one state per env

Makefile

@@ -13,6 +13,7 @@ grun: gromit
 	-e AWS_REGION=eu-central-1 \
 	-e TF_API_TOKEN=$(tf_api) \
 	-e GROMIT_DOMAIN=dev.tyk.technology \
+	-e GROMIT_ZONEID=Z06422931MJIQS870BBM7 \
 	grun run
 
 .PHONY: grun

TODO.md

@@ -2,6 +2,5 @@
 Generated from lines with TODO in the repo , use the pre-commit hook in .
 Binary file gromit matches
 server/app.go:// TODO Implement listing of all environments
-terraform/parser.go:	// TODO make euc1 an environment variable or part of the config
 Binary file terraform/devenv/.terraform/plugins/registry.terraform.io/hashicorp/aws/2.70.0/linux_amd64/terraform-provider-aws_v2.70.0_x4 matches
 Binary file terraform/devenv/.terraform/plugins/registry.terraform.io/hashicorp/template/2.1.2/linux_amd64/terraform-provider-template_v2.1.2_x4 matches

terraform/devenv/gateway.tf

@@ -75,7 +75,7 @@ resource "aws_ecs_service" "gateway" {
 # Redis
 
 resource "aws_security_group" "redis" {
-  name        = "redis"
+  name        = "${var.name}-redis"
   description = "Allow traffic from anywhere in the vpc"
   vpc_id      = data.terraform_remote_state.infra.outputs.vpc_id
 

terraform/devenv/infra.auto.tfvars

@@ -0,0 +1,2 @@
+infra = "infra-prod"
+base = "base-prod"

terraform/devenv/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_version = ">= 0.12"
   backend "s3" {
     bucket         = "terraform-state-devenv"
-    key            = "devenv/"
+    key            = "devenv"
     region         = "eu-central-1"
     dynamodb_table = "terraform-state-locks"
   }
@@ -21,18 +21,18 @@ locals {
     "managed", "automation",
     "ou", "devops",
     "purpose", "ci",
-    "env", var.name_prefix,
+    "env", var.name,
   )}"
   # Name for the task
-  gw_name    = join("-", [var.name_prefix, "gw"])
-  db_name    = join("-", [var.name_prefix, "db"])
-  pump_name  = join("-", [var.name_prefix, "pump"])
-  redis_name = join("-", [var.name_prefix, "redis"])
-  int_domain = join(".", [var.name_prefix, "internal"])
+  gw_name    = join("-", [var.name, "gw"])
+  db_name    = join("-", [var.name, "db"])
+  pump_name  = join("-", [var.name, "pump"])
+  redis_name = join("-", [var.name, "redis"])
+  int_domain = join(".", [var.name, "internal"])
   # Construct full ECR URLs
-  tyk_image           = join(":", [data.terraform_remote_state.base.outputs.tyk["ecr"], var.tyk_tag])
-  tyk-analytics_image = join(":", [data.terraform_remote_state.base.outputs.tyk-analytics["ecr"], var.tyk-pump_tag])
-  tyk-pump_image      = join(":", [data.terraform_remote_state.base.outputs.tyk-pump["ecr"], var.tyk-pump_tag])
+  tyk_image           = join(":", [data.terraform_remote_state.base.outputs.tyk["ecr"], var.tyk])
+  tyk-analytics_image = join(":", [data.terraform_remote_state.base.outputs.tyk-analytics["ecr"], var.tyk-pump])
+  tyk-pump_image      = join(":", [data.terraform_remote_state.base.outputs.tyk-pump["ecr"], var.tyk-pump])
 }
 
 # For VPC
@@ -64,7 +64,7 @@ data "terraform_remote_state" "base" {
 # ECS cluster
 
 resource "aws_ecs_cluster" "env" {
-  name = var.name_prefix
+  name = var.name
 
   setting {
     name  = "containerInsights"
@@ -80,7 +80,7 @@ data "aws_iam_role" "ecs_task_execution_role" {
 # Security groups
 
 resource "aws_security_group" "gateway" {
-  name        = "gateway"
+  name        = "${var.name}-gateway"
   description = "Traffic from anywhere 8000-9000"
   vpc_id      = data.terraform_remote_state.infra.outputs.vpc_id
 
@@ -103,7 +103,7 @@ resource "aws_security_group" "gateway" {
 }
 
 resource "aws_security_group" "dashboard" {
-  name        = "dashboard"
+  name        = "${var.name}-dashboard"
   description = "Traffic from anywhere on 3000"
   vpc_id      = data.terraform_remote_state.infra.outputs.vpc_id
 
@@ -126,7 +126,7 @@ resource "aws_security_group" "dashboard" {
 }
 
 resource "aws_security_group" "pump" {
-  name        = "pump"
+  name        = "${var.name}-pump"
   description = "Allow traffic from anywhere in the vpc"
   vpc_id      = data.terraform_remote_state.infra.outputs.vpc_id
 

terraform/devenv/master.tfvars

@@ -1,6 +1,4 @@
-infra = "infra-prod"
-base = "base-prod"
-name_prefix = "master"
-tyk_tag = "master"
-tyk-analytics_tag = "master"
-tyk-pump_tag = "master"
+name = "master"
+tyk = "master"
+tyk-analytics = "master"
+tyk-pump = "master"

terraform/devenv/variables.tf

@@ -8,22 +8,22 @@ variable "infra" {
   type = string
 }
 
-variable "name_prefix" {
-  description = "The DNS record will be name_prefix-{gw,db,etc}"
+variable "name" {
+  description = "The DNS record will be name-{gw,db,etc}"
   type = string
 }
 
-variable "tyk_tag" {
+variable "tyk" {
   description = "Image tag for the tyk service"
   type        = string
 }
 
-variable "tyk-analytics_tag" {
+variable "tyk-analytics" {
   description = "Image tag for the tyk-analytics service"
   type        = string
 }
 
-variable "tyk-pump_tag" {
+variable "tyk-pump" {
   description = "Image tag for the tyk-pump service"
   type        = string
 }

terraform/manifests.go

@@ -47,3 +47,17 @@ func copyBoxToDir(b *rice.Box, boxPath string, dest string) error {
 	}
 	return nil
 }
+
+// deployManifests to a temporary dir prefixed with destPrefix
+func deployManifest(b *rice.Box, destPrefix string) (string, error) {
+	tmpDir, err := ioutil.TempDir("", destPrefix)
+	if err != nil {
+		return "", err
+	}
+
+	err = copyBoxToDir(b, "/", tmpDir)
+	if err != nil {
+		log.Fatal().Err(err).Msgf("could not restore embedded manifests to %s", tmpDir)
+	}
+	return tmpDir, nil
+}

terraform/run.go

@@ -70,38 +70,11 @@ func terraformInit(tfEnv []string) {
 	log.Trace().Str("output", string(out)).Msg("init")
 }
 
-// deployManifests to a temporary dir prefixed with destPrefix
-func deployManifest(b *rice.Box, destPrefix string) (string, error) {
-	tmpDir, err := ioutil.TempDir("", destPrefix)
-	if err != nil {
-		return "", err
-	}
-
-	err = copyBoxToDir(b, "/", tmpDir)
-	if err != nil {
-		log.Fatal().Err(err).Msgf("could not restore embedded manifests to %s", tmpDir)
-	}
-	return tmpDir, nil
-}
-
-// makeInputFromTFState transforms the envState into terraform inputs
+// makeInputFromTFState transforms envMap into terraform inputs
 // See master.tfvars for a sample inputfile in hcl format
-func makeInputVarfile(tfDir string, envMap devenv.DevEnv, tfOutput TFOutput) error {
-	inpMap := make(TFInputs)
-	for k, v := range tfOutput {
-		if k == "repo_urls" {
-			for repo, ecr := range v.getMapValue() {
-				inpMap[repo] = fmt.Sprintf("%s:%s", ecr, envMap[repo])
-			}
-		} else {
-			inpMap[k] = v.getStringValue()
-		}
-
-	}
-	inpMap["name_prefix"] = envMap[devenv.NAME].(string)
-
+func makeInputVarfile(tfDir string, envMap devenv.DevEnv) error {
 	varFile := fmt.Sprintf("%s.tfvars.json", envMap[devenv.NAME].(string))
-	varsJSON, err := json.Marshal(inpMap)
+	varsJSON, err := json.Marshal(envMap)
 	if err != nil {
 		return err
 	}
@@ -129,7 +102,6 @@ func apply(env string, dir string) {
 			Err(err).
 			Msg("env select failed, assuming it needs creation")
 		terraformExitOnFailure("workspace", "new", env)
-		return
 	}
 
 	terraformExitOnFailure("validate")
@@ -180,18 +152,13 @@ func Run() error {
 			log.Error().Err(err).Msgf("could not deploy manifest for env %s", envName)
 			continue
 		}
-		infraOutput, err := GetInfraValues()
-		if err != nil {
-			log.Error().Err(err).Msgf("could not get infra vars for env %s", envName)
-			continue
-		}
-		err = makeInputVarfile(tfDir, env, infraOutput)
+		err = makeInputVarfile(tfDir, env)
 		if err != nil {
 			log.Error().Err(err).Msgf("could not write input file for env %s", envName)
 			continue
 		}
 		apply(envName, tfDir)
-		os.RemoveAll(tfDir)
+		// os.RemoveAll(tfDir)
 		err = devenv.UpdateClusterIPs(envName, e.ZoneID, e.Domain)
 		if err != nil {
 			log.Error().Err(err).Msgf("could not update IPs for env %s", envName)