rails_template_18f 0.1.0 → 0.4.0

data/lib/generators/rails_template18f/terraform/templates/terraform/production/main.tf.tt

@@ -0,0 +1,82 @@
+locals {
+  cf_org_name      = "<%= cloud_gov_organization %>"
+  cf_space_name    = "<%= cloud_gov_production_space %>"
+  env              = "production"
+  recursive_delete = false
+}
+
+module "database" {
+  source = "../shared/database"
+
+  cf_user          = var.cf_user
+  cf_password      = var.cf_password
+  cf_org_name      = local.cf_org_name
+  cf_space_name    = local.cf_space_name
+  env              = local.env
+  recursive_delete = local.recursive_delete
+  rds_plan_name    = "TKTK-production-rds-plan"
+}
+<% if has_active_job? %>
+module "redis" {
+  source = "../shared/redis"
+
+  cf_user          = var.cf_user
+  cf_password      = var.cf_password
+  cf_org_name      = local.cf_org_name
+  cf_space_name    = local.cf_space_name
+  env              = local.env
+  recursive_delete = local.recursive_delete
+  redis_plan_name  = "TKTK-production-redis-plan"
+}
+<% end %>
+<% if has_active_storage? %>
+module "s3" {
+  source = "../shared/s3"
+
+  cf_user          = var.cf_user
+  cf_password      = var.cf_password
+  cf_org_name      = local.cf_org_name
+  cf_space_name    = local.cf_space_name
+  recursive_delete = local.recursive_delete
+  s3_service_name  = "<%= app_name %>-s3-${local.env}"<% if cloud_gov_organization == "sandbox-gsa" %>
+  s3_plan_name     = "basic-sandbox"<% end %>
+}
+
+###########################################################################
+# The following lines need to be commented out for the initial `terraform apply`
+# It can be re-enabled after:
+# 1) the app has first been deployed
+# 2) Your organization has sufficient memory. Each clamav app requires 3GB
+###########################################################################
+# module "clamav" {
+#   source = "../shared/clamav"
+#
+#   cf_user       = var.cf_user
+#   cf_password   = var.cf_password
+#   cf_org_name   = local.cf_org_name
+#   cf_space_name = local.cf_space_name
+#   env           = local.env
+#   clamav_image  = "ajilaag/clamav-rest:20211229"
+#   max_file_size = "30M"
+# }
+<% end %>
+
+###########################################################################
+# The following lines need to be commented out for the initial `terraform apply`
+# It can be re-enabled after:
+# 1) the app has first been deployed
+# 2) the route has been manually created by an OrgManager:
+#     `cf create-domain <%= cloud_gov_organization %> TKTK-production-domain-name`
+###########################################################################
+# module "domain" {
+#   source = "../shared/domain"
+#
+#   cf_user          = var.cf_user
+#   cf_password      = var.cf_password
+#   cf_org_name      = local.cf_org_name
+#   cf_space_name    = local.cf_space_name
+#   env              = local.env
+#   recursive_delete = local.recursive_delete
+#   cdn_plan_name    = "domain"
+#   domain_name      = "TKTK-production-domain-name"
+# }

data/lib/generators/rails_template18f/terraform/templates/terraform/shared/clamav/main.tf.tt

@@ -0,0 +1,50 @@
+###
+# Target space/org
+###
+
+data "cloudfoundry_space" "space" {
+  org_name = var.cf_org_name
+  name     = var.cf_space_name
+}
+
+data "cloudfoundry_domain" "internal" {
+  name = "apps.internal"
+}
+
+data "cloudfoundry_app" "app" {
+  name_or_id = "<%= app_name %>-${var.env}"
+  space = data.cloudfoundry_space.space.id
+}
+
+###
+# ClamAV API app
+###
+
+resource "cloudfoundry_route" "clamav_route" {
+  space    = data.cloudfoundry_space.space.id
+  domain   = data.cloudfoundry_domain.internal.id
+  hostname = "<%= app_name %>-clamapi-${var.env}"
+}
+
+resource "cloudfoundry_app" "clamav_api" {
+  name         = "<%= app_name %>-clamav-api-${var.env}"
+  space        = data.cloudfoundry_space.space.id
+  memory       = var.clamav_memory
+  disk_quota   = 2048
+  timeout      = 600
+  docker_image = var.clamav_image
+  routes {
+    route = cloudfoundry_route.clamav_route.id
+  }
+  environment = {
+    MAX_FILE_SIZE = var.max_file_size
+  }
+}
+
+resource "cloudfoundry_network_policy" "clamav_routing" {
+  policy {
+    source_app      = data.cloudfoundry_app.app.id
+    destination_app = cloudfoundry_app.clamav_api.id
+    port            = "9443"
+  }
+}

data/lib/generators/rails_template18f/terraform/templates/terraform/shared/clamav/variables.tf

@@ -0,0 +1,47 @@
+variable "cf_api_url" {
+  type        = string
+  description = "cloud.gov api url"
+  default     = "https://api.fr.cloud.gov"
+}
+
+variable "cf_user" {
+  type        = string
+  description = "cloud.gov deployer account user"
+}
+
+variable "cf_password" {
+  type        = string
+  description = "secret; cloud.gov deployer account password"
+  sensitive   = true
+}
+
+variable "cf_org_name" {
+  type        = string
+  description = "cloud.gov organization name"
+}
+
+variable "cf_space_name" {
+  type        = string
+  description = "cloud.gov space name (staging or prod)"
+}
+
+variable "env" {
+  type        = string
+  description = "deployment environment (staging, production)"
+}
+
+variable "clamav_image" {
+  type        = string
+  description = "Docker image to deploy the clamav api app"
+}
+
+variable "clamav_memory" {
+  type        = number
+  description = "Memory in MB to allocate to clamav app"
+  default     = 3072
+}
+
+variable "max_file_size" {
+  type        = string
+  description = "Maximum file size the API will accept for scanning"
+}

data/{templates → lib/generators/rails_template18f/terraform/templates}/terraform/shared/domain/main.tf.tt

@@ -19,7 +19,7 @@ data "cloudfoundry_app" "app" {
 ###########################################################################
 # Route must be manually created by an OrgManager before terraform is run:
 #
-# cf create-domain <%= @cloud_gov_organization %> TKTK-production-domain-name
+# cf create-domain <%= cloud_gov_organization %> TKTK-production-domain-name
 ###########################################################################
 data "cloudfoundry_domain" "origin_url" {
   name = var.domain_name

data/lib/generators/rails_template18f/terraform/templates/terraform/shared/redis/main.tf.tt

@@ -0,0 +1,23 @@
+###
+# Target space/org
+###
+
+data "cloudfoundry_space" "space" {
+  org_name = var.cf_org_name
+  name     = var.cf_space_name
+}
+
+###
+# RDS instance
+###
+
+data "cloudfoundry_service" "redis" {
+  name = "aws-elasticache-redis"
+}
+
+resource "cloudfoundry_service_instance" "redis" {
+  name             = "<%= app_name %>-redis-${var.env}"
+  space            = data.cloudfoundry_space.space.id
+  service_plan     = data.cloudfoundry_service.redis.service_plans[var.redis_plan_name]
+  recursive_delete = var.recursive_delete
+}

data/lib/generators/rails_template18f/terraform/templates/terraform/shared/redis/providers.tf

@@ -0,0 +1,16 @@
+terraform {
+  required_version = "~> 1.0"
+  required_providers {
+    cloudfoundry = {
+      source  = "cloudfoundry-community/cloudfoundry"
+      version = "0.15.0"
+    }
+  }
+}
+
+provider "cloudfoundry" {
+  api_url      = var.cf_api_url
+  user         = var.cf_user
+  password     = var.cf_password
+  app_logs_max = 30
+}

data/lib/generators/rails_template18f/terraform/templates/terraform/shared/redis/variables.tf

@@ -0,0 +1,42 @@
+variable "cf_api_url" {
+  type        = string
+  description = "cloud.gov api url"
+  default     = "https://api.fr.cloud.gov"
+}
+
+variable "cf_user" {
+  type        = string
+  description = "cloud.gov deployer account user"
+}
+
+variable "cf_password" {
+  type        = string
+  description = "secret; cloud.gov deployer account password"
+  sensitive   = true
+}
+
+variable "cf_org_name" {
+  type        = string
+  description = "cloud.gov organization name"
+}
+
+variable "cf_space_name" {
+  type        = string
+  description = "cloud.gov space name (staging or prod)"
+}
+
+variable "env" {
+  type        = string
+  description = "deployment environment (staging, production)"
+}
+
+variable "recursive_delete" {
+  type        = bool
+  description = "when true, deletes service bindings attached to the resource (not recommended for production)"
+  default     = false
+}
+
+variable "redis_plan_name" {
+  type        = string
+  description = "name of the service plan name to create"
+}

data/lib/generators/rails_template18f/terraform/templates/terraform/shared/s3/providers.tf

@@ -0,0 +1,16 @@
+terraform {
+  required_version = "~> 1.0"
+  required_providers {
+    cloudfoundry = {
+      source  = "cloudfoundry-community/cloudfoundry"
+      version = "0.15.0"
+    }
+  }
+}
+
+provider "cloudfoundry" {
+  api_url      = var.cf_api_url
+  user         = var.cf_user
+  password     = var.cf_password
+  app_logs_max = 30
+}

data/lib/generators/rails_template18f/terraform/templates/terraform/staging/main.tf.tt

@@ -0,0 +1,62 @@
+locals {
+  cf_org_name      = "<%= cloud_gov_organization %>"
+  cf_space_name    = "<%= cloud_gov_staging_space %>"
+  env              = "staging"
+  recursive_delete = true
+}
+
+module "database" {
+  source = "../shared/database"
+
+  cf_user          = var.cf_user
+  cf_password      = var.cf_password
+  cf_org_name      = local.cf_org_name
+  cf_space_name    = local.cf_space_name
+  env              = local.env
+  recursive_delete = local.recursive_delete
+  rds_plan_name    = "micro-psql"
+}
+<% if has_active_job? %>
+module "redis" {
+  source = "../shared/redis"
+
+  cf_user          = var.cf_user
+  cf_password      = var.cf_password
+  cf_org_name      = local.cf_org_name
+  cf_space_name    = local.cf_space_name
+  env              = local.env
+  recursive_delete = local.recursive_delete
+  redis_plan_name  = "redis-dev"
+}
+<% end %>
+<% if has_active_storage? %>
+module "s3" {
+  source = "../shared/s3"
+
+  cf_user          = var.cf_user
+  cf_password      = var.cf_password
+  cf_org_name      = local.cf_org_name
+  cf_space_name    = local.cf_space_name
+  recursive_delete = local.recursive_delete
+  s3_service_name  = "<%= app_name %>-s3-${local.env}"<% if cloud_gov_organization == "sandbox-gsa" %>
+  s3_plan_name     = "basic-sandbox"<% end %>
+}
+
+###########################################################################
+# The following lines need to be commented out for the initial `terraform apply`
+# It can be re-enabled after:
+# 1) the app has first been deployed
+# 2) Your organization has sufficient memory. Each clamav app requires 3GB
+###########################################################################
+# module "clamav" {
+#   source = "../shared/clamav"
+#
+#   cf_user       = var.cf_user
+#   cf_password   = var.cf_password
+#   cf_org_name   = local.cf_org_name
+#   cf_space_name = local.cf_space_name
+#   env           = local.env
+#   clamav_image  = "ajilaag/clamav-rest:20211229"
+#   max_file_size = "30M"
+# }
+<% end %>

data/lib/generators/rails_template18f/terraform/terraform_generator.rb

@@ -0,0 +1,84 @@
+# frozen_string_literal: true
+
+require "rails/generators"
+
+module RailsTemplate18f
+  module Generators
+    class TerraformGenerator < ::Rails::Generators::Base
+      include Base
+      include CloudGovOptions
+
+      desc <<~DESC
+        Description:
+          Install terraform files for cloud.gov database and s3 services
+      DESC
+
+      def install
+        directory "terraform", mode: :preserve
+        chmod "terraform/bootstrap/run.sh", 0o755
+        chmod "terraform/bootstrap/teardown_creds.sh", 0o755
+      end
+
+      def ignore_files
+        unless skip_git?
+          append_to_file ".gitignore", <<~EOM
+
+            # Terraform
+            .terraform.lock.hcl
+            **/.terraform/*
+            secrets.auto.tfvars
+            terraform.tfstate
+            terraform.tfstate.backup
+          EOM
+        end
+      end
+
+      def update_readme
+        gsub_file "README.md", /^(### Automatic linting)/, '\1 and terraform formatting'
+        gsub_file "README.md", /(ruby linting) (on every)/, '\1 and terraform formatting \2'
+        gsub_file "README.md", /^Before the first deploy only.*$/, "Follow the instructions in `terraform/README.md` to create the supporting services."
+      end
+
+      def install_githook
+        githook_file = ".githooks/pre-commit"
+        if File.exist?(File.expand_path(githook_file, destination_root))
+          append_to_file githook_file, "\n#{githook_content}"
+        else
+          create_file githook_file, <<~EOM
+            #! /usr/bin/env bash
+            #
+            # This hook runs on `git commit` and will prevent you from committing without
+            # approval from the linter and tests.
+            #
+            # To run, this file must be symlinked to:
+            # .git/hooks/pre-commit
+            #
+            # To bypass this hook, run:
+            # $ git commit --no-verify
+            # $ git commit -n
+
+            #{githook_content}
+          EOM
+          chmod githook_file, 0o755
+        end
+      end
+
+      no_tasks do
+        def githook_content
+          <<~EOM
+            echo "Running Terraform formatter"
+            files=$(git diff --cached --name-only terraform)
+            for f in $files
+            do
+              # Format any *.tf files that were cached/staged
+              if [ -e "$f" ] && [[ $f == *.tf ]]; then
+                terraform fmt "$f"
+                git add "$f"
+              fi
+            done
+          EOM
+        end
+      end
+    end
+  end
+end

data/lib/rails_template18f/app_updater.rb

@@ -0,0 +1,19 @@
+require "rails/app_updater"
+
+module AppUpdaterOptions
+  extend ActiveSupport::Concern
+
+  class_methods do
+    def generator_options
+      options = super
+      # These options all end up hardcoded to true in the default `rails app:update`
+      options[:skip_active_job] = !defined?(ActiveJob::Railtie)
+      options[:skip_action_mailbox] = !defined?(ActionMailbox::Engine)
+      options[:skip_action_text] = !defined?(ActionText::Engine)
+      options[:skip_test] = !defined?(Rails::TestUnitRailtie)
+      options
+    end
+  end
+end
+
+Rails::AppUpdater.prepend(AppUpdaterOptions)

data/lib/rails_template18f/generators/base.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+module RailsTemplate18f
+  module Generators
+    module Base
+      extend ActiveSupport::Concern
+      include ::Rails::Generators::AppName
+
+      class_methods do
+        attr_accessor :source_path
+
+        def source_root
+          @source_root ||= File.expand_path("templates", File.dirname(source_path))
+        end
+      end
+
+      included do
+        self.source_path = RailsTemplate18f::Generators.const_source_location(name).first
+      end
+
+      private
+
+      def file_content(filename)
+        file_path = File.expand_path(filename, destination_root)
+        if File.exist? file_path
+          File.read(file_path)
+        else
+          ""
+        end
+      end
+
+      def ruby_version
+        RUBY_VERSION
+      end
+
+      def terraform_dir_exists?
+        Dir.exist? File.expand_path("terraform", destination_root)
+      end
+
+      def skip_git?
+        !Dir.exist?(File.expand_path(".git", destination_root))
+      end
+
+      def has_active_job?
+        defined?(::ActiveJob)
+      end
+
+      def has_active_storage?
+        defined?(::ActiveStorage)
+      end
+    end
+  end
+end

data/lib/rails_template18f/generators/cloud_gov_options.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+module RailsTemplate18f
+  module Generators
+    module CloudGovOptions
+      extend ActiveSupport::Concern
+
+      included do
+        class_option :cg_org, desc: "cloud.gov organization name"
+        class_option :cg_staging, desc: "cloud.gov space name for staging"
+        class_option :cg_prod, desc: "cloud.gov space name for production"
+      end
+
+      private
+
+      def cloud_gov_organization
+        if options[:cg_org].present?
+          return options[:cg_org]
+        elsif terraform_dir_exists?
+          staging_main = file_content("terraform/staging/main.tf")
+          if (matches = staging_main.match(/cf_org_name\s+= "(?<org_name>.*)"/))
+            return matches[:org_name]
+          end
+        end
+        "TKTK-cloud.gov-org-name"
+      end
+
+      def cloud_gov_staging_space
+        if options[:cg_staging].present?
+          return options[:cg_staging]
+        elsif terraform_dir_exists?
+          staging_main = file_content("terraform/staging/main.tf")
+          if (matches = staging_main.match(/cf_space_name\s+= "(?<space_name>.*)"/))
+            return matches[:space_name]
+          end
+        end
+        "staging"
+      end
+
+      def cloud_gov_production_space
+        if options[:cg_prod].present?
+          return options[:cg_prod]
+        elsif terraform_dir_exists?
+          prod_main = file_content("terraform/production/main.tf")
+          if (matches = prod_main.match(/cf_space_name\s+= "(?<space_name>.*)"/))
+            return matches[:space_name]
+          end
+        end
+        "prod"
+      end
+    end
+  end
+end

data/lib/rails_template18f/generators/pipeline_options.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module RailsTemplate18f
+  module Generators
+    module PipelineOptions
+      extend ActiveSupport::Concern
+      include CloudGovOptions
+
+      included do
+        class_option :terraform, type: :boolean, desc: "Generate actions for planning and applying terraform"
+      end
+
+      def terraform?
+        options[:terraform].nil? ? terraform_dir_exists? : options[:terraform]
+      end
+    end
+  end
+end

data/lib/rails_template18f/generators.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module RailsTemplate18f
+  module Generators
+    extend ActiveSupport::Autoload
+
+    autoload :Base
+    autoload :CloudGovOptions
+    autoload :PipelineOptions
+  end
+end

data/lib/rails_template18f/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module RailsTemplate18f
-  VERSION = "0.1.0"
+  VERSION = "0.4.0"
 end

data/lib/rails_template_18f.rb

@@ -1,12 +1,9 @@
 # frozen_string_literal: true
 
 require_relative "rails_template18f/version"
+require_relative "rails_template18f/generators"
 
 module RailsTemplate18f
-  extend ActiveSupport::Autoload
-
-  autoload :TerraformOptions
-
   class Error < StandardError; end
 
   class Railtie < ::Rails::Railtie; end

data/rails-template-18f.gemspec

@@ -33,6 +33,7 @@ Gem::Specification.new do |spec|
   # guide at: https://bundler.io/guides/creating_gem.html
   spec.add_dependency "railties", "~> 7.0.0"
   spec.add_dependency "activesupport", "~> 7.0.0"
+  spec.add_dependency "thor", "~> 1.0"
 
   spec.add_development_dependency "rspec", "~> 3.11"
   spec.add_development_dependency "ammeter", "~> 1.1"