This repository has been archived by the owner on Jul 19, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathAcornfile
115 lines (103 loc) · 2.74 KB
/
Acornfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
args: dbName: "myapp"
services: db: {
default: true
generated: job: "cdk-cfn-render"
}
jobs: "context-generator": {
build: {
context: "./cdk-render"
dockerfile: "./cdk-render/Dockerfile"
}
dirs: "/acorn/aws": "secret://aws-config"
env: {
OUTPUT_FILE: "/run/secrets/output"
AWS_CONFIG_PATH: "/acorn/aws"
}
}
jobs: "cdk-cfn-render": {
sidecars: "cfn-render": {
init: true
build: {
context: "./rds-cdk"
dockerfile: "./rds-cdk/Dockerfile"
}
files: "/app/cdk.context.json": "secret://cdk-context-json/content"
env: {
CDK_DEFAULT_ACCOUNT: "secret://aws-config/account-id"
CDK_DEFAULT_REGION: "secret://aws-config/aws-region"
VPC_ID: "secret://aws-config/vpc-id"
ACORN_APP: "@{acorn.name}"
ACORN_NAMESPACE: "@{acorn.namespace}"
DATABASE_NAME: args.dbName
}
dirs: "/acorn/data": "volume://cfn-data"
}
build: {
context: "./cfn-apply"
dockerfile: "./cfn-apply/Dockerfile"
}
env: {
ACORN_APP: "@{acorn.name}"
ACORN_NAMESPACE: "@{acorn.namespace}"
DATABASE_NAME: args.dbName
}
entrypoint: ["/app/cfn-apply.sh"]
files: "/app/render.sh": """
#!/bin/bash
set -e
APP=$(sed 's/-//g' <<< ${ACORN_APP^})
NS=$(sed 's/-//g' <<< ${ACORN_NAMESPACE^})
DB=$(sed 's/-//g' <<< ${DATABASE_NAME^})
stackPfx="${APP}${NS}${DB}"
port="$(jq -r --arg PORT "${stackPfx}Port" '.[] | select(.OutputKey==$PORT)|.OutputValue' outputs.json )"
address="$(jq -r --arg HOST "${stackPfx}Host" '.[] | select(.OutputKey==$HOST)|.OutputValue' outputs.json )"
admin_username="$(jq -r --arg USER "${stackPfx}Adminusername" '.[] | select(.OutputKey==$USER)|.OutputValue' outputs.json )"
password_arn="$(jq -r --arg ARN "${stackPfx}Adminpasswordarn" '.[] | select(.OutputKey==$ARN)|.OutputValue' outputs.json )"
admin_password="$(aws --output json secretsmanager get-secret-value --secret-id "${password_arn}" --query 'SecretString' | jq -r .|jq -r .password)"
cat > /run/secrets/output<<EOF
services: db: {
default: true
address: "${address}"
secrets: ["admin"]
ports: [${port}]
data: dbname: "instance"
}
secrets: "admin": {
type: "basic"
data: {
username: "${admin_username}"
password: "${admin_password}"
}
}
EOF
"""
dependsOn: ["context-generator"]
dirs: "/acorn/data": "volume://cfn-data"
}
volumes: "cfn-data": class: "ephemeral"
secrets: {
"admin": {
type: "generated"
params: {
job: "cdk-cfn-render"
format: "json"
}
}
"aws-config": {
external: "context://aws"
type: "opaque"
data: {
"account-id": ""
"vpc-id": ""
"aws-region": ""
}
}
"cdk-context-json": {
type: "generated"
params: job: "context-generator"
}
"acorn-service": {
type: "generated"
params: job: "cdk-cfn-render"
}
}