From bd35584563425e46a55c64a71bb614e12d283cc6 Mon Sep 17 00:00:00 2001 From: Nikolay Date: Mon, 4 Oct 2021 16:56:20 -0700 Subject: [PATCH] Added organization level support to terraform spectrocloud module. --- .terraform.lock.hcl | 22 +++++++++ deploy/.terraform.lock.hcl | 22 +++++++++ deploy/mod_spectro_org.tf | 79 ++++++++++++++++++++++++++++++ deploy/providers.tf | 34 +++++++++++++ deploy/terraform.template.tfvars | 5 ++ deploy/terraform.tfvars | 22 +++++++++ main.tf | 34 +++++++++++++ modules/fetch_replace/main.tf | 32 ++++++++++++ modules/fetch_replace/output.tf | 15 ++++++ modules/fetch_replace/variables.tf | 9 ++++ modules/fetcher/main.tf | 28 +++++++++++ modules/fetcher/output.tf | 3 ++ modules/fetcher/variables.tf | 9 ++++ modules/replacer/main.tf | 5 ++ modules/replacer/output.tf | 3 ++ modules/replacer/variables.tf | 9 ++++ spectro-account.tf | 8 +++ spectro-backup.tf | 13 +++++ spectro-profile.tf | 38 ++++++++++++++ spectro-project.tf | 16 ++++++ spectro-teams.tf | 28 +++++++++++ terraform.template.tfvars | 5 ++ terraform.tfvars | 22 +++++++++ variables.tf | 19 +++++++ 24 files changed, 480 insertions(+) create mode 100644 .terraform.lock.hcl create mode 100644 deploy/.terraform.lock.hcl create mode 100644 deploy/mod_spectro_org.tf create mode 100644 deploy/providers.tf create mode 100644 deploy/terraform.template.tfvars create mode 100644 deploy/terraform.tfvars create mode 100644 main.tf create mode 100644 modules/fetch_replace/main.tf create mode 100644 modules/fetch_replace/output.tf create mode 100644 modules/fetch_replace/variables.tf create mode 100644 modules/fetcher/main.tf create mode 100644 modules/fetcher/output.tf create mode 100644 modules/fetcher/variables.tf create mode 100644 modules/replacer/main.tf create mode 100644 modules/replacer/output.tf create mode 100644 modules/replacer/variables.tf create mode 100644 spectro-account.tf create mode 100644 spectro-backup.tf create mode 100644 spectro-profile.tf create mode 100644 spectro-project.tf create mode 100644 spectro-teams.tf create mode 100644 terraform.template.tfvars create mode 100644 terraform.tfvars create mode 100644 variables.tf diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl new file mode 100644 index 0000000..28abd32 --- /dev/null +++ b/.terraform.lock.hcl @@ -0,0 +1,22 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/spectrocloud/spectrocloud" { + version = "0.5.7" + constraints = ">= 0.1.0" + hashes = [ + "h1:zLpyds1Mt97yTBHSRs+t8NZpK3f7MdDX+rtAsYKpZs4=", + "zh:1da0663cfc9a5d0ae49e8e1c775562636ff166a88b3430669666fe7aff39bd18", + "zh:250fed358c2841759d9df2c2cbd3b84faf29eaed8e52129162211b1f746dda7a", + "zh:45562c57bb080b5128682df347cebf75b42de61415c45eb10a45cfc47fb6adb8", + "zh:65df235f9dc42ee9602e39d8ec648a888611f7fb901e3e81b41728dd9d042823", + "zh:67b6e66d68e7ccdb033ec75c6218ebffae982236f38162f1cc9626e365aa9aa0", + "zh:7b192f3c480bc370e4636824e673cba8b76d404427dd5c9eaa6279c327b2a71d", + "zh:8ccf5168a5c0d245dc46af6093684310b96b8e7e704100d36ba98bf5372a00a0", + "zh:bc20602dbcf621766923fcbe6af1fcde5bf167a2a03a30637b405cf37cc570ba", + "zh:c27bba0908c3e969fd4df888ee60a49664b8a71f36acb9257166065f12deb269", + "zh:c87b95fd03120bb24651cfabd8ccb244b2a83cfc4755e8a1f694c5c39814b680", + "zh:e4e7dc098230e38796bce00fa68bfbcabae4a3096f502db7544199beb463b53c", + "zh:ed9a78d034e1b106eb79f18cc5fd1b9060866c6a3713e298d8a0339d4a724c37", + ] +} diff --git a/deploy/.terraform.lock.hcl b/deploy/.terraform.lock.hcl new file mode 100644 index 0000000..28abd32 --- /dev/null +++ b/deploy/.terraform.lock.hcl @@ -0,0 +1,22 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/spectrocloud/spectrocloud" { + version = "0.5.7" + constraints = ">= 0.1.0" + hashes = [ + "h1:zLpyds1Mt97yTBHSRs+t8NZpK3f7MdDX+rtAsYKpZs4=", + "zh:1da0663cfc9a5d0ae49e8e1c775562636ff166a88b3430669666fe7aff39bd18", + "zh:250fed358c2841759d9df2c2cbd3b84faf29eaed8e52129162211b1f746dda7a", + "zh:45562c57bb080b5128682df347cebf75b42de61415c45eb10a45cfc47fb6adb8", + "zh:65df235f9dc42ee9602e39d8ec648a888611f7fb901e3e81b41728dd9d042823", + "zh:67b6e66d68e7ccdb033ec75c6218ebffae982236f38162f1cc9626e365aa9aa0", + "zh:7b192f3c480bc370e4636824e673cba8b76d404427dd5c9eaa6279c327b2a71d", + "zh:8ccf5168a5c0d245dc46af6093684310b96b8e7e704100d36ba98bf5372a00a0", + "zh:bc20602dbcf621766923fcbe6af1fcde5bf167a2a03a30637b405cf37cc570ba", + "zh:c27bba0908c3e969fd4df888ee60a49664b8a71f36acb9257166065f12deb269", + "zh:c87b95fd03120bb24651cfabd8ccb244b2a83cfc4755e8a1f694c5c39814b680", + "zh:e4e7dc098230e38796bce00fa68bfbcabae4a3096f502db7544199beb463b53c", + "zh:ed9a78d034e1b106eb79f18cc5fd1b9060866c6a3713e298d8a0339d4a724c37", + ] +} diff --git a/deploy/mod_spectro_org.tf b/deploy/mod_spectro_org.tf new file mode 100644 index 0000000..52fb326 --- /dev/null +++ b/deploy/mod_spectro_org.tf @@ -0,0 +1,79 @@ +/*module "fetcher_accounts" { + source = "../modules/fetcher" + rsubfolder = local.accounts_folder + rprefix = "account-" +}*/ + +locals { + accounts_folder = "./" + accounts_params = { ACCOUNT_DEV_NAME = "ehs-dev-030", ACCOUNT_PROD_NAME = "ehs-stg-004" } + + bsls_folder = "./" + bsl_params = { BSL_NAME = "ehs-org-dev-storage-203" } + + profiles_folder = "./config/profile-2.0" + profile_params = { + SPECTRO_REPO_URL = "https://registry.spectrocloud.com", + REPO_URL = "593235963820.dkr.ecr.us-west-2.amazonaws.com", + + OIDC_CLIENT_ID = "5ajs8pq0gatbgpjejld96fldrn", + OIDC_ISSUER_URL = "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_ajvPoziaS", + + RABBITMQ_PACK_VERSION = "8.15.2", + + string = "$${string}", + + ADDON_SPECTRO_REPO_URL = "https://addon-registry.gehc.spectrocloud.com", + } + + projects_folder = "./config/project-2.0" + projects_params = {} + +} + +module "SpectroOrg" { + source = "../" + sc_host = "api.dev.spectrocloud.com" #e.g: api.spectrocloud.com (for SaaS) + sc_username = "nikolay@spectrocloud.com" #e.g: user1@abc.com + sc_password = "welcome2Spectro1!" #e.g: supereSecure1! + sc_project_name = "Default" #e.g: Default + + /*accounts = tomap({ + for k, v in module.fetcher_accounts.object_files : + k => yamldecode(templatefile(join("", [local.accounts_folder, "/${k}"]), local.accounts_params)) + })*/ + + accounts = tomap({ + for k, v in toset([ + "config/account-2.0/account-aws-1.yaml", + "config/account-2.0/account-aws-2.yaml", + ]) : + k => yamldecode(templatefile(join("", [local.accounts_folder, "/${k}"]), local.accounts_params)) + }) + + bsls = tomap({ + for k, v in toset([ + "config/bsl-2.0/bsl-s3-1.yaml", + ]) : + k => yamldecode(templatefile(join("", [local.bsls_folder, "/${k}"]), local.bsl_params)) + }) + + profiles = tomap({ + for k, v in toset([ + "profile-infra-EHS20RC1_Base_Infra_Org.yaml", + "profile-addon-EHS20RC1_Pre-Reqs-Org.yaml", + ]) : + k => yamldecode(templatefile(join("", [local.profiles_folder, "/${k}"]), local.profile_params)) + }) + + projects = tomap({ + for k, v in toset([ + "project-developer-abc.yaml", + "project-developer-arun.yaml", + "project-developer-def.yaml", + "project-providence-004.yaml" + ]) : + k => yamldecode(templatefile(join("", [local.projects_folder, "/${k}"]), local.projects_params)) + }) + +} \ No newline at end of file diff --git a/deploy/providers.tf b/deploy/providers.tf new file mode 100644 index 0000000..665b887 --- /dev/null +++ b/deploy/providers.tf @@ -0,0 +1,34 @@ +terraform { + required_providers { + spectrocloud = { + version = ">= 0.1" + source = "spectrocloud/spectrocloud" + } + } +} + +variable "sc_host" { + description = "Spectro Cloud Endpoint" + default = "api.spectrocloud.com" +} + +variable "sc_username" { + description = "Spectro Cloud Username" +} + +variable "sc_password" { + description = "Spectro Cloud Password" + sensitive = true +} + +variable "sc_project_name" { + description = "Spectro Cloud Project (e.g: Default)" + default = "Default" +} + +provider "spectrocloud" { + host = var.sc_host + username = var.sc_username + password = var.sc_password + project_name = var.sc_project_name +} diff --git a/deploy/terraform.template.tfvars b/deploy/terraform.template.tfvars new file mode 100644 index 0000000..a803f12 --- /dev/null +++ b/deploy/terraform.template.tfvars @@ -0,0 +1,5 @@ +# Spectro Cloud credentials +sc_host = "{enter Spectro Cloud API endpoint}" #e.g: api.spectrocloud.com (for SaaS) +sc_username = "{enter Spectro Cloud username}" #e.g: user1@abc.com +sc_password = "{enter Spectro Cloud password}" #e.g: supereSecure1! +sc_project_name = "{enter Spectro Cloud project Name}" #e.g: Default \ No newline at end of file diff --git a/deploy/terraform.tfvars b/deploy/terraform.tfvars new file mode 100644 index 0000000..f7b2c92 --- /dev/null +++ b/deploy/terraform.tfvars @@ -0,0 +1,22 @@ +# Spectro Cloud credentials +sc_host = "api.dev.spectrocloud.com" #e.g: api.spectrocloud.com (for SaaS) +sc_username = "nikolay@spectrocloud.com" #e.g: user1@abc.com +sc_password = "welcome2Spectro1!" #e.g: supereSecure1! +sc_project_name = "Default" #e.g: Default + +# AWS Cloud Account credentials +# Ensure minimum AWS account permissions: +# https://docs.spectrocloud.com/clusters/?clusterType=aws_cluster#awscloudaccountpermissions +aws_access_key = "AKIATD5NORWYBOSHBQE4" +aws_secret_key = "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" + +# Existing SSH Key in AWS +# https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html +aws_ssh_key_name = "spectro2020" #e.g: default + +# Enter the AWS Region and AZ for cluster resources +# https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions +aws_region = "us-west-2" #e.g: us-west-2 +aws_region_az = "us-west-2a" #e.g: us-west-2a + +cluster_files = ["./config/cluster-eks-test.yaml"] diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..665b887 --- /dev/null +++ b/main.tf @@ -0,0 +1,34 @@ +terraform { + required_providers { + spectrocloud = { + version = ">= 0.1" + source = "spectrocloud/spectrocloud" + } + } +} + +variable "sc_host" { + description = "Spectro Cloud Endpoint" + default = "api.spectrocloud.com" +} + +variable "sc_username" { + description = "Spectro Cloud Username" +} + +variable "sc_password" { + description = "Spectro Cloud Password" + sensitive = true +} + +variable "sc_project_name" { + description = "Spectro Cloud Project (e.g: Default)" + default = "Default" +} + +provider "spectrocloud" { + host = var.sc_host + username = var.sc_username + password = var.sc_password + project_name = var.sc_project_name +} diff --git a/modules/fetch_replace/main.tf b/modules/fetch_replace/main.tf new file mode 100644 index 0000000..783bbd7 --- /dev/null +++ b/modules/fetch_replace/main.tf @@ -0,0 +1,32 @@ +locals { + + fileset_root = "./"#join("", [path.module, "/"]) + fileset_subfolder = join("", [local.fileset_root, var.rsubfolder]) + + param_files = fileset(local.fileset_subfolder, "param-*.yaml") + params = { + for k in local.param_files : + trimsuffix(k, ".yaml") => yamldecode(file(join("", [var.rsubfolder, "/${k}"]))) + } + + all_params = flatten( + [ + for k, v in local.params : v + ] + ) + + all_params_map = zipmap( + flatten( + [for item in local.all_params : keys(item)] + ), + flatten( + [for item in local.all_params : values(item)] + ) + ) + + object_files = fileset(local.fileset_subfolder, join("", [var.rprefix, "*.yaml"])) + + all_objects = tomap({ + for k, v in local.object_files : k => yamldecode(templatefile(join("", [var.rsubfolder, "/${k}"]), local.all_params_map)) + }) +} \ No newline at end of file diff --git a/modules/fetch_replace/output.tf b/modules/fetch_replace/output.tf new file mode 100644 index 0000000..9ad29b1 --- /dev/null +++ b/modules/fetch_replace/output.tf @@ -0,0 +1,15 @@ +output "all_objects" { + value = local.all_objects +} + +output "object_files" { + value = local.object_files +} + +output "all_files" { + value = local.all_objects +} + +output "all_params" { + value = local.all_objects +} \ No newline at end of file diff --git a/modules/fetch_replace/variables.tf b/modules/fetch_replace/variables.tf new file mode 100644 index 0000000..de3e5bb --- /dev/null +++ b/modules/fetch_replace/variables.tf @@ -0,0 +1,9 @@ +variable "rsubfolder" { + type = string + default = "config/profile-2.0" +} + +variable "rprefix" { + type = string + default = "infra-" +} \ No newline at end of file diff --git a/modules/fetcher/main.tf b/modules/fetcher/main.tf new file mode 100644 index 0000000..9a4c124 --- /dev/null +++ b/modules/fetcher/main.tf @@ -0,0 +1,28 @@ +locals { + + fileset_root = "./"#join("", [path.module, "/"]) + fileset_subfolder = join("", [local.fileset_root, var.rsubfolder]) + + param_files = fileset(local.fileset_subfolder, "param-*.yaml") + params = { + for k in local.param_files : + trimsuffix(k, ".yaml") => yamldecode(file(join("", [var.rsubfolder, "/${k}"]))) + } + + all_params = flatten( + [ + for k, v in local.params : v + ] + ) + + all_params_map = zipmap( + flatten( + [for item in local.all_params : keys(item)] + ), + flatten( + [for item in local.all_params : values(item)] + ) + ) + + object_files = fileset(local.fileset_subfolder, join("", [var.rprefix, "*.yaml"])) +} \ No newline at end of file diff --git a/modules/fetcher/output.tf b/modules/fetcher/output.tf new file mode 100644 index 0000000..66a00c3 --- /dev/null +++ b/modules/fetcher/output.tf @@ -0,0 +1,3 @@ +output "object_files" { + value = local.object_files +} \ No newline at end of file diff --git a/modules/fetcher/variables.tf b/modules/fetcher/variables.tf new file mode 100644 index 0000000..de3e5bb --- /dev/null +++ b/modules/fetcher/variables.tf @@ -0,0 +1,9 @@ +variable "rsubfolder" { + type = string + default = "config/profile-2.0" +} + +variable "rprefix" { + type = string + default = "infra-" +} \ No newline at end of file diff --git a/modules/replacer/main.tf b/modules/replacer/main.tf new file mode 100644 index 0000000..29b53f7 --- /dev/null +++ b/modules/replacer/main.tf @@ -0,0 +1,5 @@ +locals { + all_objects_params_replaced = tomap({ + for k, v in var.objects : k => yamldecode(templatefile(v, var.params)) + }) +} \ No newline at end of file diff --git a/modules/replacer/output.tf b/modules/replacer/output.tf new file mode 100644 index 0000000..e2bf05d --- /dev/null +++ b/modules/replacer/output.tf @@ -0,0 +1,3 @@ +output "all_objects_params_replaced" { + value = local.all_objects_params_replaced +} \ No newline at end of file diff --git a/modules/replacer/variables.tf b/modules/replacer/variables.tf new file mode 100644 index 0000000..148abb5 --- /dev/null +++ b/modules/replacer/variables.tf @@ -0,0 +1,9 @@ +variable "objects" { + type = list(any) + default = [] +} + +variable "params" { + type = map + default = {} +} \ No newline at end of file diff --git a/spectro-account.tf b/spectro-account.tf new file mode 100644 index 0000000..7b7b3a0 --- /dev/null +++ b/spectro-account.tf @@ -0,0 +1,8 @@ +resource "spectrocloud_cloudaccount_aws" "account" { + for_each = var.accounts + + type = "sts" + name = each.value.name + arn = each.value.arn + external_id = each.value.external_id +} \ No newline at end of file diff --git a/spectro-backup.tf b/spectro-backup.tf new file mode 100644 index 0000000..149a2d3 --- /dev/null +++ b/spectro-backup.tf @@ -0,0 +1,13 @@ +resource "spectrocloud_backup_storage_location" "bsl" { + for_each = var.bsls + + name = each.value.name + is_default = false + region = each.value.region + bucket_name = each.value.bucket_name + s3 { + credential_type = "sts" + arn = each.value.arn + external_id = each.value.external_id + } +} \ No newline at end of file diff --git a/spectro-profile.tf b/spectro-profile.tf new file mode 100644 index 0000000..1045571 --- /dev/null +++ b/spectro-profile.tf @@ -0,0 +1,38 @@ +locals { + packs = flatten([for v in var.profiles : [for vv in v.packs : vv]]) + pack_names = [for v in local.packs : v.name] + pack_versions = [for v in local.packs : v.version] + + count = length(local.pack_names) + pack_uids = [for index, v in local.packs : data.spectrocloud_pack.data_packs[index].id] + pack_mapping = zipmap( + [for i, v in local.packs : join("", [v.name, "-", v.version])], + [for v in local.pack_uids : v] + ) +} + +data "spectrocloud_pack" "data_packs" { + count = length(local.pack_names) + + name = local.pack_names[count.index] + version = local.pack_versions[count.index] +} + +resource "spectrocloud_cluster_profile" "infra" { + for_each = var.profiles + name = each.value.name + description = each.value.description + cloud = "eks" + type = each.value.type + + dynamic "pack" { + for_each = each.value.packs + content { + name = pack.value.name + type = pack.value.type + tag = try(pack.value.tag, pack.value.version) + uid = lookup(local.pack_mapping, join("", [pack.value.name, "-", pack.value.version]), "") + values = pack.value.values + } + } +} diff --git a/spectro-project.tf b/spectro-project.tf new file mode 100644 index 0000000..ad35a55 --- /dev/null +++ b/spectro-project.tf @@ -0,0 +1,16 @@ +locals { + + project_ids = { + for k, v in spectrocloud_project.project : + v.name => v.id + } + +} + + +resource "spectrocloud_project" "project" { + for_each = var.projects + + name = each.value.name + description = each.value.description +} diff --git a/spectro-teams.tf b/spectro-teams.tf new file mode 100644 index 0000000..b41ef57 --- /dev/null +++ b/spectro-teams.tf @@ -0,0 +1,28 @@ +/* +data "spectrocloud_role" "projectadmin" { + name = "Project Admin" +} + +data "spectrocloud_role" "projectviewer" { + name = "Project Viewer" +} + +resource "spectrocloud_team" "projectadmin" { + for_each = module.replacer_projects.all_objects + + name = format("%s_admin", each.value.name) + project_role_mapping { + id = local.project_ids[each.value.name] + roles = [data.spectrocloud_role.projectadmin.id] + } +} + +resource "spectrocloud_team" "projectview" { + for_each = module.replacer_projects.all_objects + + name = format("%s_view", each.value.name) + project_role_mapping { + id = local.project_ids[each.value.name] + roles = [data.spectrocloud_role.projectviewer.id] + } +}*/ diff --git a/terraform.template.tfvars b/terraform.template.tfvars new file mode 100644 index 0000000..a803f12 --- /dev/null +++ b/terraform.template.tfvars @@ -0,0 +1,5 @@ +# Spectro Cloud credentials +sc_host = "{enter Spectro Cloud API endpoint}" #e.g: api.spectrocloud.com (for SaaS) +sc_username = "{enter Spectro Cloud username}" #e.g: user1@abc.com +sc_password = "{enter Spectro Cloud password}" #e.g: supereSecure1! +sc_project_name = "{enter Spectro Cloud project Name}" #e.g: Default \ No newline at end of file diff --git a/terraform.tfvars b/terraform.tfvars new file mode 100644 index 0000000..face540 --- /dev/null +++ b/terraform.tfvars @@ -0,0 +1,22 @@ +# Spectro Cloud credentials +sc_host = "api.dev.spectrocloud.com" #e.g: api.spectrocloud.com (for SaaS) +sc_username = "nikolay@spectrocloud.com" #e.g: user1@abc.com +sc_password = "welcome2Spectro1!" #e.g: supereSecure1! +sc_project_name = "Default" #e.g: Default + +# AWS Cloud Account credentials +# Ensure minimum AWS account permissions: +# https://docs.spectrocloud.com/clusters/?clusterType=aws_cluster#awscloudaccountpermissions +aws_access_key = "AKIATD5NORWYBOSHBQE4" +aws_secret_key = "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" + +# Existing SSH Key in AWS +# https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html +aws_ssh_key_name = "spectro2020" #e.g: default + +# Enter the AWS Region and AZ for cluster resources +# https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions +aws_region = "eu-west-2" #e.g: us-west-2 +aws_region_az = "eu-west-2a" #e.g: us-west-2a + +cluster_files = ["./config/cluster-eks-test.yaml"] diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..a0f41ea --- /dev/null +++ b/variables.tf @@ -0,0 +1,19 @@ +variable "accounts" { + type = map(any) + default = {} +} + +variable "bsls" { + type = map(any) + default = {} +} + +variable "profiles" { + type = map(any) + default = {} +} + +variable "projects" { + type = map(any) + default = {} +}