From 58689884718e852b69372ab31257590ff6c6397f Mon Sep 17 00:00:00 2001 From: Dave Arnold Date: Tue, 9 Jul 2024 17:22:24 -0400 Subject: [PATCH] checking things in --- .gitignore | 1 + .terraform.lock.hcl | 19 ++- .terraform/modules/main/build_user.tf | 3 +- .terraform/modules/main/main.tf | 8 -- .../modules/main/modules/codebuild/main.tf | 4 +- .../codebuild/templates/buildspec_build.yml | 8 +- .../codebuild/templates/buildspec_test.yml | 4 +- .../main/modules/codebuild/variables.tf | 6 - .../modules/main/modules/codecommit/main.tf | 1 + .../main/modules/codepipeline/variables.tf | 4 +- .../modules/main/modules/iam-role/main.tf | 13 +- .../main/modules/iam-role/variables.tf | 9 +- .terraform/modules/main/outputs.tf | 8 ++ .terraform/modules/main/packer.pkr.hcl | 133 ------------------ .terraform/modules/main/ssm.tf | 36 ----- .terraform/modules/main/variables.tf | 55 +++++++- .terraform/modules/main/vpc_config.tf | 2 +- .terraform/modules/modules.json | 2 +- .terraform/terraform.tfstate | 89 +++++------- main.tf | 54 ++++++- 20 files changed, 190 insertions(+), 269 deletions(-) create mode 100644 .gitignore delete mode 100644 .terraform/modules/main/packer.pkr.hcl delete mode 100644 .terraform/modules/main/ssm.tf diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e79eb23 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.terraform* diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index 39bf434..ceb00f2 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -2,10 +2,25 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "5.55.0" + version = "5.57.0" constraints = ">= 4.20.1" hashes = [ - "h1:NHgKROQfH2vdYgpcD046DrCbFLIONgIzj4UeVNdku3w=", + "h1:B8Rpgfr1+wt2ByOZYWZL0cIoOcfSUUYkajsF+ocZ97o=", + "zh:03761bedb72290599aef0040d3cefb77842f0ef4338673a7e5b53557b0ca4960", + "zh:1c70c050116370688abd239979b06f33c5c8cb7f6e59e89f60cf08ee01666064", + "zh:1cc3b259028a65b2f68ffc25df876bbb0f46d108f262b8ec7c56fc597ac697af", + "zh:3bcdf1415b37f39b71e07d4d92977cf8697f07602382d63687d5f683fee0231a", + "zh:40b1774a2cacc84002ac88ef30fb017c273009456d7a1f9f7c5a4a057041ec75", + "zh:46d51fa066c6441594a1e242c9491cc31dbb2dc85f1acf8bc54ad6faa4de524b", + "zh:550e5635b0cd5d98fa66c2afd5dbb1563a8e019be9f760bd1543fbcca763f0c1", + "zh:7acc8357b5e02ed3eb478125614d049511d6faeb9850c084d6e6519db875f0d1", + "zh:7f7367299811ddf5560a0586e525d57dd52f1a0ca37e42e2c5284308069bf2b6", + "zh:8766cc10c83b1fc2e971c4e645bc4d3c871d4758eb54b0a3216600c66e3db681", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:a1e85b1fb9004d8ffab7600304e02bce4aa14cea9f0ad77fbd7b84aae6390760", + "zh:bcf2fc83bd9e20e5a930d9d596eb813c319f2b007c620b1818e574c1702eb9a9", + "zh:d2538fcb20dc2afc04b716f67969944eef7f4fc4296410116d5b7af1811100f2", + "zh:e0e47c5d8710bbfcfe4db1cfa81c67e320056006d08063e69640cd2d492c6f64", ] } diff --git a/.terraform/modules/main/build_user.tf b/.terraform/modules/main/build_user.tf index 498949b..eaf13fe 100644 --- a/.terraform/modules/main/build_user.tf +++ b/.terraform/modules/main/build_user.tf @@ -1,9 +1,8 @@ resource "aws_iam_user" "build_user" { name = var.project_name - path = "/tf-pipeline/${var.environment}/" + path = "/tf-pipeline/" tags = { Project_Name = var.project_name - Environment = var.environment Account_ID = local.account_id Region = local.region } diff --git a/.terraform/modules/main/main.tf b/.terraform/modules/main/main.tf index 9ff780a..305ceb1 100644 --- a/.terraform/modules/main/main.tf +++ b/.terraform/modules/main/main.tf @@ -24,7 +24,6 @@ module "s3_artifacts_bucket" { codepipeline_role_arn = module.codepipeline_iam_role.role_arn tags = { Project_Name = var.project_name - Environment = var.environment Account_ID = local.account_id Region = local.region } @@ -43,7 +42,6 @@ module "codecommit_infrastructure_source_repo" { kms_key_arn = module.codepipeline_kms.arn tags = { Project_Name = var.project_name - Environment = var.environment Account_ID = local.account_id Region = local.region } @@ -56,7 +54,6 @@ module "codepipeline_kms" { codepipeline_role_arn = module.codepipeline_iam_role.role_arn tags = { Project_Name = var.project_name - Environment = var.environment Account_ID = local.account_id Region = local.region } @@ -70,7 +67,6 @@ module "codebuild_terraform" { source = "./modules/codebuild" project_name = var.project_name - environment = var.environment role_arn = module.codepipeline_iam_role.role_arn s3_bucket_name = module.s3_artifacts_bucket.bucket build_projects = var.build_projects @@ -102,7 +98,6 @@ module "codebuild_terraform" { tags = { Project_Name = var.project_name - Environment = var.environment Account_ID = local.account_id Region = local.region } @@ -111,7 +106,6 @@ module "codebuild_terraform" { module "codepipeline_iam_role" { source = "./modules/iam-role" project_name = var.project_name - environment = var.environment create_new_role = var.create_new_role codepipeline_iam_role_name = var.create_new_role == true ? "${var.project_name}-codepipeline-role" : var.codepipeline_iam_role_name source_repository_name = var.source_repo_name @@ -124,7 +118,6 @@ module "codepipeline_iam_role" { state = var.state tags = { Project_Name = var.project_name - Environment = var.environment Account_ID = local.account_id Region = local.region } @@ -150,7 +143,6 @@ module "codepipeline_terraform" { kms_key_arn = module.codepipeline_kms.arn tags = { Project_Name = var.project_name - Environment = var.environment Account_ID = local.account_id Region = local.region } diff --git a/.terraform/modules/main/modules/codebuild/main.tf b/.terraform/modules/main/modules/codebuild/main.tf index 1b0a668..4a2bcef 100644 --- a/.terraform/modules/main/modules/codebuild/main.tf +++ b/.terraform/modules/main/modules/codebuild/main.tf @@ -37,8 +37,7 @@ locals { packer_version = var.packer_version, mitogen_version = var.mitogen_version, packer_config = var.packer_config, - project_name = var.project_name, - environment = var.environment, + project_name = var.project_name }, project.vars), environment_variables = concat(var.environment_variables, project.environment_variables), buildspec = lookup(local.buildspecs, project.name) @@ -46,7 +45,6 @@ locals { } : (project.name) == "test" ? { vars = merge({ project_name = var.project_name, - environment = var.environment, terraform_version = var.terraform_version }, project.vars) environment_variables = concat(var.environment_variables, project.environment_variables), diff --git a/.terraform/modules/main/modules/codebuild/templates/buildspec_build.yml b/.terraform/modules/main/modules/codebuild/templates/buildspec_build.yml index 6152d11..db66be1 100644 --- a/.terraform/modules/main/modules/codebuild/templates/buildspec_build.yml +++ b/.terraform/modules/main/modules/codebuild/templates/buildspec_build.yml @@ -11,8 +11,10 @@ phases: commands: - stat $${CODEBUILD_SRC_DIR_SourceAnsibleOutput}/init.sh && bash $${CODEBUILD_SRC_DIR_SourceAnsibleOutput}/init.sh $${CODEBUILD_SRC_DIR_SourceAnsibleOutput} || echo "No init.sh script found" - apt-get install -y jq curl unzip - - curl -s -qL -o mitogen.tar.gz https://files.pythonhosted.org/packages/source/m/mitogen/mitogen-${mitogen_version}.tar.gz - - mv mitogen.tar.gz /opt; cd /opt; tar vxzf mitogen.tar.gz + - curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py + - python3 get-pip.py --user + - python3 -m pip install --user ansible + - stat $(python -m site --user-base)/bin/ansible-playbook || exit 1 - curl -s -qL -o packer.zip https://releases.hashicorp.com/packer/${packer_version}/packer_${packer_version}_linux_amd64.zip - unzip -o packer.zip - mv packer /bin @@ -34,7 +36,7 @@ phases: - cd $${CODEBUILD_SRC_DIR}/$${CODE_SRC_DIR} - /bin/packer init ${packer_config} - ln -s $${CODEBUILD_SRC_DIR_SourceAnsibleOutput}/roles - - /bin/packer build -var project_name=${project_name} -var environment=${environment} -var ansible_roles=$${CODEBUILD_SRC_DIR_SourceAnsibleOutput}/roles ${packer_config} + - /bin/packer build -var project_name=${project_name} -var ansible_dir=$${CODEBUILD_SRC_DIR_SourceAnsibleOutput} ${packer_config} post_build: commands: - cd $${CODEBUILD_SRC_DIR}/$${CODE_SRC_DIR} diff --git a/.terraform/modules/main/modules/codebuild/templates/buildspec_test.yml b/.terraform/modules/main/modules/codebuild/templates/buildspec_test.yml index 15acc6f..bddcce2 100644 --- a/.terraform/modules/main/modules/codebuild/templates/buildspec_test.yml +++ b/.terraform/modules/main/modules/codebuild/templates/buildspec_test.yml @@ -32,12 +32,12 @@ phases: - cd $${CODEBUILD_SRC_DIR_SourceGossOutput} - /bin/terraform init -upgrade -backend-config="key=${state.key}" -backend-config="region=${state.region}" -backend-config="bucket=${state.bucket}" -backend-config="dynamodb_table=${state.dynamodb_table}" -backend-config="encrypt=true" - - /bin/terraform apply -var project_name=${project_name} -var environment=${environment} -var goss_directory=$${CODEBUILD_SRC_DIR_SourceGossOutput} -auto-approve + - /bin/terraform apply -var project_name=${project_name} -var goss_directory=$${CODEBUILD_SRC_DIR_SourceGossOutput} -auto-approve post_build: commands: - cd $${CODEBUILD_SRC_DIR_SourceGossOutput} - - terraform destroy -var project_name=${project_name} -var environment=${environment} -var goss_directory=$${CODEBUILD_SRC_DIR_SourceGossOutput} -auto-approve + - terraform destroy -var project_name=${project_name} -var goss_directory=$${CODEBUILD_SRC_DIR_SourceGossOutput} -auto-approve - test -f tf_ami_id.txt && aws ec2 deregister-image --image-id `cat tf_ami_id.txt` --region $AWS_REGION || echo "Tests passed, no AMI to deregister" artifacts: files: diff --git a/.terraform/modules/main/modules/codebuild/variables.tf b/.terraform/modules/main/modules/codebuild/variables.tf index 1353d7a..944cfb7 100644 --- a/.terraform/modules/main/modules/codebuild/variables.tf +++ b/.terraform/modules/main/modules/codebuild/variables.tf @@ -117,12 +117,6 @@ variable "vpc_config" { }) } -variable "environment" { - type = string - description = "environment to deploy the codebuild project" -} - - variable "state" { type = object({ bucket = string diff --git a/.terraform/modules/main/modules/codecommit/main.tf b/.terraform/modules/main/modules/codecommit/main.tf index 1150c97..ba68038 100644 --- a/.terraform/modules/main/modules/codecommit/main.tf +++ b/.terraform/modules/main/modules/codecommit/main.tf @@ -11,6 +11,7 @@ resource "aws_codecommit_repository" "source_repository" { description = "Code Repository for hosting the terraform code and pipeline configuration files" tags = var.tags } + resource "aws_codecommit_approval_rule_template" "source_repository_approval" { count = var.create_new_repo ? 1 : 0 name = "${var.source_repository_name}-${var.source_repository_branch}-Rule" diff --git a/.terraform/modules/main/modules/codepipeline/variables.tf b/.terraform/modules/main/modules/codepipeline/variables.tf index c2c2b84..571606a 100644 --- a/.terraform/modules/main/modules/codepipeline/variables.tf +++ b/.terraform/modules/main/modules/codepipeline/variables.tf @@ -23,7 +23,7 @@ variable "ansible_repo" { type = object({ clone_url_http = string, arn = string, - name = optional(string, "image-pipeline-ansible-roles") + name = optional(string, "image-pipeline-ansible-playbooks") branch = optional(string, "main") }) description = "Source of Ansible Repo" @@ -34,7 +34,7 @@ variable "goss_repo" { type = object({ clone_url_http = string, arn = string, - name = optional(string, "image-pipeline-ansible-roles") + name = optional(string, "image-pipeline-ansible-playbooks") branch = optional(string, "main") }) description = "Source of Ansible Repo" diff --git a/.terraform/modules/main/modules/iam-role/main.tf b/.terraform/modules/main/modules/iam-role/main.tf index 619c676..412ca1a 100644 --- a/.terraform/modules/main/modules/iam-role/main.tf +++ b/.terraform/modules/main/modules/iam-role/main.tf @@ -65,10 +65,19 @@ data "aws_iam_policy_document" "codepipeline_policy" { "ssm:*" ] resources = [ - "arn:${data.aws_partition.current.partition}:ssm:${data.aws_region.current.id}:${data.aws_caller_identity.current.account_id}:parameter/image-pipeline/${var.environment}/${var.project_name}/*" + "arn:${data.aws_partition.current.partition}:ssm:${data.aws_region.current.id}:${data.aws_caller_identity.current.account_id}:parameter/image-pipeline/${var.project_name}/*" ] } + statement { + effect = "Allow" + actions = [ + "secretsmanager:*" + ] + resources = [ + "arn:${data.aws_partition.current.partition}:secretsmanager:${data.aws_region.current.id}:${data.aws_caller_identity.current.account_id}:secret:/image-pipeline/${var.project_name}/*" + ] + } statement { effect = "Allow" actions = [ @@ -89,7 +98,7 @@ data "aws_iam_policy_document" "codepipeline_policy" { "ec2:ImportKeyPair" ] resources = [ - "arn:${data.aws_partition.current.partition}:ec2:${data.aws_region.current.id}:${data.aws_caller_identity.current.account_id}:key-pair/${var.project_name}-${var.environment}-deployer-key" + "arn:${data.aws_partition.current.partition}:ec2:${data.aws_region.current.id}:${data.aws_caller_identity.current.account_id}:key-pair/${var.project_name}-deployer-key" ] } statement { diff --git a/.terraform/modules/main/modules/iam-role/variables.tf b/.terraform/modules/main/modules/iam-role/variables.tf index 2bf1986..fd6d42e 100644 --- a/.terraform/modules/main/modules/iam-role/variables.tf +++ b/.terraform/modules/main/modules/iam-role/variables.tf @@ -14,11 +14,6 @@ variable "project_name" { type = string } -variable "environment" { - description = "Environment for the project" - type = string -} - variable "codepipeline_iam_role_name" { description = "Name of the IAM role to be used by the project" type = string @@ -55,7 +50,7 @@ variable "ansible_repo" { type = object({ clone_url_http = string, arn = string, - name = optional(string, "image-pipeline-ansible-roles") + name = optional(string, "image-pipeline-ansible-playbooks") branch = optional(string, "main") }) description = "Source of Ansible Repo" @@ -66,7 +61,7 @@ variable "goss_repo" { type = object({ clone_url_http = string, arn = string, - name = optional(string, "image-pipeline-ansible-roles") + name = optional(string, "image-pipeline-ansible-playbooks") branch = optional(string, "main") }) description = "Source of Ansible Repo" diff --git a/.terraform/modules/main/outputs.tf b/.terraform/modules/main/outputs.tf index 3435423..c5ecb30 100644 --- a/.terraform/modules/main/outputs.tf +++ b/.terraform/modules/main/outputs.tf @@ -65,4 +65,12 @@ output "build_user" { output "sec_group" { value = aws_security_group.packer +} + +output "parameters" { + value = aws_ssm_parameter.parameters +} + +output "secrets" { + value = aws_secretsmanager_secret.secrets } \ No newline at end of file diff --git a/.terraform/modules/main/packer.pkr.hcl b/.terraform/modules/main/packer.pkr.hcl deleted file mode 100644 index 48c0ed9..0000000 --- a/.terraform/modules/main/packer.pkr.hcl +++ /dev/null @@ -1,133 +0,0 @@ -# This is a Packer configuration file written in HashiCorp Configuration Language (HCL). -# Packer is a tool for creating identical machine images for multiple platforms from a single source configuration. - -# Here's a breakdown of the key parts: -# Required Plugins: This section specifies the plugins required for this Packer configuration. -# It requires the amazon and ansible plugins from HashiCorp. - -# Variables: Several variables are defined, such as ansible_roles, project_name, environment, -# shared_accounts, source_ami, instance_type, and ssh_username. Some of these variables have default values. - -# Data Sources: Two data sources are defined to fetch values from the Amazon Parameter Store. -# These values are used to set the region and subnet_id for the Amazon EBS source. - -# Source: The source block defines an Amazon EBS source named builder. It uses the variables and -# data sources defined earlier to set its properties. - -# Build: The build block defines a build named packer-builder that uses the builder source. -# It includes two provisioners and a post-processor: - -# The shell provisioner runs a shell command to remove a file named ami_id.txt. -# The ansible provisioner runs an Ansible playbook located at ./playbook.yml. -# The shell-local post-processor runs shell commands to write the build name to a -# file named ami_id.txt and print the AMI ID. -# This configuration is used to create an Amazon Machine Image (AMI) using Packer. -# The AMI is created by launching an EC2 instance of the specified type in the specified region and subnet, -# configuring it using Ansible, and then creating an image of the instance. -# The ID of the created AMI is written to a file named ami_id.txt. -# Define the required plugins for Packer -packer { - required_plugins { - # Amazon plugin for Packer - amazon = { - version = ">= 1.2.8" - source = "github.com/hashicorp/amazon" - } - # Ansible plugin for Packer - ansible = { - version = "v1.1.1" - source ="github.com/hashicorp/ansible" - } - } -} - -# Define variables for the Packer configuration -variable ansible_roles { - type = string -} - -variable project_name { - type = string - default = "daves-awesome-test-ami" -} - -variable environment { - type = string - default = "dev" -} - -variable shared_accounts { - type = list(string) - default = [] -} - -variable "source_ami" { - description = "The ID of the source AMI" - default = "ami-03fadeeea589a106b" -} - -variable "instance_type" { - description = "The type of instance to start" - default = "t2.micro" -} - -variable "ssh_username" { - description = "The username to use for SSH to the instance" - default = "ec2-user" -} - -# Define data sources to fetch values from the Amazon Parameter Store -data "amazon-parameterstore" "region" { - name = "/image-pipeline/${var.environment}/${var.project_name}/region" - with_decryption = false -} - -data "amazon-parameterstore" "subnets" { - name = "/image-pipeline/${var.environment}/${var.project_name}/subnets" - with_decryption = false -} - -# Define the Amazon EBS source -source "amazon-ebs" "builder" { - region = data.amazon-parameterstore.region.value - subnet_id = one(split(",", data.amazon-parameterstore.subnets.value)) - source_ami = var.source_ami - instance_type = var.instance_type - ssh_username = var.ssh_username - ami_name = "${var.ami_name}-${uuidv4()}" - ami_users = var.shared_accounts -} - -# Define the build -build { - name = "packer-builder" - sources = [ - "source.amazon-ebs.builder" - ] - - # Provisioner to remove the ami_id.txt file - provisioner "shell" { - inline = [ - "rm ami_id.txt || true" - ] - } - - # Provisioner to run the Ansible playbook - provisioner "ansible" { - playbook_file = "./playbook.yml" - roles_path = var.ansible_roles - ansible_env_vars = ["ANSIBLE_STDOUT_CALLBACK=yaml", "ANSIBLE_NOCOLOR=True"] - user = var.ssh_username - extra_arguments = [ - "-vvv" - ] - } - - # Post-processor to write the build name to a file and print the AMI ID - post-processor "shell-local" { - inline = [ - "echo '{{.BuildName}}' > ami_id.txt", - "echo 'AMI ID: {{.BuildName}}'" - ] - } -} \ No newline at end of file diff --git a/.terraform/modules/main/ssm.tf b/.terraform/modules/main/ssm.tf deleted file mode 100644 index fb5ed1e..0000000 --- a/.terraform/modules/main/ssm.tf +++ /dev/null @@ -1,36 +0,0 @@ -resource "aws_ssm_parameter" "security_group_id" { - name = "/image-pipeline/${var.environment}/${var.project_name}/security_group_ids" - type = "StringList" - value = join(",", local.vpc_config.security_group_ids) -} - -resource "aws_ssm_parameter" "region" { - name = "/image-pipeline/${var.environment}/${var.project_name}/region" - type = "String" - value = local.vpc_config.region -} - -resource "aws_ssm_parameter" "subnets" { - name = "/image-pipeline/${var.environment}/${var.project_name}/subnets" - type = "StringList" - value = join(",", local.vpc_config.subnets) -} - -resource "aws_ssm_parameter" "vpc_id" { - name = "/image-pipeline/${var.environment}/${var.project_name}/vpc_id" - type = "String" - value = local.vpc_config.vpc_id -} - -resource "aws_ssm_parameter" "ssh_user" { - name = "/image-pipeline/${var.environment}/${var.project_name}/ssh_user" - type = "String" - value = var.ssh_user -} - - -resource "aws_ssm_parameter" "goss_profile" { - name = "/image-pipeline/${var.environment}/${var.project_name}/goss_profile" - type = "String" - value = var.goss_profile -} \ No newline at end of file diff --git a/.terraform/modules/main/variables.tf b/.terraform/modules/main/variables.tf index 13af77d..e48357c 100644 --- a/.terraform/modules/main/variables.tf +++ b/.terraform/modules/main/variables.tf @@ -42,10 +42,6 @@ variable "source_repo_branch" { # type = string # } -variable "environment" { - description = "Environment in which the script is run. Eg: dev, prod, etc" - type = string -} variable "stage_input" { description = "Tags to be attached to the CodePipeline" @@ -172,7 +168,7 @@ variable "ansible_repo" { type = object({ clone_url_http = string, arn = string, - name = optional(string, "image-pipeline-ansible-roles") + name = optional(string, "image-pipeline-ansible-playbooks") branch = optional(string, "main") }) description = "Source of Ansible Repo" @@ -216,11 +212,58 @@ variable "state" { variable "ssh_user" { type = string description = "SSH username" - default = "ec2-user" + default = null } variable "goss_profile" { type = string description = "GOSS Profile to be used for testing" default = "goss" +} + +variable "extra_parameters" { + type = map(string) + default = {} +} + +variable "secrets" { + type = map(string) + sensitive = true + default = {} +} + +variable "winrm_credentials" { + type = object({ + username = string + password = string + }) + default = null +} + +variable "source_ami" { + type = string +} + +variable "shared_accounts" { + type = list(string) + default = null +} + +variable "instance_type" { + type = string +} + +variable "playbook" { + type = string + default = null +} + +variable "userdata" { + type = string + default = null +} + +variable "create_vpc_endpoint" { + type = bool + default = false } \ No newline at end of file diff --git a/.terraform/modules/main/vpc_config.tf b/.terraform/modules/main/vpc_config.tf index d35b104..2b7b844 100644 --- a/.terraform/modules/main/vpc_config.tf +++ b/.terraform/modules/main/vpc_config.tf @@ -1,5 +1,5 @@ resource "aws_vpc_endpoint" "endpoint" { - for_each = var.vpc_config == null ? toset([]) : toset([ + for_each = var.vpc_config == null || !var.create_vpc_endpoint ? toset([]) : toset([ "codecommit", "git-codecommit", "s3" diff --git a/.terraform/modules/modules.json b/.terraform/modules/modules.json index 3debcde..af21cab 100644 --- a/.terraform/modules/modules.json +++ b/.terraform/modules/modules.json @@ -1 +1 @@ -{"Modules":[{"Key":"main.codepipeline_kms","Source":"./modules/kms","Dir":".terraform/modules/main/modules/kms"},{"Key":"main.codepipeline_terraform","Source":"./modules/codepipeline","Dir":".terraform/modules/main/modules/codepipeline"},{"Key":"main.s3_artifacts_bucket","Source":"./modules/s3","Dir":".terraform/modules/main/modules/s3"},{"Key":"main","Source":"registry.terraform.io/HappyPathway/image-pipeline/aws","Version":"0.0.155","Dir":".terraform/modules/main"},{"Key":"main.codebuild_terraform","Source":"./modules/codebuild","Dir":".terraform/modules/main/modules/codebuild"},{"Key":"main.codecommit_infrastructure_source_repo","Source":"./modules/codecommit","Dir":".terraform/modules/main/modules/codecommit"},{"Key":"","Source":"","Dir":"."},{"Key":"main.codepipeline_iam_role","Source":"./modules/iam-role","Dir":".terraform/modules/main/modules/iam-role"}]} \ No newline at end of file +{"Modules":[{"Key":"","Source":"","Dir":"."},{"Key":"main","Source":"registry.terraform.io/HappyPathway/image-pipeline/aws","Version":"1.0.37","Dir":".terraform/modules/main"},{"Key":"main.codebuild_terraform","Source":"./modules/codebuild","Dir":".terraform/modules/main/modules/codebuild"},{"Key":"main.codecommit_infrastructure_source_repo","Source":"./modules/codecommit","Dir":".terraform/modules/main/modules/codecommit"},{"Key":"main.codepipeline_iam_role","Source":"./modules/iam-role","Dir":".terraform/modules/main/modules/iam-role"},{"Key":"main.codepipeline_kms","Source":"./modules/kms","Dir":".terraform/modules/main/modules/kms"},{"Key":"main.codepipeline_terraform","Source":"./modules/codepipeline","Dir":".terraform/modules/main/modules/codepipeline"},{"Key":"main.s3_artifacts_bucket","Source":"./modules/s3","Dir":".terraform/modules/main/modules/s3"},{"Key":"windows","Source":"registry.terraform.io/HappyPathway/image-pipeline/aws","Version":"1.0.37","Dir":".terraform/modules/windows"},{"Key":"windows.codebuild_terraform","Source":"./modules/codebuild","Dir":".terraform/modules/windows/modules/codebuild"},{"Key":"windows.codecommit_infrastructure_source_repo","Source":"./modules/codecommit","Dir":".terraform/modules/windows/modules/codecommit"},{"Key":"windows.codepipeline_iam_role","Source":"./modules/iam-role","Dir":".terraform/modules/windows/modules/iam-role"},{"Key":"windows.codepipeline_kms","Source":"./modules/kms","Dir":".terraform/modules/windows/modules/kms"},{"Key":"windows.codepipeline_terraform","Source":"./modules/codepipeline","Dir":".terraform/modules/windows/modules/codepipeline"},{"Key":"windows.s3_artifacts_bucket","Source":"./modules/s3","Dir":".terraform/modules/windows/modules/s3"}]} \ No newline at end of file diff --git a/.terraform/terraform.tfstate b/.terraform/terraform.tfstate index 5a17fef..5b845b5 100644 --- a/.terraform/terraform.tfstate +++ b/.terraform/terraform.tfstate @@ -1,52 +1,41 @@ { - "version": 3, - "serial": 1, - "lineage": "0ec7fefb-3146-2c18-c987-572dfd68438e", - "backend": { - "type": "s3", - "config": { - "access_key": null, - "acl": null, - "assume_role_duration_seconds": null, - "assume_role_policy": null, - "assume_role_policy_arns": null, - "assume_role_tags": null, - "assume_role_transitive_tag_keys": null, - "bucket": "inf-tfstate-229685449397", - "dynamodb_endpoint": null, - "dynamodb_table": "tf_remote_state", - "encrypt": null, - "endpoint": null, - "external_id": null, - "force_path_style": null, - "iam_endpoint": null, - "key": "csvd-dev-gov/common/apps/aws-image-pipeline-demo", - "kms_key_id": null, - "max_retries": null, - "profile": null, - "region": "us-gov-east-1", - "role_arn": null, - "secret_key": null, - "session_name": null, - "shared_credentials_file": null, - "skip_credentials_validation": null, - "skip_metadata_api_check": null, - "skip_region_validation": null, - "sse_customer_key": null, - "sts_endpoint": null, - "token": null, - "workspace_key_prefix": null - }, - "hash": 748883980 + "version": 3, + "terraform_version": "1.9.1", + "backend": { + "type": "s3", + "config": { + "access_key": null, + "acl": null, + "assume_role_duration_seconds": null, + "assume_role_policy": null, + "assume_role_policy_arns": null, + "assume_role_tags": null, + "assume_role_transitive_tag_keys": null, + "bucket": "inf-tfstate-229685449397", + "dynamodb_endpoint": null, + "dynamodb_table": "tf_remote_state", + "encrypt": null, + "endpoint": null, + "external_id": null, + "force_path_style": null, + "iam_endpoint": null, + "key": "csvd-dev-gov/common/apps/aws-image-pipeline-demo", + "kms_key_id": null, + "max_retries": null, + "profile": null, + "region": "us-gov-east-1", + "role_arn": null, + "secret_key": null, + "session_name": null, + "shared_credentials_file": null, + "skip_credentials_validation": null, + "skip_metadata_api_check": null, + "skip_region_validation": null, + "sse_customer_key": null, + "sts_endpoint": null, + "token": null, + "workspace_key_prefix": null }, - "modules": [ - { - "path": [ - "root" - ], - "outputs": {}, - "resources": {}, - "depends_on": [] - } - ] -} + "hash": 2363980597 + } +} \ No newline at end of file diff --git a/main.tf b/main.tf index 2a37169..0d4d2c7 100644 --- a/main.tf +++ b/main.tf @@ -1,11 +1,12 @@ + locals { proxy_env_vars = { HTTP_PROXY = "http://proxy.tco.census.gov:3128" NO_PROXY = ".census.gov,169.254.169.254,148.129.*,10.*,172.18.*,172.22.*,172.23.*,172.24.*,172.25.*,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com,.gcr.io,.pkg.dev" HTTPS_PROXY = "http://proxy.tco.census.gov:3128" } - source_repo = "image-pipeline-hello-world" - project_name = "image-pipeline-demo2" + source_repo = "linux-image-pipeline" + project_name = "linux-image-pipeline-demo" environment = "dev" _vpc_config = { vpc_id = "vpc-00576a396ec570b94" @@ -72,7 +73,7 @@ resource "aws_vpc_security_group_ingress_rule" "allow_all_between_self" { } data "aws_codecommit_repository" "ansible" { - repository_name = "image-pipeline-ansible-roles" + repository_name = "image-pipeline-ansible-playbooks" } data "aws_codecommit_repository" "goss" { @@ -83,13 +84,50 @@ data "aws_codecommit_repository" "goss" { module "main" { source = "HappyPathway/image-pipeline/aws" project_name = local.project_name - environment = local.environment source_repo_name = local.source_repo source_repo_branch = "main" builder_image = "aws/codebuild/standard:7.0" - create_new_repo = true + create_new_repo = false + create_new_role = true + create_vpc_endpoint = true + ssh_user = "ec2-user" + playbook = "hello-world.yaml" + terraform_version = "1.8.5" + build_permissions_iam_doc = data.aws_iam_policy_document.s3_access + build_environment_variables = [ + for proxy_var in keys(local.proxy_env_vars) : + { + name=proxy_var, + value=lookup(local.proxy_env_vars, proxy_var), + type = "PLAINTEXT" + } + ] + ansible_repo = data.aws_codecommit_repository.ansible + goss_repo = data.aws_codecommit_repository.goss + goss_profile = "base-test" + state = local.state_config + vpc_config = local.vpc_config + source_ami = "ami-03fadeeea589a106b" + instance_type = "t2.micro" +} + + +module "windows" { + source = "HappyPathway/image-pipeline/aws" + project_name = "windows-image-pipeline-demo" + source_repo_name = "windows-image-pipeline" + source_repo_branch = "main" + builder_image = "aws/codebuild/standard:7.0" + create_new_repo = false create_new_role = true + ssh_user = "ec2-user" + playbook = "hello-world.yaml" + terraform_version = "1.8.5" build_permissions_iam_doc = data.aws_iam_policy_document.s3_access + winrm_credentials = { + username = "Administrator" + password = "DavesAwesomeSauce" + } build_environment_variables = [ for proxy_var in keys(local.proxy_env_vars) : { @@ -103,6 +141,8 @@ module "main" { goss_profile = "base-test" state = local.state_config vpc_config = local.vpc_config + source_ami = "ami-03fadeeea589a106b" + instance_type = "t2.micro" } output iam_arn { @@ -113,3 +153,7 @@ output codebuild_user { value = module.main.build_user.name } +output parameters { + value = keys(module.main.parameters) + sensitive = true +}