rails_template_18f 0.8.0 → 0.8.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +13 -0
- data/Gemfile.lock +92 -70
- data/README.md +60 -63
- data/lib/generators/rails_template18f/circleci/templates/circleci/config.yml.tt +1 -1
- data/lib/generators/rails_template18f/github_actions/github_actions_generator.rb +2 -2
- data/lib/generators/rails_template18f/github_actions/templates/github/workflows/deploy-production.yml.tt +2 -4
- data/lib/generators/rails_template18f/github_actions/templates/github/workflows/deploy-staging.yml.tt +2 -4
- data/lib/generators/rails_template18f/terraform/templates/terraform/README.md.tt +39 -54
- data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/import.sh +1 -0
- data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/main.tf.tt +7 -10
- data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/providers.tf +3 -3
- data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/run.sh.tt +28 -1
- data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/teardown_creds.sh.tt +1 -1
- data/lib/generators/rails_template18f/terraform/templates/terraform/production/main.tf.tt +30 -42
- data/lib/generators/rails_template18f/terraform/templates/terraform/production/providers.tf.tt +8 -1
- data/lib/generators/rails_template18f/terraform/templates/terraform/staging/main.tf.tt +23 -33
- data/lib/generators/rails_template18f/terraform/templates/terraform/staging/providers.tf.tt +8 -1
- data/lib/generators/rails_template18f/terraform/terraform_generator.rb +0 -10
- data/lib/rails_template18f/version.rb +1 -1
- data/template.rb +18 -1
- data/templates/Brewfile +3 -0
- data/templates/README.md.tt +1 -0
- data/templates/bin/ops/create_service_account.sh.tt +78 -0
- data/templates/bin/ops/destroy_service_account.sh.tt +53 -0
- data/{lib/generators/rails_template18f/terraform/templates/terraform → templates/bin/ops}/set_space_egress.sh.tt +1 -1
- data/templates/config/environments/ci.rb +1 -1
- data/templates/config/environments/staging.rb +1 -1
- data/templates/doc/compliance/TODO.md +37 -0
- metadata +7 -21
- data/lib/generators/rails_template18f/terraform/templates/terraform/create_space_deployer.sh +0 -33
- data/lib/generators/rails_template18f/terraform/templates/terraform/destroy_space_deployer.sh +0 -19
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/clamav/main.tf.tt +0 -50
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/clamav/providers.tf +0 -16
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/clamav/variables.tf +0 -47
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/database/main.tf.tt +0 -23
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/database/providers.tf +0 -16
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/database/variables.tf +0 -42
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/domain/main.tf.tt +0 -46
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/domain/providers.tf +0 -16
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/domain/variables.tf +0 -47
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/redis/main.tf.tt +0 -23
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/redis/providers.tf +0 -16
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/redis/variables.tf +0 -42
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/s3/main.tf +0 -27
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/s3/providers.tf +0 -16
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/s3/variables.tf +0 -43
@@ -0,0 +1,78 @@
|
|
1
|
+
#!/usr/bin/env bash
|
2
|
+
|
3
|
+
org="<%= @cloud_gov_organization %>"
|
4
|
+
|
5
|
+
usage="
|
6
|
+
$0: Create a Service User Account for a given space
|
7
|
+
|
8
|
+
Usage:
|
9
|
+
$0 -h
|
10
|
+
$0 -s <SPACE NAME> -u <USER NAME> [-r <ROLE NAME>] [-o <ORG NAME>]
|
11
|
+
|
12
|
+
Options:
|
13
|
+
-h: show help and exit
|
14
|
+
-s <SPACE NAME>: configure the space to act on. Required
|
15
|
+
-u <USER NAME>: set the service user name. Required
|
16
|
+
-r <ROLE NAME>: set the service user's role to either space-deployer or space-auditor. Default: space-deployer
|
17
|
+
-o <ORG NAME>: configure the organization to act on. Default: $org
|
18
|
+
"
|
19
|
+
|
20
|
+
set -e
|
21
|
+
set -o pipefail
|
22
|
+
|
23
|
+
space=""
|
24
|
+
service=""
|
25
|
+
role="space-deployer"
|
26
|
+
|
27
|
+
while getopts ":hs:u:r:o:" opt; do
|
28
|
+
case "$opt" in
|
29
|
+
s)
|
30
|
+
space=${OPTARG}
|
31
|
+
;;
|
32
|
+
u)
|
33
|
+
service=${OPTARG}
|
34
|
+
;;
|
35
|
+
r)
|
36
|
+
role=${OPTARG}
|
37
|
+
;;
|
38
|
+
o)
|
39
|
+
org=${OPTARG}
|
40
|
+
;;
|
41
|
+
h)
|
42
|
+
echo "$usage"
|
43
|
+
exit 0
|
44
|
+
;;
|
45
|
+
esac
|
46
|
+
done
|
47
|
+
|
48
|
+
if ! command -v jq &> /dev/null
|
49
|
+
then
|
50
|
+
echo "jq must be installed. Run 'brew bundle' to install everything in the Brewfile"
|
51
|
+
exit 1
|
52
|
+
fi
|
53
|
+
|
54
|
+
if [[ $space = "" || $service = "" ]]; then
|
55
|
+
echo "$usage"
|
56
|
+
exit 1
|
57
|
+
fi
|
58
|
+
|
59
|
+
cf target -o $org -s $space 1>&2
|
60
|
+
|
61
|
+
# create user account service
|
62
|
+
cf create-service cloud-gov-service-account $role $service 1>&2
|
63
|
+
|
64
|
+
# create service key
|
65
|
+
cf create-service-key $service service-account-key 1>&2
|
66
|
+
|
67
|
+
# output service key to stdout in secrets.auto.tfvars format
|
68
|
+
creds=`cf service-key $service service-account-key | tail -n +2 | jq '.credentials'`
|
69
|
+
username=`echo $creds | jq -r '.username'`
|
70
|
+
password=`echo $creds | jq -r '.password'`
|
71
|
+
|
72
|
+
cat << EOF
|
73
|
+
# generated with $0 -s $space -u $service -r $role -o $org
|
74
|
+
# revoke with $(dirname $0)/destroy_service_account.sh -s $space -u $service -o $org
|
75
|
+
|
76
|
+
cf_user = "$username"
|
77
|
+
cf_password = "$password"
|
78
|
+
EOF
|
@@ -0,0 +1,53 @@
|
|
1
|
+
#!/usr/bin/env bash
|
2
|
+
|
3
|
+
org="<%= @cloud_gov_organization %>"
|
4
|
+
|
5
|
+
usage="
|
6
|
+
$0: Destroy a Service User Account in a given space
|
7
|
+
|
8
|
+
Usage:
|
9
|
+
$0 -h
|
10
|
+
$0 -s <SPACE NAME> -u <USER NAME> [-o <ORG NAME>]
|
11
|
+
|
12
|
+
Options:
|
13
|
+
-h: show help and exit
|
14
|
+
-s <SPACE NAME>: configure the space to act on. Required
|
15
|
+
-u <USER NAME>: configure the service user name to destroy. Required
|
16
|
+
-o <ORG NAME>: configure the organization to act on. Default: $org
|
17
|
+
"
|
18
|
+
|
19
|
+
set -e
|
20
|
+
|
21
|
+
space=""
|
22
|
+
service=""
|
23
|
+
|
24
|
+
while getopts ":hs:u:o:" opt; do
|
25
|
+
case "$opt" in
|
26
|
+
s)
|
27
|
+
space=${OPTARG}
|
28
|
+
;;
|
29
|
+
u)
|
30
|
+
service=${OPTARG}
|
31
|
+
;;
|
32
|
+
o)
|
33
|
+
org=${OPTARG}
|
34
|
+
;;
|
35
|
+
h)
|
36
|
+
echo "$usage"
|
37
|
+
exit 0
|
38
|
+
;;
|
39
|
+
esac
|
40
|
+
done
|
41
|
+
|
42
|
+
if [[ $space = "" || $service = "" ]]; then
|
43
|
+
echo "$usage"
|
44
|
+
exit 1
|
45
|
+
fi
|
46
|
+
|
47
|
+
cf target -o $org -s $space
|
48
|
+
|
49
|
+
# destroy service key
|
50
|
+
cf delete-service-key $service service-account-key -f
|
51
|
+
|
52
|
+
# destroy service
|
53
|
+
cf delete-service $service -f
|
@@ -0,0 +1,37 @@
|
|
1
|
+
Compliance Tasks
|
2
|
+
================
|
3
|
+
|
4
|
+
This file contains a list of some tasks that can make your compliance journey a bit easier.
|
5
|
+
|
6
|
+
These instructions assume that your application is being hosted on cloud.gov.
|
7
|
+
|
8
|
+
Egress Spaces
|
9
|
+
-------------
|
10
|
+
|
11
|
+
If your application requires outbound communication to services outside of cloud.gov:
|
12
|
+
|
13
|
+
1. Set up `<env>-egress` spaces for each environment.
|
14
|
+
1. Set that space to public egress with `bin/ops/set_space_egress.sh -s <env>-egress -p`
|
15
|
+
1. Run [cg-egress-proxy](https://github.com/GSA/cg-egress-proxy#deploying-proxies-for-a-bunch-of-apps-automatically) in that space
|
16
|
+
1. Send all outbound traffic from your app through the proxy
|
17
|
+
1. Document this use under the SC-7 security control
|
18
|
+
|
19
|
+
Log Drains
|
20
|
+
----------
|
21
|
+
|
22
|
+
Follow these directions to send your logs to an external consumer, such an S3 bucket for GSA SOC to ingest or New Relic
|
23
|
+
|
24
|
+
1. Deploy the [logstash-shipper](https://github.com/GSA/datagov-logstack#setup) app in a management space. The management space could be its own space, or `<env>-egress`
|
25
|
+
1. Deploy a [space-drain](https://github.com/GSA/datagov-logstack/blob/main/create-space-drain.sh) so that any app deployed to that space automatically has its logs shipped
|
26
|
+
|
27
|
+
Drift Detection
|
28
|
+
---------------
|
29
|
+
|
30
|
+
1. Deploy [Watchtower](https://github.com/18F/watchtower) for drift detection
|
31
|
+
|
32
|
+
Future Good Ideas
|
33
|
+
-----------------
|
34
|
+
|
35
|
+
Other things that would be useful, but without decent implementations yet:
|
36
|
+
|
37
|
+
* For RA-5, deploy a Monit sidecar buildpack to restart app if any anomalys are detected
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rails_template_18f
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.8.
|
4
|
+
version: 0.8.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ryan Ahearn
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2024-06-06 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: railties
|
@@ -178,27 +178,9 @@ files:
|
|
178
178
|
- lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/run.sh.tt
|
179
179
|
- lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/teardown_creds.sh.tt
|
180
180
|
- lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/variables.tf
|
181
|
-
- lib/generators/rails_template18f/terraform/templates/terraform/create_space_deployer.sh
|
182
|
-
- lib/generators/rails_template18f/terraform/templates/terraform/destroy_space_deployer.sh
|
183
181
|
- lib/generators/rails_template18f/terraform/templates/terraform/production/main.tf.tt
|
184
182
|
- lib/generators/rails_template18f/terraform/templates/terraform/production/providers.tf.tt
|
185
183
|
- lib/generators/rails_template18f/terraform/templates/terraform/production/variables.tf
|
186
|
-
- lib/generators/rails_template18f/terraform/templates/terraform/set_space_egress.sh.tt
|
187
|
-
- lib/generators/rails_template18f/terraform/templates/terraform/shared/clamav/main.tf.tt
|
188
|
-
- lib/generators/rails_template18f/terraform/templates/terraform/shared/clamav/providers.tf
|
189
|
-
- lib/generators/rails_template18f/terraform/templates/terraform/shared/clamav/variables.tf
|
190
|
-
- lib/generators/rails_template18f/terraform/templates/terraform/shared/database/main.tf.tt
|
191
|
-
- lib/generators/rails_template18f/terraform/templates/terraform/shared/database/providers.tf
|
192
|
-
- lib/generators/rails_template18f/terraform/templates/terraform/shared/database/variables.tf
|
193
|
-
- lib/generators/rails_template18f/terraform/templates/terraform/shared/domain/main.tf.tt
|
194
|
-
- lib/generators/rails_template18f/terraform/templates/terraform/shared/domain/providers.tf
|
195
|
-
- lib/generators/rails_template18f/terraform/templates/terraform/shared/domain/variables.tf
|
196
|
-
- lib/generators/rails_template18f/terraform/templates/terraform/shared/redis/main.tf.tt
|
197
|
-
- lib/generators/rails_template18f/terraform/templates/terraform/shared/redis/providers.tf
|
198
|
-
- lib/generators/rails_template18f/terraform/templates/terraform/shared/redis/variables.tf
|
199
|
-
- lib/generators/rails_template18f/terraform/templates/terraform/shared/s3/main.tf
|
200
|
-
- lib/generators/rails_template18f/terraform/templates/terraform/shared/s3/providers.tf
|
201
|
-
- lib/generators/rails_template18f/terraform/templates/terraform/shared/s3/variables.tf
|
202
184
|
- lib/generators/rails_template18f/terraform/templates/terraform/staging/main.tf.tt
|
203
185
|
- lib/generators/rails_template18f/terraform/templates/terraform/staging/providers.tf.tt
|
204
186
|
- lib/generators/rails_template18f/terraform/templates/terraform/staging/variables.tf
|
@@ -223,6 +205,9 @@ files:
|
|
223
205
|
- templates/app/views/application/_demo_site_banner.html.erb
|
224
206
|
- templates/app/views/application/_header.html.erb
|
225
207
|
- templates/app/views/application/_usa_banner.html.erb
|
208
|
+
- templates/bin/ops/create_service_account.sh.tt
|
209
|
+
- templates/bin/ops/destroy_service_account.sh.tt
|
210
|
+
- templates/bin/ops/set_space_egress.sh.tt
|
226
211
|
- templates/bin/owasp-scan
|
227
212
|
- templates/bin/pa11y-scan
|
228
213
|
- templates/bin/with-server
|
@@ -236,6 +221,7 @@ files:
|
|
236
221
|
- templates/doc/adr/0003-security-scans.md.tt
|
237
222
|
- templates/doc/adr/0004-rails-csp-compliant-script-tag-helpers.md.tt
|
238
223
|
- templates/doc/compliance/README.md
|
224
|
+
- templates/doc/compliance/TODO.md
|
239
225
|
- templates/doc/compliance/apps/application.boundary.md.tt
|
240
226
|
- templates/doc/compliance/rendered/apps/.keep
|
241
227
|
- templates/editorconfig
|
@@ -268,7 +254,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
268
254
|
- !ruby/object:Gem::Version
|
269
255
|
version: '0'
|
270
256
|
requirements: []
|
271
|
-
rubygems_version: 3.
|
257
|
+
rubygems_version: 3.5.9
|
272
258
|
signing_key:
|
273
259
|
specification_version: 4
|
274
260
|
summary: Generators for creating an 18F-flavored Rails app
|
data/lib/generators/rails_template18f/terraform/templates/terraform/create_space_deployer.sh
DELETED
@@ -1,33 +0,0 @@
|
|
1
|
-
#!/usr/bin/env bash
|
2
|
-
|
3
|
-
set -e
|
4
|
-
set -o pipefail
|
5
|
-
|
6
|
-
if [[ $# -lt 2 ]]; then
|
7
|
-
echo "$0 <<SPACE_NAME>> <<ACCOUNT_NAME>>"
|
8
|
-
exit 1;
|
9
|
-
fi
|
10
|
-
|
11
|
-
space=$1
|
12
|
-
service=$2
|
13
|
-
|
14
|
-
cf target -s $space 1>&2
|
15
|
-
|
16
|
-
# create space deployer service
|
17
|
-
cf create-service cloud-gov-service-account space-deployer $service 1>&2
|
18
|
-
|
19
|
-
# create service key
|
20
|
-
cf create-service-key $service space-deployer-key 1>&2
|
21
|
-
|
22
|
-
# output service key to stdout in secrets.auto.tfvars format
|
23
|
-
creds=`cf service-key $service space-deployer-key | tail -n 4`
|
24
|
-
username=`echo $creds | jq '.username'`
|
25
|
-
password=`echo $creds | jq '.password'`
|
26
|
-
|
27
|
-
cat << EOF
|
28
|
-
# generated with $0 $space $service
|
29
|
-
# revoke with $(dirname $0)/destroy_space_deployer.sh $space $service
|
30
|
-
|
31
|
-
cf_user = $username
|
32
|
-
cf_password = $password
|
33
|
-
EOF
|
data/lib/generators/rails_template18f/terraform/templates/terraform/destroy_space_deployer.sh
DELETED
@@ -1,19 +0,0 @@
|
|
1
|
-
#!/usr/bin/env bash
|
2
|
-
|
3
|
-
set -e
|
4
|
-
|
5
|
-
if [[ $# -ne 2 ]]; then
|
6
|
-
echo "$0 <<SPACE_NAME>> <<ACCOUNT_NAME>>"
|
7
|
-
exit 1;
|
8
|
-
fi
|
9
|
-
|
10
|
-
space=$1
|
11
|
-
service=$2
|
12
|
-
|
13
|
-
cf target -s $space
|
14
|
-
|
15
|
-
# destroy service key
|
16
|
-
cf delete-service-key $service space-deployer-key -f
|
17
|
-
|
18
|
-
# destroy service
|
19
|
-
cf delete-service $service -f
|
data/lib/generators/rails_template18f/terraform/templates/terraform/shared/clamav/main.tf.tt
DELETED
@@ -1,50 +0,0 @@
|
|
1
|
-
###
|
2
|
-
# Target space/org
|
3
|
-
###
|
4
|
-
|
5
|
-
data "cloudfoundry_space" "space" {
|
6
|
-
org_name = var.cf_org_name
|
7
|
-
name = var.cf_space_name
|
8
|
-
}
|
9
|
-
|
10
|
-
data "cloudfoundry_domain" "internal" {
|
11
|
-
name = "apps.internal"
|
12
|
-
}
|
13
|
-
|
14
|
-
data "cloudfoundry_app" "app" {
|
15
|
-
name_or_id = "<%= app_name %>-${var.env}"
|
16
|
-
space = data.cloudfoundry_space.space.id
|
17
|
-
}
|
18
|
-
|
19
|
-
###
|
20
|
-
# ClamAV API app
|
21
|
-
###
|
22
|
-
|
23
|
-
resource "cloudfoundry_route" "clamav_route" {
|
24
|
-
space = data.cloudfoundry_space.space.id
|
25
|
-
domain = data.cloudfoundry_domain.internal.id
|
26
|
-
hostname = "<%= app_name %>-clamapi-${var.env}"
|
27
|
-
}
|
28
|
-
|
29
|
-
resource "cloudfoundry_app" "clamav_api" {
|
30
|
-
name = "<%= app_name %>-clamav-api-${var.env}"
|
31
|
-
space = data.cloudfoundry_space.space.id
|
32
|
-
memory = var.clamav_memory
|
33
|
-
disk_quota = 2048
|
34
|
-
timeout = 600
|
35
|
-
docker_image = var.clamav_image
|
36
|
-
routes {
|
37
|
-
route = cloudfoundry_route.clamav_route.id
|
38
|
-
}
|
39
|
-
environment = {
|
40
|
-
MAX_FILE_SIZE = var.max_file_size
|
41
|
-
}
|
42
|
-
}
|
43
|
-
|
44
|
-
resource "cloudfoundry_network_policy" "clamav_routing" {
|
45
|
-
policy {
|
46
|
-
source_app = data.cloudfoundry_app.app.id
|
47
|
-
destination_app = cloudfoundry_app.clamav_api.id
|
48
|
-
port = "9443"
|
49
|
-
}
|
50
|
-
}
|
data/lib/generators/rails_template18f/terraform/templates/terraform/shared/clamav/providers.tf
DELETED
@@ -1,16 +0,0 @@
|
|
1
|
-
terraform {
|
2
|
-
required_version = "~> 1.0"
|
3
|
-
required_providers {
|
4
|
-
cloudfoundry = {
|
5
|
-
source = "cloudfoundry-community/cloudfoundry"
|
6
|
-
version = "0.15.0"
|
7
|
-
}
|
8
|
-
}
|
9
|
-
}
|
10
|
-
|
11
|
-
provider "cloudfoundry" {
|
12
|
-
api_url = var.cf_api_url
|
13
|
-
user = var.cf_user
|
14
|
-
password = var.cf_password
|
15
|
-
app_logs_max = 30
|
16
|
-
}
|
data/lib/generators/rails_template18f/terraform/templates/terraform/shared/clamav/variables.tf
DELETED
@@ -1,47 +0,0 @@
|
|
1
|
-
variable "cf_api_url" {
|
2
|
-
type = string
|
3
|
-
description = "cloud.gov api url"
|
4
|
-
default = "https://api.fr.cloud.gov"
|
5
|
-
}
|
6
|
-
|
7
|
-
variable "cf_user" {
|
8
|
-
type = string
|
9
|
-
description = "cloud.gov deployer account user"
|
10
|
-
}
|
11
|
-
|
12
|
-
variable "cf_password" {
|
13
|
-
type = string
|
14
|
-
description = "secret; cloud.gov deployer account password"
|
15
|
-
sensitive = true
|
16
|
-
}
|
17
|
-
|
18
|
-
variable "cf_org_name" {
|
19
|
-
type = string
|
20
|
-
description = "cloud.gov organization name"
|
21
|
-
}
|
22
|
-
|
23
|
-
variable "cf_space_name" {
|
24
|
-
type = string
|
25
|
-
description = "cloud.gov space name (staging or prod)"
|
26
|
-
}
|
27
|
-
|
28
|
-
variable "env" {
|
29
|
-
type = string
|
30
|
-
description = "deployment environment (staging, production)"
|
31
|
-
}
|
32
|
-
|
33
|
-
variable "clamav_image" {
|
34
|
-
type = string
|
35
|
-
description = "Docker image to deploy the clamav api app"
|
36
|
-
}
|
37
|
-
|
38
|
-
variable "clamav_memory" {
|
39
|
-
type = number
|
40
|
-
description = "Memory in MB to allocate to clamav app"
|
41
|
-
default = 3072
|
42
|
-
}
|
43
|
-
|
44
|
-
variable "max_file_size" {
|
45
|
-
type = string
|
46
|
-
description = "Maximum file size the API will accept for scanning"
|
47
|
-
}
|
data/lib/generators/rails_template18f/terraform/templates/terraform/shared/database/main.tf.tt
DELETED
@@ -1,23 +0,0 @@
|
|
1
|
-
###
|
2
|
-
# Target space/org
|
3
|
-
###
|
4
|
-
|
5
|
-
data "cloudfoundry_space" "space" {
|
6
|
-
org_name = var.cf_org_name
|
7
|
-
name = var.cf_space_name
|
8
|
-
}
|
9
|
-
|
10
|
-
###
|
11
|
-
# RDS instance
|
12
|
-
###
|
13
|
-
|
14
|
-
data "cloudfoundry_service" "rds" {
|
15
|
-
name = "aws-rds"
|
16
|
-
}
|
17
|
-
|
18
|
-
resource "cloudfoundry_service_instance" "rds" {
|
19
|
-
name = "<%= app_name %>-rds-${var.env}"
|
20
|
-
space = data.cloudfoundry_space.space.id
|
21
|
-
service_plan = data.cloudfoundry_service.rds.service_plans[var.rds_plan_name]
|
22
|
-
recursive_delete = var.recursive_delete
|
23
|
-
}
|
data/lib/generators/rails_template18f/terraform/templates/terraform/shared/database/providers.tf
DELETED
@@ -1,16 +0,0 @@
|
|
1
|
-
terraform {
|
2
|
-
required_version = "~> 1.0"
|
3
|
-
required_providers {
|
4
|
-
cloudfoundry = {
|
5
|
-
source = "cloudfoundry-community/cloudfoundry"
|
6
|
-
version = "0.15.0"
|
7
|
-
}
|
8
|
-
}
|
9
|
-
}
|
10
|
-
|
11
|
-
provider "cloudfoundry" {
|
12
|
-
api_url = var.cf_api_url
|
13
|
-
user = var.cf_user
|
14
|
-
password = var.cf_password
|
15
|
-
app_logs_max = 30
|
16
|
-
}
|
data/lib/generators/rails_template18f/terraform/templates/terraform/shared/database/variables.tf
DELETED
@@ -1,42 +0,0 @@
|
|
1
|
-
variable "cf_api_url" {
|
2
|
-
type = string
|
3
|
-
description = "cloud.gov api url"
|
4
|
-
default = "https://api.fr.cloud.gov"
|
5
|
-
}
|
6
|
-
|
7
|
-
variable "cf_user" {
|
8
|
-
type = string
|
9
|
-
description = "cloud.gov deployer account user"
|
10
|
-
}
|
11
|
-
|
12
|
-
variable "cf_password" {
|
13
|
-
type = string
|
14
|
-
description = "secret; cloud.gov deployer account password"
|
15
|
-
sensitive = true
|
16
|
-
}
|
17
|
-
|
18
|
-
variable "cf_org_name" {
|
19
|
-
type = string
|
20
|
-
description = "cloud.gov organization name"
|
21
|
-
}
|
22
|
-
|
23
|
-
variable "cf_space_name" {
|
24
|
-
type = string
|
25
|
-
description = "cloud.gov space name (staging or prod)"
|
26
|
-
}
|
27
|
-
|
28
|
-
variable "env" {
|
29
|
-
type = string
|
30
|
-
description = "deployment environment (staging, production)"
|
31
|
-
}
|
32
|
-
|
33
|
-
variable "recursive_delete" {
|
34
|
-
type = bool
|
35
|
-
description = "when true, deletes service bindings attached to the resource (not recommended for production)"
|
36
|
-
default = false
|
37
|
-
}
|
38
|
-
|
39
|
-
variable "rds_plan_name" {
|
40
|
-
type = string
|
41
|
-
description = "name of the service plan name to create"
|
42
|
-
}
|
data/lib/generators/rails_template18f/terraform/templates/terraform/shared/domain/main.tf.tt
DELETED
@@ -1,46 +0,0 @@
|
|
1
|
-
###
|
2
|
-
# Target space/org
|
3
|
-
###
|
4
|
-
|
5
|
-
data "cloudfoundry_space" "space" {
|
6
|
-
org_name = var.cf_org_name
|
7
|
-
name = var.cf_space_name
|
8
|
-
}
|
9
|
-
|
10
|
-
###
|
11
|
-
# Route mapping and CDN instance
|
12
|
-
###
|
13
|
-
|
14
|
-
data "cloudfoundry_app" "app" {
|
15
|
-
name_or_id = "<%= app_name %>-${var.env}"
|
16
|
-
space = data.cloudfoundry_space.space.id
|
17
|
-
}
|
18
|
-
|
19
|
-
###########################################################################
|
20
|
-
# Route must be manually created by an OrgManager before terraform is run:
|
21
|
-
#
|
22
|
-
# cf create-domain <%= cloud_gov_organization %> TKTK-production-domain-name
|
23
|
-
###########################################################################
|
24
|
-
data "cloudfoundry_domain" "origin_url" {
|
25
|
-
name = var.domain_name
|
26
|
-
}
|
27
|
-
|
28
|
-
resource "cloudfoundry_route" "origin_route" {
|
29
|
-
domain = data.cloudfoundry_domain.origin_url.id
|
30
|
-
space = data.cloudfoundry_space.space.id
|
31
|
-
target {
|
32
|
-
app = data.cloudfoundry_app.app.id
|
33
|
-
}
|
34
|
-
}
|
35
|
-
|
36
|
-
data "cloudfoundry_service" "external_domain" {
|
37
|
-
name = "external-domain"
|
38
|
-
}
|
39
|
-
|
40
|
-
resource "cloudfoundry_service_instance" "external_domain_instance" {
|
41
|
-
name = "<%= app_name %>-domain-${var.env}"
|
42
|
-
space = data.cloudfoundry_space.space.id
|
43
|
-
service_plan = data.cloudfoundry_service.external_domain.service_plans[var.cdn_plan_name]
|
44
|
-
recursive_delete = var.recursive_delete
|
45
|
-
json_params = "{\"domains\": \"${var.domain_name}\"}"
|
46
|
-
}
|
data/lib/generators/rails_template18f/terraform/templates/terraform/shared/domain/providers.tf
DELETED
@@ -1,16 +0,0 @@
|
|
1
|
-
terraform {
|
2
|
-
required_version = "~> 1.0"
|
3
|
-
required_providers {
|
4
|
-
cloudfoundry = {
|
5
|
-
source = "cloudfoundry-community/cloudfoundry"
|
6
|
-
version = "0.15.0"
|
7
|
-
}
|
8
|
-
}
|
9
|
-
}
|
10
|
-
|
11
|
-
provider "cloudfoundry" {
|
12
|
-
api_url = var.cf_api_url
|
13
|
-
user = var.cf_user
|
14
|
-
password = var.cf_password
|
15
|
-
app_logs_max = 30
|
16
|
-
}
|
data/lib/generators/rails_template18f/terraform/templates/terraform/shared/domain/variables.tf
DELETED
@@ -1,47 +0,0 @@
|
|
1
|
-
variable "cf_api_url" {
|
2
|
-
type = string
|
3
|
-
description = "cloud.gov api url"
|
4
|
-
default = "https://api.fr.cloud.gov"
|
5
|
-
}
|
6
|
-
|
7
|
-
variable "cf_user" {
|
8
|
-
type = string
|
9
|
-
description = "cloud.gov deployer account user"
|
10
|
-
}
|
11
|
-
|
12
|
-
variable "cf_password" {
|
13
|
-
type = string
|
14
|
-
description = "secret; cloud.gov deployer account password"
|
15
|
-
sensitive = true
|
16
|
-
}
|
17
|
-
|
18
|
-
variable "cf_org_name" {
|
19
|
-
type = string
|
20
|
-
description = "cloud.gov organization name"
|
21
|
-
}
|
22
|
-
|
23
|
-
variable "cf_space_name" {
|
24
|
-
type = string
|
25
|
-
description = "cloud.gov space name (staging or prod)"
|
26
|
-
}
|
27
|
-
|
28
|
-
variable "env" {
|
29
|
-
type = string
|
30
|
-
description = "deployment environment (staging, production)"
|
31
|
-
}
|
32
|
-
|
33
|
-
variable "recursive_delete" {
|
34
|
-
type = bool
|
35
|
-
description = "when true, deletes service bindings attached to the resource (not recommended for production)"
|
36
|
-
default = false
|
37
|
-
}
|
38
|
-
|
39
|
-
variable "cdn_plan_name" {
|
40
|
-
type = string
|
41
|
-
description = "name of the service plan name to create"
|
42
|
-
}
|
43
|
-
|
44
|
-
variable "domain_name" {
|
45
|
-
type = string
|
46
|
-
description = "DNS name users will be accessing site"
|
47
|
-
}
|
@@ -1,23 +0,0 @@
|
|
1
|
-
###
|
2
|
-
# Target space/org
|
3
|
-
###
|
4
|
-
|
5
|
-
data "cloudfoundry_space" "space" {
|
6
|
-
org_name = var.cf_org_name
|
7
|
-
name = var.cf_space_name
|
8
|
-
}
|
9
|
-
|
10
|
-
###
|
11
|
-
# RDS instance
|
12
|
-
###
|
13
|
-
|
14
|
-
data "cloudfoundry_service" "redis" {
|
15
|
-
name = "aws-elasticache-redis"
|
16
|
-
}
|
17
|
-
|
18
|
-
resource "cloudfoundry_service_instance" "redis" {
|
19
|
-
name = "<%= app_name %>-redis-${var.env}"
|
20
|
-
space = data.cloudfoundry_space.space.id
|
21
|
-
service_plan = data.cloudfoundry_service.redis.service_plans[var.redis_plan_name]
|
22
|
-
recursive_delete = var.recursive_delete
|
23
|
-
}
|
data/lib/generators/rails_template18f/terraform/templates/terraform/shared/redis/providers.tf
DELETED
@@ -1,16 +0,0 @@
|
|
1
|
-
terraform {
|
2
|
-
required_version = "~> 1.0"
|
3
|
-
required_providers {
|
4
|
-
cloudfoundry = {
|
5
|
-
source = "cloudfoundry-community/cloudfoundry"
|
6
|
-
version = "0.15.0"
|
7
|
-
}
|
8
|
-
}
|
9
|
-
}
|
10
|
-
|
11
|
-
provider "cloudfoundry" {
|
12
|
-
api_url = var.cf_api_url
|
13
|
-
user = var.cf_user
|
14
|
-
password = var.cf_password
|
15
|
-
app_logs_max = 30
|
16
|
-
}
|