Merge pull request #12 from sjmiller609/master

Adding drone pipeline

.drone.yml

@@ -0,0 +1,125 @@
+kind: pipeline
+name: terraform-aws-astronomer-aws
+
+steps:
+
+- name: lint
+  image: hashicorp/terraform:light
+  commands:
+    - cp providers.tf.example providers.tf
+    - terraform init
+    - terraform fmt -check=true
+    - terraform validate -var "deployment_id=validate" -var "route53_domain=validate-fake.com" -var "admin_email=fake@mailinator.com"
+    - |
+      for example in $(find examples -maxdepth 1 -mindepth 1 -type d); do
+      cp providers.tf $example
+      cd $example
+      echo $example
+      terraform init
+      terraform fmt -check=true
+      terraform validate -var "deployment_id=citest"
+      cd -
+      done
+    - terraform -v
+  when:
+    event:
+      - pull_request
+      - push
+
+- name: from_scratch
+  image: hashicorp/terraform:light
+  depends_on:
+    - lint
+  environment:
+    AWS_ACCESS_KEY_ID:
+      from_secret: AWS_ACCESS_KEY_ID
+    AWS_SECRET_ACCESS_KEY:
+      from_secret: AWS_SECRET_ACCESS_KEY
+  commands:
+    - cp providers.tf.example examples/from_scratch/providers.tf
+    - cp backend.tf.example examples/from_scratch/backend.tf
+    - cd examples/from_scratch
+    - sed -i "s/REPLACE/$DRONE_BUILD_NUMBER/g" backend.tf
+    - terraform init
+    - terraform apply --auto-approve -var "deployment_id=fromscratch$DRONE_BUILD_NUMBER"
+    - terraform -v
+  when:
+    event:
+      - push
+    branch:
+      - master
+
+- name: from_scratch_cleanup
+  depends_on:
+    - from_scratch
+  image: hashicorp/terraform:light
+  environment:
+    AWS_ACCESS_KEY_ID:
+      from_secret: AWS_ACCESS_KEY_ID
+    AWS_SECRET_ACCESS_KEY:
+      from_secret: AWS_SECRET_ACCESS_KEY
+  commands:
+    - cp providers.tf.example examples/from_scratch/providers.tf
+    - cp backend.tf.example examples/from_scratch/backend.tf
+    - cd examples/from_scratch
+    - sed -i "s/REPLACE/$DRONE_BUILD_NUMBER/g" backend.tf
+    - terraform init
+    - terraform destroy --auto-approve -var "deployment_id=fromscratch$DRONE_BUILD_NUMBER" -refresh=false
+    - terraform -v
+  when:
+    event:
+      - push
+    status:
+      - failure
+      - success
+    branch:
+      - master
+
+- name: into_subnets
+  image: hashicorp/terraform:light
+  depends_on:
+    - lint
+  environment:
+    AWS_ACCESS_KEY_ID:
+      from_secret: AWS_ACCESS_KEY_ID
+    AWS_SECRET_ACCESS_KEY:
+      from_secret: AWS_SECRET_ACCESS_KEY
+  commands:
+    - cp providers.tf.example examples/into_existing_subnets/providers.tf
+    - cp backend.tf.example examples/into_existing_subnets/backend.tf
+    - cd examples/into_existing_subnets
+    - sed -i "s/REPLACE/$DRONE_BUILD_NUMBERintosubnets/g" backend.tf
+    - terraform init
+    - terraform apply --auto-approve -var "deployment_id=intosubnets$DRONE_BUILD_NUMBER"
+    - terraform -v
+  when:
+    event:
+      - push
+    branch:
+      - master
+
+- name: into_subnets_cleanup
+  depends_on:
+    - into_subnets
+  image: hashicorp/terraform:light
+  environment:
+    AWS_ACCESS_KEY_ID:
+      from_secret: AWS_ACCESS_KEY_ID
+    AWS_SECRET_ACCESS_KEY:
+      from_secret: AWS_SECRET_ACCESS_KEY
+  commands:
+    - cp providers.tf.example examples/into_existing_subnets/providers.tf
+    - cp backend.tf.example examples/into_existing_subnets/backend.tf
+    - cd examples/into_existing_subnets
+    - sed -i "s/REPLACE/$DRONE_BUILD_NUMBERintosubnets/g" backend.tf
+    - terraform init
+    - terraform destroy --auto-approve -var "deployment_id=intosubnets$DRONE_BUILD_NUMBER" -refresh=false
+    - terraform -v
+  when:
+    event:
+      - push
+    status:
+      - failure
+      - success
+    branch:
+      - master

.gitignore

@@ -20,3 +20,4 @@ config-map*
 *.log
 *.tfvars*
 *.zip
+examples/*/.terraform

README.md

@@ -1,5 +1,7 @@
 # Terraform Module for Astronomer for AWS
 
+[![Build Status](https://cloud.drone.io/api/badges/astronomer/terraform-aws-astronomer-aws/status.svg)](https://cloud.drone.io/astronomer/terraform-aws-astronomer-aws)
+
 [Terraform](https://www.terraform.io/) is a simple and powerful tool that lets us write, plan and create infrastructure as code. This code will allow you to efficiently provision the infrastructure required to run the Astronomer platform.
 
 ## Features

backend.tf.example

@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 0.12"
+  backend "s3" {
+    bucket         = "ci-terraform-state-astronomer"
+    key            = "REPLACE/terraform.tfstate"
+    region         = "us-east-1"
+    encrypt        = true
+  }
+}

db.tf

@@ -1,5 +1,5 @@
 resource "random_id" "db_name_suffix" {
-  byte_length = 4
+  byte_length = 8
 }
 
 resource "random_string" "postgres_airflow_password" {
@@ -14,7 +14,7 @@ module "aurora" {
   version = "2.2.0"
   source  = "terraform-aws-modules/rds-aurora/aws"
   # source         = "./modules/terraform-aws-rds-aurora"
-  name           = "${var.deployment_id}-astrodb-${random_id.db_name_suffix.hex}"
+  name           = "astrodb-${random_id.db_name_suffix.hex}"
   engine         = "aurora-postgresql"
   engine_version = "10.6"
 

examples/from_scratch/main.tf

@@ -0,0 +1,16 @@
+variable deployment_id {}
+
+# this is how the module can be called 
+# if you want to create a VPC and the subnets
+# from scratch.
+module "astronomer_aws_with_vpc" {
+  source = "../.."
+  # you should use the following commented lines, not
+  # the above "../.." if you want to consume this remotely
+  # source  = "astronomer/astronomer-aws/aws"
+  # version = "<fill me in>" # Look here https://registry.terraform.io/modules/astronomer/astronomer-aws/aws
+  deployment_id  = var.deployment_id
+  admin_email    = "steven@astronomer.io"
+  route53_domain = "astronomer-development.com"
+  management_api = "public"
+}

examples/into_existing_subnets/main.tf

@@ -0,0 +1,38 @@
+variable deployment_id {}
+
+# This is a sample vpc configuration
+# you may choose to use your own, existing
+# VPC.
+module "vpc" {
+
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "2.5.0"
+
+  name = "simple-example"
+
+  cidr = "10.0.0.0/16"
+
+  azs             = ["us-east-1a", "us-east-1b", "us-east-1c"]
+  private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
+  public_subnets  = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
+
+  assign_generated_ipv6_cidr_block = true
+
+  enable_nat_gateway = true
+  single_nat_gateway = true
+
+}
+
+# this is how the module can be called if you
+# want to deploy into a set of existing, private subnets
+module "astronomer_aws_in_specific_subnet" {
+  # same idea above - use a different 'source', and specify 'version'
+  source         = "../.."
+  deployment_id  = var.deployment_id
+  admin_email    = "steven@astronomer.io"
+  route53_domain = "astronomer-development.com"
+  management_api = "public"
+
+  vpc_id          = module.vpc.vpc_id
+  private_subnets = module.vpc.private_subnets
+}

locals.tf

@@ -3,23 +3,27 @@ resource "random_string" "suffix" {
   special = false
 }
 
+data aws_region current {}
+
 locals {
-  cluster_name = "${var.deployment_id}-astronomer-${random_string.suffix.result}"
+  cluster_name = "astronomer-${random_string.suffix.result}"
 
   postgres_airflow_password = var.postgres_airflow_password == "" ? random_string.postgres_airflow_password[0].result : var.postgres_airflow_password
 
-  azs = ["${var.aws_region}a", "${var.aws_region}b"]
+  azs = ["${local.region}a", "${local.region}b"]
 
   vpc_id = "${var.vpc_id == "" ? module.vpc.vpc_id : var.vpc_id}"
 
   private_subnets = "${var.vpc_id == "" ? module.vpc.private_subnets : var.private_subnets}"
 
   public_subnets = "${var.vpc_id == "" ? module.vpc.public_subnets : var.public_subnets}"
 
+  region = data.aws_region.current.name
+
   tags = merge(
     var.tags,
     map(
-      "Deployment ID", "${var.deployment_id}"
+      "Deployment ID", var.deployment_id
     )
   )
 }

peer.tf

@@ -4,6 +4,6 @@ resource "null_resource" "peer_with_customer" {
   provisioner "local-exec" {
     working_dir = "${path.module}"
 
-    command = "python3 files/peer_vpc.py ${var.peer_account_id} ${var.peer_vpc_id} ${var.aws_region} ${module.vpc.vpc_id} ${join(" ", local.private_subnets)} >> ${path.root}/peering.log"
+    command = "python3 files/peer_vpc.py ${var.peer_account_id} ${var.peer_vpc_id} ${local.region} ${module.vpc.vpc_id} ${join(" ", local.private_subnets)} >> ${path.root}/peering.log"
   }
 }

test/providers.tf → providers.tf.example

@@ -1,8 +1,7 @@
-provider "acme" {
-  server_url = "https://acme-staging-v02.api.letsencrypt.org/directory"
-}
-
 provider "aws" {
-  region  = "us-east-1"
+  region = "us-east-1"
 }
 
+provider "acme" {
+  server_url = "https://acme-staging-v02.api.letsencrypt.org/directory"
+}

variables.tf

@@ -17,6 +17,11 @@ variable "route53_domain" {
   type        = string
 }
 
+variable "admin_email" {
+  description = "An email address that will be used to create the let's encrypt cert"
+  type        = string
+}
+
 variable "cluster_version" {
   default = "1.12"
   type    = string
@@ -40,22 +45,12 @@ variable "public_subnets" {
   description = "This variable does nothing unless vpc_id is also set. Specify the subnet ID(s) (you probably only want one) in the bastion will be deployed. This is not needed unless you are enabling the bastion host."
 }
 
-variable "admin_email" {
-  description = "An email address that will be used to create the let's encrypt cert"
-  type        = string
-}
-
 variable "postgres_airflow_password" {
   default     = ""
   description = "The password for the 'airflow' user in postgres. If blank, will be auto-generated"
   type        = string
 }
 
-variable "aws_region" {
-  default = "us-east-1"
-  type    = string
-}
-
 variable "max_cluster_size" {
   default = "8"
   type    = string