upgrade to Terraform 0.13

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-09-26 18:23:01 +02:00 · 2020-09-26 18:23:01 +02:00 · 797c43e2ad
parent cea9813128
commit 797c43e2ad
11 changed files with 100 additions and 96 deletions
--- a/40
+++ b/40
@ -1,5 +1,3 @@
-#!/usr/bin/env bash
-
 OS = $(strip $(shell uname -s))
 ARCH = linux_amd64
 ifeq ($(OS),Darwin)
@ -8,40 +6,20 @@ endif

 PLUGIN_DIR = ~/.terraform.d/plugins

-ANSIBLE_PROVIDER_NAME = terraform-provider-ansible
-ANSIBLE_PROVIDER_VERSION = v1.0.3
-ANSIBLE_PROVIDER_ARCHIVE = $(ANSIBLE_PROVIDER_NAME)-$(ARCH).zip
-ANSIBLE_PROVIDER_URL = https://github.com/nbering/terraform-provider-ansible/releases/download/$(ANSIBLE_PROVIDER_VERSION)/$(ANSIBLE_PROVIDER_ARCHIVE)
-ANSIBLE_PROVIDER_PATH = $(PLUGIN_DIR)/$(ARCH)/$(ANSIBLE_PROVIDER_NAME)_$(ANSIBLE_PROVIDER_VERSION)
-
 ANSIBLE_PROVISIO_NAME = terraform-provisioner-ansible
 ANSIBLE_PROVISIO_VERSION = v2.3.0
 ANSIBLE_PROVISIO_ARCHIVE = $(ANSIBLE_PROVISIO_NAME)-$(subst _,-,$(ARCH))_$(ANSIBLE_PROVISIO_VERSION)
 ANSIBLE_PROVISIO_URL = https://github.com/radekg/terraform-provisioner-ansible/releases/download/$(ANSIBLE_PROVISIO_VERSION)/$(ANSIBLE_PROVISIO_ARCHIVE)
 ANSIBLE_PROVISIO_PATH = $(PLUGIN_DIR)/$(ARCH)/$(ANSIBLE_PROVISIO_NAME)_$(ANSIBLE_PROVISIO_VERSION)

-all: requirements plugins secrets init-terraform
+all: requirements plugins init-terraform
 	@echo "Success!"

-plugins: install-ansible-provider install-ansible-provisioner
+plugins: install-ansible-provisioner

 requirements:
 	ansible-galaxy install --ignore-errors --force -r ansible/requirements.yml

-check-unzip:
-ifeq (, $(shell which unzip))
-	$(error "No unzip in PATH, consider doing apt install unzip")
-endif
-
-install-ansible-provider: check-unzip
-	@if [ ! -e $(ANSIBLE_PROVIDER_PATH) ]; then \
-		mkdir -p $(PLUGIN_DIR); \
-		wget $(ANSIBLE_PROVIDER_URL) -P $(PLUGIN_DIR); \
-		unzip -o $(PLUGIN_DIR)/$(ANSIBLE_PROVIDER_ARCHIVE) -d $(PLUGIN_DIR); \
-	else \
-		echo "Already installed: $(ANSIBLE_PROVIDER_PATH)"; \
-	fi
-
 install-ansible-provisioner:
 	@if [ ! -e $(ANSIBLE_PROVISIO_PATH) ]; then \
 		mkdir -p $(PLUGIN_DIR); \
@ -54,19 +32,5 @@ install-ansible-provisioner:
 init-terraform:
 	terraform init -upgrade=true

-secrets:
-	echo "Saving secrets to: terraform.tfvars"
-	@echo -e "\
-# secrets extracted from password-store\n\
-aws_access_key     = \"$(shell pass cloud/AWS/access-key)\"\n\
-aws_secret_key     = \"$(shell pass cloud/AWS/secret-key)\"\n\
-dap_ps_smtp_user   = \"$(shell pass cloud/AWS/ses/smtp-access-key)\"\n\
-dap_ps_smtp_pass   = \"$(shell pass cloud/AWS/ses/smtp-password)\"\n\
-dap_ps_admin_user  = \"$(shell pass service/dev/app/admin-user)\"\n\
-dap_ps_admin_pass  = \"$(shell pass service/dev/app/admin-pass)\"\n\
-dap_ps_dev_db_uri  = \"$(shell pass service/dev/mongodb/uri)\"\n\
-dap_ps_prod_db_uri = \"$(shell pass service/prod/mongodb/uri)\"\n\
-" > terraform.tfvars
-
 cleanup:
 	rm -r $(PLUGIN_DIR)/$(ARCHIVE)
--- a/dev.tf
+++ b/dev.tf
@ -7,10 +7,10 @@ locals {
    RATE_LIMIT_TIME    = 15 /* ms window */
    RATE_LIMIT_MAX_REQ = 1
    /* Access */
-    ADMIN_USER     = var.dap_ps_admin_user
-    ADMIN_PASSWORD = var.dap_ps_admin_pass
+    ADMIN_USER     = data.pass_password.dap_ps_admin_user.password
+    ADMIN_PASSWORD = data.pass_password.dap_ps_admin_pass.password
    /* Database */
-    DB_CONNECTION = var.dap_ps_dev_db_uri
+    DB_CONNECTION = data.pass_password.dap_ps_dev_db_uri.password
    /* Blockchain */
    BLOCKCHAIN_CONNECTION_POINT      = "wss://ropsten.infura.io/ws/v3/8675214b97b44e96b70d05326c61fd6a"
    DISCOVER_CONTRACT                = "0x9fb115BC152aE21ECDc81c73843673fa38e4D2dB"
@ -19,8 +19,8 @@ locals {
    IPFS_PORT     = 443
    IPFS_PROTOCOL = "https"
    /* Email */
-    EMAIL_USER            = var.dap_ps_smtp_user
-    EMAIL_PASSWORD        = var.dap_ps_smtp_pass
+    EMAIL_USER            = data.pass_password.dap_ps_smtp_user.password
+    EMAIL_PASSWORD        = data.pass_password.dap_ps_smtp_pass.password
    EMAIL_HOST            = "email-smtp.us-east-1.amazonaws.com"
    EMAIL_PORT            = 465
    EMAIL_TLS             = "true"
--- a/main.tf
+++ b/main.tf
@ -2,8 +2,8 @@

 provider "aws" {
  region     = "us-east-1"
-  access_key = var.aws_access_key
-  secret_key = var.aws_secret_key
+  access_key = data.pass_password.aws_access_key.password
+  secret_key = data.pass_password.aws_secret_key.password
 }

 /* DATA -----------------------------------------*/
--- a/modules/aws-eb-env/main.tf
+++ b/modules/aws-eb-env/main.tf
@ -8,7 +8,7 @@ data "aws_availability_zones" "available" {
 }

 module "vpc" {
-  source = "git::https://github.com/cloudposse/terraform-aws-vpc.git?ref=0.8.1"
+  source = "git::https://github.com/cloudposse/terraform-aws-vpc.git?ref=0.17.0"

  namespace  = ""
  stage      = var.stage
@ -17,7 +17,7 @@ module "vpc" {
 }

 module "subnets" {
-  source = "git::https://github.com/cloudposse/terraform-aws-dynamic-subnets.git?ref=0.18.1"
+  source = "git::https://github.com/cloudposse/terraform-aws-dynamic-subnets.git?ref=0.30.0"

  availability_zones      = slice(data.aws_availability_zones.available.names, 0, var.max_availability_zones)
  namespace               = ""
@ -31,7 +31,7 @@ module "subnets" {
 }

 module "eb_application" {
-  source = "git::https://github.com/cloudposse/terraform-aws-elastic-beanstalk-application.git?ref=0.4.0"
+  source = "git::https://github.com/cloudposse/terraform-aws-elastic-beanstalk-application.git?ref=0.7.1"

  name        = local.app_name
  description = "${local.fqdn} application"
@ -40,7 +40,7 @@ module "eb_application" {
 }

 module "eb_environment" {
-  source = "git::https://github.com/cloudposse/terraform-aws-elastic-beanstalk-environment.git?ref=0.17.0"
+  source = "git::https://github.com/cloudposse/terraform-aws-elastic-beanstalk-environment.git?ref=0.30.0"

  description         = "Dapp Discovery Store - ${local.fqdn}"
  name                = local.app_name
--- a/modules/aws-eb-env/versions.tf
+++ b/modules/aws-eb-env/versions.tf
@ -1,3 +1,9 @@
 terraform {
-  required_version = ">= 0.12"
+  required_version = "~> 0.13.3"
+  required_providers {
+    aws = {
+      source = "hashicorp/aws"
+      version = "= 2.46.0"
+    }
+  }
 }
--- a/modules/aws-ec2-instance/main.tf
+++ b/modules/aws-ec2-instance/main.tf
@ -102,7 +102,7 @@ resource "aws_route53_record" "main" {
  type    = "A"
  ttl     = 600
  records = [aws_instance.main[count.index].public_ip]
-  count   = length(aws_instance.main)
+  count   = var.host_count
 }


@ -110,7 +110,7 @@ resource "aws_route53_record" "main" {
 resource "ansible_host" "main" {
  inventory_hostname = aws_instance.main[count.index].tags.Name
  groups             = local.groups
-  count              = length(aws_instance.main)
+  count              = var.host_count

  vars = {
    ansible_host = aws_instance.main[count.index].public_ip
--- a/modules/aws-ec2-instance/versions.tf
+++ b/modules/aws-ec2-instance/versions.tf
@ -0,0 +1,13 @@
+terraform {
+  required_version = "~> 0.13.3"
+  required_providers {
+    aws = {
+      source = "hashicorp/aws"
+      version = "= 2.46.0"
+    }
+    ansible = {
+      source  = "nbering/ansible"
+      version = " = 1.0.4"
+    }
+  }
+}
--- a/prod.tf
+++ b/prod.tf
@ -7,10 +7,10 @@ locals {
    RATE_LIMIT_TIME    = 15 /* ms window */
    RATE_LIMIT_MAX_REQ = 1
    /* Access */
-    ADMIN_USER     = var.dap_ps_admin_user
-    ADMIN_PASSWORD = var.dap_ps_admin_pass
+    ADMIN_USER     = data.pass_password.dap_ps_admin_user.password
+    ADMIN_PASSWORD = data.pass_password.dap_ps_admin_pass.password
    /* Database */
-    DB_CONNECTION = var.dap_ps_prod_db_uri
+    DB_CONNECTION = data.pass_password.dap_ps_prod_db_uri.password
    /* Blockchain */
    BLOCKCHAIN_CONNECTION_POINT      = "wss://mainnet.infura.io/v3/8675214b97b44e96b70d05326c61fd6a"
    DISCOVER_CONTRACT                = "0x5bCF2767F86f14eDd82053bfBfd5069F68C2C5F8"
@ -19,8 +19,8 @@ locals {
    IPFS_PORT     = 443
    IPFS_PROTOCOL = "https"
    /* Email */
-    EMAIL_USER            = var.dap_ps_smtp_user
-    EMAIL_PASSWORD        = var.dap_ps_smtp_pass
+    EMAIL_USER            = data.pass_password.dap_ps_smtp_user.password
+    EMAIL_PASSWORD        = data.pass_password.dap_ps_smtp_pass.password
    EMAIL_HOST            = "email-smtp.us-east-1.amazonaws.com"
    EMAIL_PORT            = 465
    EMAIL_TLS             = "true"
--- a/secrets.tf
+++ b/secrets.tf
@ -0,0 +1,44 @@
+# Uses PASSWORD_STORE_DIR environment variable
+provider "pass" { refresh_store = false }
+
+/* Access key for the AWS API. */
+data "pass_password" "aws_access_key" {
+  path = "cloud/AWS/access-key"
+}
+
+/* Secret key for the AWS API. */
+data "pass_password" "aws_secret_key" {
+  path = "cloud/AWS/secret-key"
+}
+
+/* Name of admin user for Dapp Store application. */
+data "pass_password" "dap_ps_admin_user" {
+  path = "service/dev/app/admin-user"
+}
+
+/* Password for admin user for Dapp Store application. */
+data "pass_password" "dap_ps_admin_pass" {
+  path = "service/dev/app/admin-pass"
+}
+
+/* User for accessing AWS SES SMTP endpoint. */
+data "pass_password" "dap_ps_smtp_user" {
+  path = "cloud/AWS/ses/smtp-access-key"
+}
+
+/* Password for accessing AWS SES SMTP endpoint. */
+data "pass_password" "dap_ps_smtp_pass" {
+  path = "cloud/AWS/ses/smtp-password"
+}
+
+/* An URI for DEV MongoDB database including auth information.
+ * https://docs.mongodb.com/manual/reference/connection-string/ */
+data "pass_password" "dap_ps_dev_db_uri" {
+  path = "service/dev/mongodb/uri"
+}
+
+/* An URI for PROD MongoDB database including auth information.
+ * https://docs.mongodb.com/manual/reference/connection-string/ */
+data "pass_password" "dap_ps_prod_db_uri" {
+  path = "service/prod/mongodb/uri"
+}
--- a/variables.tf
+++ b/variables.tf
@ -1,13 +1,3 @@
-/* REQUIRED -------------------------------------*/
-
-variable "aws_access_key" {
-  description = "Access key for the AWS API."
-}
-
-variable "aws_secret_key" {
-  description = "Secret key for the AWS API."
-}
-
 /* GENERAL --------------------------------------*/

 variable "hosts_subdomain" {
@ -55,32 +45,6 @@ variable "dap_ps_app_bucket_name" {
  default     = "dev-dap-ps-app"
 }

-variable "dap_ps_admin_user" {
-  description = "Name of admin user for Dapp Store application."
-}
-
-variable "dap_ps_admin_pass" {
-  description = "Password for admin user for Dapp Store application."
-}
-
-variable "dap_ps_smtp_user" {
-  description = "User for accessing AWS SES SMTP endpoint."
-}
-
-variable "dap_ps_smtp_pass" {
-  description = "Password for accessing AWS SES SMTP endpoint."
-}
-
-variable "dap_ps_dev_db_uri" {
-  description = "An URI for DEV MongoDB database including auth information."
-  /* https://docs.mongodb.com/manual/reference/connection-string/ */
-}
-
-variable "dap_ps_prod_db_uri" {
-  description = "An URI for PROD MongoDB database including auth information."
-  /* https://docs.mongodb.com/manual/reference/connection-string/ */
-}
-
 /* SES FORWARDER --------------------------------*/

 variable "ses_forwarder_bucket_name" {
@ -92,4 +56,3 @@ variable "ses_forwarder_admin_account_arn" {
  description = "Name of bucket to use for storing forwarded emails"
  default     = "arn:aws:iam::760668534108:user/jakubgs"
 }
-
--- a/versions.tf
+++ b/versions.tf
@ -1,7 +1,21 @@

 terraform {
-  required_version = ">= 0.12"
+  required_version = "~> 0.13.3"
  required_providers {
-    aws   = "= 2.44.0"
+    aws = {
+      source  = "hashicorp/aws"
+      version = "= 2.46.0"
+    }
+    ansible = {
+      source  = "nbering/ansible"
+      version = " = 1.0.4"
+    }
+    pass = {
+      source  = "camptocamp/pass"
+      version = " = 1.4.0"
+    }
+    archive = {
+      source = "hashicorp/archive"
+    }
  }
 }