rails_template_18f 0.8.0 → 0.8.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +13 -0
- data/Gemfile.lock +92 -70
- data/README.md +60 -63
- data/lib/generators/rails_template18f/circleci/templates/circleci/config.yml.tt +1 -1
- data/lib/generators/rails_template18f/github_actions/github_actions_generator.rb +2 -2
- data/lib/generators/rails_template18f/github_actions/templates/github/workflows/deploy-production.yml.tt +2 -4
- data/lib/generators/rails_template18f/github_actions/templates/github/workflows/deploy-staging.yml.tt +2 -4
- data/lib/generators/rails_template18f/terraform/templates/terraform/README.md.tt +39 -54
- data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/import.sh +1 -0
- data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/main.tf.tt +7 -10
- data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/providers.tf +3 -3
- data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/run.sh.tt +28 -1
- data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/teardown_creds.sh.tt +1 -1
- data/lib/generators/rails_template18f/terraform/templates/terraform/production/main.tf.tt +30 -42
- data/lib/generators/rails_template18f/terraform/templates/terraform/production/providers.tf.tt +8 -1
- data/lib/generators/rails_template18f/terraform/templates/terraform/staging/main.tf.tt +23 -33
- data/lib/generators/rails_template18f/terraform/templates/terraform/staging/providers.tf.tt +8 -1
- data/lib/generators/rails_template18f/terraform/terraform_generator.rb +0 -10
- data/lib/rails_template18f/version.rb +1 -1
- data/template.rb +18 -1
- data/templates/Brewfile +3 -0
- data/templates/README.md.tt +1 -0
- data/templates/bin/ops/create_service_account.sh.tt +78 -0
- data/templates/bin/ops/destroy_service_account.sh.tt +53 -0
- data/{lib/generators/rails_template18f/terraform/templates/terraform → templates/bin/ops}/set_space_egress.sh.tt +1 -1
- data/templates/config/environments/ci.rb +1 -1
- data/templates/config/environments/staging.rb +1 -1
- data/templates/doc/compliance/TODO.md +37 -0
- metadata +7 -21
- data/lib/generators/rails_template18f/terraform/templates/terraform/create_space_deployer.sh +0 -33
- data/lib/generators/rails_template18f/terraform/templates/terraform/destroy_space_deployer.sh +0 -19
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/clamav/main.tf.tt +0 -50
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/clamav/providers.tf +0 -16
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/clamav/variables.tf +0 -47
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/database/main.tf.tt +0 -23
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/database/providers.tf +0 -16
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/database/variables.tf +0 -42
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/domain/main.tf.tt +0 -46
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/domain/providers.tf +0 -16
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/domain/variables.tf +0 -47
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/redis/main.tf.tt +0 -23
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/redis/providers.tf +0 -16
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/redis/variables.tf +0 -42
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/s3/main.tf +0 -27
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/s3/providers.tf +0 -16
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/s3/variables.tf +0 -43
@@ -4,26 +4,39 @@ This directory holds the terraform modules for maintaining your complete persist
|
|
4
4
|
|
5
5
|
Prerequisite: install the `jq` JSON processor: `brew bundle` or `brew install jq`
|
6
6
|
|
7
|
-
## Initial setup
|
7
|
+
## Initial project setup
|
8
8
|
|
9
|
-
|
9
|
+
These steps only need to be run once per project.
|
10
|
+
|
11
|
+
1. Manually [bootstrap the state storage bucket](#bootstrapping-the-state-storage-s3-buckets-for-the-first-time) within the `bootstrap` directory
|
10
12
|
1. Setup CI/CD Pipeline to run Terraform
|
11
|
-
|
12
|
-
|
13
|
-
|
13
|
+
1. Copy bootstrap credentials to your CI/CD secrets using the instructions in the base README
|
14
|
+
1. Create a cloud.gov SpaceDeployer by following the instructions under `SpaceDeployers`
|
15
|
+
1. Copy SpaceDeployer credentials to your CI/CD secrets using the instructions in the base README
|
14
16
|
1. Manually Running Terraform
|
15
|
-
|
17
|
+
1. Follow instructions under `Set up a new environment` to create your infrastructure
|
18
|
+
|
19
|
+
## Initial developer setup
|
20
|
+
|
21
|
+
These steps should be run for any developer that needs to start running terraform or who just moved to a new machine.
|
22
|
+
|
23
|
+
They are not necessary for the developer who runs the [initial project setup](#initial-project-setup)
|
24
|
+
|
25
|
+
1. Import the existing bootstrap resources to your local state with `./import.sh`
|
26
|
+
1. Follow instructions under [Use bootstrap credentials](#use-bootstrap-credentials)
|
27
|
+
|
16
28
|
|
17
29
|
## Terraform State Credentials
|
18
30
|
|
19
|
-
The bootstrap module is used to create an s3 bucket for later terraform runs to store their state in.
|
31
|
+
The `bootstrap` module is used to create an s3 bucket for later terraform runs to store their state in.
|
20
32
|
|
21
33
|
### Bootstrapping the state storage s3 buckets for the first time
|
22
34
|
|
23
|
-
|
24
|
-
|
35
|
+
These steps are run once per project.
|
36
|
+
|
37
|
+
1. Run `./run.sh init`
|
25
38
|
1. Run `./run.sh apply` to set up the bucket and retrieve credentials
|
26
|
-
1. Follow instructions under
|
39
|
+
1. Follow instructions under [Use bootstrap credentials](#use-bootstrap-credentials)
|
27
40
|
1. Ensure that `import.sh` includes a line and correct IDs for any resources created
|
28
41
|
1. Run `./teardown_creds.sh` to remove the space deployer account used to create the s3 bucket
|
29
42
|
|
@@ -31,43 +44,35 @@ The bootstrap module is used to create an s3 bucket for later terraform runs to
|
|
31
44
|
|
32
45
|
*This should not be necessary in most cases*
|
33
46
|
|
34
|
-
1. Run `terraform init`
|
35
|
-
1. If you don't have terraform state locally:
|
36
|
-
1. run `./import.sh`
|
37
|
-
1. optionally run `./run.sh apply` to include the existing outputs in the state file
|
38
47
|
1. Make your changes
|
39
|
-
1.
|
40
|
-
|
41
|
-
### Retrieving existing bucket credentials
|
48
|
+
1. Run `./run.sh plan` to verify the changes are what you expect
|
49
|
+
1. Continue from step 2 of the [boostrapping instructions](#bootstrapping-the-state-storage-s3-buckets-for-the-first-time)
|
42
50
|
|
43
|
-
|
44
|
-
1. Follow instructions under `Use bootstrap credentials`
|
45
|
-
|
46
|
-
#### Use bootstrap credentials
|
51
|
+
### Use bootstrap credentials
|
47
52
|
|
48
53
|
1. Add the following to `~/.aws/credentials`
|
49
54
|
```
|
50
55
|
[<%= app_name %>-terraform-backend]
|
51
|
-
aws_access_key_id = <
|
52
|
-
aws_secret_access_key = <
|
56
|
+
aws_access_key_id = <AWS_ACCESS_KEY_ID from run.sh output>
|
57
|
+
aws_secret_access_key = <AWS_SECRET_ACCESS_KEY from run.sh output>
|
53
58
|
```
|
54
59
|
|
55
|
-
1. Copy `
|
60
|
+
1. Copy `BUCKET` from `run.sh` output to the backend block of `staging/providers.tf` and `production/providers.tf`
|
56
61
|
|
57
62
|
## SpaceDeployers
|
58
63
|
|
59
64
|
A [SpaceDeployer](https://cloud.gov/docs/services/cloud-gov-service-account/) account is required to run terraform or
|
60
65
|
deploy the application from the CI/CD pipeline. Create a new account by running:
|
61
66
|
|
62
|
-
|
67
|
+
`../bin/ops/create_service_account.sh -s <SPACE_NAME> -u <ACCOUNT_NAME>`
|
63
68
|
|
64
69
|
## Set up a new environment manually
|
65
70
|
|
66
|
-
The below steps rely on you first configuring access to the Terraform state in s3 as described in [
|
71
|
+
The below steps rely on you first configuring access to the Terraform state in s3 as described in [initial project setup](#initial-project-setup) or [initial developer setup](#initial-developer-setup).
|
67
72
|
|
68
73
|
1. `cd` to the environment you are working in
|
69
74
|
|
70
|
-
1. Set up a SpaceDeployer
|
75
|
+
1. Set up a SpaceDeployer and save the credentials in a file named `secrets.auto.tfvars`
|
71
76
|
```bash
|
72
77
|
# create a space deployer service instance that can log in with just a username and password
|
73
78
|
# the value of < SPACE_NAME > should be `staging` or `prod` depending on where you are working
|
@@ -75,12 +80,12 @@ The below steps rely on you first configuring access to the Terraform state in s
|
|
75
80
|
# something that communicates the purpose of the deployer
|
76
81
|
# for example: circleci-deployer for the credentials CircleCI uses to
|
77
82
|
# deploy the application or <your_name>-terraform for credentials to run terraform manually
|
78
|
-
|
83
|
+
../../bin/ops/create_service_account.sh -s <SPACE_NAME> -u <ACCOUNT_NAME> > secrets.auto.tfvars
|
79
84
|
```
|
80
85
|
|
81
86
|
The script will output the `username` (as `cf_user`) and `password` (as `cf_password`) for your `<ACCOUNT_NAME>`. Read more in the [cloud.gov service account documentation](https://cloud.gov/docs/services/cloud-gov-service-account/).
|
82
87
|
|
83
|
-
The easiest way to use this script is to redirect the output directly to the `secrets.auto.tfvars` file it needs to be used in
|
88
|
+
The easiest way to use this script locally is to redirect the output directly to the `secrets.auto.tfvars` file it needs to be used in
|
84
89
|
|
85
90
|
1. Run terraform from your new environment directory with
|
86
91
|
```bash
|
@@ -90,15 +95,15 @@ The below steps rely on you first configuring access to the Terraform state in s
|
|
90
95
|
|
91
96
|
1. Apply changes with `terraform apply`.
|
92
97
|
|
93
|
-
1. Remove the space deployer service instance if it doesn't need to be used again, such as when manually running terraform
|
98
|
+
1. Remove the space deployer service instance if it doesn't need to be used again, such as when manually running terraform plan before letting CI/CD apply the changes.
|
94
99
|
```bash
|
95
100
|
# <SPACE_NAME> and <ACCOUNT_NAME> have the same values as used above.
|
96
|
-
|
101
|
+
../../bin/ops/destroy_service_account.sh -s <SPACE_NAME> -u <ACCOUNT_NAME>
|
97
102
|
```
|
98
103
|
|
99
104
|
## Structure
|
100
105
|
|
101
|
-
Each environment has its own module
|
106
|
+
Each environment has its own module.
|
102
107
|
|
103
108
|
```
|
104
109
|
- bootstrap/
|
@@ -111,38 +116,18 @@ Each environment has its own module, which relies on a shared module for everyth
|
|
111
116
|
- <env>/
|
112
117
|
|- main.tf
|
113
118
|
|- providers.tf
|
114
|
-
|- secrets.auto.tfvars
|
115
119
|
|- variables.tf
|
116
|
-
- shared/
|
117
|
-
|- s3/
|
118
|
-
|- main.tf
|
119
|
-
|- providers.tf
|
120
|
-
|- variables.tf
|
121
|
-
|- database/
|
122
|
-
|- main.tf
|
123
|
-
|- providers.tf
|
124
|
-
|- variables.tf
|
125
|
-
|- domain/
|
126
|
-
|- main.tf
|
127
|
-
|- providers.tf
|
128
|
-
|- variables.tf
|
129
120
|
```
|
130
121
|
|
131
|
-
In the shared modules:
|
132
|
-
- `providers.tf` contains set up instructions for Terraform about Cloud Foundry and AWS
|
133
|
-
- `main.tf` sets up the data and resources the application relies on
|
134
|
-
- `variables.tf` lists the required variables and applicable default values
|
135
|
-
|
136
122
|
In the environment-specific modules:
|
137
123
|
- `providers.tf` lists the required providers
|
138
124
|
- `main.tf` calls the shared Terraform code, but this is also a place where you can add any other services, resources, etc, which you would like to set up for that environment
|
139
125
|
- `variables.tf` lists the variables that will be needed, either to pass through to the child module or for use in this module
|
140
|
-
- `secrets.auto.tfvars` is a file which contains the information about the service-key and other secrets that should not be shared
|
141
126
|
|
142
127
|
In the bootstrap module:
|
143
128
|
- `providers.tf` lists the required providers
|
144
129
|
- `main.tf` sets up s3 bucket to be shared across all environments. It lives in `prod` to communicate that it should not be deleted
|
145
130
|
- `variables.tf` lists the variables that will be needed. Most values are hard-coded in this module
|
146
|
-
- `run.sh` Helper script to set up a space deployer and run terraform. The terraform action (`show`/`plan`/`apply`/`destroy`) is passed as an argument
|
131
|
+
- `run.sh` Helper script to set up a space deployer and run terraform. The terraform action (`init`/`show`/`plan`/`apply`/`destroy`) is passed as an argument
|
147
132
|
- `teardown_creds.sh` Helper script to remove the space deployer setup as part of `run.sh`
|
148
|
-
- `import.sh` Helper script to create a new local state file
|
133
|
+
- `import.sh` Helper script to create a new local state file when new developers need to access the state file
|
@@ -4,6 +4,7 @@ read -p "Are you sure you want to import terraform state (y/n)? " verify
|
|
4
4
|
|
5
5
|
if [[ $verify == "y" ]]; then
|
6
6
|
echo "Importing bootstrap state"
|
7
|
+
./run.sh init
|
7
8
|
./run.sh import module.s3.cloudfoundry_service_instance.bucket TKTK
|
8
9
|
./run.sh import cloudfoundry_service_key.bucket_creds TKTK
|
9
10
|
./run.sh plan
|
@@ -1,18 +1,14 @@
|
|
1
1
|
locals {
|
2
|
-
cf_api_url = "https://api.fr.cloud.gov"
|
3
2
|
s3_service_name = "<%= app_name %>-terraform-state"
|
4
3
|
}
|
5
4
|
|
6
5
|
module "s3" {
|
7
|
-
source = "
|
6
|
+
source = "github.com/gsa-tts/terraform-cloudgov//s3?ref=v1.0.0"
|
8
7
|
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
cf_space_name = "<%= cloud_gov_production_space %>"
|
14
|
-
s3_service_name = local.s3_service_name<% if cloud_gov_organization == "sandbox-gsa" %>
|
15
|
-
s3_plan_name = "basic-sandbox"<% end %>
|
8
|
+
cf_org_name = "<%= cloud_gov_organization %>"
|
9
|
+
cf_space_name = "<%= cloud_gov_production_space %>"
|
10
|
+
name = local.s3_service_name<% if cloud_gov_organization == "sandbox-gsa" %>
|
11
|
+
s3_plan_name = "basic-sandbox"<% end %>
|
16
12
|
}
|
17
13
|
|
18
14
|
resource "cloudfoundry_service_key" "bucket_creds" {
|
@@ -21,5 +17,6 @@ resource "cloudfoundry_service_key" "bucket_creds" {
|
|
21
17
|
}
|
22
18
|
|
23
19
|
output "bucket_credentials" {
|
24
|
-
value
|
20
|
+
value = cloudfoundry_service_key.bucket_creds.credentials
|
21
|
+
sensitive = true
|
25
22
|
}
|
@@ -3,14 +3,14 @@ terraform {
|
|
3
3
|
required_providers {
|
4
4
|
cloudfoundry = {
|
5
5
|
source = "cloudfoundry-community/cloudfoundry"
|
6
|
-
version = "0.
|
6
|
+
version = "0.53.1"
|
7
7
|
}
|
8
8
|
}
|
9
9
|
}
|
10
10
|
|
11
11
|
provider "cloudfoundry" {
|
12
|
-
api_url =
|
12
|
+
api_url = "https://api.fr.cloud.gov"
|
13
13
|
user = var.cf_user
|
14
14
|
password = var.cf_password
|
15
15
|
app_logs_max = 30
|
16
|
-
}
|
16
|
+
}
|
@@ -1,12 +1,39 @@
|
|
1
1
|
#!/usr/bin/env bash
|
2
2
|
|
3
|
+
if ! command -v jq &> /dev/null
|
4
|
+
then
|
5
|
+
echo "jq must be installed. Run 'brew bundle' to install everything in the Brewfile"
|
6
|
+
exit 1
|
7
|
+
fi
|
8
|
+
if ! command -v terraform &> /dev/null
|
9
|
+
then
|
10
|
+
echo "terraform must be installed before running this script"
|
11
|
+
exit 1
|
12
|
+
fi
|
13
|
+
|
14
|
+
dig_output () {
|
15
|
+
dig_result=`cat terraform.tfstate | jq -r ".outputs.bucket_credentials.value.$1"`
|
16
|
+
}
|
17
|
+
|
3
18
|
if [[ ! -f "secrets.auto.tfvars" ]]; then
|
4
|
-
|
19
|
+
../../bin/ops/create_service_account.sh -s <%= cloud_gov_production_space %> -u config-bootstrap-deployer > secrets.auto.tfvars
|
5
20
|
fi
|
6
21
|
|
7
22
|
if [[ $# -gt 0 ]]; then
|
8
23
|
echo "Running terraform $@"
|
9
24
|
terraform $@
|
25
|
+
if [[ -f terraform.tfstate ]]; then
|
26
|
+
echo
|
27
|
+
echo "Credentials for terraform state bucket:"
|
28
|
+
dig_output "bucket"
|
29
|
+
echo "BUCKET=$dig_result"
|
30
|
+
dig_output "access_key_id"
|
31
|
+
echo "AWS_ACCESS_KEY_ID=$dig_result"
|
32
|
+
dig_output "secret_access_key"
|
33
|
+
echo "AWS_SECRET_ACCESS_KEY=$dig_result"
|
34
|
+
dig_output "region"
|
35
|
+
echo "AWS_REGION=$dig_result"
|
36
|
+
fi
|
10
37
|
else
|
11
38
|
echo "Not running terraform"
|
12
39
|
fi
|
@@ -2,44 +2,35 @@ locals {
|
|
2
2
|
cf_org_name = "<%= cloud_gov_organization %>"
|
3
3
|
cf_space_name = "<%= cloud_gov_production_space %>"
|
4
4
|
env = "production"
|
5
|
-
|
5
|
+
app_name = "<%= app_name %>"
|
6
6
|
}
|
7
7
|
|
8
8
|
module "database" {
|
9
|
-
source = "
|
9
|
+
source = "github.com/gsa-tts/terraform-cloudgov//database?ref=v1.0.0"
|
10
10
|
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
env = local.env
|
16
|
-
recursive_delete = local.recursive_delete
|
17
|
-
rds_plan_name = "TKTK-production-rds-plan"
|
11
|
+
cf_org_name = local.cf_org_name
|
12
|
+
cf_space_name = local.cf_space_name
|
13
|
+
name = "${local.app_name}-rds-${local.env}"
|
14
|
+
rds_plan_name = "TKTK-production-rds-plan"
|
18
15
|
}
|
19
16
|
<% if has_active_job? %>
|
20
17
|
module "redis" {
|
21
|
-
source = "
|
18
|
+
source = "github.com/gsa-tts/terraform-cloudgov//redis?ref=v1.0.0"
|
22
19
|
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
env = local.env
|
28
|
-
recursive_delete = local.recursive_delete
|
29
|
-
redis_plan_name = "TKTK-production-redis-plan"
|
20
|
+
cf_org_name = local.cf_org_name
|
21
|
+
cf_space_name = local.cf_space_name
|
22
|
+
name = "${local.app_name}-redis-${local.env}"
|
23
|
+
redis_plan_name = "TKTK-production-redis-plan"
|
30
24
|
}
|
31
25
|
<% end %>
|
32
26
|
<% if has_active_storage? %>
|
33
27
|
module "s3" {
|
34
|
-
source = "
|
28
|
+
source = "github.com/gsa-tts/terraform-cloudgov//s3?ref=v1.0.0"
|
35
29
|
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
recursive_delete = local.recursive_delete
|
41
|
-
s3_service_name = "<%= app_name %>-s3-${local.env}"<% if cloud_gov_organization == "sandbox-gsa" %>
|
42
|
-
s3_plan_name = "basic-sandbox"<% end %>
|
30
|
+
cf_org_name = local.cf_org_name
|
31
|
+
cf_space_name = local.cf_space_name
|
32
|
+
name = "${local.app_name}-s3-${local.env}"<% if cloud_gov_organization == "sandbox-gsa" %>
|
33
|
+
s3_plan_name = "basic-sandbox"<% end %>
|
43
34
|
}
|
44
35
|
|
45
36
|
###########################################################################
|
@@ -49,15 +40,14 @@ module "s3" {
|
|
49
40
|
# 2) Your organization has sufficient memory. Each clamav app requires 3GB
|
50
41
|
###########################################################################
|
51
42
|
# module "clamav" {
|
52
|
-
# source = "
|
43
|
+
# source = "github.com/gsa-tts/terraform-cloudgov//clamav?ref=v1.0.0"
|
53
44
|
#
|
54
|
-
#
|
55
|
-
#
|
56
|
-
#
|
57
|
-
#
|
58
|
-
#
|
59
|
-
#
|
60
|
-
# max_file_size = "30M"
|
45
|
+
# cf_org_name = local.cf_org_name
|
46
|
+
# cf_space_name = local.cf_space_name
|
47
|
+
# app_name_or_id = "${local.app_name}-${local.env}"
|
48
|
+
# name = "${local.app_name}-clamapi-${local.env}"
|
49
|
+
# clamav_image = "ghcr.io/gsa-tts/clamav-rest/clamav:20240602"
|
50
|
+
# max_file_size = "30M"
|
61
51
|
# }
|
62
52
|
<% end %>
|
63
53
|
|
@@ -69,14 +59,12 @@ module "s3" {
|
|
69
59
|
# `cf create-domain <%= cloud_gov_organization %> TKTK-production-domain-name`
|
70
60
|
###########################################################################
|
71
61
|
# module "domain" {
|
72
|
-
# source = "
|
62
|
+
# source = "github.com/gsa-tts/terraform-cloudgov//domain?ref=v1.0.0"
|
73
63
|
#
|
74
|
-
#
|
75
|
-
#
|
76
|
-
#
|
77
|
-
#
|
78
|
-
#
|
79
|
-
#
|
80
|
-
# cdn_plan_name = "domain"
|
81
|
-
# domain_name = "TKTK-production-domain-name"
|
64
|
+
# cf_org_name = local.cf_org_name
|
65
|
+
# cf_space_name = local.cf_space_name
|
66
|
+
# app_name_or_id = "${local.app_name}-${local.env}"
|
67
|
+
# cdn_plan_name = "domain"
|
68
|
+
# domain_name = "TKTK-production-domain-name"
|
69
|
+
# host_name = "TKTK-production-hostname (optional)"
|
82
70
|
# }
|
data/lib/generators/rails_template18f/terraform/templates/terraform/production/providers.tf.tt
CHANGED
@@ -3,7 +3,7 @@ terraform {
|
|
3
3
|
required_providers {
|
4
4
|
cloudfoundry = {
|
5
5
|
source = "cloudfoundry-community/cloudfoundry"
|
6
|
-
version = "0.
|
6
|
+
version = "0.53.1"
|
7
7
|
}
|
8
8
|
}
|
9
9
|
|
@@ -15,3 +15,10 @@ terraform {
|
|
15
15
|
profile = "<%= app_name %>-terraform-backend"
|
16
16
|
}
|
17
17
|
}
|
18
|
+
|
19
|
+
provider "cloudfoundry" {
|
20
|
+
api_url = "https://api.fr.cloud.gov"
|
21
|
+
user = var.cf_user
|
22
|
+
password = var.cf_password
|
23
|
+
app_logs_max = 30
|
24
|
+
}
|
@@ -2,44 +2,35 @@ locals {
|
|
2
2
|
cf_org_name = "<%= cloud_gov_organization %>"
|
3
3
|
cf_space_name = "<%= cloud_gov_staging_space %>"
|
4
4
|
env = "staging"
|
5
|
-
|
5
|
+
app_name = "<%= app_name %>"
|
6
6
|
}
|
7
7
|
|
8
8
|
module "database" {
|
9
|
-
source = "
|
9
|
+
source = "github.com/gsa-tts/terraform-cloudgov//database?ref=v1.0.0"
|
10
10
|
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
env = local.env
|
16
|
-
recursive_delete = local.recursive_delete
|
17
|
-
rds_plan_name = "micro-psql"
|
11
|
+
cf_org_name = local.cf_org_name
|
12
|
+
cf_space_name = local.cf_space_name
|
13
|
+
name = "${local.app_name}-rds-${local.env}"
|
14
|
+
rds_plan_name = "micro-psql"
|
18
15
|
}
|
19
16
|
<% if has_active_job? %>
|
20
17
|
module "redis" {
|
21
|
-
source = "
|
18
|
+
source = "github.com/gsa-tts/terraform-cloudgov//redis?ref=v1.0.0"
|
22
19
|
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
env = local.env
|
28
|
-
recursive_delete = local.recursive_delete
|
29
|
-
redis_plan_name = "redis-dev"
|
20
|
+
cf_org_name = local.cf_org_name
|
21
|
+
cf_space_name = local.cf_space_name
|
22
|
+
name = "${local.app_name}-redis-${local.env}"
|
23
|
+
redis_plan_name = "redis-dev"
|
30
24
|
}
|
31
25
|
<% end %>
|
32
26
|
<% if has_active_storage? %>
|
33
27
|
module "s3" {
|
34
|
-
source = "
|
28
|
+
source = "github.com/gsa-tts/terraform-cloudgov//s3?ref=v1.0.0"
|
35
29
|
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
recursive_delete = local.recursive_delete
|
41
|
-
s3_service_name = "<%= app_name %>-s3-${local.env}"<% if cloud_gov_organization == "sandbox-gsa" %>
|
42
|
-
s3_plan_name = "basic-sandbox"<% end %>
|
30
|
+
cf_org_name = local.cf_org_name
|
31
|
+
cf_space_name = local.cf_space_name
|
32
|
+
name = "${local.app_name}-s3-${local.env}"<% if cloud_gov_organization == "sandbox-gsa" %>
|
33
|
+
s3_plan_name = "basic-sandbox"<% end %>
|
43
34
|
}
|
44
35
|
|
45
36
|
###########################################################################
|
@@ -49,14 +40,13 @@ module "s3" {
|
|
49
40
|
# 2) Your organization has sufficient memory. Each clamav app requires 3GB
|
50
41
|
###########################################################################
|
51
42
|
# module "clamav" {
|
52
|
-
# source = "
|
43
|
+
# source = "github.com/gsa-tts/terraform-cloudgov//clamav?ref=v1.0.0"
|
53
44
|
#
|
54
|
-
#
|
55
|
-
#
|
56
|
-
#
|
57
|
-
#
|
58
|
-
#
|
59
|
-
#
|
60
|
-
# max_file_size = "30M"
|
45
|
+
# cf_org_name = local.cf_org_name
|
46
|
+
# cf_space_name = local.cf_space_name
|
47
|
+
# app_name_or_id = "${local.app_name}-${local.env}"
|
48
|
+
# name = "${local.app_name}-clamapi-${local.env}"
|
49
|
+
# clamav_image = "ghcr.io/gsa-tts/clamav-rest/clamav:20240602"
|
50
|
+
# max_file_size = "30M"
|
61
51
|
# }
|
62
52
|
<% end %>
|
@@ -3,7 +3,7 @@ terraform {
|
|
3
3
|
required_providers {
|
4
4
|
cloudfoundry = {
|
5
5
|
source = "cloudfoundry-community/cloudfoundry"
|
6
|
-
version = "0.
|
6
|
+
version = "0.53.1"
|
7
7
|
}
|
8
8
|
}
|
9
9
|
|
@@ -15,3 +15,10 @@ terraform {
|
|
15
15
|
profile = "<%= app_name %>-terraform-backend"
|
16
16
|
}
|
17
17
|
}
|
18
|
+
|
19
|
+
provider "cloudfoundry" {
|
20
|
+
api_url = "https://api.fr.cloud.gov"
|
21
|
+
user = var.cf_user
|
22
|
+
password = var.cf_password
|
23
|
+
app_logs_max = 30
|
24
|
+
}
|
@@ -15,20 +15,10 @@ module RailsTemplate18f
|
|
15
15
|
|
16
16
|
def install
|
17
17
|
directory "terraform", mode: :preserve
|
18
|
-
chmod "terraform/set_space_egress.sh", 0o755
|
19
18
|
chmod "terraform/bootstrap/run.sh", 0o755
|
20
19
|
chmod "terraform/bootstrap/teardown_creds.sh", 0o755
|
21
20
|
end
|
22
21
|
|
23
|
-
def install_jq
|
24
|
-
append_to_file "Brewfile", <<~EOB
|
25
|
-
|
26
|
-
# used in terraform/create_space_deployer.sh
|
27
|
-
brew "jq"
|
28
|
-
EOB
|
29
|
-
insert_into_file "README.md", indent("* [jq](https://stedolan.github.io/jq/)\n"), after: /\* Install homebrew dependencies: `brew bundle`\n/
|
30
|
-
end
|
31
|
-
|
32
22
|
def ignore_files
|
33
23
|
unless skip_git?
|
34
24
|
append_to_file ".gitignore", <<~EOM
|
data/template.rb
CHANGED
@@ -58,6 +58,15 @@ compliance_template_submodule = compliance_template && yes?("Clone #{compliance_
|
|
58
58
|
if compliance_template_submodule
|
59
59
|
compliance_template_repo = ask("What is the git clone address of your compliance-template fork?")
|
60
60
|
end
|
61
|
+
if compliance_template_repo.blank?
|
62
|
+
register_announcement("OSCAL Documentation", <<~EOM)
|
63
|
+
Skipping OSCAL files as the compliance-template fork was left blank.
|
64
|
+
|
65
|
+
Re-run the oscal generator after creating your template fork to get started with OSCAL.
|
66
|
+
EOM
|
67
|
+
compliance_template = false
|
68
|
+
compliance_template_submodule = false
|
69
|
+
end
|
61
70
|
|
62
71
|
terraform = yes?("Create terraform files for cloud.gov services? (y/n)")
|
63
72
|
@cloud_gov_organization = ask("What is your cloud.gov organization name? (Leave blank to fill in later)")
|
@@ -141,6 +150,9 @@ end
|
|
141
150
|
|
142
151
|
# setup pa11y and owasp scanning
|
143
152
|
directory "bin", mode: :preserve
|
153
|
+
chmod "bin/ops/create_service_account.sh", 0o755
|
154
|
+
chmod "bin/ops/destroy_service_account.sh", 0o755
|
155
|
+
chmod "bin/ops/set_space_egress.sh", 0o755
|
144
156
|
copy_file "pa11yci", ".pa11yci"
|
145
157
|
copy_file "editorconfig", ".editorconfig"
|
146
158
|
copy_file "zap.conf"
|
@@ -234,7 +246,7 @@ end
|
|
234
246
|
# setup USWDS and asset pipeline
|
235
247
|
copy_file "browserslistrc", ".browserslistrc" if webpack?
|
236
248
|
after_bundle do
|
237
|
-
run 'npm set
|
249
|
+
run 'npm pkg set scripts.build:css="postcss ./app/assets/stylesheets/application.postcss.scss -o ./app/assets/builds/application.css"'
|
238
250
|
# include verbose flag for dev postcss output
|
239
251
|
gsub_file "Procfile.dev", "yarn build:css --watch", "yarn build:css --verbose --watch"
|
240
252
|
# Replace postcss-nesting with sass since USWDS uses sass
|
@@ -430,6 +442,11 @@ if @circleci_pipeline
|
|
430
442
|
]
|
431
443
|
generate "rails_template18f:circleci", *generator_arguments
|
432
444
|
end
|
445
|
+
if cloud_gov_org_tktk?
|
446
|
+
register_announcement("CircleCI", <<~EOM)
|
447
|
+
* Fill in the cloud.gov organization information in .circleci/config.yml
|
448
|
+
EOM
|
449
|
+
end
|
433
450
|
register_announcement("CircleCI", <<~EOM)
|
434
451
|
* Create project environment variables for deploy users as defined in the Deployment section of the README
|
435
452
|
EOM
|
data/templates/Brewfile
CHANGED
data/templates/README.md.tt
CHANGED
@@ -15,6 +15,7 @@ guide for an introduction to the framework.
|
|
15
15
|
* Install homebrew dependencies: `brew bundle`
|
16
16
|
* [PostgreSQL](https://www.postgresql.org/)
|
17
17
|
* [Dockerize](https://github.com/jwilder/dockerize)
|
18
|
+
* [jq](https://stedolan.github.io/jq/)
|
18
19
|
* [ADR Tools](https://github.com/npryce/adr-tools)
|
19
20
|
* [Chromedriver](https://sites.google.com/chromium.org/driver/)
|
20
21
|
* Chromedriver must be allowed to run. You can either do that by:
|