Merge pull request #288 from aztfmod/rover_init

Add rover init for contributors
aztfmod · Nov 8, 2022 · b5c431d · b5c431d
2 parents 0802187 + 051c323
commit b5c431d
Show file tree

Hide file tree

Showing 9 changed files with 464 additions and 307 deletions.
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -25,7 +25,7 @@
     // Uncomment the next line to run commands after the container is created.
     //"postCreateCommand": "cp -R /tmp/.ssh-localhost/* ~/.ssh && sudo chmod 600 ~/.ssh/* && sudo chown -R $(whoami) /tf/caf && git config --global core.editor vim && pre-commit install && pre-commit autoupdate",
     "postCreateCommand": "sudo cp -R /tmp/.ssh-localhost/* ~/.ssh && sudo chown -R $(whoami):$(whoami) /tf/caf ~/.ssh && sudo chmod 400 ~/.ssh/* && git config --global core.editor vi && pre-commit install && pre-commit autoupdate",
-    "postStartCommand": "sudo chmod 666 /var/run/docker.sock && cp -f /tf/rover/version.txt /tf/caf/scripts/version.txt && sudo rm -rf /tf/rover && sudo ln -s /tf/caf/scripts /tf/rover",
+    "postStartCommand": "sudo chmod 666 /var/run/docker.sock",
     // Add the IDs of extensions you want installed when the container is created in the array below.
     "extensions": [
         "4ops.terraform",

diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml
@@ -7,7 +7,7 @@
 version: "3.7"
 services:
   rover:
-    image: aztfmod/rover:1.2.9-2209.1506
+    image: aztfmod/rover:1.3.1-2210.0303
     user: vscode
 
     labels:
@@ -28,24 +28,24 @@ services:
     # Overrides default command so things don't shut down after the process ends.
     command: /bin/sh -c "while sleep 1000; do :; done"
 
-  rover_ssh:
-    image: aztfmod/rover:1.1.6-2202.2503
-    user: vscode
+  # rover_ssh:
+  #   image: aztfmod/rover:1.1.6-2202.2503
+  #   user: vscode
 
-    labels:
-      - "caf=Azure CAF"
+  #   labels:
+  #     - "caf=Azure CAF"
 
-    volumes:
-      - ..:/tf/caf
-      - volume-caf-vscode:/home/vscode
-      - volume-caf-vscode-bashhistory:/commandhistory
-      - ~/.ssh:/tmp/.ssh-localhost:ro
+  #   volumes:
+  #     - ..:/tf/caf
+  #     - volume-caf-vscode:/home/vscode
+  #     - volume-caf-vscode-bashhistory:/commandhistory
+  #     - ~/.ssh:/tmp/.ssh-localhost:ro
 
-      - /var/run/docker.sock:/var/run/docker.sock
+  #     - /var/run/docker.sock:/var/run/docker.sock
 
-    environment:
-      - HISTFILE=/commandhistory/.bash_history
-      - HISTSIZE=1000
+  #   environment:
+  #     - HISTFILE=/commandhistory/.bash_history
+  #     - HISTSIZE=1000
 
 volumes:
   volume-caf-vscode:

diff --git a/.env.terraform b/.env.terraform
@@ -1,3 +1,3 @@
 1.2.9
 1.1.9
-1.3.3
+1.3.4
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,10 +1,10 @@
 # See http://pre-commit.com for more information
 # See http://pre-commit.com/hooks.html for more hooks
 repos:
-  - repo: https://github.com/IamTheFij/docker-pre-commit
-    rev: v2.1.0
-    hooks:
-    - id: docker-compose-check
+  # - repo: https://github.com/IamTheFij/docker-pre-commit
+  #   rev: v2.1.0
+  #   hooks:
+  #   - id: docker-compose-check
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v4.3.0
     hooks:

diff --git a/Dockerfile b/Dockerfile
@@ -233,7 +233,7 @@ RUN apt-get update && \
     if [ ${TARGETARCH} == "amd64" ]; then \
         echo ACCEPT_EULA=Y apt-get install -y --no-install-recommends unixodbc mssql-tools; \
     else \
-        echo "mssql-tools skipped as not running on amd64"; \
+        echo "mssql-tools skipped as not running on amr64"; \
     fi \
     #
     && echo "Installing latest shellspec..." && \

diff --git a/scripts/functions.sh b/scripts/functions.sh
@@ -78,6 +78,10 @@ function process_actions {
             ignite ${tf_command}
             exit 0
             ;;
+        init)
+            init
+            exit 0
+            ;;
         workspace)
             workspace ${tf_command}
             exit 0
@@ -683,7 +687,7 @@ function deploy {
 
     cd ${landingzone_name}
     if [ -f "$(git rev-parse --show-toplevel)/.gitmodules" ]; then
-        version=$(cd $(git rev-parse --show-toplevel)/aztfmod &>/dev/null || cd $(git rev-parse --show-toplevel) && git branch -a --contains $(git rev-parse --short HEAD) || echo "from Terraform registry") 
+        version=$(cd $(git rev-parse --show-toplevel)/aztfmod &>/dev/null || cd $(git rev-parse --show-toplevel) && git branch -a --contains $(git rev-parse --short HEAD) || echo "from Terraform registry")
         information "CAF module version ($(git rev-parse --show-toplevel)/.gitmodules): $version"
     fi
     # for migration and hybrid support from azurerm to tfe
@@ -870,7 +874,7 @@ function get_rover_version {
         echo "local build"
     fi
 
-} 
+}
 
 #
 # This function verifies the vscode container is running the version specified in the docker-compose

diff --git a/scripts/lib/init.sh b/scripts/lib/init.sh
@@ -0,0 +1,138 @@
+# setup an initial launchpad for remote state management
+
+init() {
+  rg_name="${TF_VAR_environment}-launchpad"
+  location=${location:=australiaeast}
+
+  current_rg=$(az group list --query "[?tags.caf_environment=='${TF_VAR_environment}'] && [?tags.caf_tfstate=='${TF_VAR_level}']")
+
+  if [ "${tf_command}" == "--clean" ]; then
+    if [ "${current_rg}" != "[]" ]; then
+      resource_group_delete ${rg_name} ${location}
+    else
+      echo "Launchpad caf_environment=${TF_VAR_environment} and caf_tfstate=${TF_VAR_level} in /subscriptions/${TF_VAR_tfstate_subscription_id}/resourceGroups/${rg_name} has been clean-up."
+    fi
+  else
+    if [ "${current_rg}" == "[]" ];then
+      resource_group ${rg_name} ${location}
+      storage_account ${rg_name} ${location}
+      keyvault ${rg_name} ${location}
+      display_instructions
+    else
+      echo "Launchpad already deployed in ${current_rg}"
+    fi
+  fi
+}
+
+resource_group_delete() {
+  rg_name=${1}
+  location=${2}
+
+  echo "Deleting launchpad caf_environment=${TF_VAR_environment} and caf_tfstate=${TF_VAR_level} in /subscriptions/${TF_VAR_tfstate_subscription_id}/resourceGroups/${rg_name}"
+  az group delete \
+    --name ${rg_name} \
+    --no-wait \
+    --yes
+
+  az group wait --deleted  --resource-group ${rg_name}
+
+  echo "Launchpad caf_environment=${TF_VAR_environment} and caf_tfstate=${TF_VAR_level} in ${rg_name} destroyed."
+}
+
+resource_group() {
+  rg_name=${1}
+  location=${2}
+
+  echo "Creating resource group: ${rg_name}"
+    az group create \
+    --name ${rg_name} \
+    --location ${location} \
+    --tags caf_environment=${TF_VAR_environment} caf_tfstate=${TF_VAR_level} \
+    --subscription ${TF_VAR_tfstate_subscription_id} \
+    --only-show-errors \
+    --query id \
+    -o tsv
+
+  az group wait --created  --resource-group ${rg_name}
+  echo "  ...created"
+}
+
+storage_account() {
+  rg_name=${1}
+  location=${2}
+
+  random_length=$((22 - ${#TF_VAR_environment}))
+  typeset -l name
+  name="st${TF_VAR_environment}$(echo $RANDOM | md5sum | head -c ${random_length}; echo;)"
+
+  if [ "$(az storage account list --resource-group ${rg_name})" == "[]" ]; then
+
+    if [ "$(az storage account check-name --name ${name} --query nameAvailable -o tsv)" == "true" ]; then
+      echo "Creating storage account: ${name}"
+      id=$(az storage account create \
+        --name ${name} \
+        --resource-group ${rg_name} \
+        --location ${location} \
+        --allow-blob-public-access false \
+        --sku Standard_LRS \
+        --tags caf_environment=${TF_VAR_environment} caf_tfstate=${TF_VAR_level} \
+        --query id \
+        -o tsv) && echo $id
+
+      echo "stg created"
+      az role assignment create \
+        --role "Storage Blob Data Contributor" \
+        --assignee $(az ad signed-in-user show --query userPrincipalName -o tsv) \
+        --scope $id \
+        --query id
+
+      echo "role"
+      az storage container create \
+        --name ${TF_VAR_workspace} \
+        --account-name ${name} \
+        --auth-mode login \
+        --public-access off \
+        --query created
+
+    else
+      echo "Storage account name already exists"
+      exit 1
+    fi
+  fi
+
+}
+
+keyvault() {
+  rg_name=${1}
+  location=${2}
+
+  random_length=$((22 - ${#TF_VAR_environment}))
+  typeset -l name
+  name="kv${TF_VAR_environment}$(echo $RANDOM | md5sum | head -c ${random_length}; echo;)"
+
+  if [ "$(az keyvault list --resource-group ${rg_name})" == "[]" ]; then
+
+    echo "Creating keyvault: ${name}"
+    az keyvault create \
+      --name ${name} \
+      --resource-group ${rg_name} \
+      --location ${location} \
+      --tags caf_environment=${TF_VAR_environment} caf_tfstate=${TF_VAR_level} \
+      --query id
+
+    az keyvault secret set \
+      --name "subscription-id" \
+      --vault-name ${name} \
+      --value ${TF_VAR_tfstate_subscription_id} \
+      --query id
+
+    az keyvault secret set \
+      --name "tenant-id" \
+      --vault-name ${name} \
+      --value $(az account show --query tenantId -o tsv) \
+      --query id
+
+    echo "  ...created"
+  fi
+
+}
-Original file line number
+Diff line change
@@ -1,3 +1,3 @@
 .2.9
 .1.9
-.3.3
+.3.4