Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Migrate provider from cloudfoundry-community to cloudfoundry #57

Merged
merged 19 commits into from
Dec 9, 2024
Merged

Migrate provider from cloudfoundry-community to cloudfoundry #57

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
1ab44f6
Update cg_space to official cloudfoundry provider
rahearn Nov 20, 2024
d48edbf
Update clamav to official cloudfoundry provider
rahearn Nov 21, 2024
a3663f3
Update database to official cloudfoundry provider
rahearn Nov 21, 2024
f09ef77
Update domain to official cloudfoundry provider
rahearn Nov 21, 2024
92ad4fd
Update egress-proxy to official provider
rahearn Nov 21, 2024
d9cac23
Update redis to official provider
rahearn Nov 21, 2024
ec59da6
Update s3 to official provider
rahearn Nov 21, 2024
50526ab
Fix egress_proxy memory variable
rahearn Nov 22, 2024
06883e5
Remove network policies from egress_proxy module to avoid circular de…
rahearn Nov 22, 2024
8a19e8f
Simplify egress-proxy routing setup
rahearn Nov 22, 2024
8c267b3
Enable connecting egress-proxy to multiple client spaces
rahearn Nov 22, 2024
a11cbd1
Simplify routing for clamav module
rahearn Nov 22, 2024
d4c0e8a
Include http proxy endpoint in credentials
rahearn Nov 25, 2024
7153e77
Remove user-provided-service from egress_proxy's setup
rahearn Nov 25, 2024
16c3e87
Remove setting up network policies from clamav module
rahearn Dec 2, 2024
169e6ed
Address PR feedback around tags and egress-proxy outputs
rahearn Dec 2, 2024
35a63aa
Add UPGRADING.md documentation for moving to v2
rahearn Dec 3, 2024
2e77c39
Apply suggestions from code review
rahearn Dec 5, 2024
6cd5fb5
Address PR feedback on UPGRADING docs
rahearn Dec 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .terraform-version
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1.8.5
1.9.8
78 changes: 38 additions & 40 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,15 +10,14 @@ Creates an RDS database based on the `rds_plan_name` variable and outputs the `i

```
module "database" {
source = "github.com/GSA-TTS/terraform-cloudgov//database?ref=v1.1.0"
source = "github.com/GSA-TTS/terraform-cloudgov//database?ref=v2.0.0-beta.1"

cf_org_name = local.cf_org_name
cf_space_name = local.cf_space_name
name = "database_name"
rds_plan_name = "micro-psql"
tags = ["tag1", "tag2"]
cf_space_id = data.cloudfoundry_space.app_space.id
name = "database_name"
rds_plan_name = "micro-psql"
tags = ["tag1", "tag2"]
# See options at https://cloud.gov/docs/services/relational-database/#setting-optional-parameters-1
json_params = jsonencode(
json_params = jsonencode(
{
"storage" : 10,
}
Expand All @@ -32,17 +31,16 @@ Creates a Elasticache redis instance and outputs the `instance_id` for use elsew

```
module "redis" {
source = "github.com/GSA-TTS/terraform-cloudgov//redis?ref=v1.1.0"
source = "github.com/GSA-TTS/terraform-cloudgov//redis?ref=v2.0.0-beta.1"

cf_org_name = local.cf_org_name
cf_space_name = local.cf_space_name
name = "redis_name"
redis_plan_name = "redis-dev"
tags = ["tag1", "tag2"]
cf_space_id = data.cloudfoundry_space.app_space.id
name = "redis_name"
redis_plan_name = "redis-dev"
tags = ["tag1", "tag2"]
# See options at https://cloud.gov/docs/services/aws-elasticache/#setting-optional-parameters
json_params = jsonencode(
json_params = jsonencode(
{
"engineVersion" : "6.2",
"engineVersion" : "7.0",
}
)
}
Expand All @@ -54,14 +52,13 @@ Creates an s3 bucket and outputs the `bucket_id` for use elsewhere.

```
module "s3" {
source = "github.com/GSA-TTS/terraform-cloudgov//s3?ref=v1.1.0"
source = "github.com/GSA-TTS/terraform-cloudgov//s3?ref=v2.0.0-beta.1"

cf_org_name = local.cf_org_name
cf_space_name = local.cf_space_name
name = "${local.app_name}-s3-${local.env}"
tags = ["tag1", "tag2"]
cf_space_id = data.cloudfoundry_space.app_space.id
name = "${local.app_name}-s3-${local.env}"
tags = ["tag1", "tag2"]
# See options at https://cloud.gov/docs/services/s3/#setting-optional-parameters
json_params = jsonencode(
json_params = jsonencode(
{
"object_ownership" : "ObjectWriter",
}
Expand All @@ -75,19 +72,19 @@ Connects a custom domain name or domain name with CDN to an already running appl

Note that the domain must be created in cloud.gov by an OrgManager before this module is included.

`cf create-domain CLOUD_GOV_ORG my-production-domain-name`
`cf create-domain CLOUD_GOV_ORG my-production-domain.name`

```
module "domain" {
source = "github.com/GSA-TTS/terraform-cloudgov//domain?ref=v1.1.0"

cf_org_name = local.cf_org_name
cf_space_name = local.cf_space_name
app_name_or_id = "app_name"
cdn_plan_name = "domain"
domain_name = "my-production-domain-name"
host_name = "my-production-host-name"
tags = ["tag1", "tag2"]
source = "github.com/GSA-TTS/terraform-cloudgov//domain?ref=v2.0.0-beta.1"

cf_org_name = local.cf_org_name
cf_space = data.cloudfoundry_space.app_space
app_names = ["app_name"]
cdn_plan_name = "domain"
domain_name = "my-production-domain.name"
host_name = "my-production-host-name"
tags = ["tag1", "tag2"]
}
```

Expand All @@ -101,11 +98,11 @@ Notes:

```
module "clamav" {
source = "github.com/GSA-TTS/terraform-cloudgov//clamav?ref=v1.1.0"
source = "github.com/GSA-TTS/terraform-cloudgov//clamav?ref=v2.0.0-beta.1"

cf_org_name = local.cf_org_name
cf_space_name = local.cf_space_name
app_name_or_id = "app_name"
cf_space = data.cloudfoundry_space.app_space
app_name = "app_name"
name = "my_clamav_name"
clamav_image = "ghcr.io/gsa-tts/clamav-rest/clamav:TAG_NAME"
max_file_size = "30M"
Expand All @@ -129,10 +126,11 @@ Creates a new cloud.gov space, such as when creating an egress space, and output

```
module "egress_space" {
source = "github.com/GSA-TTS/terraform-cloudgov//cg_space?ref=v1.1.0"
source = "github.com/GSA-TTS/terraform-cloudgov//cg_space?ref=v2.0.0-beta.1"

cf_org_name = local.cf_org_name
cf_space_name = "${local.cf_space_name}-egress"
allow_ssh = false
managers = [
"[email protected]"
]
Expand All @@ -156,12 +154,12 @@ Prerequities:

```
module "egress_proxy" {
source = "github.com/GSA-TTS/terraform-cloudgov//egress_proxy?ref=v1.1.0"
source = "github.com/GSA-TTS/terraform-cloudgov//egress_proxy?ref=v2.0.0-beta.1"

cf_org_name = local.cf_org_name
cf_space_name = "${local.cf_space_name}-egress"
client_space = local.cf_space_name
name = "egress-proxy"
cf_org_name = local.cf_org_name
cf_egress_space = data.cloudfoundry_space.egress_space
cf_client_space = data.cloudfoundry_space.app_space
name = "egress-proxy"
allowlist = {
"source_app_name" = ["host.com:443", "otherhost.com:443"]
rahearn marked this conversation as resolved.
Show resolved Hide resolved
}
Expand Down
48 changes: 16 additions & 32 deletions cg_space/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,46 +3,30 @@ data "cloudfoundry_org" "org" {
}

resource "cloudfoundry_space" "space" {
name = var.cf_space_name
org = data.cloudfoundry_org.org.id
name = var.cf_space_name
org = data.cloudfoundry_org.org.id
allow_ssh = var.allow_ssh
}

###
# User roles
###

data "cloudfoundry_user" "managers" {
for_each = var.managers
name = each.key
org_id = data.cloudfoundry_org.org.id
}

data "cloudfoundry_user" "developers" {
for_each = var.developers
name = each.key
org_id = data.cloudfoundry_org.org.id
}

data "cloudfoundry_user" "deployers" {
for_each = var.deployers
name = each.key
org_id = data.cloudfoundry_org.org.id
locals {
manager_names = setunion(var.managers, var.deployers)
rahearn marked this conversation as resolved.
Show resolved Hide resolved
developer_names = setunion(var.developers, var.deployers)
}


locals {
manager_ids = concat(
[for user in data.cloudfoundry_user.managers : user.id],
[for user in data.cloudfoundry_user.deployers : user.id]
)
developer_ids = concat(
[for user in data.cloudfoundry_user.developers : user.id],
[for user in data.cloudfoundry_user.deployers : user.id]
)
resource "cloudfoundry_space_role" "managers" {
for_each = local.manager_names
username = each.key
space = cloudfoundry_space.space.id
type = "space_manager"
}

resource "cloudfoundry_space_users" "space_permissions" {
space = cloudfoundry_space.space.id
managers = local.manager_ids
developers = local.developer_ids
resource "cloudfoundry_space_role" "developers" {
for_each = local.developer_names
username = each.key
space = cloudfoundry_space.space.id
type = "space_developer"
}
4 changes: 4 additions & 0 deletions cg_space/outputs.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,3 +5,7 @@ output "space_id" {
output "space_name" {
value = cloudfoundry_space.space.name
}

output "space" {
value = cloudfoundry_space.space
}
4 changes: 2 additions & 2 deletions cg_space/providers.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@ terraform {
required_version = "~> 1.0"
required_providers {
cloudfoundry = {
source = "cloudfoundry-community/cloudfoundry"
version = ">=0.53.1"
source = "cloudfoundry/cloudfoundry"
version = ">=1.1.0"
}
}
}
49 changes: 19 additions & 30 deletions cg_space/tests/creation.tftest.hcl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,22 +1,6 @@
mock_provider "cloudfoundry" {
override_data {
target = data.cloudfoundry_user.managers["[email protected]"]
values = {
id = "1e5143a4-aa47-483c-8352-557988d5cc7a"
}
}
override_data {
target = data.cloudfoundry_user.deployers["[email protected]"]
values = {
id = "1e5143a4-aa47-483c-8352-557988d5cc7a"
}
}
override_data {
target = data.cloudfoundry_user.developers["[email protected]"]
values = {
id = "2c945842-13ee-4383-84ad-34ecbcde5ce6"
}
}
provider "cloudfoundry" {
api_url = "https://api.fr.cloud.gov"
# cf_user and cf_password are passed in via CF_USER and CF_PASSWORD env vars
}

variables {
Expand All @@ -39,54 +23,59 @@ run "test_space_creation" {
condition = cloudfoundry_space.space.name == output.space_name
error_message = "Space name output must match the new space"
}

assert {
condition = cloudfoundry_space.space == output.space
error_message = "Entire space is output from the module"
}
}

run "test_manager_only" {
variables {
managers = ["user.manager@gsa.gov"]
managers = ["ryan.ahearn@gsa.gov"]
}

assert {
condition = cloudfoundry_space_users.space_permissions.managers == toset(["1e5143a4-aa47-483c-8352-557988d5cc7a"])
condition = keys(cloudfoundry_space_role.managers) == ["[email protected]"]
error_message = "Should be able to set Space Managers"
}

assert {
condition = length(cloudfoundry_space_users.space_permissions.developers) == 0
condition = length(cloudfoundry_space_role.developers) == 0
error_message = "Should not have set any Space Developers"
}
}

run "test_individual_permissions" {
variables {
managers = ["user.manager@gsa.gov"]
developers = ["user.developer@gsa.gov"]
managers = ["paul.hirsch@gsa.gov"]
developers = ["ryan.ahearn@gsa.gov"]
}

assert {
condition = cloudfoundry_space_users.space_permissions.managers == toset(["1e5143a4-aa47-483c-8352-557988d5cc7a"])
condition = keys(cloudfoundry_space_role.managers) == ["[email protected]"]
error_message = "Should be able to set Space Managers"
}

assert {
condition = cloudfoundry_space_users.space_permissions.developers == toset(["2c945842-13ee-4383-84ad-34ecbcde5ce6"])
condition = keys(cloudfoundry_space_role.developers) == ["[email protected]"]
error_message = "Should be able to set Space Developers"
}
}

run "test_deployer_permissions" {
variables {
developers = ["user.developer@gsa.gov"]
deployers = ["user.manager@gsa.gov"]
developers = ["paul.hirsch@gsa.gov"]
deployers = ["ryan.ahearn@gsa.gov"]
}

assert {
condition = cloudfoundry_space_users.space_permissions.managers == toset(["1e5143a4-aa47-483c-8352-557988d5cc7a"])
condition = keys(cloudfoundry_space_role.managers) == ["[email protected]"]
error_message = "Should be able to set Space Managers via var.deployers"
rahearn marked this conversation as resolved.
Show resolved Hide resolved
}

assert {
condition = cloudfoundry_space_users.space_permissions.developers == toset(["2c945842-13ee-4383-84ad-34ecbcde5ce6", "1e5143a4-aa47-483c-8352-557988d5cc7a"])
condition = keys(cloudfoundry_space_role.developers) == ["[email protected]", "[email protected]"]
error_message = "Should set Space Developers to var.developers + var.deployers"
}
}
6 changes: 6 additions & 0 deletions cg_space/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,12 @@ variable "cf_space_name" {
description = "cloud.gov space name to create"
}

variable "allow_ssh" {
type = bool
description = "whether to allow ssh access to apps running in this space"
default = false
}

variable "managers" {
type = set(string)
description = "list of cloud.gov users to be assigned to the SpaceManager role"
Expand Down
Loading