Skip to content

Commit

Permalink
Manage environments with terragrunt
Browse files Browse the repository at this point in the history
  • Loading branch information
lmilbaum committed Sep 21, 2023
1 parent acaf182 commit 535afb3
Show file tree
Hide file tree
Showing 18 changed files with 158 additions and 49 deletions.
1 change: 1 addition & 0 deletions .devcontainer/.tool-versions
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
terraform 1.5.7
terragrunt 0.51.3
33 changes: 24 additions & 9 deletions .devcontainer/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,17 +1,32 @@
FROM registry.access.redhat.com/ubi9:9.2-755@sha256:351ed8b24d440c348486efd99587046e88bb966890a9207a5851d3a34a4dd346

ARG HOME=/root
ARG USERNAME=user
ARG USER_UID=1000
ARG USER_GID=$USER_UID
ARG USER_HOME=/home/$USERNAME

COPY requirements.txt .tool-versions $HOME
ARG ROOT_HOME=/root

COPY requirements.txt $ROOT_HOME

RUN groupadd --gid $USER_GID $USERNAME && \
useradd --uid $USER_UID --gid $USER_GID $USERNAME && \
chown -R $USER_UID:$USER_GID /home/$USERNAME && \
dnf install -y git python3-pip make unzip && \
dnf clean all -y && \
pip3 install -r $ROOT_HOME/requirements.txt && \
update-ca-trust

USER $USERNAME

# renovate: datasource=github-releases depName=asdf-vm/asdf
ENV ASDF_VERSION=v0.13.1

RUN dnf install -y git python3-pip make unzip && \
dnf clean all -y && \
git clone https://github.com/asdf-vm/asdf.git $HOME/.asdf --branch "${ASDF_VERSION}" --depth 1 && \
. $HOME/.asdf/asdf.sh && \
echo . "$HOME/.asdf/asdf.sh" > $HOME/.bash_profile && \
COPY .tool-versions $USER_HOME

RUN git clone https://github.com/asdf-vm/asdf.git $USER_HOME/.asdf --branch "${ASDF_VERSION}" --depth 1 && \
. $USER_HOME/.asdf/asdf.sh && \
echo . "$USER_HOME/.asdf/asdf.sh" > $USER_HOME/.bash_profile && \
asdf plugin-add terraform https://github.com/asdf-community/asdf-hashicorp.git && \
asdf install && \
pip3 install -r $HOME/requirements.txt
asdf plugin-add terragrunt https://github.com/ohmer/asdf-terragrunt.git && \
asdf install
8 changes: 5 additions & 3 deletions .devcontainer/devcontainer.json
Original file line number Diff line number Diff line change
@@ -1,13 +1,15 @@
{
"name": "gitlab-configuration",
"build": {
"dockerfile": "Dockerfile"
"dockerfile": "Dockerfile",
"args": {
"USERNAME": "${localEnv:USER}"
}
},
"mounts": [
"source=${localEnv:HOME}/.aws,target=/root/.aws,type=bind,consistency=cached",
"source=${localEnv:HOME}/.aws,target=/home/${localEnv:USER}/.aws,type=bind,consistency=cached",
"source=/etc/pki/ca-trust/source/anchors/,target=/etc/pki/ca-trust/source/anchors/,type=bind,consistency=cached"
],
"postStartCommand": "update-ca-trust",
"customizations": {
"vscode": {
"extensions": [
Expand Down
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@
.vscode/
*.backup
backend.hcl
.terragrunt-cache/
2 changes: 2 additions & 0 deletions .mdl_style.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
all
exclude_rule 'MD007'
1 change: 1 addition & 0 deletions .mdlrc
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
style '.mdl_style.rb'
29 changes: 13 additions & 16 deletions Makefile
Original file line number Diff line number Diff line change
@@ -1,24 +1,21 @@
.PHONY: all clean test init plan apply import
.PHONY: all clean test

include .env
export
ENV := dev
TERRAGRUNT_CMD = cd live/${ENV} && terragrunt run-all --terragrunt-non-interactive

init:
terraform init -backend-config=backend.hcl
.PHONY: tf/init
tf/init:
${TERRAGRUNT_CMD} init -backend-config=backend.hcl

plan:
dotenv run terraform plan
.PHONY: tf/plan
tf/plan:
${TERRAGRUNT_CMD} plan

apply:
dotenv run terraform apply
.PHONY: tf/apply
tf/apply:
${TERRAGRUNT_CMD} apply

.PHONY: tf/import
import:
dotenv run terraform import gitlab_group.top_level_group $(TF_VAR_top_level_group_full_path)
dotenv run terraform import gitlab_user.bot_user $(TF_VAR_gitlab_bot_user)

all: clean init plan

clean:
rm -f terraform.tfstate

test: plan
11 changes: 5 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,19 +16,18 @@

* Use devcontainer to spin development environment
* Rename the templates files and populate the values:
* env.template -> .env
* backend.hcl.template -> backend.hcl
* backend.hcl.template -> backend.hcl
* Use the import make target to import pre-exising resources
* Execute the terraform plan:

```shell
make init
make plan
make apply
make tf/init
make tf/plan
make tf/apply
```

or

```shell
make init plan apply
make tf/init tf/plan tf/apply
```
11 changes: 0 additions & 11 deletions env.template

This file was deleted.

3 changes: 3 additions & 0 deletions live/dev/env.hcl
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
locals {
environment = "dev"
}
19 changes: 19 additions & 0 deletions live/dev/members/terragrunt.hcl
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
terraform {
source = "../../../modules//members"
extra_arguments "var-file" {
commands = ["apply", "plan"]
arguments = ["-var-file=dev.tfvars"]
}
}

include "root" {
path = find_in_parent_folders()
}

locals {
environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
}

inputs = merge(
local.environment_vars.locals
)
3 changes: 3 additions & 0 deletions live/prod/env.hcl
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
locals {
environment = "prod"
}
19 changes: 19 additions & 0 deletions live/prod/members/terragrunt.hcl
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
terraform {
source = "../../../modules//members"
extra_arguments "var-file" {
commands = ["apply", "plan"]
arguments = ["-var-file=prod.tfvars"]
}
}

include "root" {
path = find_in_parent_folders()
}

locals {
environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
}

inputs = merge(
local.environment_vars.locals
)
37 changes: 37 additions & 0 deletions live/terragrunt.hcl
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
remote_state {
backend = "s3"
generate = {
path = "backend.tf"
if_exists = "overwrite"
}
config = {
bucket = "pe-tf-backend"
key = "${path_relative_to_include()}/terraform.tfstate"
region = "eu-west-2"
profile = "default"
encrypt = true
dynamodb_table = "pe-tf-backend"
s3_bucket_tags = {
"Project" = "Platform Engineering"
"User" = "lmilbaum"
}
dynamodb_table_tags = {
"Project" = "Platform Engineering"
"User" = "lmilbaum"
}
}
}

generate "provider" {
path = "provider.tf"
if_exists = "overwrite"
contents = <<EOF
provider "aws" {
region = var.aws_region
profile = var.aws_profile
default_tags {
tags = { "Project" = "Platform Engineering", "User" = "lmilbaum" }
}
}
EOF
}
File renamed without changes.
File renamed without changes.
11 changes: 9 additions & 2 deletions main.tf → modules/members/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,16 @@ resource "gitlab_group" "top_level_group" {
path = var.top_level_group_path
}

resource "gitlab_group_ldap_link" "top_level_group_developer" {
resource "gitlab_group_ldap_link" "developers_group" {
group = gitlab_group.top_level_group.id
cn = var.gitlab_users_group
cn = var.ldap_developers_group
group_access = "developer"
ldap_provider = "ldapmain"
}

resource "gitlab_group_ldap_link" "owners_group" {
group = gitlab_group.top_level_group.id
cn = var.ldap_owners_group
group_access = "developer"
ldap_provider = "ldapmain"
}
18 changes: 16 additions & 2 deletions variables.tf → modules/members/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -17,34 +17,48 @@ variable "base_url" {
variable "top_level_group_name" {
type = string
description = "GitLab top level group name"
sensitive = true
}

variable "top_level_group_path" {
type = string
description = "GitLab top level group path"
sensitive = true
}

variable "gitlab_users_group" {
variable "ldap_developers_group" {
type = string
description = "GitLab users group"
description = "LDAP developers group"
sensitive = true
}

variable "ldap_owners_group" {
type = string
description = "LDAP owners group"
sensitive = true
}


variable "gitlab_bot_user_id" {
type = number
description = "GitLab bot user id"
sensitive = true
}

variable "gitlab_bot_user_name" {
type = string
description = "GitLab bot user name"
sensitive = true
}

variable "gitlab_bot_user_username" {
type = string
description = "GitLab bot user username"
sensitive = true
}

variable "gitlab_bot_user_email" {
type = string
description = "GitLab bot user email"
sensitive = true
}

0 comments on commit 535afb3

Please sign in to comment.