilice información personal real (sólo para propósitos de demostración) - SITIO DE PRUEBA
-    skip_link: Salte al contenido principal
+      menu: Menú
+      primary: Navegacion primaria
+    skip_link: Salte al contenido principal

data/{templates → lib/generators/rails_template18f/i18n/templates}/config/locales/fr.yml

@@ -8,15 +8,12 @@ fr:
       lock: Verrou
       locked_padlock: Verrou fermé
       official_site: Un site web officiel du gouvernement des États-Unis
-      secure_description_html: Un <strong>verrou</strong> (%{lock_icon}) ou
-        <strong>https://</strong> signifie que vous êtes connecté en toute
-        sécurité au site Web .gov. Partagez des informations sensibles
-        uniquement sur des sites Web officiels et sécurisés.
+      secure_description_html: Un <strong>verrou</strong> (%{lock_icon}) ou <strong>https://</strong> signifie que vous êtes connecté en toute sécurité au site Web .gov. Partagez des informations sensibles uniquement sur des sites Web officiels et sécurisés.
       secure_heading: Les sites Web sécurisés .gov utilisent HTTPS
       us_flag: Drapeau américain
     header:
-      menu: Menu
       close: Fermer
-      primary: Navigation primaire
       demo_banner: SITE DE TEST - N’utilisez pas de véritables données personnelles (il s’agit d’une démonstration seulement) - SITE DE TEST
+      menu: Menu
+      primary: Navigation primaire
     skip_link: Passer au contenu principal

data/lib/generators/rails_template18f/i18n_js/i18n_js_generator.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+require "rails/generators"
+require "bundler"
+
+module RailsTemplate18f
+  module Generators
+    class I18nJsGenerator < ::Rails::Generators::Base
+      include Base
+
+      desc <<~DESC
+        Description:
+          Install and configure i18n-js gem to provide translations to JS code.
+
+          By default, will only export translations with keys that match `*.js.*`
+      DESC
+
+      def install_gem_and_tasks
+        return if file_content("Gemfile").match?(/gem "i18n-js"/)
+        gem "i18n-js", "~> 3.9"
+        Bundler.with_original_env do
+          in_root do
+            run "bundle install"
+            run "yarn add i18n-js"
+            generate "i18n:js:config"
+          end
+        end
+        append_to_file "config/i18n-js.yml", <<~EOYAML
+          # remove `only` to include all translations
+          translations:
+            - file: "app/assets/builds/translations.js"
+              only: "*.js.*"
+        EOYAML
+      end
+
+      def configure_asset_pipeline
+        copy_file "lib/tasks/i18n.rake"
+        environment "config.middleware.use I18n::JS::Middleware", env: :development
+        insert_into_file "app/views/layouts/application.html.erb", indent(<<~EOHTML, 4), after: /<%= stylesheet_link_tag "application".*$\n/
+          <%= javascript_include_tag "i18n", "data-turbo-track": "reload" %>
+          <%= javascript_include_tag "translations", "data-turbo-track": "reload" %>
+        EOHTML
+        append_to_file "app/assets/config/manifest.js", <<~EOJS
+          //= link i18n.js
+          //= link translations.js
+        EOJS
+      end
+
+      def ignore_generated_file
+        unless skip_git?
+          append_to_file ".gitignore", <<~EOM
+
+            # Generated by i18n-js
+            /public/javascripts/i18n.js
+          EOM
+        end
+      end
+    end
+  end
+end

data/lib/generators/rails_template18f/i18n_js/templates/lib/tasks/i18n.rake

@@ -0,0 +1,9 @@
+# export translations as part of asset precompile
+
+Rake::Task["assets:precompile"].enhance(["i18n:js:export"])
+
+if Rake::Task.task_defined?("test:prepare")
+  Rake::Task["test:prepare"].enhance(["i18n:js:export"])
+elsif Rake::Task.task_defined?("db:test:prepare")
+  Rake::Task["db:test:prepare"].enhance(["i18n:js:export"])
+end

data/lib/generators/rails_template18f/newrelic/newrelic_generator.rb

@@ -0,0 +1,79 @@
+# frozen_string_literal: true
+
+require "rails/generators"
+
+module RailsTemplate18f
+  module Generators
+    class NewrelicGenerator < ::Rails::Generators::Base
+      include Base
+
+      desc <<~DESC
+        Description:
+          Install NewRelic config for FedRAMP collection
+      DESC
+
+      def update_content_security_policy
+        csp_file = "config/initializers/content_security_policy.rb"
+        gsub_file csp_file, /(policy.script_src .*)$/, '\1, "https://js-agent.newrelic.com", "https://*.nr-data.net"'
+        if file_content(csp_file).match?(/policy.connect_src/)
+          gsub_file csp_file, /(policy.connect_src .*)$/, '\1, "https://*.nr-data.net"'
+        else
+          gsub_file csp_file, /((#?)(\s+)policy.script_src .*)$/, "\\1\n\\2\\3policy.connect_src :self, \"https://*.nr-data.net\""
+        end
+      end
+
+      def install_gem
+        gem "newrelic_rpm", "~> 8.4"
+      end
+
+      def install_config
+        template "config/newrelic.yml"
+      end
+
+      def update_cloud_gov_manifest
+        insert_into_file "manifest.yml", "    NEW_RELIC_LOG: stdout\n", before: /^\s+processes:/
+      end
+
+      def update_readme
+        insertion_regex = /^## Documentation$/
+        if file_content("README.md").match?(insertion_regex)
+          insert_into_file "README.md", readme, before: insertion_regex
+        else
+          append_to_file "README.md", readme
+        end
+      end
+
+      def update_boundary_diagram
+        boundary_filename = "doc/compliance/apps/application.boundary.md"
+        insert_into_file boundary_filename, <<EOB, after: "Boundary(gsa_saas, \"GSA-authorized SaaS\") {\n"
+    System_Ext(newrelic, "New Relic", "Monitoring SaaS")
+EOB
+        insert_into_file boundary_filename, <<~EOB, before: "@enduml"
+          Rel(app, newrelic, "reports telemetry (ruby agent)", "tcp (443)")
+          Rel(browser, newrelic, "reports ux metrics (javascript agent)", "https (443)")
+          Rel(developer, newrelic, "Manage performance", "https (443)")
+        EOB
+      end
+
+      no_tasks do
+        def readme
+          <<~EOM
+            ## Monitoring with New Relic
+
+            The [New Relic Ruby agent](https://docs.newrelic.com/docs/apm/agents/ruby-agent/getting-started/introduction-new-relic-ruby) has been installed for monitoring this application.
+
+            The config lives at `config/newrelic.yml`, and points to a [FEDRAMP version of the New Relic service as its host](https://docs.newrelic.com/docs/security/security-privacy/compliance/fedramp-compliant-endpoints/). To access the metrics dashboard, you will need to be connected to VPN.
+
+            ### Getting started
+
+            To get started sending metrics via New Relic APM:
+            1. Add your New Relic license key to the Rails credentials with key `new_relic_key`.
+            1. Optionally, update `app_name` entries in `config/newrelic.yml` with what is registered for your application in New Relic
+            1. Comment out the `agent_enabled: false` line in `config/newrelic.yml`
+            1. Add the [Javascript snippet provided by New Relic](https://docs.newrelic.com/docs/browser/browser-monitoring/installation/install-browser-monitoring-agent) into `application.html.erb`. It is recommended to vary this based on environment (i.e. include one snippet for staging and another for production).
+          EOM
+        end
+      end
+    end
+  end
+end

data/{templates/config/newrelic.yml → lib/generators/rails_template18f/newrelic/templates/config/newrelic.yml.tt}

@@ -10,14 +10,14 @@
 
 common: &default_settings
   # Required license key associated with your New Relic account.
-  license_key: <%= Rails.application.credentials.new_relic_key %>
+  license_key: <%%= Rails.application.credentials.new_relic_key %>
   # FEDRAMP-specific New Relic host
   # https://docs.newrelic.com/docs/security/security-privacy/compliance/fedramp-compliant-endpoints/
   host: 'gov-collector.newrelic.com'
 
   # Your application name. Renaming here affects where data displays in New
   # Relic.  For more details, see https://docs.newrelic.com/docs/apm/new-relic-apm/maintenance/renaming-applications
-  app_name: <APPNAME>
+  app_name: <%= app_name.titleize %>
 
   monitor_mode: true
 
@@ -30,8 +30,8 @@ common: &default_settings
 
   # This line disables agent regardless of other settings.
   # To enable the New Relic agent:
-  # 1) Replace <APPNAME> in this file with the application name you want to show in New Relic
-  # 2) add the New Relic license keys to the appropriate encrypted credentials file(s)
+  # 1) add the New Relic license keys to the appropriate encrypted credentials file(s)
+  # 2) Optionally, update app_name entries in this file with the application name you want to show in New Relic
   # 3) Comment out the line below
   agent_enabled: false
 
@@ -44,7 +44,7 @@ common: &default_settings
 # If your application has other named environments, configure them here.
 development:
   <<: *default_settings
-  app_name: <APPNAME> (Development)
+  app_name: <%= app_name.titleize %> (Development)
 
 test:
   <<: *default_settings
@@ -58,8 +58,8 @@ ci:
 
 staging:
   <<: *default_settings
-  app_name: <APPNAME> (Staging)
+  app_name: <%= app_name.titleize %> (Staging)
 
 production:
   <<: *default_settings
-  app_name: <APPNAME> (Production)
+  app_name: <%= app_name.titleize %> (Production)

data/lib/generators/rails_template18f/sidekiq/sidekiq_generator.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+require "rails/generators"
+
+module RailsTemplate18f
+  module Generators
+    class SidekiqGenerator < ::Rails::Generators::Base
+      include Base
+
+      desc <<~DESC
+        Description:
+          Install Sidekiq and configure it as the ActiveJob backend
+      DESC
+
+      def install_gem
+        gem "sidekiq", "~> 6.4"
+      end
+
+      def configure_server_runner
+        append_to_file "Procfile.dev", "worker: bundle exec sidekiq\n"
+        insert_into_file "manifest.yml", indent(<<~EOYAML), after: /processes:$\n/
+          - type: worker
+            instances: ((worker_instances))
+            memory: ((worker_memory))
+            command: bundle exec sidekiq
+        EOYAML
+        insert_into_file "manifest.yml", "\n  - #{app_name}-redis-((env))", after: "services:"
+        inside "config/deployment" do
+          append_to_file "staging.yml", <<~EOYAML
+            worker_instances: 1
+            worker_memory: 256M
+          EOYAML
+          append_to_file "production.yml", <<~EOYAML
+            worker_instances: 1
+            worker_memory: 512M
+          EOYAML
+        end
+      end
+
+      def configure_active_job
+        generate "rails_template18f:cloud_gov_config"
+        copy_file "config/initializers/redis.rb"
+        application "config.active_job.queue_adapter = :sidekiq"
+      end
+
+      def configure_sidekiq_ui
+        prepend_to_file "config/routes.rb", "require \"sidekiq/web\"\n\n"
+        route <<~EOR
+          if Rails.env.development?
+            mount Sidekiq::Web => "/sidekiq"
+          end
+        EOR
+      end
+
+      def update_boundary_diagram
+        boundary_filename = "doc/compliance/apps/application.boundary.md"
+
+        insert_into_file boundary_filename, indent(<<~EOB, 16), after: /ContainerDb\(app_db.*$\n/
+          Container(worker, "<&layers> Sidekiq workers", "Ruby #{ruby_version}, Sidekiq", "Perform background work and data processing")
+          ContainerDb(redis, "Redis Database", "AWS ElastiCache (Redis)", "Background job queue")
+        EOB
+        insert_into_file boundary_filename, <<~EOB, before: "@enduml"
+          Rel(app, redis, "enqueue job parameters", "redis")
+          Rel(worker, redis, "dequeues job parameters", "redis")
+          Rel(worker, app_db, "reads/writes primary data", "psql (5432)")
+        EOB
+      end
+    end
+  end
+end

data/lib/generators/rails_template18f/sidekiq/templates/config/initializers/redis.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+Rails.application.config.to_prepare do
+  redis_url = CloudGovConfig.dig "aws-elasticache-redis", "credentials", "uri"
+  if redis_url.present?
+    Sidekiq.configure_server do |config|
+      config.redis = {url: redis_url, ssl: true}
+    end
+
+    Sidekiq.configure_client do |config|
+      config.redis = {url: redis_url, ssl: true}
+    end
+  end
+end

data/{templates → lib/generators/rails_template18f/terraform/templates}/terraform/bootstrap/main.tf.tt

@@ -9,9 +9,9 @@ module "s3" {
   cf_api_url      = local.cf_api_url
   cf_user         = var.cf_user
   cf_password     = var.cf_password
-  cf_org_name     = "<%= @cloud_gov_organization %>"
-  cf_space_name   = "<%= @cloud_gov_production_space %>"
-  s3_service_name = local.s3_service_name<% if @cloud_gov_organization == "sandbox-gsa" %>
+  cf_org_name     = "<%= cloud_gov_organization %>"
+  cf_space_name   = "<%= cloud_gov_production_space %>"
+  s3_service_name = local.s3_service_name<% if cloud_gov_organization == "sandbox-gsa" %>
   s3_plan_name    = "basic-sandbox"<% end %>
 }
 

data/{templates → lib/generators/rails_template18f/terraform/templates}/terraform/bootstrap/run.sh.tt

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 
 if [[ ! -f "secrets.auto.tfvars" ]]; then
-  ../create_space_deployer.sh <%= @cloud_gov_production_space %> config-bootstrap-deployer > secrets.auto.tfvars
+  ../create_space_deployer.sh <%= cloud_gov_production_space %> config-bootstrap-deployer > secrets.auto.tfvars
 fi
 
 if [[ $# -gt 0 ]]; then

data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/teardown_creds.sh.tt

@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+../destroy_space_deployer.sh <%= cloud_gov_production_space %> config-bootstrap-deployer
+
+rm secrets.auto.tfvars