generated from ministryofjustice/template-repository
-
Notifications
You must be signed in to change notification settings - Fork 293
/
provision-terraform-workspaces.sh
executable file
·161 lines (138 loc) · 6.77 KB
/
provision-terraform-workspaces.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
#!/usr/bin/env bash
# This script provisions Terraform workspaces. It does not run terraform plan or terraform apply.
#
# You need to pass through an argument to this script:
#
# bootstrap (`sh scripts/provision-terraform-workspaces.sh bootstrap`)
# Using the `bootstrap` argument will create Terraform workspaces for all applications and their environments
# within terraform/environments/bootstrap/* subdirectories.
# Use case: to create Terraform workspaces for bootstrap steps.
#
# all-environments (`sh scripts/provision-terraform-workspaces.sh all-environments`)
# Using the `all-environments` argument will create Terraform workspaces for all applications and their environments
# within terraform/environments/${application_name} subdirectories.
# Use case: to ensure all applications workspaces are configured.
#
# any application name (e.g `sh scripts/provision-terraform-workspaces.sh core-vpc`)
# Passing through an application name will create Terraform workspaces for an application's environments,
# within their terraform/environments/${application_name} subdirectory.
# Use case: to ensure a single applications workspaces are configured (e.g. if a new environment is created).
iterate_environments_bootstrap() {
# set friendly Parameter names
BOOTSTRAP_TYPE="${1}" # this value can equal (delegate-access, secure-baselines, single-sign-on or member-bootstrap)
# Loop through each application json file
for JSON_FILE in ${git_dir}/environments/*.json
do
APPLICATION=`basename "${JSON_FILE}" .json`
# Loop through each environment for specific application
for ENV in `cat "${JSON_FILE}" | jq -r --arg FILENAME "${APPLICATION}" '.environments[].name'`
do
# Check if state file exists in S3
aws s3api head-object --bucket modernisation-platform-terraform-state --key "environments/bootstrap/${BOOTSTRAP_TYPE}/${APPLICATION}-${ENV}/terraform.tfstate" > /dev/null 2>&1
RETURN_CODE="${?}"
if [[ "${RETURN_CODE}" -ne 0 ]]
then
TERRAFORM_PATH="${git_dir}/terraform/environments/bootstrap/${BOOTSTRAP_TYPE}"
echo -en "BOOTSTRAP - ${BOOTSTRAP_TYPE} - ${APPLICATION}-${ENV} - ${YELLOW}CREATING${NORMAL}\n"
terraform -chdir="${TERRAFORM_PATH}" init > /dev/null
terraform -chdir="${TERRAFORM_PATH}" workspace new "${APPLICATION}-${ENV}"
else
echo -en "BOOTSTRAP - ${BOOTSTRAP_TYPE} - ${APPLICATION}-${ENV} - ${GREEN}EXISTS${NORMAL}\n"
fi
done
done
}
create_tmp_terraform_files() {
# Build temporary folder to emulate real folder
[ -d "${git_dir}/tmp" ] && rm -r "${git_dir}/tmp"
mkdir "${git_dir}/tmp"
# Copy files to emulation folder
# copy the correct backend if environments or main repo (the other files are the same)
if [[ "${1}" == "environments-repo" ]]
then
sed "s/\$application_name/${APPLICATION}/g" "${git_dir}/terraform/templates/modernisation-platform-environments/platform_backend.tf" > "${git_dir}/tmp/platform_backend.tf"
else
sed "s/\$application_name/${APPLICATION}/g" "${git_dir}/terraform/templates/modernisation-platform/backend.tf" > "${git_dir}/tmp/backend.tf"
fi
cp "${git_dir}/terraform/templates/modernisation-platform/providers.tf" "${git_dir}/tmp/providers.tf"
cp "${git_dir}/terraform/templates/modernisation-platform/secrets.tf" "${git_dir}/tmp/secrets.tf"
cp "${git_dir}/terraform/templates/modernisation-platform/versions.tf" "${git_dir}/tmp/versions.tf"
}
iterate_environments_member() {
# set friendly Parameter names
ENVIRONMENT_TYPE="${1}" # this value can equal (* or an application name)
# Loop through each application json file
for JSON_FILE in ${git_dir}/environments/${ENVIRONMENT_TYPE}.json
do
APPLICATION=`basename "${JSON_FILE}" .json`
# Loop through each environment for specific application to check if state file exists in S3
for ENV in `cat "${JSON_FILE}" | jq -r --arg FILENAME "${APPLICATION}" '.environments[].name'`
do
# Check if state file exists in S3 for modernisation-platform repository
aws s3api head-object --bucket modernisation-platform-terraform-state --key "environments/accounts/${APPLICATION}/${APPLICATION}-${ENV}/terraform.tfstate" > /dev/null 2>&1
RETURN_CODE_CORE_REPO="${?}"
# Check if state file exists in S3 for modernisation-platform-environments repository
aws s3api head-object --bucket modernisation-platform-terraform-state --key "environments/members/${APPLICATION}/${APPLICATION}-${ENV}/terraform.tfstate" > /dev/null 2>&1
RETURN_CODE_MEMBER_REPO="${?}"
create_tmp_terraform_files
# Creating MEMBER account state file for modernisation-platform if it does not exist
TERRAFORM_PATH="${git_dir}/tmp"
if [[ "${RETURN_CODE_CORE_REPO}" -ne 0 ]]
then
echo -en "MEMBER ACCOUNT IN CORE REPO - ${APPLICATION}-${ENV} - ${YELLOW}CREATING${NORMAL}\n"
terraform -chdir="${TERRAFORM_PATH}" init > /dev/null
terraform -chdir="${TERRAFORM_PATH}" workspace new "${APPLICATION}-${ENV}"
else
echo -en "MEMBER ACCOUNT IN CORE REPO - ${APPLICATION}-${ENV} - ${GREEN}EXISTS${NORMAL}\n"
fi
# Creating MEMBER account state file for modernisation-platform-environments if it does not exist
create_tmp_terraform_files environments-repo
ACCOUNT_TYPE=$(jq -r '."account-type"' ${JSON_FILE})
if [[ "${RETURN_CODE_MEMBER_REPO}" -ne 0 && "${ACCOUNT_TYPE}" == "member" ]]
then
echo -en "MEMBER ACCOUNT IN ENVIRONMENTS REPO - ${APPLICATION}-${ENV} - ${YELLOW}CREATING${NORMAL}\n"
terraform -chdir="${TERRAFORM_PATH}" init > /dev/null
terraform -chdir="${TERRAFORM_PATH}" workspace new "${APPLICATION}-${ENV}"
else
[[ ${ACCOUNT_TYPE} == "member" ]] && RESPONSE_TEXT="EXISTS" || RESPONSE_TEXT="CORE ACCOUNT - NOT REQUIRED IN MEMBER REPO"
echo -en "MEMBER ACCOUNT IN ENVIRONMENTS REPO - ${APPLICATION}-${ENV} - ${GREEN}${RESPONSE_TEXT}${NORMAL}\n"
fi
done
done
}
main() {
# set friendly Parameter names
REQUEST_VALUE="${1}" # this value can equal (bootstrap, all-environments or an application name)
# Set root path to repository
git_dir="$( git rev-parse --show-toplevel )"
# Determine workspace build type
case "${REQUEST_VALUE}" in
all-environments)
iterate_environments_member "*"
;;
bootstrap)
iterate_environments_bootstrap "delegate-access"
iterate_environments_bootstrap "secure-baselines"
iterate_environments_bootstrap "single-sign-on"
iterate_environments_bootstrap "member-bootstrap"
;;
*)
# This must be an individual application, check if json file exists for it
if [ -f ${git_dir}/environments/${REQUEST_VALUE}.json ]
then
iterate_environments_member "${REQUEST_VALUE}"
else
echo "ERROR: Incorrect Parameter received"
exit 1
fi
;;
esac
}
# set friendly Parameter names
REQUEST_VALUE="${1}"
# setup colours for output
NORMAL="\001\033[0;0m\002"
YELLOW="\001\033[1;33m\002"
GREEN="\001\033[1;32m\002"
# call main function
main "${REQUEST_VALUE}"