Merge pull request #45 from commitdev/integrate-new-apply-command

bmonkman · web-flow · commit 1583c32c8b7c · 2020-06-23T18:11:23.000-07:00
Added features necessary to support the new zero apply command
diff --git a/Makefile b/Makefile
@@ -1,3 +1,4 @@
 
 run:
-	@echo Done
+	cd $(PROJECT_DIR) && AUTO_APPROVE="-auto-approve" make
+
diff --git a/templates/Makefile b/templates/Makefile
@@ -2,28 +2,29 @@ ENVIRONMENT ?= staging
 
 apply: apply-remote-state apply-secrets apply-env apply-k8s-utils
 
-## remove state file only if exit code 0 from terraform apply
 apply-remote-state:
+	aws s3 ls <% .Name %>-$(ENVIRONMENT)-terraform-state || (\
 	pushd terraform/bootstrap/remote-state && \
 	terraform init && \
-	terraform apply -var "environment=$(ENVIRONMENT)" && \
-	rm ./terraform.tfstate
+	terraform apply -var "environment=$(ENVIRONMENT)" $(AUTO_APPROVE) && \
+	rm ./terraform.tfstate)
 
 apply-secrets:
+	aws iam list-access-keys --user-name <% .Name %>-ci-user > /dev/null || (\
 	pushd terraform/bootstrap/secrets && \
 	terraform init && \
-	terraform apply && \
-	rm ./terraform.tfstate
+	terraform apply $(AUTO_APPROVE) && \
+	rm ./terraform.tfstate)
 
 apply-env:
 	pushd terraform/environments/$(ENVIRONMENT); \
 	terraform init && \
-	terraform apply
+	terraform apply $(AUTO_APPROVE)
 
 apply-k8s-utils: update-k8s-conf
 	pushd kubernetes/terraform/environments/$(ENVIRONMENT) && \
 	terraform init && \
-	terraform apply
+	terraform apply $(AUTO_APPROVE)
 
 update-k8s-conf:
 	aws eks --region <% index .Params `region` %> update-kubeconfig --name <% .Name %>-$(ENVIRONMENT)-<% index .Params `region` %>
diff --git a/templates/terraform/bootstrap/secrets/main.tf b/templates/terraform/bootstrap/secrets/main.tf
@@ -26,7 +26,7 @@ resource "aws_iam_access_key" "ci_user" {
 module "ci_user_keys" {
   source  = "../../modules/secret"
 
-  name_prefix    = "ci-user-aws-keys"
+  name    = "ci-user-aws-keys<% index .Params `randomSeed` %>"
   type    = "map"
   values  = map("access_key_id", aws_iam_access_key.ci_user.id, "secret_key", aws_iam_access_key.ci_user.secret)
   tags = map("project", local.project)
diff --git a/templates/terraform/environments/production/main.tf b/templates/terraform/environments/production/main.tf
@@ -23,7 +23,7 @@ module "production" {
   ecr_repositories = [] # Should be created by the staging environment
 
   # EKS configuration
-  eks_cluster_version      = "1.15"
+  eks_cluster_version      = "1.16"
   eks_worker_instance_type = "t3.medium"
   eks_worker_asg_min_size  = 2
   eks_worker_asg_max_size  = 4
diff --git a/templates/terraform/environments/staging/main.tf b/templates/terraform/environments/staging/main.tf
@@ -22,7 +22,7 @@ module "staging" {
   ecr_repositories = [ "<% .Name %>" ]
 
   # EKS configuration
-  eks_cluster_version      = "1.15"
+  eks_cluster_version      = "1.16"
   eks_worker_instance_type = "t3.medium"
   eks_worker_asg_min_size  = 1
   eks_worker_asg_max_size  = 3
diff --git a/templates/terraform/modules/eks/main.tf b/templates/terraform/modules/eks/main.tf
@@ -16,7 +16,7 @@ provider "kubernetes" {
 
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "10.0.0"
+  version = "12.1.0"
 
   cluster_name    = var.cluster_name
   cluster_version = var.cluster_version
diff --git a/templates/terraform/modules/secret/main.tf b/templates/terraform/modules/secret/main.tf
@@ -1,6 +1,7 @@
 # Add the keys to AWS secrets manager
 resource "aws_secretsmanager_secret" "secret" {
   name_prefix = var.name_prefix
+  name = var.name
   tags = var.tags
 }
 
diff --git a/templates/terraform/modules/secret/variables.tf b/templates/terraform/modules/secret/variables.tf
@@ -1,6 +1,10 @@
+variable "name" {
+  default = ""
+  description = "The name of the secret in Secrets Manager (only one of name or name_prefix can be specified)"
+}
 variable "name_prefix" {
-  default = "secret-key"
-  description = "The name prefix of the secret in Secrets Manager"
+  default = ""
+  description = "The name prefix of the secret in Secrets Manager - a random suffix will be appended (only one of name or name_prefix can be specified)"
 }
 
 variable type {
diff --git a/zero-module.yml b/zero-module.yml
@@ -43,5 +43,8 @@ parameters:
     execute: aws sts get-caller-identity --query "Account" | tr -d '"'
   - field: eksWorkerAMI
     label: EKS Worker EC2 AMI ID
-    execute: aws ssm get-parameters --names /aws/service/eks/optimized-ami/1.15/amazon-linux-2/recommended/image_id --region $region --query "Parameters[0].Value" | tr -d '"'
+    execute: aws ssm get-parameters --names /aws/service/eks/optimized-ami/1.16/amazon-linux-2/recommended/image_id --region $region --query "Parameters[0].Value" | tr -d '"'
+  - field: randomSeed
+    label: Random seed that will be shared between projects to come up with deterministic resource names
+    execute: uuidgen
 

-Original file line number
+Diff line change
@@ @@ -1,3 +1,4 @@ @@
 run:
 -	@echo Done
 +	cd $(PROJECT_DIR) && AUTO_APPROVE="-auto-approve" make
++
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,7 @@`
`1`	`1`	`# Add the keys to AWS secrets manager`
`2`	`2`	`resource "aws_secretsmanager_secret" "secret" {`
`3`	`3`	`name_prefix = var.name_prefix`
	`4`	`+ name = var.name`
`4`	`5`	`tags = var.tags`
`5`	`6`	`}`
`6`	`7`