Refactor config idempotency

.gitignore

@@ -32,8 +32,12 @@ coverage.txt
 
 # Terraform
 *.terraform*
-*terraform.tfstate*
+*terraform.tf*
 *.tfstate*
-*terraform.tfvars*
+
+# Config files
 .golangci.yml
 config.yml
+deploy/aws/config_files/*
+!deploy/aws/config_files/README.md
+deploy/aws/modules/inmemory_storage/data

deploy/aws/config_build.sh

@@ -0,0 +1,62 @@
+#!/bin/bash
+
+function _readlink() { (
+  # INFO: readlink does not exists on OSX ¯\_(ツ)_/¯
+  cd $(dirname $1)
+  echo $PWD/$(basename $1)
+) }
+
+pub=$(_readlink ./config_files)
+tdir=$(mktemp -d /tmp/qed_build.XXX)
+
+sign_path=${pub}/id_ed25519
+cert_path=${pub}/server.crt
+key_path=${pub}/server.key
+
+(
+    cd ${tdir}
+
+    if [ ! -f ${sign_path} ]; then
+        #build shared signing key
+        ssh-keygen -t ed25519 -f id_ed25519 -P ''
+
+        cp id_ed25519 ${sign_path}
+    fi
+
+
+    if [ ! -f ${cert_path} ] && [ ! -f ${key_path} ]; then
+
+        #build shared server cert
+        openssl req \
+            -newkey rsa:2048 \
+            -nodes \
+            -days 3650 \
+            -x509 \
+            -keyout ca.key \
+            -out ca.crt \
+            -subj "/CN=*"
+        openssl req \
+            -newkey rsa:2048 \
+            -nodes \
+            -keyout server.key \
+            -out server.csr \
+            -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT Department/CN=*"
+        openssl x509 \
+            -req \
+            -days 365 \
+            -sha256 \
+            -in server.csr \
+            -CA ca.crt \
+            -CAkey ca.key \
+            -CAcreateserial \
+            -out server.crt \
+            -extfile <(echo subjectAltName = IP:127.0.0.1)
+
+        cp server.crt ${cert_path}
+        cp server.key ${key_path}
+
+    fi
+)
+
+#build server binary
+go build -o ${pub}/qed ../../

deploy/aws/config_files/README.md

@@ -0,0 +1,14 @@
+# Info
+This folder is a placeholder to deploy in the `qed` servers.
+
+# Buildind stage
+Here you will need the following files. If aren't present, `config_build.sh`
+will generate development ones for testing porpouses.
+
+- `id_ed25519` the private key to sing the snapshots
+- `server.crt` the server certificate to use TLS connections
+- `server.key` the server key to use TLS connections
+
+Each execution will generate the following.
+
+- `qed` the binary to use in the servers.

deploy/aws/main.tf

@@ -12,6 +12,13 @@
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 
+resource "null_resource" "prebuild" {
+  provisioner "local-exec" {
+    command = "bash config_build.sh"
+    working_dir = "/config_file"
+  }
+}
+
 module "leader" {
   source = "./modules/qed"
 

deploy/aws/modules/inmemory_storage/build.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+mkdir -p ./data
+
+go build -o ./data/storage ../../../../tests/gossip/test_service.go

deploy/aws/modules/inmemory_storage/main.tf

@@ -29,7 +29,7 @@ data "aws_ami" "amazon_linux" {
 resource "null_resource" "prebuild" {
   provisioner "local-exec" {
     command = "bash build.sh"
-    working_dir = "${path.module}/data"
+    working_dir = "${path.module}"
   }
 }