rails_template_18f 0.8.1 → 0.8.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8d21603b715f565d239901a62f7350b2b607f8ad264b2e23910d5c1203419038
-  data.tar.gz: 20b9516691e7819b443d06fb05e141992cf4f8e179363b43ad11d87918319929
+  metadata.gz: 71f972115a1f66ddfefa4341186434fe24a4e78b201ad192786a4c5d34bebb8c
+  data.tar.gz: dcbf65cd0f011f12aa918975b426e23002d07c54c14d4251d5e8102bc59e74a3
 SHA512:
-  metadata.gz: 6f1350e3598ae74b8dcb039ec6c85b7dd124e2b42e3563c5edb5e72a3c061c33cce3bfe43274d7c3fa07bb8f9cd0462df7fa40926ffc90fe913c043edeb86c28
-  data.tar.gz: d9bf899901b7cf2451d77dbd0eb50ddd016acc874d5144cee525d2b14df9bcb93887094e4ca1fa5a4b95a38ecb75ea622ffbfd9541e05edf292197016f909f3b
+  metadata.gz: '09de09463925281bdb7731686bebfe8eb4441a208e488597abfc910510dead294a0380629ed43af55956fb798fa2aeffeaddc25c0b6e2dd6e584db6791b211b0'
+  data.tar.gz: d12d2667e1aa2bf8e49097ccc9b3f76656a5a71b5ca829b1e02361d33df62af298c27dfe6de8da268f6ead509a54725c1df5852813196bd113f1daedf9f70de4

data/CHANGELOG.md

@@ -1,5 +1,10 @@
 ## [Unreleased]
 
+## [0.8.2] - 2024-06-06
+
+- Replace deprecated github action for cloud.gov deploys with cg-supported one
+- Update terraform modules use for the actual module api - and specify the module version in use
+
 ## [0.8.1] - 2024-06-04
 
 - fix error when compliance-template fork question is left blank

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    rails_template_18f (0.8.1)
+    rails_template_18f (0.8.2)
       activesupport (~> 7.0.0)
       colorize (~> 0.8)
       railties (~> 7.0.0)

data/lib/generators/rails_template18f/circleci/templates/circleci/config.yml.tt

@@ -47,7 +47,7 @@ commands:
       - run:
           name: Install Cloud Foundry CLI
           command: |
-            curl -v -L -o cf-cli_amd64.deb 'https://packages.cloudfoundry.org/stable?release=debian64&version=v7&source=github'
+            curl -v -L -o cf-cli_amd64.deb 'https://packages.cloudfoundry.org/stable?release=debian64&version=v8&source=github'
             sudo dpkg -i cf-cli_amd64.deb
       - run:
           name: Login with service account

data/lib/generators/rails_template18f/github_actions/github_actions_generator.rb

@@ -62,8 +62,8 @@ EOB
       def update_terraform_readme
         return unless terraform?
         readme_filename = "terraform/README.md"
-        insert_into_file readme_filename, "  |- .force-action-apply\n", after: "  |- secrets.auto.tfvars\n"
-        insert_into_file readme_filename, <<~EOM, after: /- `secrets.auto.tfvars`.*$/
+        insert_into_file readme_filename, "  |- .force-action-apply\n", after: "- <env>/\n"
+        insert_into_file readme_filename, <<~EOM, after: /.*environment-specific modules:$/
           \n- `.force-action-apply` is a file that can be updated to force GitHub Actions to run `terraform apply` during the deploy phase
         EOM
       end

data/lib/generators/rails_template18f/github_actions/templates/github/workflows/deploy-production.yml.tt

@@ -42,7 +42,7 @@ jobs:
         run: terraform apply -auto-approve -input=false
       <% end %>
       - name: Deploy app
-        uses: 18F/cg-deploy-action@main
+        uses: cloud-gov/cg-cli-tools@main
         env:
           RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}
         with:
@@ -50,6 +50,4 @@ jobs:
           cf_password: ${{ secrets.CF_PASSWORD }}
           cf_org: <%= cloud_gov_organization %>
           cf_space: <%= cloud_gov_production_space %>
-          push_arguments: >-
-            --vars-file config/deployment/production.yml
-            --var rails_master_key=$RAILS_MASTER_KEY
+          cf_command: push -vars-file config/deployment/production.yml --var rails_master_key=${{ env.RAILS_MASTER_KEY }} --strategy rolling

data/lib/generators/rails_template18f/github_actions/templates/github/workflows/deploy-staging.yml.tt

@@ -42,7 +42,7 @@ jobs:
         run: terraform apply -auto-approve -input=false
       <% end %>
       - name: Deploy app
-        uses: 18F/cg-deploy-action@main
+        uses: cloud-gov/cg-cli-tools@main
         env:
           RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}
         with:
@@ -50,6 +50,4 @@ jobs:
           cf_password: ${{ secrets.CF_PASSWORD }}
           cf_org: <%= cloud_gov_organization %>
           cf_space: <%= cloud_gov_staging_space %>
-          push_arguments: >-
-            --vars-file config/deployment/staging.yml
-            --var rails_master_key=$RAILS_MASTER_KEY
+          cf_command: push -vars-file config/deployment/staging.yml --var rails_master_key=${{ env.RAILS_MASTER_KEY }} --strategy rolling

data/lib/generators/rails_template18f/terraform/templates/terraform/README.md.tt

@@ -4,26 +4,39 @@ This directory holds the terraform modules for maintaining your complete persist
 
 Prerequisite: install the `jq` JSON processor: `brew bundle` or `brew install jq`
 
-## Initial setup
+## Initial project setup
 
-1. Manually run the bootstrap module following instructions under `Terraform State Credentials`
+These steps only need to be run once per project.
+
+1. Manually [bootstrap the state storage bucket](#bootstrapping-the-state-storage-s3-buckets-for-the-first-time) within the `bootstrap` directory
 1. Setup CI/CD Pipeline to run Terraform
-  1. Copy bootstrap credentials to your CI/CD secrets using the instructions in the base README
-  1. Create a cloud.gov SpaceDeployer by following the instructions under `SpaceDeployers`
-  1. Copy SpaceDeployer credentials to your CI/CD secrets using the instructions in the base README
+    1. Copy bootstrap credentials to your CI/CD secrets using the instructions in the base README
+    1. Create a cloud.gov SpaceDeployer by following the instructions under `SpaceDeployers`
+    1. Copy SpaceDeployer credentials to your CI/CD secrets using the instructions in the base README
 1. Manually Running Terraform
-  1. Follow instructions under `Set up a new environment` to create your infrastructure
+    1. Follow instructions under `Set up a new environment` to create your infrastructure
+
+## Initial developer setup
+
+These steps should be run for any developer that needs to start running terraform or who just moved to a new machine.
+
+They are not necessary for the developer who runs the [initial project setup](#initial-project-setup)
+
+1. Import the existing bootstrap resources to your local state with `./import.sh`
+1. Follow instructions under [Use bootstrap credentials](#use-bootstrap-credentials)
+
 
 ## Terraform State Credentials
 
-The bootstrap module is used to create an s3 bucket for later terraform runs to store their state in.
+The `bootstrap` module is used to create an s3 bucket for later terraform runs to store their state in.
 
 ### Bootstrapping the state storage s3 buckets for the first time
 
-1. Run `terraform init`
-1. Run `./run.sh plan` to verify that the changes are what you expect
+These steps are run once per project.
+
+1. Run `./run.sh init`
 1. Run `./run.sh apply` to set up the bucket and retrieve credentials
-1. Follow instructions under `Use bootstrap credentials`
+1. Follow instructions under [Use bootstrap credentials](#use-bootstrap-credentials)
 1. Ensure that `import.sh` includes a line and correct IDs for any resources created
 1. Run `./teardown_creds.sh` to remove the space deployer account used to create the s3 bucket
 
@@ -31,28 +44,20 @@ The bootstrap module is used to create an s3 bucket for later terraform runs to
 
 *This should not be necessary in most cases*
 
-1. Run `terraform init`
-1. If you don't have terraform state locally:
-    1. run `./import.sh`
-    1. optionally run `./run.sh apply` to include the existing outputs in the state file
 1. Make your changes
-1. Continue from step 2 of the boostrapping instructions
-
-### Retrieving existing bucket credentials
+1. Run `./run.sh plan` to verify the changes are what you expect
+1. Continue from step 2 of the [boostrapping instructions](#bootstrapping-the-state-storage-s3-buckets-for-the-first-time)
 
-1. Run `./run.sh show`
-1. Follow instructions under `Use bootstrap credentials`
-
-#### Use bootstrap credentials
+### Use bootstrap credentials
 
 1. Add the following to `~/.aws/credentials`
     ```
     [<%= app_name %>-terraform-backend]
-    aws_access_key_id = <access_key_id from bucket_credentials>
-    aws_secret_access_key = <secret_access_key from bucket_credentials>
+    aws_access_key_id = <AWS_ACCESS_KEY_ID from run.sh output>
+    aws_secret_access_key = <AWS_SECRET_ACCESS_KEY from run.sh output>
     ```
 
-1. Copy `bucket` from `bucket_credentials` output to the backend block of `staging/providers.tf` and `production/providers.tf`
+1. Copy `BUCKET` from `run.sh` output to the backend block of `staging/providers.tf` and `production/providers.tf`
 
 ## SpaceDeployers
 
@@ -63,11 +68,11 @@ deploy the application from the CI/CD pipeline. Create a new account by running:
 
 ## Set up a new environment manually
 
-The below steps rely on you first configuring access to the Terraform state in s3 as described in [Terraform State Credentials](#terraform-state-credentials).
+The below steps rely on you first configuring access to the Terraform state in s3 as described in [initial project setup](#initial-project-setup) or [initial developer setup](#initial-developer-setup).
 
 1. `cd` to the environment you are working in
 
-1. Set up a SpaceDeployer
+1. Set up a SpaceDeployer and save the credentials in a file named `secrets.auto.tfvars`
     ```bash
     # create a space deployer service instance that can log in with just a username and password
     # the value of < SPACE_NAME > should be `staging` or `prod` depending on where you are working
@@ -80,7 +85,7 @@ The below steps rely on you first configuring access to the Terraform state in s
 
     The script will output the `username` (as `cf_user`) and `password` (as `cf_password`) for your `<ACCOUNT_NAME>`. Read more in the [cloud.gov service account documentation](https://cloud.gov/docs/services/cloud-gov-service-account/).
 
-    The easiest way to use this script is to redirect the output directly to the `secrets.auto.tfvars` file it needs to be used in
+    The easiest way to use this script locally is to redirect the output directly to the `secrets.auto.tfvars` file it needs to be used in
 
 1. Run terraform from your new environment directory with
     ```bash
@@ -90,7 +95,7 @@ The below steps rely on you first configuring access to the Terraform state in s
 
 1. Apply changes with `terraform apply`.
 
-1. Remove the space deployer service instance if it doesn't need to be used again, such as when manually running terraform once.
+1. Remove the space deployer service instance if it doesn't need to be used again, such as when manually running terraform plan before letting CI/CD apply the changes.
     ```bash
     # <SPACE_NAME> and <ACCOUNT_NAME> have the same values as used above.
     ../../bin/ops/destroy_service_account.sh -s <SPACE_NAME> -u <ACCOUNT_NAME>
@@ -98,7 +103,7 @@ The below steps rely on you first configuring access to the Terraform state in s
 
 ## Structure
 
-Each environment has its own module, which relies on a shared module for everything except the providers code and environment specific variables and settings.
+Each environment has its own module.
 
 ```
 - bootstrap/
@@ -111,38 +116,18 @@ Each environment has its own module, which relies on a shared module for everyth
 - <env>/
   |- main.tf
   |- providers.tf
-  |- secrets.auto.tfvars
   |- variables.tf
-- shared/
-  |- s3/
-     |- main.tf
-     |- providers.tf
-     |- variables.tf
-  |- database/
-     |- main.tf
-     |- providers.tf
-     |- variables.tf
-  |- domain/
-     |- main.tf
-     |- providers.tf
-     |- variables.tf
 ```
 
-In the shared modules:
-- `providers.tf` contains set up instructions for Terraform about Cloud Foundry and AWS
-- `main.tf` sets up the data and resources the application relies on
-- `variables.tf` lists the required variables and applicable default values
-
 In the environment-specific modules:
 - `providers.tf` lists the required providers
 - `main.tf` calls the shared Terraform code, but this is also a place where you can add any other services, resources, etc, which you would like to set up for that environment
 - `variables.tf` lists the variables that will be needed, either to pass through to the child module or for use in this module
-- `secrets.auto.tfvars` is a file which contains the information about the service-key and other secrets that should not be shared
 
 In the bootstrap module:
 - `providers.tf` lists the required providers
 - `main.tf` sets up s3 bucket to be shared across all environments. It lives in `prod` to communicate that it should not be deleted
 - `variables.tf` lists the variables that will be needed. Most values are hard-coded in this module
-- `run.sh` Helper script to set up a space deployer and run terraform. The terraform action (`show`/`plan`/`apply`/`destroy`) is passed as an argument
+- `run.sh` Helper script to set up a space deployer and run terraform. The terraform action (`init`/`show`/`plan`/`apply`/`destroy`) is passed as an argument
 - `teardown_creds.sh` Helper script to remove the space deployer setup as part of `run.sh`
-- `import.sh` Helper script to create a new local state file in case terraform changes are needed
+- `import.sh` Helper script to create a new local state file when new developers need to access the state file

data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/import.sh

@@ -4,6 +4,7 @@ read -p "Are you sure you want to import terraform state (y/n)? " verify
 
 if [[ $verify == "y" ]]; then
   echo "Importing bootstrap state"
+  ./run.sh init
   ./run.sh import module.s3.cloudfoundry_service_instance.bucket TKTK
   ./run.sh import cloudfoundry_service_key.bucket_creds TKTK
   ./run.sh plan

data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/main.tf.tt

@@ -1,18 +1,14 @@
 locals {
-  cf_api_url      = "https://api.fr.cloud.gov"
   s3_service_name = "<%= app_name %>-terraform-state"
 }
 
 module "s3" {
-  source = "github.com/18f/terraform-cloudgov//s3"
+  source = "github.com/gsa-tts/terraform-cloudgov//s3?ref=v1.0.0"
 
-  cf_api_url      = local.cf_api_url
-  cf_user         = var.cf_user
-  cf_password     = var.cf_password
-  cf_org_name     = "<%= cloud_gov_organization %>"
-  cf_space_name   = "<%= cloud_gov_production_space %>"
-  s3_service_name = local.s3_service_name<% if cloud_gov_organization == "sandbox-gsa" %>
-  s3_plan_name    = "basic-sandbox"<% end %>
+  cf_org_name   = "<%= cloud_gov_organization %>"
+  cf_space_name = "<%= cloud_gov_production_space %>"
+  name          = local.s3_service_name<% if cloud_gov_organization == "sandbox-gsa" %>
+  s3_plan_name  = "basic-sandbox"<% end %>
 }
 
 resource "cloudfoundry_service_key" "bucket_creds" {
@@ -21,5 +17,6 @@ resource "cloudfoundry_service_key" "bucket_creds" {
 }
 
 output "bucket_credentials" {
-  value = cloudfoundry_service_key.bucket_creds.credentials
+  value     = cloudfoundry_service_key.bucket_creds.credentials
+  sensitive = true
 }

data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/providers.tf

@@ -3,14 +3,14 @@ terraform {
   required_providers {
     cloudfoundry = {
       source  = "cloudfoundry-community/cloudfoundry"
-      version = "0.15.0"
+      version = "0.53.1"
     }
   }
 }
 
 provider "cloudfoundry" {
-  api_url      = local.cf_api_url
+  api_url      = "https://api.fr.cloud.gov"
   user         = var.cf_user
   password     = var.cf_password
   app_logs_max = 30
-}
+}

data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/run.sh.tt

@@ -1,5 +1,20 @@
 #!/usr/bin/env bash
 
+if ! command -v jq &> /dev/null
+then
+  echo "jq must be installed. Run 'brew bundle' to install everything in the Brewfile"
+  exit 1
+fi
+if ! command -v terraform &> /dev/null
+then
+  echo "terraform must be installed before running this script"
+  exit 1
+fi
+
+dig_output () {
+  dig_result=`cat terraform.tfstate | jq -r ".outputs.bucket_credentials.value.$1"`
+}
+
 if [[ ! -f "secrets.auto.tfvars" ]]; then
   ../../bin/ops/create_service_account.sh -s <%= cloud_gov_production_space %> -u config-bootstrap-deployer > secrets.auto.tfvars
 fi
@@ -7,6 +22,18 @@ fi
 if [[ $# -gt 0 ]]; then
   echo "Running terraform $@"
   terraform $@
+  if [[ -f terraform.tfstate ]]; then
+    echo
+    echo "Credentials for terraform state bucket:"
+    dig_output "bucket"
+    echo "BUCKET=$dig_result"
+    dig_output "access_key_id"
+    echo "AWS_ACCESS_KEY_ID=$dig_result"
+    dig_output "secret_access_key"
+    echo "AWS_SECRET_ACCESS_KEY=$dig_result"
+    dig_output "region"
+    echo "AWS_REGION=$dig_result"
+  fi
 else
   echo "Not running terraform"
 fi

data/lib/generators/rails_template18f/terraform/templates/terraform/production/main.tf.tt

@@ -3,46 +3,34 @@ locals {
   cf_space_name    = "<%= cloud_gov_production_space %>"
   env              = "production"
   app_name         = "<%= app_name %>"
-  recursive_delete = false
 }
 
 module "database" {
-  source = "github.com/18f/terraform-cloudgov//database"
+  source = "github.com/gsa-tts/terraform-cloudgov//database?ref=v1.0.0"
 
-  cf_user          = var.cf_user
-  cf_password      = var.cf_password
-  cf_org_name      = local.cf_org_name
-  cf_space_name    = local.cf_space_name
-  env              = local.env
-  app_name         = local.app_name
-  recursive_delete = local.recursive_delete
-  rds_plan_name    = "TKTK-production-rds-plan"
+  cf_org_name   = local.cf_org_name
+  cf_space_name = local.cf_space_name
+  name          = "${local.app_name}-rds-${local.env}"
+  rds_plan_name = "TKTK-production-rds-plan"
 }
 <% if has_active_job? %>
 module "redis" {
-  source = "github.com/18f/terraform-cloudgov//redis"
+  source = "github.com/gsa-tts/terraform-cloudgov//redis?ref=v1.0.0"
 
-  cf_user          = var.cf_user
-  cf_password      = var.cf_password
-  cf_org_name      = local.cf_org_name
-  cf_space_name    = local.cf_space_name
-  env              = local.env
-  app_name         = local.app_name
-  recursive_delete = local.recursive_delete
-  redis_plan_name  = "TKTK-production-redis-plan"
+  cf_org_name     = local.cf_org_name
+  cf_space_name   = local.cf_space_name
+  name            = "${local.app_name}-redis-${local.env}"
+  redis_plan_name = "TKTK-production-redis-plan"
 }
 <% end %>
 <% if has_active_storage? %>
 module "s3" {
-  source = "github.com/18f/terraform-cloudgov//s3"
+  source = "github.com/gsa-tts/terraform-cloudgov//s3?ref=v1.0.0"
 
-  cf_user          = var.cf_user
-  cf_password      = var.cf_password
-  cf_org_name      = local.cf_org_name
-  cf_space_name    = local.cf_space_name
-  recursive_delete = local.recursive_delete
-  s3_service_name  = "${local.app_name}-s3-${local.env}"<% if cloud_gov_organization == "sandbox-gsa" %>
-  s3_plan_name     = "basic-sandbox"<% end %>
+  cf_org_name   = local.cf_org_name
+  cf_space_name = local.cf_space_name
+  name          = "${local.app_name}-s3-${local.env}"<% if cloud_gov_organization == "sandbox-gsa" %>
+  s3_plan_name  = "basic-sandbox"<% end %>
 }
 
 ###########################################################################
@@ -52,16 +40,14 @@ module "s3" {
 # 2) Your organization has sufficient memory. Each clamav app requires 3GB
 ###########################################################################
 # module "clamav" {
-#   source = "github.com/18f/terraform-cloudgov//clamav"
+#   source = "github.com/gsa-tts/terraform-cloudgov//clamav?ref=v1.0.0"
 #
-#   cf_user       = var.cf_user
-#   cf_password   = var.cf_password
-#   cf_org_name   = local.cf_org_name
-#   cf_space_name = local.cf_space_name
-#   env           = local.env
-#   app_name      = local.app_name
-#   clamav_image  = "ajilaag/clamav-rest:20211229"
-#   max_file_size = "30M"
+#   cf_org_name    = local.cf_org_name
+#   cf_space_name  = local.cf_space_name
+#   app_name_or_id = "${local.app_name}-${local.env}"
+#   name           = "${local.app_name}-clamapi-${local.env}"
+#   clamav_image   = "ghcr.io/gsa-tts/clamav-rest/clamav:20240602"
+#   max_file_size  = "30M"
 # }
 <% end %>
 
@@ -73,15 +59,12 @@ module "s3" {
 #     `cf create-domain <%= cloud_gov_organization %> TKTK-production-domain-name`
 ###########################################################################
 # module "domain" {
-#   source = "github.com/18f/terraform-cloudgov//domain"
+#   source = "github.com/gsa-tts/terraform-cloudgov//domain?ref=v1.0.0"
 #
-#   cf_user          = var.cf_user
-#   cf_password      = var.cf_password
-#   cf_org_name      = local.cf_org_name
-#   cf_space_name    = local.cf_space_name
-#   env              = local.env
-#   app_name         = local.app_name
-#   recursive_delete = local.recursive_delete
-#   cdn_plan_name    = "domain"
-#   domain_name      = "TKTK-production-domain-name"
+#   cf_org_name    = local.cf_org_name
+#   cf_space_name  = local.cf_space_name
+#   app_name_or_id = "${local.app_name}-${local.env}"
+#   cdn_plan_name  = "domain"
+#   domain_name    = "TKTK-production-domain-name"
+#   host_name      = "TKTK-production-hostname (optional)"
 # }

data/lib/generators/rails_template18f/terraform/templates/terraform/production/providers.tf.tt

@@ -3,7 +3,7 @@ terraform {
   required_providers {
     cloudfoundry = {
       source  = "cloudfoundry-community/cloudfoundry"
-      version = "0.15.0"
+      version = "0.53.1"
     }
   }
 
@@ -15,3 +15,10 @@ terraform {
     profile = "<%= app_name %>-terraform-backend"
   }
 }
+
+provider "cloudfoundry" {
+  api_url      = "https://api.fr.cloud.gov"
+  user         = var.cf_user
+  password     = var.cf_password
+  app_logs_max = 30
+}

data/lib/generators/rails_template18f/terraform/templates/terraform/staging/main.tf.tt

@@ -3,46 +3,34 @@ locals {
   cf_space_name    = "<%= cloud_gov_staging_space %>"
   env              = "staging"
   app_name         = "<%= app_name %>"
-  recursive_delete = true
 }
 
 module "database" {
-  source = "github.com/18f/terraform-cloudgov//database"
+  source = "github.com/gsa-tts/terraform-cloudgov//database?ref=v1.0.0"
 
-  cf_user          = var.cf_user
-  cf_password      = var.cf_password
-  cf_org_name      = local.cf_org_name
-  cf_space_name    = local.cf_space_name
-  env              = local.env
-  app_name         = local.app_name
-  recursive_delete = local.recursive_delete
-  rds_plan_name    = "micro-psql"
+  cf_org_name   = local.cf_org_name
+  cf_space_name = local.cf_space_name
+  name          = "${local.app_name}-rds-${local.env}"
+  rds_plan_name = "micro-psql"
 }
 <% if has_active_job? %>
 module "redis" {
-  source = "github.com/18f/terraform-cloudgov//redis"
+  source = "github.com/gsa-tts/terraform-cloudgov//redis?ref=v1.0.0"
 
-  cf_user          = var.cf_user
-  cf_password      = var.cf_password
-  cf_org_name      = local.cf_org_name
-  cf_space_name    = local.cf_space_name
-  env              = local.env
-  app_name         = local.app_name
-  recursive_delete = local.recursive_delete
-  redis_plan_name  = "redis-dev"
+  cf_org_name     = local.cf_org_name
+  cf_space_name   = local.cf_space_name
+  name            = "${local.app_name}-redis-${local.env}"
+  redis_plan_name = "redis-dev"
 }
 <% end %>
 <% if has_active_storage? %>
 module "s3" {
-  source = "github.com/18f/terraform-cloudgov//s3"
+  source = "github.com/gsa-tts/terraform-cloudgov//s3?ref=v1.0.0"
 
-  cf_user          = var.cf_user
-  cf_password      = var.cf_password
-  cf_org_name      = local.cf_org_name
-  cf_space_name    = local.cf_space_name
-  recursive_delete = local.recursive_delete
-  s3_service_name  = "${local.app_name}-s3-${local.env}"<% if cloud_gov_organization == "sandbox-gsa" %>
-  s3_plan_name     = "basic-sandbox"<% end %>
+  cf_org_name   = local.cf_org_name
+  cf_space_name = local.cf_space_name
+  name          = "${local.app_name}-s3-${local.env}"<% if cloud_gov_organization == "sandbox-gsa" %>
+  s3_plan_name  = "basic-sandbox"<% end %>
 }
 
 ###########################################################################
@@ -52,15 +40,13 @@ module "s3" {
 # 2) Your organization has sufficient memory. Each clamav app requires 3GB
 ###########################################################################
 # module "clamav" {
-#   source = "github.com/18f/terraform-cloudgov//clamav"
+#   source = "github.com/gsa-tts/terraform-cloudgov//clamav?ref=v1.0.0"
 #
-#   cf_user       = var.cf_user
-#   cf_password   = var.cf_password
-#   cf_org_name   = local.cf_org_name
-#   cf_space_name = local.cf_space_name
-#   env           = local.env
-#   app_name      = local.app_name
-#   clamav_image  = "ajilaag/clamav-rest:20211229"
-#   max_file_size = "30M"
+#   cf_org_name    = local.cf_org_name
+#   cf_space_name  = local.cf_space_name
+#   app_name_or_id = "${local.app_name}-${local.env}"
+#   name           = "${local.app_name}-clamapi-${local.env}"
+#   clamav_image   = "ghcr.io/gsa-tts/clamav-rest/clamav:20240602"
+#   max_file_size  = "30M"
 # }
 <% end %>

data/lib/generators/rails_template18f/terraform/templates/terraform/staging/providers.tf.tt

@@ -3,7 +3,7 @@ terraform {
   required_providers {
     cloudfoundry = {
       source  = "cloudfoundry-community/cloudfoundry"
-      version = "0.15.0"
+      version = "0.53.1"
     }
   }
 
@@ -15,3 +15,10 @@ terraform {
     profile = "<%= app_name %>-terraform-backend"
   }
 }
+
+provider "cloudfoundry" {
+  api_url      = "https://api.fr.cloud.gov"
+  user         = var.cf_user
+  password     = var.cf_password
+  app_logs_max = 30
+}

data/lib/rails_template18f/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module RailsTemplate18f
-  VERSION = "0.8.1"
+  VERSION = "0.8.2"
 end

data/templates/bin/ops/create_service_account.sh.tt

@@ -45,6 +45,12 @@ while getopts ":hs:u:r:o:" opt; do
   esac
 done
 
+if ! command -v jq &> /dev/null
+then
+  echo "jq must be installed. Run 'brew bundle' to install everything in the Brewfile"
+  exit 1
+fi
+
 if [[ $space = "" || $service = "" ]]; then
   echo "$usage"
   exit 1
@@ -59,14 +65,14 @@ cf create-service cloud-gov-service-account $role $service 1>&2
 cf create-service-key $service service-account-key 1>&2
 
 # output service key to stdout in secrets.auto.tfvars format
-creds=`cf service-key $service service-account-key | tail -n 4`
-username=`echo $creds | jq '.username'`
-password=`echo $creds | jq '.password'`
+creds=`cf service-key $service service-account-key | tail -n +2 | jq '.credentials'`
+username=`echo $creds | jq -r '.username'`
+password=`echo $creds | jq -r '.password'`
 
 cat << EOF
 # generated with $0 -s $space -u $service -r $role -o $org
 # revoke with $(dirname $0)/destroy_service_account.sh -s $space -u $service -o $org
 
-cf_user = $username
-cf_password = $password
+cf_user = "$username"
+cf_password = "$password"
 EOF

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rails_template_18f
 version: !ruby/object:Gem::Version
-  version: 0.8.1
+  version: 0.8.2
 platform: ruby
 authors:
 - Ryan Ahearn
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-06-04 00:00:00.000000000 Z
+date: 2024-06-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties