Merge pull request #38 from ITV/terraform0.10_support

Terraform 0.10.x support
ITV · Oct 3, 2017 · 526f2c2 · 526f2c2
2 parents 93bf36f + ee33616
commit 526f2c2
Show file tree

Hide file tree

Showing 6 changed files with 90 additions and 18 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,48 @@
+# 6.0.0
+
+BREAKING CHANGE:
+
+  - Terraform 0.10.x support
+
+REQUIRED CHANGES:
+
+  - Add a block for the s3 backend in the `main.tf` (example from root-infra):
+    ```
+    terraform {
+      backend "s3" {
+        bucket         = "root-tfstate-infraprd"
+        key            = "infraprd-terraform.tfstate"
+        region         = "eu-west-1"
+        dynamodb_table = "root-tfstate-infraprd"
+      }
+    }
+    ```
+  - Pin the providers to specific versions: (example from root-infra):
+    ```
+    provider "aws" {
+      region = "${var.region}"
+      version = "1.0.0"
+    }
+
+    provider "template" {
+      version = "1.0.0"
+    }
+
+    provider "terraform" {
+      version = "1.0.0"
+    }
+    ```
+
+# 5.0.0
+
+Update hiera to 3.x, required for projects which implement Puppet 5.x
+
+# 4.0.0
+
+Breaking change:
+
+Ecosystem variable within the ITV yaml now needs to be a hash - the Terraform run will fail hard if the ecosystems are not set to a hash within the config
+
 # 3.1.0
 
 Added hiera-eyaml support.

diff --git a/bin/dome b/bin/dome
@@ -5,13 +5,13 @@ require_relative '../lib/dome'
 
 opts = Trollop.options do
   version Dome::VERSION
-  banner <<-EOS
+  banner <<-BANNER
   Dome wraps the Terraform API and performs useful stuff.
 
   Usage:
         dome [command]
   where [commands] are:
-EOS
+BANNER
 
   opt :plan, 'Creates a Terraform plan'
   opt :apply, 'Applies a Terraform plan'

diff --git a/dome.gemspec b/dome.gemspec
@@ -1,5 +1,3 @@
-# coding: utf-8
-
 lib = File.expand_path('../lib', __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'dome/version'

diff --git a/lib/dome/state.rb b/lib/dome/state.rb
@@ -18,6 +18,10 @@ def s3_client
       @s3_client ||= Aws::S3::Client.new
     end
 
+    def ddb_client
+      @ddb_client ||= Aws::DynamoDB::Client.new
+    end
+
     def list_buckets
       s3_client.list_buckets
     end
@@ -56,6 +60,36 @@ def put_empty_object_in_bucket(bucket_name, key_name)
       )
     end
 
+    def dynamodb_configured?(bucket_name)
+      resp = ddb_client.describe_table(
+        table_name: bucket_name
+      )
+      if resp.to_h[:table][:table_name] == bucket_name
+        puts "DynamoDB state locking table exists: #{bucket_name}".colorize(:green)
+        return true
+      end
+    rescue Aws::DynamoDB::Errors::ResourceNotFoundException => e
+      puts "DynamoDB state locking table doesn't exist! #{e} .. creating it".colorize(:yellow)
+      return false
+    rescue StandardError => e
+      raise "Could not read DynamoDB table! error occurred: #{e}"
+    end
+
+    def setup_dynamodb(bucket_name)
+      resp = ddb_client.create_table(
+        attribute_definitions: [{ attribute_name: 'LockID', attribute_type: 'S' }],
+        table_name: bucket_name,
+        key_schema: [{ attribute_name: 'LockID', key_type: 'HASH' }],
+        provisioned_throughput: {
+          read_capacity_units: 1,
+          write_capacity_units: 1
+        }
+      )
+      raise unless resp.to_h[:table_description][:table_name] == bucket_name
+    rescue StandardError => e
+      raise "Could not create DynamoDB table! error occurred: #{e}".colorize(:red)
+    end
+
     def create_remote_state_bucket(bucket_name, state_file)
       create_bucket bucket_name
       enable_bucket_versioning bucket_name
@@ -64,18 +98,12 @@ def create_remote_state_bucket(bucket_name, state_file)
 
     def s3_state
       if s3_bucket_exists?(state_bucket_name)
-        synchronise_s3_state(state_bucket_name, state_file_name)
+        unless dynamodb_configured?(state_bucket_name)
+          setup_dynamodb(state_bucket_name)
+        end
       else
         create_remote_state_bucket(state_bucket_name, state_file_name)
       end
     end
-
-    def synchronise_s3_state(bucket_name, state_file_name)
-      puts 'Synchronising the remote S3 state...'
-      command         = 'terraform remote config -backend=S3'\
-            " -backend-config='bucket=#{bucket_name}' -backend-config='key=#{state_file_name}'"
-      failure_message = 'Something went wrong when synchronising the S3 state.'
-      execute_command(command, failure_message)
-    end
   end
 end
diff --git a/lib/dome/terraform.rb b/lib/dome/terraform.rb
@@ -40,15 +40,16 @@ def validate_environment
     def plan
       delete_terraform_directory
       delete_plan_file
-      install_terraform_modules
       @state.s3_state
+      terraform_init
       create_plan
     end
 
     def apply
       @secrets.secret_env_vars
       command         = "terraform apply #{@plan_file}"
       failure_message = 'something went wrong when applying the TF plan'
+      @state.s3_state
       execute_command(command, failure_message)
     end
 
@@ -74,9 +75,9 @@ def delete_plan_file
       FileUtils.rm_f @plan_file
     end
 
-    def install_terraform_modules
-      command         = 'terraform get -update=true'
-      failure_message = 'something went wrong when pulling remote TF modules'
+    def terraform_init
+      command         = 'terraform init'
+      failure_message = 'something went wrong when initialising TF'
       execute_command(command, failure_message)
     end
 

diff --git a/lib/dome/version.rb b/lib/dome/version.rb
@@ -1,3 +1,3 @@
 module Dome
-  VERSION = '5.0.0'.freeze
+  VERSION = '6.0.0'.freeze
 end