checking things in

CSVD · Jul 9, 2024 · 5868988 · 5868988
1 parent 08c7357
commit 5868988
Show file tree

Hide file tree

Showing 20 changed files with 190 additions and 269 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+.terraform*
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
diff --git a/.terraform/modules/main/build_user.tf b/.terraform/modules/main/build_user.tf
@@ -1,9 +1,8 @@
 resource "aws_iam_user" "build_user" {
   name = var.project_name
-  path = "/tf-pipeline/${var.environment}/"
+  path = "/tf-pipeline/"
   tags = {
     Project_Name = var.project_name
-    Environment  = var.environment
     Account_ID   = local.account_id
     Region       = local.region
   }

diff --git a/.terraform/modules/main/main.tf b/.terraform/modules/main/main.tf
@@ -24,7 +24,6 @@ module "s3_artifacts_bucket" {
   codepipeline_role_arn = module.codepipeline_iam_role.role_arn
   tags = {
     Project_Name = var.project_name
-    Environment  = var.environment
     Account_ID   = local.account_id
     Region       = local.region
   }
@@ -43,7 +42,6 @@ module "codecommit_infrastructure_source_repo" {
   kms_key_arn              = module.codepipeline_kms.arn
   tags = {
     Project_Name = var.project_name
-    Environment  = var.environment
     Account_ID   = local.account_id
     Region       = local.region
   }
@@ -56,7 +54,6 @@ module "codepipeline_kms" {
   codepipeline_role_arn = module.codepipeline_iam_role.role_arn
   tags = {
     Project_Name = var.project_name
-    Environment  = var.environment
     Account_ID   = local.account_id
     Region       = local.region
   }
@@ -70,7 +67,6 @@ module "codebuild_terraform" {
   source = "./modules/codebuild"
 
   project_name                        = var.project_name
-  environment                         = var.environment
   role_arn                            = module.codepipeline_iam_role.role_arn
   s3_bucket_name                      = module.s3_artifacts_bucket.bucket
   build_projects                      = var.build_projects
@@ -102,7 +98,6 @@ module "codebuild_terraform" {
 
   tags = {
     Project_Name = var.project_name
-    Environment  = var.environment
     Account_ID   = local.account_id
     Region       = local.region
   }
@@ -111,7 +106,6 @@ module "codebuild_terraform" {
 module "codepipeline_iam_role" {
   source                     = "./modules/iam-role"
   project_name               = var.project_name
-  environment                = var.environment
   create_new_role            = var.create_new_role
   codepipeline_iam_role_name = var.create_new_role == true ? "${var.project_name}-codepipeline-role" : var.codepipeline_iam_role_name
   source_repository_name     = var.source_repo_name
@@ -124,7 +118,6 @@ module "codepipeline_iam_role" {
   state                      = var.state
   tags = {
     Project_Name = var.project_name
-    Environment  = var.environment
     Account_ID   = local.account_id
     Region       = local.region
   }
@@ -150,7 +143,6 @@ module "codepipeline_terraform" {
   kms_key_arn           = module.codepipeline_kms.arn
   tags = {
     Project_Name = var.project_name
-    Environment  = var.environment
     Account_ID   = local.account_id
     Region       = local.region
   }

diff --git a/.terraform/modules/main/modules/codebuild/main.tf b/.terraform/modules/main/modules/codebuild/main.tf
@@ -37,16 +37,14 @@ locals {
         packer_version  = var.packer_version,
         mitogen_version = var.mitogen_version,
         packer_config   = var.packer_config,
-        project_name    = var.project_name,
-        environment     = var.environment,
+        project_name    = var.project_name
       }, project.vars),
       environment_variables = concat(var.environment_variables, project.environment_variables),
       buildspec             = lookup(local.buildspecs, project.name)
       build_project_source  = var.build_project_source
       } : (project.name) == "test" ? {
       vars = merge({
         project_name      = var.project_name,
-        environment       = var.environment,
         terraform_version = var.terraform_version
       }, project.vars)
       environment_variables = concat(var.environment_variables, project.environment_variables),

diff --git a/.terraform/modules/main/modules/codebuild/templates/buildspec_build.yml b/.terraform/modules/main/modules/codebuild/templates/buildspec_build.yml
@@ -11,8 +11,10 @@ phases:
         commands:
             - stat $${CODEBUILD_SRC_DIR_SourceAnsibleOutput}/init.sh && bash $${CODEBUILD_SRC_DIR_SourceAnsibleOutput}/init.sh $${CODEBUILD_SRC_DIR_SourceAnsibleOutput} || echo "No init.sh script found"
             - apt-get install -y jq curl unzip
-            - curl -s -qL -o mitogen.tar.gz https://files.pythonhosted.org/packages/source/m/mitogen/mitogen-${mitogen_version}.tar.gz
-            - mv mitogen.tar.gz /opt; cd /opt; tar vxzf mitogen.tar.gz
+            - curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
+            - python3 get-pip.py --user
+            - python3 -m pip install --user ansible
+            - stat $(python -m site --user-base)/bin/ansible-playbook || exit 1
             - curl -s -qL -o packer.zip https://releases.hashicorp.com/packer/${packer_version}/packer_${packer_version}_linux_amd64.zip
             - unzip -o packer.zip
             - mv packer /bin
@@ -34,7 +36,7 @@ phases:
             - cd $${CODEBUILD_SRC_DIR}/$${CODE_SRC_DIR}
             - /bin/packer init ${packer_config}
             - ln -s $${CODEBUILD_SRC_DIR_SourceAnsibleOutput}/roles
-            - /bin/packer build -var project_name=${project_name} -var environment=${environment} -var ansible_roles=$${CODEBUILD_SRC_DIR_SourceAnsibleOutput}/roles ${packer_config}
+            - /bin/packer build -var project_name=${project_name} -var ansible_dir=$${CODEBUILD_SRC_DIR_SourceAnsibleOutput} ${packer_config}
     post_build:
         commands:
             - cd $${CODEBUILD_SRC_DIR}/$${CODE_SRC_DIR}

diff --git a/.terraform/modules/main/modules/codebuild/templates/buildspec_test.yml b/.terraform/modules/main/modules/codebuild/templates/buildspec_test.yml
@@ -32,12 +32,12 @@ phases:
             - cd $${CODEBUILD_SRC_DIR_SourceGossOutput}
 
             - /bin/terraform init -upgrade -backend-config="key=${state.key}" -backend-config="region=${state.region}" -backend-config="bucket=${state.bucket}" -backend-config="dynamodb_table=${state.dynamodb_table}" -backend-config="encrypt=true"
-            - /bin/terraform apply -var project_name=${project_name} -var environment=${environment} -var goss_directory=$${CODEBUILD_SRC_DIR_SourceGossOutput} -auto-approve
+            - /bin/terraform apply -var project_name=${project_name} -var goss_directory=$${CODEBUILD_SRC_DIR_SourceGossOutput} -auto-approve
 
     post_build:
         commands:
             - cd $${CODEBUILD_SRC_DIR_SourceGossOutput}
-            - terraform destroy -var project_name=${project_name} -var environment=${environment} -var goss_directory=$${CODEBUILD_SRC_DIR_SourceGossOutput}  -auto-approve
+            - terraform destroy -var project_name=${project_name} -var goss_directory=$${CODEBUILD_SRC_DIR_SourceGossOutput}  -auto-approve
             - test -f tf_ami_id.txt && aws ec2 deregister-image --image-id `cat tf_ami_id.txt` --region $AWS_REGION || echo "Tests passed, no AMI to deregister"
 artifacts:
     files:

diff --git a/.terraform/modules/main/modules/codebuild/variables.tf b/.terraform/modules/main/modules/codebuild/variables.tf
@@ -117,12 +117,6 @@ variable "vpc_config" {
   })
 }
 
-variable "environment" {
-  type        = string
-  description = "environment to deploy the codebuild project"
-}
-
-
 variable "state" {
   type = object({
     bucket         = string

diff --git a/.terraform/modules/main/modules/codecommit/main.tf b/.terraform/modules/main/modules/codecommit/main.tf
@@ -11,6 +11,7 @@ resource "aws_codecommit_repository" "source_repository" {
   description     = "Code Repository for hosting the terraform code and pipeline configuration files"
   tags            = var.tags
 }
+
 resource "aws_codecommit_approval_rule_template" "source_repository_approval" {
   count       = var.create_new_repo ? 1 : 0
   name        = "${var.source_repository_name}-${var.source_repository_branch}-Rule"

diff --git a/.terraform/modules/main/modules/codepipeline/variables.tf b/.terraform/modules/main/modules/codepipeline/variables.tf
@@ -23,7 +23,7 @@ variable "ansible_repo" {
   type = object({
     clone_url_http = string,
     arn            = string,
-    name           = optional(string, "image-pipeline-ansible-roles")
+    name           = optional(string, "image-pipeline-ansible-playbooks")
     branch         = optional(string, "main")
   })
   description = "Source of Ansible Repo"
@@ -34,7 +34,7 @@ variable "goss_repo" {
   type = object({
     clone_url_http = string,
     arn            = string,
-    name           = optional(string, "image-pipeline-ansible-roles")
+    name           = optional(string, "image-pipeline-ansible-playbooks")
     branch         = optional(string, "main")
   })
   description = "Source of Ansible Repo"

diff --git a/.terraform/modules/main/modules/iam-role/main.tf b/.terraform/modules/main/modules/iam-role/main.tf
@@ -65,10 +65,19 @@ data "aws_iam_policy_document" "codepipeline_policy" {
       "ssm:*"
     ]
     resources = [
-      "arn:${data.aws_partition.current.partition}:ssm:${data.aws_region.current.id}:${data.aws_caller_identity.current.account_id}:parameter/image-pipeline/${var.environment}/${var.project_name}/*"
+      "arn:${data.aws_partition.current.partition}:ssm:${data.aws_region.current.id}:${data.aws_caller_identity.current.account_id}:parameter/image-pipeline/${var.project_name}/*"
     ]
   }
 
+  statement {
+    effect = "Allow"
+    actions = [
+      "secretsmanager:*"
+    ]
+    resources = [
+      "arn:${data.aws_partition.current.partition}:secretsmanager:${data.aws_region.current.id}:${data.aws_caller_identity.current.account_id}:secret:/image-pipeline/${var.project_name}/*"
+    ]
+  }
   statement {
     effect = "Allow"
     actions = [
@@ -89,7 +98,7 @@ data "aws_iam_policy_document" "codepipeline_policy" {
       "ec2:ImportKeyPair"
     ]
     resources = [
-      "arn:${data.aws_partition.current.partition}:ec2:${data.aws_region.current.id}:${data.aws_caller_identity.current.account_id}:key-pair/${var.project_name}-${var.environment}-deployer-key"
+      "arn:${data.aws_partition.current.partition}:ec2:${data.aws_region.current.id}:${data.aws_caller_identity.current.account_id}:key-pair/${var.project_name}-deployer-key"
     ]
   }
   statement {

diff --git a/.terraform/modules/main/modules/iam-role/variables.tf b/.terraform/modules/main/modules/iam-role/variables.tf
@@ -14,11 +14,6 @@ variable "project_name" {
   type        = string
 }
 
-variable "environment" {
-  description = "Environment for the project"
-  type        = string
-}
-
 variable "codepipeline_iam_role_name" {
   description = "Name of the IAM role to be used by the project"
   type        = string
@@ -55,7 +50,7 @@ variable "ansible_repo" {
   type = object({
     clone_url_http = string,
     arn            = string,
-    name           = optional(string, "image-pipeline-ansible-roles")
+    name           = optional(string, "image-pipeline-ansible-playbooks")
     branch         = optional(string, "main")
   })
   description = "Source of Ansible Repo"
@@ -66,7 +61,7 @@ variable "goss_repo" {
   type = object({
     clone_url_http = string,
     arn            = string,
-    name           = optional(string, "image-pipeline-ansible-roles")
+    name           = optional(string, "image-pipeline-ansible-playbooks")
     branch         = optional(string, "main")
   })
   description = "Source of Ansible Repo"

diff --git a/.terraform/modules/main/outputs.tf b/.terraform/modules/main/outputs.tf
@@ -65,4 +65,12 @@ output "build_user" {
 
 output "sec_group" {
   value = aws_security_group.packer
+}
+
+output "parameters" {
+  value = aws_ssm_parameter.parameters
+}
+
+output "secrets" {
+  value = aws_secretsmanager_secret.secrets
 }