diff --git a/ci/pipeline.yml b/ci/pipeline.yml index 44104234..48269785 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -247,8 +247,16 @@ jobs: - get: general-task - get: csb-image trigger: true + - get: csb-docproxy-image + trigger: true + - load_var: csb-image-repository + file: csb-image/repository - load_var: csb-image-digest file: csb-image/digest + - load_var: csb-docproxy-image-repository + file: csb-docproxy-image/repository + - load_var: csb-docproxy-image-digest + file: csb-docproxy-image/digest - task: terraform-plan image: general-task file: terraform-templates/terraform/terraform-apply.yml @@ -263,10 +271,13 @@ jobs: CF_CLIENT_SECRET: ((cf-client-secret-development)) TF_VAR_csb_aws_region_commercial: ((csb-aws-region-commercial)) TF_VAR_csb_aws_region_govcloud: ((aws-region)) + TF_VAR_csb_aws_ses_default_zone: appmail.dev.us-gov-west-1.aws-us-gov.cloud.gov TF_VAR_csb_broker_route_domain: ((csb-broker-route-domain-development)) - TF_VAR_csb_cg_smtp_aws_ses_zone: appmail.dev.us-gov-west-1.aws-us-gov.cloud.gov - TF_VAR_csb_docker_image_name: ((csb-docker-image-name)) + TF_VAR_csb_docker_image_name: "((.:csb-image-repository))" TF_VAR_csb_docker_image_version: "@((.:csb-image-digest))" + TF_VAR_csb_docproxy_docker_image_name: "((.:csb-docproxy-image-repository))" + TF_VAR_csb_docproxy_docker_image_version: "@((.:csb-docproxy-image-digest))" + TF_VAR_csb_docproxy_domain: dev.us-gov-west-1.aws-us-gov.cloud.gov TF_VAR_csb_org_name: ((csb-org-name)) TF_VAR_csb_space_name: ((csb-space-name)) TF_VAR_external_remote_state_reader_access_key_id: ((development-tf-state-access-key-id)) @@ -1004,6 +1015,18 @@ jobs: trigger: true - get: pipeline-tasks - get: general-task + - get: csb-image + trigger: true + - get: csb-docproxy-image + trigger: true + - load_var: csb-image-repository + file: csb-image/repository + - load_var: csb-image-digest + file: csb-image/digest + - load_var: csb-docproxy-image-repository + file: csb-docproxy-image/repository + - load_var: csb-docproxy-image-digest + file: csb-docproxy-image/digest - task: terraform-plan image: general-task file: terraform-templates/terraform/terraform-apply.yml @@ -1018,9 +1041,13 @@ jobs: CF_CLIENT_SECRET: ((cf-client-secret-staging)) TF_VAR_csb_aws_region_commercial: ((csb-aws-region-commercial)) TF_VAR_csb_aws_region_govcloud: ((aws-region)) + TF_VAR_csb_aws_ses_default_zone: appmail.fr-stage.cloud.gov TF_VAR_csb_broker_route_domain: ((csb-broker-route-domain-staging)) - TF_VAR_csb_cg_smtp_aws_ses_zone: appmail.fr-stage.cloud.gov - TF_VAR_csb_docker_image_name: ((csb-docker-image-name)) + TF_VAR_csb_docker_image_name: "((.:csb-image-repository))" + TF_VAR_csb_docker_image_version: "@((.:csb-image-digest))" + TF_VAR_csb_docproxy_docker_image_name: "((.:csb-docproxy-image-repository))" + TF_VAR_csb_docproxy_docker_image_version: "@((.:csb-docproxy-image-digest))" + TF_VAR_csb_docproxy_domain: fr-stage.cloud.gov TF_VAR_csb_org_name: ((csb-org-name)) TF_VAR_csb_space_name: ((csb-space-name)) TF_VAR_external_remote_state_reader_access_key_id: ((staging-tf-state-access-key-id)) @@ -1651,6 +1678,18 @@ jobs: trigger: true - get: pipeline-tasks - get: general-task + - get: csb-image + trigger: true + - get: csb-docproxy-image + trigger: true + - load_var: csb-image-repository + file: csb-image/repository + - load_var: csb-image-digest + file: csb-image/digest + - load_var: csb-docproxy-image-repository + file: csb-docproxy-image/repository + - load_var: csb-docproxy-image-digest + file: csb-docproxy-image/digest - task: terraform-plan image: general-task file: terraform-templates/terraform/terraform-apply.yml @@ -1665,9 +1704,14 @@ jobs: CF_CLIENT_SECRET: ((cf-client-secret-production)) TF_VAR_csb_aws_region_commercial: ((csb-aws-region-commercial)) TF_VAR_csb_aws_region_govcloud: ((aws-region)) + TF_VAR_csb_aws_ses_default_zone: appmail.cloud.gov TF_VAR_csb_broker_route_domain: ((csb-broker-route-domain-production)) - TF_VAR_csb_cg_smtp_aws_ses_zone: appmail.cloud.gov - TF_VAR_csb_docker_image_name: ((csb-docker-image-name)) + TF_VAR_csb_docker_image_name: "((.:csb-image-repository))" + TF_VAR_csb_docker_image_version: "@((.:csb-image-digest))" + TF_VAR_csb_docproxy_docker_image_name: "((.:csb-docproxy-image-repository))" + TF_VAR_csb_docproxy_docker_image_version: "@((.:csb-docproxy-image-digest))" + TF_VAR_csb_docproxy_domain: fr.cloud.gov + TF_VAR_csb_docproxy_instances: 2 TF_VAR_csb_org_name: ((csb-org-name)) TF_VAR_csb_space_name: ((csb-space-name)) TF_VAR_external_remote_state_reader_access_key_id: ((production-tf-state-access-key-id)) @@ -1962,6 +2006,15 @@ resources: aws_region: us-gov-west-1 tag: latest + - name: csb-docproxy-image + type: registry-image + source: + aws_access_key_id: ((ecr_aws_key)) + aws_secret_access_key: ((ecr_aws_secret)) + repository: csb-docproxy + aws_region: us-gov-west-1 + tag: latest + resource_types: - name: registry-image type: registry-image diff --git a/terraform/modules/csb/main.tf b/terraform/modules/csb/csb.tf similarity index 89% rename from terraform/modules/csb/main.tf rename to terraform/modules/csb/csb.tf index 0dedecf7..3dcf4cf0 100644 --- a/terraform/modules/csb/main.tf +++ b/terraform/modules/csb/csb.tf @@ -1,12 +1,3 @@ -data "cloudfoundry_org" "platform" { - name = var.org_name -} - -data "cloudfoundry_space" "brokers" { - name = var.space_name - org = data.cloudfoundry_org.platform.id -} - resource "random_password" "csb_app_password" { length = 32 special = false @@ -58,7 +49,7 @@ resource "cloudfoundry_app" "csb" { CLOUD_GOV_ENVIRONMENT = var.stack_name # Brokerpak-specific variables - CG_SMTP_AWS_ZONE = var.cg_smtp_aws_ses_zone + BP_AWS_SES_DEFAULT_ZONE = var.aws_ses_default_zone } readiness_health_check_type = "http" @@ -79,6 +70,17 @@ resource "cloudfoundry_route" "csb" { }] } +resource "cloudfoundry_route" "csb_docs" { + space = data.cloudfoundry_space.brokers.id + domain = data.cloudfoundry_domain.brokers_domain.id + host = "csb" + path = "docs" + + destinations = [{ + app_id = cloudfoundry_app.csb.id + }] +} + resource "cloudfoundry_service_broker" "csb" { name = "csb" password = random_password.csb_app_password.result diff --git a/terraform/modules/csb/docproxy.tf b/terraform/modules/csb/docproxy.tf new file mode 100644 index 00000000..8c9d2473 --- /dev/null +++ b/terraform/modules/csb/docproxy.tf @@ -0,0 +1,52 @@ +resource "cloudfoundry_app" "docproxy" { + name = "docproxy" + org_name = var.org_name + space_name = var.space_name + + docker_image = "${var.docproxy_docker_image_name}${var.docproxy_docker_image_version}" + docker_credentials = { + "username" = var.ecr_access_key_id + "password" = var.ecr_secret_access_key + } + + command = "/app/docproxy" + instances = var.docproxy_instances + memory = "128M" + + environment = { + "BROKER_URL" = cloudfoundry_route.csb.url + "PORT" = 8080 + } +} + +data "cloudfoundry_domain" "cloudgov_platform_domain" { + name = var.docproxy_domain +} + +resource "cloudfoundry_route" "docproxy" { + domain = data.cloudfoundry_domain.cloudgov_platform_domain.id + space = data.cloudfoundry_space.brokers.id + host = "services" + + destinations = [{ + app_id = cloudfoundry_app.docproxy.id + }] +} + +data "cloudfoundry_service_plans" "external_domain" { + service_offering_name = "external-domain" + name = "domain" + service_broker_name = "external-domain-broker" +} + +resource "cloudfoundry_service_instance" "docproxy_external_domain" { + name = "docproxy-domain" + space = data.cloudfoundry_space.brokers.id + type = "managed" + + service_plan = data.cloudfoundry_service_plans.external_domain.service_plans[0].id + + parameters = jsonencode({ + domains = ["services.${var.docproxy_domain}"] + }) +} diff --git a/terraform/modules/csb/shared.tf b/terraform/modules/csb/shared.tf new file mode 100644 index 00000000..7a9c7e03 --- /dev/null +++ b/terraform/modules/csb/shared.tf @@ -0,0 +1,8 @@ +data "cloudfoundry_org" "platform" { + name = var.org_name +} + +data "cloudfoundry_space" "brokers" { + name = var.space_name + org = data.cloudfoundry_org.platform.id +} diff --git a/terraform/modules/csb/variables.tf b/terraform/modules/csb/variables.tf index 87bbe9dd..3472ffec 100644 --- a/terraform/modules/csb/variables.tf +++ b/terraform/modules/csb/variables.tf @@ -77,7 +77,7 @@ variable "rds_password" { # CSB Configuration -variable "cg_smtp_aws_ses_zone" { +variable "aws_ses_default_zone" { type = string description = "When the user does not provide a domain, a subdomain will be created for them under this DNS zone." } @@ -107,3 +107,27 @@ variable "aws_secret_access_key_commercial" { variable "aws_region_commercial" { type = string } + +# Docproxy configuration + +variable "docproxy_domain" { + type = string + description = "The parent domain in CF under which the docproxy will be routed. For example, to serve it on services.fr.cloud.gov, set this to fr.cloud.gov. The subdomain is always 'services'." +} + +variable "docproxy_docker_image_name" { + type = string + description = "Full name (but not tag or SHA) of the Docker image the broker will use." +} + +variable "docproxy_docker_image_version" { + type = string + description = "Tag or SHA of the Docker image the broker will use. For example, ':latest' or '@sha256:abc123...'." + default = ":latest" + +} + +variable "docproxy_instances" { + type = number + description = "Number of instances of the docproxy app to run." +} diff --git a/terraform/stacks/apps/apps.tf b/terraform/stacks/apps/apps.tf index 2cefd267..249d8244 100644 --- a/terraform/stacks/apps/apps.tf +++ b/terraform/stacks/apps/apps.tf @@ -14,7 +14,7 @@ module "csb" { ecr_access_key_id = data.terraform_remote_state.iaas.outputs.csb.ecr_user.access_key_id_curr ecr_secret_access_key = data.terraform_remote_state.iaas.outputs.csb.ecr_user.secret_access_key_curr instances = 1 - cg_smtp_aws_ses_zone = var.csb_cg_smtp_aws_ses_zone + aws_ses_default_zone = var.csb_aws_ses_default_zone aws_access_key_id_govcloud = data.terraform_remote_state.iaas.outputs.csb.broker_user.access_key_id_curr aws_secret_access_key_govcloud = data.terraform_remote_state.iaas.outputs.csb.broker_user.secret_access_key_curr aws_region_govcloud = var.csb_aws_region_govcloud @@ -27,4 +27,9 @@ module "csb" { docker_image_name = var.csb_docker_image_name docker_image_version = var.csb_docker_image_version broker_route_domain = var.csb_broker_route_domain + + docproxy_domain = var.csb_docproxy_domain + docproxy_instances = var.csb_docproxy_instances + docproxy_docker_image_name = var.csb_docproxy_docker_image_name + docproxy_docker_image_version = var.csb_docproxy_docker_image_version } diff --git a/terraform/stacks/apps/variables.tf b/terraform/stacks/apps/variables.tf index b83b7296..a9261663 100644 --- a/terraform/stacks/apps/variables.tf +++ b/terraform/stacks/apps/variables.tf @@ -41,7 +41,7 @@ variable "csb_aws_region_commercial" { type = string } -variable "csb_cg_smtp_aws_ses_zone" { +variable "csb_aws_ses_default_zone" { type = string } @@ -64,3 +64,20 @@ variable "csb_space_name" { variable "csb_broker_route_domain" { type = string } + +variable "csb_docproxy_domain" { + type = string +} + +variable "csb_docproxy_docker_image_name" { + type = string +} + +variable "csb_docproxy_docker_image_version" { + type = string +} + +variable "csb_docproxy_instances" { + type = number + default = 1 +}