1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
# GOV.UK Mini Environment Admin
# Copyright © 2018 Christopher Baines <mail@cbaines.net>
#
# This file is part of the GOV.UK Mini Environment Admin.
#
# The GOV.UK Mini Environment Admin is free software: you can
# redistribute it and/or modify it under the terms of the GNU Affero
# General Public License as published by the Free Software Foundation,
# either version 3 of the License, or (at your option) any later
# version.
#
# The GOV.UK Mini Environment Admin is distributed in the hope that it
# will be useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
# See the GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License along with the GOV.UK Mini Environment Admin. If not, see
# <http://www.gnu.org/licenses/>.
module Backends::TerraformAws::MiniEnvironmentMethods
def build(mini_environment)
slug = mini_environment.name.parameterize
store_path = GovukGuix::BuildMiniEnvironment.build(
mini_environment.id,
services: mini_environment.services.map(&:build_argument_string),
arguments: {
type: 'container-start-script',
app_domain: "#{slug}.#{domain}",
web_domain: "www.#{slug}.#{domain}",
use_https: 'certbot',
http_ports_mode: 'alternative',
read_bundle_install_input_as_tar_archive: true,
signon_instance_name: slug,
admin_environment_label: mini_environment.name,
use_error_pages: 'true',
origin_basic_auth: "#{slug}=#{slug}",
share: [
'/var/cache/govuk-mini-environment-admin=/var/cache',
'/var/lib/govuk-mini-environment-admin=/var/lib',
'/var/log/govuk-mini-environment-admin=/var/log'
]
},
run_remotely_on_host: mini_environment.backend.build_remote_host
)
add_in_use_store_path(store_path)
end
def start(mini_environment)
logger.info "Setting up #{mini_environment.name}"
within_terraform_working_directory(mini_environment) do
RubyTerraform.apply(
vars: terraform_variables(mini_environment),
auto_approve: true
)
end
end
def destroy(mini_environment)
within_terraform_working_directory(mini_environment) do
RubyTerraform.destroy(
vars: terraform_variables(mini_environment),
force: true
)
end
end
def refresh(mini_environment)
within_terraform_working_directory(mini_environment) do
RubyTerraform.refresh(
vars: terraform_variables(mini_environment)
)
end
end
def terraform_states(mini_environment)
TerraformState.where(
state_id: mini_environment_state_id(mini_environment)
)
end
def within_terraform_working_directory(mini_environment, &block)
with_advisory_lock(
"terraform"
) do
TerraformWorkingDirectory.new(
mini_environment_state_id(mini_environment),
'terraform/aws/mini_environment'
).within_working_directory(&block)
end
end
def mini_environment_state_id(mini_environment)
"mini_environment/#{mini_environment.id}"
end
def signon_url(mini_environment)
"https://signon.#{mini_environment.name.parameterize}.#{domain}"
end
def terraform_variables(mini_environment)
credentials = TerraformHttpBackendController.credentials
common_terraform_variables.merge(
slug: mini_environment.name.parameterize,
start_command: mini_environment.backend_data['build_output'],
backend_remote_state_address: (
Plek.new.external_url_for('mini-environment-admin') +
Rails
.application
.routes
.url_helpers
.terraform_http_backend_path(terraform_state_id)
),
backend_remote_state_username: credentials[:name],
backend_remote_state_password: credentials[:password]
)
end
end
|