From 74d6081ad0a2cc54cb17d11b829dfa4adad23f1a Mon Sep 17 00:00:00 2001 From: anniehedgpeth Date: Wed, 20 Sep 2023 15:54:37 -0600 Subject: [PATCH 1/8] add support for FDO deployments --- .github/workflows/handler-destroy.yml | 362 ++++++++++--------- main.tf | 120 +++++- modules/vm/main.tf | 28 +- modules/vm/variables.tf | 35 +- outputs.tf | 8 +- tests/active-active-rhel7-proxy/main.tf | 8 + tests/active-active-rhel7-proxy/outputs.tf | 14 +- tests/active-active-rhel7-proxy/variables.tf | 30 ++ tests/private-active-active/main.tf | 8 + tests/private-active-active/outputs.tf | 20 +- tests/private-active-active/variables.tf | 30 ++ tests/private-tcp-active-active/main.tf | 9 + tests/private-tcp-active-active/outputs.tf | 11 +- tests/private-tcp-active-active/variables.tf | 31 +- tests/public-active-active/main.tf | 8 + tests/public-active-active/outputs.tf | 2 +- tests/public-active-active/variables.tf | 34 +- tests/standalone-vault/main.tf | 8 + tests/standalone-vault/outputs.tf | 6 + tests/standalone-vault/variables.tf | 30 ++ variables.tf | 212 ++++++----- 21 files changed, 684 insertions(+), 330 deletions(-) diff --git a/.github/workflows/handler-destroy.yml b/.github/workflows/handler-destroy.yml index 47c70be3..a2cd7ff3 100644 --- a/.github/workflows/handler-destroy.yml +++ b/.github/workflows/handler-destroy.yml @@ -5,177 +5,209 @@ on: types: - destroy-command +env: + AWS_DEFAULT_REGION: us-east-2 + jobs: + active_active_rhel7_proxy: + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@ah/tf-5370 + secrets: inherit + name: Destroy resources from AWS Active/Active RHEL7 Proxy + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'active-active-rhel7-proxy') }} + with: + cloud: AWS + test_name: Active/Active RHEL7 Proxy + utility_test: false + is_legacy_deployment: false + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/active-active-rhel7-proxy + TFC_token_secret_name: ACTIVE_ACTIVE_RHEL7_PROXY_TFC_TOKEN + TFC_workspace_substitution_pattern: 's/terraform {/terraform {\n\ + backend "remote" {\n\ + organization = "terraform-enterprise-modules-test"\n\ + workspaces {\n\ + name = "aws-active-active-rhel7-proxy"\n\ + }\n\ + }\n/' + public_active_active: - name: Destroy resources from Public Active/Active + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@ah/tf-5370 + secrets: inherit + name: Destroy resources from AWS Public Active/Active if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'public-active-active') }} - runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: write - env: - WORK_DIR_PATH: ./tests/public-active-active - AWS_DEFAULT_REGION: us-east-2 - steps: - - name: Create URL to the run output - id: vars - run: echo ::set-output name=run-url::https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID - - # Checkout the branch of the pull request being tested - - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - with: - repository: ${{ github.event.client_payload.pull_request.head.repo.full_name }} - ref: ${{ github.event.client_payload.pull_request.head.sha }} - token: ${{ secrets.GITHUB_TOKEN }} - persist-credentials: false - - - name: Setup Terraform - uses: hashicorp/setup-terraform@v1 - with: - cli_config_credentials_hostname: 'app.terraform.io' - cli_config_credentials_token: ${{ secrets.PUBLIC_ACTIVE_ACTIVE_TFC_TOKEN }} - terraform_version: 0.14.8 - terraform_wrapper: true - - - name: Terraform Init - id: init - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform init -input=false -no-color - - - name: Terraform Destroy - id: destroy - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform destroy -auto-approve -input=false -no-color - - - name: Update comment - if: ${{ always() }} - uses: peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d # v2.1.1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - repository: ${{ github.event.client_payload.github.payload.repository.full_name }} - comment-id: ${{ github.event.client_payload.github.payload.comment.id }} - body: | - ${{ format('### {0} Terraform Public Active/Active Destruction Report', job.status == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format(':link: [Action Summary Page]({0})', steps.vars.outputs.run-url) }} - - ${{ format('- {0} Terraform Init', steps.init.outcome == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format('- {0} Terraform Destroy', steps.destroy.outcome == 'success' && ':white_check_mark:' || ':x:') }} + with: + cloud: AWS + test_name: Public Active/Active + utility_test: false + is_legacy_deployment: false + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/public-active-active + TFC_token_secret_name: PUBLIC_ACTIVE_ACTIVE_TFC_TOKEN private_active_active: - name: Destroy resources from Private Active/Active + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@ah/tf-5370 + secrets: inherit + name: Destroy resources from AWS Private Active/Active if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'private-active-active') }} - runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: write - env: - WORK_DIR_PATH: ./tests/private-active-active - AWS_DEFAULT_REGION: us-east-2 - steps: - - name: Create URL to the run output - id: vars - run: echo ::set-output name=run-url::https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID - - # Checkout the branch of the pull request being tested - - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - with: - repository: ${{ github.event.client_payload.pull_request.head.repo.full_name }} - ref: ${{ github.event.client_payload.pull_request.head.sha }} - token: ${{ secrets.GITHUB_TOKEN }} - persist-credentials: false - - - name: Setup Terraform - uses: hashicorp/setup-terraform@v1 - with: - cli_config_credentials_hostname: 'app.terraform.io' - cli_config_credentials_token: ${{ secrets.PRIVATE_ACTIVE_ACTIVE_TFC_TOKEN }} - terraform_version: 0.14.8 - terraform_wrapper: true - - - name: Terraform Init - id: init - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform init -input=false -no-color - - - name: Terraform Destroy - id: destroy - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform destroy -auto-approve -input=false -no-color - - - name: Update comment - if: ${{ always() }} - uses: peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d # v2.1.1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - repository: ${{ github.event.client_payload.github.payload.repository.full_name }} - comment-id: ${{ github.event.client_payload.github.payload.comment.id }} - body: | - ${{ format('### {0} Terraform Private Active/Active Destruction Report', job.status == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format(':link: [Action Summary Page]({0})', steps.vars.outputs.run-url) }} - - ${{ format('- {0} Terraform Init', steps.init.outcome == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format('- {0} Terraform Destroy', steps.destroy.outcome == 'success' && ':white_check_mark:' || ':x:') }} + with: + cloud: AWS + test_name: Private Active/Active + utility_test: false + is_legacy_deployment: false + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/private-active-active + TFC_token_secret_name: PRIVATE_ACTIVE_ACTIVE_TFC_TOKEN private_tcp_active_active: - name: Destroy resources from Private TCP Active/Active + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@ah/tf-5370 + secrets: inherit + name: Destroy resources from AWS Private TCP Active/Active if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'private-tcp-active-active') }} - runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: write - env: - WORK_DIR_PATH: ./tests/private-tcp-active-active - AWS_DEFAULT_REGION: us-east-2 - steps: - - name: Create URL to the run output - id: vars - run: echo ::set-output name=run-url::https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID - - # Checkout the branch of the pull request being tested - - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - with: - repository: ${{ github.event.client_payload.pull_request.head.repo.full_name }} - ref: ${{ github.event.client_payload.pull_request.head.sha }} - token: ${{ secrets.GITHUB_TOKEN }} - persist-credentials: false - - - name: Setup Terraform - uses: hashicorp/setup-terraform@v1 - with: - cli_config_credentials_hostname: 'app.terraform.io' - cli_config_credentials_token: ${{ secrets.PRIVATE_TCP_ACTIVE_ACTIVE_TFC_TOKEN }} - terraform_version: 0.14.8 - terraform_wrapper: true - - - name: Terraform Init - id: init - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform init -input=false -no-color - - - name: Terraform Destroy - id: destroy - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform destroy -auto-approve -input=false -no-color - - - name: Update comment - if: ${{ always() }} - uses: peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d # v2.1.1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - repository: ${{ github.event.client_payload.github.payload.repository.full_name }} - comment-id: ${{ github.event.client_payload.github.payload.comment.id }} - body: | - ${{ format('### {0} Terraform Private TCP Active/Active Destruction Report', job.status == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format(':link: [Action Summary Page]({0})', steps.vars.outputs.run-url) }} - - ${{ format('- {0} Terraform Init', steps.init.outcome == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format('- {0} Terraform Destroy', steps.destroy.outcome == 'success' && ':white_check_mark:' || ':x:') }} + with: + cloud: AWS + test_name: Private TCP Active/Active + utility_test: false + is_legacy_deployment: false + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/private-tcp-active-active + TFC_token_secret_name: PRIVATE_TCP_ACTIVE_ACTIVE_TFC_TOKEN + + standalone_vault: + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@ah/tf-5370 + secrets: inherit + name: Destroy resources from AWS Standalone Vault + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'standalone-vault') }} + with: + cloud: AWS + test_name: Standalone Vault + utility_test: false + is_legacy_deployment: false + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/standalone-vault + TFC_token_secret_name: STANDALONE_VAULT_TFC_TOKEN + TFC_workspace_substitution_pattern: 's/terraform {/terraform {\n\ + backend "remote" {\n\ + organization = "terraform-enterprise-modules-test"\n\ + workspaces {\n\ + name = "aws-standalone-vault"\n\ + }\n\ + }\n/' + + active_active_rhel7_proxy_legacy: + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@ah/tf-5370 + secrets: inherit + name: Destroy resources from AWS Active/Active RHEL7 Proxy (Legacy) + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'active-active-rhel7-proxy-legacy') }} + with: + cloud: AWS + test_name: Active/Active RHEL7 Proxy (Legacy) + utility_test: false + is_legacy_deployment: true + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/active-active-rhel7-proxy + TFC_token_secret_name: ACTIVE_ACTIVE_RHEL7_PROXY_LEGACY_TFC_TOKEN + TFC_workspace_substitution_pattern: 's/terraform {/terraform {\n\ + backend "remote" {\n\ + organization = "terraform-enterprise-modules-test"\n\ + workspaces {\n\ + name = "aws-active-active-rhel7-proxy-legacy"\n\ + }\n\ + }\n/' + + public_active_active_legacy: + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@ah/tf-5370 + secrets: inherit + name: Destroy resources from AWS Public Active/Active (Legacy) + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'public-active-active-legacy') }} + with: + cloud: AWS + test_name: Public Active/Active (Legacy) + utility_test: false + is_legacy_deployment: true + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/public-active-active + TFC_token_secret_name: PUBLIC_ACTIVE_ACTIVE_LEGACY_TFC_TOKEN + TFC_workspace_substitution_pattern: s/aws-public-active-active/aws-public-active-active-legacy/ + + + private_active_active_legacy: + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@ah/tf-5370 + secrets: inherit + name: Destroy resources from AWS Private Active/Active (Legacy) + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'private-active-active-legacy') }} + with: + cloud: AWS + test_name: Private Active/Active (Legacy) + utility_test: false + is_legacy_deployment: true + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/private-active-active + TFC_token_secret_name: PRIVATE_ACTIVE_ACTIVE_LEGACY_TFC_TOKEN + TFC_workspace_substitution_pattern: s/aws-private-active-active/aws-private-active-active-legacy/ + + + private_tcp_active_active_legacy: + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@ah/tf-5370 + secrets: inherit + name: Destroy resources from AWS Private TCP Active/Active (Legacy) + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'private-tcp-active-active-legacy') }} + with: + cloud: AWS + test_name: Private TCP Active/Active (Legacy) + utility_test: false + is_legacy_deployment: true + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/private-tcp-active-active + TFC_token_secret_name: PRIVATE_TCP_ACTIVE_ACTIVE_LEGACY_TFC_TOKEN + TFC_workspace_substitution_pattern: s/aws-private-tcp-active-active/aws-private-tcp-active-active-legacy/ + + standalone_vault_legacy: + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@ah/tf-5370 + secrets: inherit + name: Destroy resources from AWS Standalone Vault (Legacy) + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'public-active-active-legacy') }} + with: + cloud: AWS + test_name: Standalone Vault (Legacy) + utility_test: false + is_legacy_deployment: true + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/standalone-vault + TFC_token_secret_name: STANDALONE_VAULT_LEGACY_TFC_TOKEN + TFC_workspace_substitution_pattern: 's/terraform {/terraform {\n\ + backend "remote" {\n\ + organization = "terraform-enterprise-modules-test"\n\ + workspaces {\n\ + name = "aws-standalone-vault-legacy"\n\ + }\n\ + }\n/' diff --git a/main.tf b/main.tf index 55d918a3..bcd44788 100644 --- a/main.tf +++ b/main.tf @@ -45,7 +45,6 @@ module "service_accounts" { # AWS S3 Bucket Object Storage # ----------------------------------------------------------------------------- module "object_storage" { - count = local.enable_object_storage_module ? 1 : 0 source = "./modules/object_storage" @@ -58,8 +57,7 @@ module "object_storage" { # AWS Virtual Private Cloud Networking # ----------------------------------------------------------------------------- module "networking" { - count = var.deploy_vpc ? 1 : 0 - + count = var.deploy_vpc ? 1 : 0 source = "./modules/networking" friendly_name_prefix = var.friendly_name_prefix @@ -73,8 +71,7 @@ module "networking" { # ----------------------------------------------------------------------------- module "redis" { source = "./modules/redis" - - count = local.enable_redis_module ? 1 : 0 + count = local.enable_redis_module ? 1 : 0 active_active = local.active_active friendly_name_prefix = var.friendly_name_prefix @@ -99,8 +96,7 @@ module "redis" { # ----------------------------------------------------------------------------- module "database" { source = "./modules/database" - - count = local.enable_database_module ? 1 : 0 + count = local.enable_database_module ? 1 : 0 db_size = var.db_size db_backup_retention = var.db_backup_retention @@ -114,11 +110,101 @@ module "database" { kms_key_arn = local.kms_key_arn } -# ----------------------------------------------------------------------------- -# TFE and Replicated settings to pass to the tfe_init module -# ----------------------------------------------------------------------------- +# ------------------------------------------------------------------------------------ +# Docker Compose File Config for TFE on instance(s) using Flexible Deployment Options +# ------------------------------------------------------------------------------------ +module "docker_compose_config" { + source = "git::https://github.com/hashicorp/terraform-random-tfe-utility//modules/docker_compose_config?ref=ah/tf-5370" + count = var.is_legacy_deployment ? 0 : 1 + + hostname = local.fqdn + tfe_license = var.hc_license + license_reporting_opt_out = var.license_reporting_opt_out + operational_mode = var.operational_mode + cert_file = var.tls_bootstrap_cert_pathname + key_file = var.tls_bootstrap_key_pathname + tfe_image = var.tfe_image + tls_ca_bundle_file = var.tls_ca_bundle_file + tls_ciphers = var.tls_ciphers + tls_version = var.tls_version + run_pipeline_image = var.run_pipeline_image + capacity_concurrency = var.capacity_concurrency + capacity_cpu = var.capacity_cpu + capacity_memory = var.capacity_memory + iact_subnets = join(",", var.iact_subnet_list) + iact_time_limit = var.iact_subnet_time_limit + + database_name = local.database.name + database_user = local.database.user + database_password = local.database.password + database_host = local.database.host + database_parameters = local.database.parameters + + storage_type = "s3" + s3_access_key_id = var.aws_access_key_id + s3_secret_access_key = var.aws_secret_access_key + s3_bucket = local.object_storage.s3_bucket.id + s3_region = data.aws_region.current.name + s3_endpoint = var.s3_endpoint + s3_server_side_encryption = "aws:kms" + s3_server_side_encryption_kms_key_id = local.kms_key_arn + s3_use_instance_profile = var.aws_access_key_id == null ? "1" : "0" + + redis_host = local.redis.hostname + redis_user = "" + redis_password = local.redis.password + redis_use_tls = local.redis.use_tls + redis_use_auth = local.redis.use_password_auth + + vault_address = var.extern_vault_addr + vault_namespace = var.extern_vault_namespace + vault_path = var.extern_vault_path + vault_role_id = var.extern_vault_role_id + vault_secret_id = var.extern_vault_secret_id +} + +# -------------------------------------------------------------------------------------------------- +# AWS cloud init used to install and configure TFE on instance(s) using Flexible Deployment Options +# -------------------------------------------------------------------------------------------------- +module "tfe_init_fdo" { + source = "git::https://github.com/hashicorp/terraform-random-tfe-utility//modules/tfe_init?ref=ah/tf-5370" + count = var.is_legacy_deployment ? 0 : 1 + + cloud = "aws" + operational_mode = var.operational_mode + custom_image_tag = var.custom_image_tag + enable_monitoring = var.enable_monitoring + + disk_path = local.enable_disk ? var.disk_path : null + disk_device_name = local.enable_disk ? var.ebs_renamed_device_name : null + distribution = var.distribution + + ca_certificate_secret_id = var.ca_certificate_secret_id == null ? null : var.ca_certificate_secret_id + certificate_secret_id = var.vm_certificate_secret_id == null ? null : var.vm_certificate_secret_id + key_secret_id = var.vm_key_secret_id == null ? null : var.vm_key_secret_id + + proxy_ip = var.proxy_ip + proxy_port = var.proxy_port + extra_no_proxy = concat([ + "127.0.0.1", + "169.254.169.254", + ".aws.ce.redhat.com", + "secretsmanager.${data.aws_region.current.name}.amazonaws.com", + local.fqdn, + var.network_cidr + ], var.no_proxy) + + registry_username = var.registry_username + registry_password = var.registry_password + docker_compose_yaml = module.docker_compose_config[0].docker_compose_yaml +} + +# ---------------------------------------------------------------------------------------- +# TFE and Replicated settings to pass to the tfe_init_legacy module for legacy deployment +# ---------------------------------------------------------------------------------------- module "settings" { - source = "git::https://github.com/hashicorp/terraform-random-tfe-utility//modules/settings?ref=main" + source = "git::https://github.com/hashicorp/terraform-random-tfe-utility//modules/settings?ref=ah/tf-5370" + count = var.is_legacy_deployment ? 1 : 0 # TFE Base Configuration consolidated_services = var.consolidated_services @@ -187,16 +273,16 @@ module "settings" { # ----------------------------------------------------------------------------- # AWS user data / cloud init used to install and configure TFE on instance(s) # ----------------------------------------------------------------------------- -module "tfe_init" { - source = "git::https://github.com/hashicorp/terraform-random-tfe-utility//modules/tfe_init?ref=main" +module "tfe_init_legacy" { + source = "git::https://github.com/hashicorp/terraform-random-tfe-utility//modules/tfe_init_legacy?ref=ah/tf-5370" # TFE & Replicated Configuration data cloud = "aws" disk_path = local.enable_disk ? var.disk_path : null disk_device_name = local.enable_disk ? var.ebs_renamed_device_name : null distribution = var.distribution - tfe_configuration = module.settings.tfe_configuration - replicated_configuration = module.settings.replicated_configuration + tfe_configuration = module.settings[0].tfe_configuration + replicated_configuration = module.settings[0].replicated_configuration airgap_url = var.airgap_url # Secrets @@ -253,6 +339,7 @@ module "vm" { asg_tags = var.asg_tags default_ami_id = local.default_ami_id enable_disk = local.enable_disk + enable_ssh = var.enable_ssh ebs_device_name = var.ebs_device_name ebs_volume_size = var.ebs_volume_size ebs_volume_type = var.ebs_volume_type @@ -261,9 +348,10 @@ module "vm" { friendly_name_prefix = var.friendly_name_prefix key_name = var.key_name instance_type = var.instance_type + is_legacy_deployment = var.is_legacy_deployment network_id = local.network_id network_subnets_private = local.network_private_subnets network_private_subnet_cidrs = local.network_private_subnet_cidrs node_count = var.node_count - user_data_base64 = module.tfe_init.tfe_userdata_base64_encoded + user_data_base64 = var.is_legacy_deployment ? module.tfe_init_legacy[0].tfe_userdata_base64_encoded : module.tfe_init_fdo[0].tfe_userdata_base64_encoded } diff --git a/modules/vm/main.tf b/modules/vm/main.tf index 5b3ee0fa..72571bc7 100644 --- a/modules/vm/main.tf +++ b/modules/vm/main.tf @@ -19,6 +19,30 @@ resource "aws_security_group_rule" "tfe_ui" { cidr_blocks = var.aws_lb == null ? var.network_private_subnet_cidrs : null } +resource "aws_security_group_rule" "vault_cluster" { + count = var.active_active && !var.is_legacy_deployment ? 1 : 0 + + security_group_id = aws_security_group.tfe_instance.id + type = "ingress" + from_port = 8201 + to_port = 8201 + protocol = "tcp" + source_security_group_id = var.aws_lb + cidr_blocks = var.aws_lb == null ? var.network_private_subnet_cidrs : null +} + +resource "aws_security_group_rule" "ssh_inbound" { + count = var.enable_ssh ? 1 : 0 + + security_group_id = aws_security_group.tfe_instance.id + type = "ingress" + from_port = 22 + to_port = 22 + protocol = "tcp" + source_security_group_id = var.aws_lb + cidr_blocks = var.aws_lb == null ? var.network_private_subnet_cidrs : null +} + resource "aws_security_group_rule" "tfe_inbound" { security_group_id = aws_security_group.tfe_instance.id type = "ingress" @@ -38,7 +62,7 @@ resource "aws_security_group_rule" "tfe_outbound" { } resource "aws_security_group_rule" "tfe_dashboard" { - count = var.active_active ? 0 : 1 + count = !var.active_active || var.is_legacy_deployment ? 1 : 0 security_group_id = aws_security_group.tfe_instance.id type = "ingress" from_port = 8800 @@ -95,7 +119,7 @@ resource "aws_autoscaling_group" "tfe_asg" { max_size = var.node_count desired_capacity = var.node_count vpc_zone_identifier = var.network_subnets_private - target_group_arns = var.active_active ? [var.aws_lb_target_group_tfe_tg_443_arn] : [ + target_group_arns = var.active_active || !var.is_legacy_deployment ? [var.aws_lb_target_group_tfe_tg_443_arn] : [ var.aws_lb_target_group_tfe_tg_8800_arn, var.aws_lb_target_group_tfe_tg_443_arn, ] diff --git a/modules/vm/variables.tf b/modules/vm/variables.tf index 14b9550a..7e81463a 100644 --- a/modules/vm/variables.tf +++ b/modules/vm/variables.tf @@ -12,26 +12,17 @@ variable "user_data_base64" { } variable "aws_lb" { - description = <<-EOD - The identity of the security group attached to the load balancer which will be - authorized to communicate with the TFE EC2 instance(s). - EOD + description = "The identity of the security group attached to the load balancer which will be authorized to communicate with the TFE EC2 instance(s)." type = string } variable "aws_lb_target_group_tfe_tg_443_arn" { - description = <<-EOD - The Amazon Resource Name of the load balancer target group for traffic on port - 443 which will be backed by the TFE EC2 autoscaling group. - EOD + description = "The Amazon Resource Name of the load balancer target group for traffic on port 443 which will be backed by the TFE EC2 autoscaling group." type = string } variable "aws_lb_target_group_tfe_tg_8800_arn" { - description = <<-EOD - The Amazon Resource Name of the load balancer target group for traffic on port - 8800 which will be backed by the TFE EC2 autoscaling group. - EOD + description = "The Amazon Resource Name of the load balancer target group for traffic on port 8800 which will be backed by the TFE EC2 autoscaling group." type = string } @@ -46,9 +37,7 @@ variable "network_id" { } variable "network_subnets_private" { - description = <<-EOD - A list of the identities of the private subnetworks in which the EC2 autoscaling group will be deployed. - EOD + description = "A list of the identities of the private subnetworks in which the EC2 autoscaling group will be deployed." type = list(string) } @@ -67,11 +56,21 @@ variable "ami_id" { description = "AMI ID to use for TFE instances" } +variable "enable_ssh" { + type = bool + description = "Whether to open port 22 on the TFE instance for SSH access." +} + variable "friendly_name_prefix" { type = string description = "(Required) Friendly name prefix used for tagging and naming AWS resources." } +variable "is_legacy_deployment" { + type = bool + description = "TFE will be installed using a Replicated license and deployment method." +} + variable "node_count" { type = number description = "The number of nodes you want in your autoscaling group (1 for standalone, 2 for active-active configuration)" @@ -79,11 +78,7 @@ variable "node_count" { variable "asg_tags" { type = map(string) - description = <." description = "Login URL to setup the TFE instance once it is initialized" } output "replicated_console_url" { - value = "https://${local.fqdn}:8800/" - description = "The URL of the Terraform Enterprise administration console." + value = var.is_legacy_deployment ? "https://${local.fqdn}:8800/" : "FDO deployments do not have a console." + description = "The URL of the Terraform Enterprise Replicated administration console." } output "tfe_url" { @@ -84,7 +84,7 @@ output "tfe_autoscaling_group" { } output "replicated_dashboard_password" { - value = module.settings.replicated_configuration.DaemonAuthenticationPassword + value = var.is_legacy_deployment ? module.settings[0].replicated_configuration.DaemonAuthenticationPassword : "This is only used for legacy deployments." description = "The password for the TFE console" sensitive = true } diff --git a/tests/active-active-rhel7-proxy/main.tf b/tests/active-active-rhel7-proxy/main.tf index 701e0d35..951dc11c 100644 --- a/tests/active-active-rhel7-proxy/main.tf +++ b/tests/active-active-rhel7-proxy/main.tf @@ -98,6 +98,14 @@ module "tfe" { tfe_subdomain = local.test_name asg_tags = local.common_tags + + # FDO Specific Values + is_legacy_deployment = var.is_legacy_deployment + hc_license = var.hc_license + license_reporting_opt_out = true + registry_password = var.registry_password + registry_username = var.registry_username + tfe_image = "quay.io/hashicorp/terraform-enterprise:${var.tfe_image_tag}" } resource "null_resource" "wait_for_instances" { diff --git a/tests/active-active-rhel7-proxy/outputs.tf b/tests/active-active-rhel7-proxy/outputs.tf index 45e17153..fb2e96f6 100644 --- a/tests/active-active-rhel7-proxy/outputs.tf +++ b/tests/active-active-rhel7-proxy/outputs.tf @@ -17,25 +17,27 @@ output "ptfe_endpoint" { description = "Terraform Enterprise Application URL" } +# Change this to health_check_url for consistency. This requires changing it in ptfe-replicated tests. output "ptfe_health_check" { value = module.tfe.health_check_url description = "Terraform Enterprise Health Check URL" } +output "health_check_url" { + value = module.tfe.health_check_url + description = "The URL with path to access the TFE instance health check." +} output "ssh_config_file" { - value = local.utility_module_test ? "use AWS SSH key define by var.key_name" : local_file.ssh_config[0].filename - + value = local.utility_module_test ? "use AWS SSH key define by var.key_name" : local_file.ssh_config[0].filename description = "The pathname of the SSH configuration file that grants access to the compute instance." } output "ssh_private_key" { - value = local.utility_module_test ? "use AWS SSH key define by var.key_name" : local_file.private_key_pem[0].filename - + value = local.utility_module_test ? "use AWS SSH key define by var.key_name" : local_file.private_key_pem[0].filename description = "The pathname of the private SSH key." } output "proxy_instance_id" { - value = module.test_proxy.proxy_instance_id - + value = module.test_proxy.proxy_instance_id description = "The ID of the proxy EC2 instance." } \ No newline at end of file diff --git a/tests/active-active-rhel7-proxy/variables.tf b/tests/active-active-rhel7-proxy/variables.tf index 18e466b5..a9e29edd 100644 --- a/tests/active-active-rhel7-proxy/variables.tf +++ b/tests/active-active-rhel7-proxy/variables.tf @@ -42,6 +42,18 @@ variable "domain_name" { description = "Domain for creating the Terraform Enterprise subdomain on." } +variable "hc_license" { + default = null + type = string + description = "(Not needed if is_legacy_deployment is true) The raw TFE license that is validated on application startup." +} + +variable "is_legacy_deployment" { + type = bool + description = "TFE will be installed using a Replicated license and deployment method." + default = true +} + variable "key_name" { default = null description = "The name of the key pair to be used for SSH access to the EC2 instance(s)." @@ -59,6 +71,24 @@ variable "object_storage_iam_user_name" { description = "The name of the IAM user which will be authorized to access the S3 storage bucket." } +variable "registry_username" { + default = null + type = string + description = "(Not needed if is_legacy_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." +} + +variable "registry_password" { + default = null + type = string + description = "(Not needed if is_legacy_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." +} + +variable "tfe_image_tag" { + default = "latest" + type = string + description = "(Not needed if is_legacy_deployment is true) The image version of the terraform-enterprise image (e.g. \"1234567\")" +} + variable "tfe_license_secret_id" { default = null type = string diff --git a/tests/private-active-active/main.tf b/tests/private-active-active/main.tf index 5a93cc47..2f170a1e 100644 --- a/tests/private-active-active/main.tf +++ b/tests/private-active-active/main.tf @@ -67,4 +67,12 @@ module "private_active_active" { tfe_subdomain = local.test_name asg_tags = local.common_tags + + # FDO Specific Values + is_legacy_deployment = var.is_legacy_deployment + hc_license = var.hc_license + license_reporting_opt_out = true + registry_password = var.registry_password + registry_username = var.registry_username + tfe_image = "quay.io/hashicorp/terraform-enterprise:${var.tfe_image_tag}" } diff --git a/tests/private-active-active/outputs.tf b/tests/private-active-active/outputs.tf index 0c8c655a..0995d38f 100644 --- a/tests/private-active-active/outputs.tf +++ b/tests/private-active-active/outputs.tf @@ -2,39 +2,33 @@ # SPDX-License-Identifier: MPL-2.0 output "private_active_active" { - value = module.private_active_active - + value = module.private_active_active description = "The outputs of the private_active_active module." # This output is marked as sensitive to work around a bug in Terraform 0.14 sensitive = true } output "tfe_url" { - value = module.private_active_active.tfe_url - + value = module.private_active_active.tfe_url description = "The URL to the TFE application." } output "health_check_url" { - value = "${module.private_active_active.tfe_url}/_health_check" - + value = module.private_active_active.health_check_url description = "The URL with path to access the TFE instance health check." } output "iact_url" { - value = "${module.private_active_active.tfe_url}/admin/retrieve-iact" - + value = "${module.private_active_active.tfe_url}/admin/retrieve-iact" description = "The URL with path to access the TFE instance Retrieve IACT." } output "initial_admin_user_url" { - value = "${module.private_active_active.tfe_url}/admin/initial-admin-user" - + value = "${module.private_active_active.tfe_url}/admin/initial-admin-user" description = "The URL with path to access the TFE instance Initial Admin User." } output "proxy_instance_id" { - value = module.test_proxy.proxy_instance_id - + value = module.test_proxy.proxy_instance_id description = "The ID of the proxy EC2 instance." -} \ No newline at end of file +} diff --git a/tests/private-active-active/variables.tf b/tests/private-active-active/variables.tf index 936a9a33..e37fa6ec 100644 --- a/tests/private-active-active/variables.tf +++ b/tests/private-active-active/variables.tf @@ -22,6 +22,18 @@ variable "domain_name" { description = "Domain for creating the Terraform Enterprise subdomain on." } +variable "hc_license" { + default = null + type = string + description = "(Not needed if is_legacy_deployment is true) The raw TFE license that is validated on application startup." +} + +variable "is_legacy_deployment" { + type = bool + description = "TFE will be installed using a Replicated license and deployment method." + default = true +} + variable "key_name" { description = "The name of the key pair to be used for SSH access to the EC2 instance(s)." type = string @@ -33,6 +45,24 @@ variable "license_file" { description = "The local path to the Terraform Enterprise license to be provided by CI." } +variable "registry_username" { + default = null + type = string + description = "(Not needed if is_legacy_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." +} + +variable "registry_password" { + default = null + type = string + description = "(Not needed if is_legacy_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." +} + +variable "tfe_image_tag" { + default = "latest" + type = string + description = "(Not needed if is_legacy_deployment is true) The image version of the terraform-enterprise image (e.g. \"1234567\")" +} + variable "tfe_license_secret_id" { default = null type = string diff --git a/tests/private-tcp-active-active/main.tf b/tests/private-tcp-active-active/main.tf index 07568589..68b62614 100644 --- a/tests/private-tcp-active-active/main.tf +++ b/tests/private-tcp-active-active/main.tf @@ -74,4 +74,13 @@ module "private_tcp_active_active" { vm_key_secret_id = var.private_key_pem_secret_id asg_tags = local.common_tags + + # FDO Specific Values + is_legacy_deployment = var.is_legacy_deployment + hc_license = var.hc_license + license_reporting_opt_out = true + registry_password = var.registry_password + registry_username = var.registry_username + tfe_image = "quay.io/hashicorp/terraform-enterprise:${var.tfe_image_tag}" + tls_ca_bundle_file = "/usr/share/pki/ca-trust-source/anchors/tfe-ca-certificate.crt" } diff --git a/tests/private-tcp-active-active/outputs.tf b/tests/private-tcp-active-active/outputs.tf index c459fd94..34623512 100644 --- a/tests/private-tcp-active-active/outputs.tf +++ b/tests/private-tcp-active-active/outputs.tf @@ -2,8 +2,7 @@ # SPDX-License-Identifier: MPL-2.0 output "private_tcp_active_active" { - value = module.private_tcp_active_active - + value = module.private_tcp_active_active description = "The outputs of the private_tcp_active_active module." # This output is marked as sensitive to work around a bug in Terraform 0.14 sensitive = true @@ -11,31 +10,26 @@ output "private_tcp_active_active" { output "tfe_url" { value = module.private_tcp_active_active.tfe_url - description = "The URL to the TFE application." } output "health_check_url" { - value = "${module.private_tcp_active_active.tfe_url}/_health_check" - + value = module.private_tcp_active_active.health_check_url description = "The URL with path to access the TFE instance health check." } output "iact_url" { value = "${module.private_tcp_active_active.tfe_url}/admin/retrieve-iact" - description = "The URL with path to access the TFE instance Retrieve IACT." } output "initial_admin_user_url" { value = "${module.private_tcp_active_active.tfe_url}/admin/initial-admin-user" - description = "The URL with path to access the TFE instance Initial Admin User." } output "tfe_autoscaling_group_name" { value = module.private_tcp_active_active.tfe_autoscaling_group.name - description = "The name of the autoscaling group which hosts the TFE EC2 instance(s)." # This output is marked as sensitive to work around a bug in Terraform 0.14 sensitive = true @@ -43,6 +37,5 @@ output "tfe_autoscaling_group_name" { output "proxy_instance_id" { value = module.test_proxy.proxy_instance_id - description = "The ID of the proxy EC2 instance." } diff --git a/tests/private-tcp-active-active/variables.tf b/tests/private-tcp-active-active/variables.tf index 65e87037..17d5d4ea 100644 --- a/tests/private-tcp-active-active/variables.tf +++ b/tests/private-tcp-active-active/variables.tf @@ -37,6 +37,18 @@ variable "domain_name" { description = "Domain for creating the Terraform Enterprise subdomain on." } +variable "hc_license" { + default = null + type = string + description = "(Not needed if is_legacy_deployment is true) The raw TFE license that is validated on application startup." +} + +variable "is_legacy_deployment" { + type = bool + description = "TFE will be installed using a Replicated license and deployment method." + default = true +} + variable "key_name" { description = "The name of the key pair to be used for SSH access to the EC2 instance(s)." type = string @@ -53,11 +65,26 @@ variable "private_key_pem_secret_id" { description = "The secrets manager secret ID of the Base64 & PEM encoded TLS private key." } -variable "tfe_license_secret_id" { +variable "registry_username" { default = null type = string - description = "The secrets manager secret ID of the Base64 encoded Terraform Enterprise license." + description = "(Not needed if is_legacy_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." } +variable "registry_password" { + default = null + type = string + description = "(Not needed if is_legacy_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." +} +variable "tfe_image_tag" { + default = "latest" + type = string + description = "(Not needed if is_legacy_deployment is true) The image version of the terraform-enterprise image (e.g. \"1234567\")" +} +variable "tfe_license_secret_id" { + default = null + type = string + description = "The secrets manager secret ID of the Base64 encoded Terraform Enterprise license." +} diff --git a/tests/public-active-active/main.tf b/tests/public-active-active/main.tf index e1502247..03afd9de 100644 --- a/tests/public-active-active/main.tf +++ b/tests/public-active-active/main.tf @@ -57,4 +57,12 @@ module "public_active_active" { tfe_subdomain = local.test_name asg_tags = local.common_tags + + # FDO Specific Values + is_legacy_deployment = var.is_legacy_deployment + hc_license = var.hc_license + license_reporting_opt_out = true + registry_password = var.registry_password + registry_username = var.registry_username + tfe_image = "quay.io/hashicorp/terraform-enterprise:${var.tfe_image_tag}" } diff --git a/tests/public-active-active/outputs.tf b/tests/public-active-active/outputs.tf index a95d4f76..fc7732cc 100644 --- a/tests/public-active-active/outputs.tf +++ b/tests/public-active-active/outputs.tf @@ -14,7 +14,7 @@ output "tfe_url" { } output "health_check_url" { - value = "${module.public_active_active.tfe_url}/_health_check" + value = module.public_active_active.health_check_url description = "The URL with path to access the TFE instance health check." } diff --git a/tests/public-active-active/variables.tf b/tests/public-active-active/variables.tf index 178f36d6..7adef03e 100644 --- a/tests/public-active-active/variables.tf +++ b/tests/public-active-active/variables.tf @@ -22,12 +22,24 @@ variable "domain_name" { description = "Domain for creating the Terraform Enterprise subdomain on." } +variable "hc_license" { + default = null + type = string + description = "(Not needed if is_legacy_deployment is true) The raw TFE license that is validated on application startup." +} + variable "iact_subnet_list" { default = [] description = "A list of CIDR masks that configure the ability to retrieve the IACT from outside the host." type = list(string) } +variable "is_legacy_deployment" { + type = bool + description = "TFE will be installed using a Replicated license and deployment method." + default = true +} + variable "key_name" { description = "The name of the key pair to be used for SSH access to the EC2 instance(s)." type = string @@ -39,10 +51,26 @@ variable "license_file" { description = "The local path to the Terraform Enterprise license to be provided by CI." } +variable "registry_username" { + default = null + type = string + description = "(Not needed if is_legacy_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." +} + +variable "registry_password" { + default = null + type = string + description = "(Not needed if is_legacy_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." +} + +variable "tfe_image_tag" { + default = "latest" + type = string + description = "(Not needed if is_legacy_deployment is true) The image version of the terraform-enterprise image (e.g. \"1234567\")" +} + variable "tfe_license_secret_id" { default = null type = string - description = <<-EOD - The name of the Secrets Manager secret ID of the Base64 encoded Terraform Enterprise license. - EOD + description = "The name of the Secrets Manager secret ID of the Base64 encoded Terraform Enterprise license." } diff --git a/tests/standalone-vault/main.tf b/tests/standalone-vault/main.tf index 320bdb68..a7bc7bee 100644 --- a/tests/standalone-vault/main.tf +++ b/tests/standalone-vault/main.tf @@ -71,4 +71,12 @@ module "standalone_vault" { extern_vault_namespace = "admin" asg_tags = local.common_tags + + # FDO Specific Values + is_legacy_deployment = var.is_legacy_deployment + hc_license = var.hc_license + license_reporting_opt_out = true + registry_password = var.registry_password + registry_username = var.registry_username + tfe_image = "quay.io/hashicorp/terraform-enterprise:${var.tfe_image_tag}" } diff --git a/tests/standalone-vault/outputs.tf b/tests/standalone-vault/outputs.tf index d1274095..34af7f8a 100644 --- a/tests/standalone-vault/outputs.tf +++ b/tests/standalone-vault/outputs.tf @@ -11,11 +11,17 @@ output "replicated_console_url" { description = "Terraform Enterprise Console URL" } +# Change this to health_check_url for consistency. This requires changing it in ptfe-replicated tests. output "ptfe_health_check" { value = "${module.standalone_vault.tfe_url}/_health_check" description = "The URL with path to access the TFE instance health check." } +output "health_check_url" { + value = module.standalone_vault.health_check_url + description = "The URL with path to access the TFE instance health check." +} + output "replicated_console_password" { value = module.standalone_vault.replicated_dashboard_password description = "The password for the TFE console" diff --git a/tests/standalone-vault/variables.tf b/tests/standalone-vault/variables.tf index cdd3ff3d..2c9ed082 100644 --- a/tests/standalone-vault/variables.tf +++ b/tests/standalone-vault/variables.tf @@ -22,6 +22,18 @@ variable "domain_name" { description = "Domain for creating the Terraform Enterprise subdomain on." } +variable "hc_license" { + default = null + type = string + description = "(Not needed if is_legacy_deployment is true) The raw TFE license that is validated on application startup." +} + +variable "is_legacy_deployment" { + type = bool + description = "TFE will be installed using a Replicated license and deployment method." + default = true +} + variable "key_name" { default = null description = "The name of the key pair to be used for SSH access to the EC2 instance(s)." @@ -34,6 +46,24 @@ variable "license_file" { description = "The local path to the Terraform Enterprise license to be provided by CI." } +variable "registry_username" { + default = null + type = string + description = "(Not needed if is_legacy_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." +} + +variable "registry_password" { + default = null + type = string + description = "(Not needed if is_legacy_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." +} + +variable "tfe_image_tag" { + default = "latest" + type = string + description = "(Not needed if is_legacy_deployment is true) The image version of the terraform-enterprise image (e.g. \"1234567\")" +} + variable "tfe_license_secret_id" { default = null type = string diff --git a/variables.tf b/variables.tf index 017ee2d3..00b2e03a 100644 --- a/variables.tf +++ b/variables.tf @@ -16,29 +16,19 @@ variable "ami_id" { variable "asg_tags" { type = map(string) - description = <:. - Default is 'hashicorp/build-worker:now'. - EOD + description = "The name and tag for your alternative Terraform build worker image in the format :. Default is 'hashicorp/build-worker:now'." } variable "disk_path" { @@ -201,12 +204,7 @@ variable "disk_path" { variable "hairpin_addressing" { default = null type = bool - description = <<-EOD - In some cloud environments, HTTP clients running on instances behind a loadbalancer cannot send - requests to the public hostname of that load balancer. Use this setting to configure TFE services - to redirect requests for the installation's FQDN to the instance's internal IP address. - Defaults to false. - EOD + description = "In some cloud environments, HTTP clients running on instances behind a loadbalancer cannot send requests to the public hostname of that load balancer. Use this setting to configure TFE services to redirect requests for the installation's FQDN to the instance's internal IP address. Defaults to false." } variable "iact_subnet_list" { @@ -224,39 +222,24 @@ variable "iact_subnet_time_limit" { variable "metrics_endpoint_enabled" { default = null type = bool - description = <<-EOD - (Optional) Metrics are used to understand the behavior of Terraform Enterprise and to - troubleshoot and tune performance. Enable an endpoint to expose container metrics. - Defaults to false. - EOD + description = "(Optional) Metrics are used to understand the behavior of Terraform Enterprise and to troubleshoot and tune performance. Enable an endpoint to expose container metrics. Defaults to false." } variable "metrics_endpoint_port_http" { default = null type = number - description = <<-EOD - (Optional when metrics_endpoint_enabled is true.) Defines the TCP port on which HTTP metrics - requests will be handled. - Defaults to 9090. - EOD + description = "(Optional when metrics_endpoint_enabled is true.) Defines the TCP port on which HTTP metrics requests will be handled. Defaults to 9090." } variable "metrics_endpoint_port_https" { default = null type = string - description = <<-EOD - (Optional when metrics_endpoint_enabled is true.) Defines the TCP port on which HTTPS metrics - requests will be handled. - Defaults to 9091. - EOD + description = "(Optional when metrics_endpoint_enabled is true.) Defines the TCP port on which HTTPS metrics requests will be handled. Defaults to 9091." } variable "operational_mode" { default = "external" - description = <<-EOD - A special string to control the operational mode of Terraform Enterprise. Valid values are: "external" for External - Services mode; "disk" for Mounted Disk mode. - EOD + description = "A special string to control the operational mode of Terraform Enterprise. Valid values are: 'external' for External Services mode; 'disk for Mounted Disk mode." type = string validation { @@ -297,6 +280,24 @@ variable "deploy_vpc" { default = true } +variable "enable_ssh" { + type = bool + description = "Whether to open port 22 on the TFE instance for SSH access." + default = false +} + +variable "hc_license" { + default = null + type = string + description = "(Not needed if is_legacy_deployment is true) The raw TFE license that is validated on application startup." +} + +variable "is_legacy_deployment" { + type = bool + description = "TFE will be installed using a Replicated license and deployment method." + default = true +} + variable "network_cidr" { type = string description = "(Optional) CIDR block for VPC." @@ -361,6 +362,12 @@ variable "key_name" { type = string } +variable "license_reporting_opt_out" { + default = false + type = bool + description = "(Not needed if is_legacy_deployment is true) Whether to opt out of reporting licensing information to HashiCorp. Defaults to false." +} + variable "node_count" { type = number default = 2 @@ -375,12 +382,19 @@ variable "node_count" { variable "pg_extra_params" { default = null type = string - description = <<-EOF - Parameter keywords of the form param1=value1¶m2=value2 to support additional options that - may be necessary for your specific PostgreSQL server. Allowed values are documented on the - PostgreSQL site. An additional restriction on the sslmode parameter is that only the require, - verify-full, verify-ca, and disable values are allowed. - EOF + description = "Parameter keywords of the form param1=value1¶m2=value2 to support additional options that may be necessary for your specific PostgreSQL server. Allowed values are documented on the PostgreSQL site. An additional restriction on the sslmode parameter is that only the require, verify-full, verify-ca, and disable values are allowed." +} + +variable "registry_username" { + default = null + type = string + description = "(Not needed if is_legacy_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." +} + +variable "registry_password" { + default = null + type = string + description = "(Not needed if is_legacy_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." } variable "release_sequence" { @@ -389,12 +403,50 @@ variable "release_sequence" { description = "Terraform Enterprise release sequence" } +variable "run_pipeline_image" { + default = null + type = string + description = "(Not needed if is_legacy_deployment is true) Container image used to execute Terraform runs. Leave blank to use the default image that comes with Terraform Enterprise. Defaults to ''." +} + variable "ssl_policy" { type = string default = "ELBSecurityPolicy-2016-08" description = "SSL policy to use on ALB listener" } +variable "tls_ca_bundle_file" { + default = null + type = string + description = "(Not needed if is_legacy_deployment is true) Path to a file containing TLS CA certificates to be added to the OS CA certificates bundle. Leave blank to not add CA certificates to the OS CA certificates bundle. Defaults to ''." +} + +variable "tls_ciphers" { + default = null + type = string + description = "(Not needed if is_legacy_deployment is true) TLS ciphers to use for TLS. Must be valid OpenSSL format. Leave blank to use the default ciphers. Defaults to ''" +} + +variable "tls_version" { + default = null + type = string + description = "(Not needed if is_legacy_deployment is true) TLS version to use. Leave blank to use both TLS v1.2 and TLS v1.3. Defaults to '' if no value is given." + validation { + condition = ( + var.tls_version == null || + var.tls_version == "tls_1_2" || + var.tls_version == "tls_1_3" + ) + error_message = "The tls_version value must be 'tls_1_2', 'tls_1_3', or null." + } +} + +variable "tfe_image" { + default = "quay.io/hashicorp/terraform-enterprise:latest" + type = string + description = "(Not needed if is_legacy_deployment is true) The registry path, image name, and image version (e.g. \"quay.io/hashicorp/terraform-enterprise:1234567\")" +} + variable "tfe_subdomain" { type = string default = "tfe" @@ -406,12 +458,7 @@ variable "tfe_subdomain" { variable "ca_certificate_secret_id" { default = null type = string - description = <<-EOD - A Secrets Manager secret ARN to the secret which contains the Base64 encoded version of - a PEM encoded public certificate of a certificate authority (CA) to be trusted by the EC2 - instance(s). This argument is only required if TLS certificates in the deployment are not - issued by a well-known CA. - EOD + description = "A Secrets Manager secret ARN to the secret which contains the Base64 encoded version of a PEM encoded public certificate of a certificate authority (CA) to be trusted by the EC2 instance(s). This argument is only required if TLS certificates in the deployment are not issued by a well-known CA." } variable "kms_key_arn" { @@ -459,10 +506,7 @@ variable "proxy_port" { variable "trusted_proxies" { default = [] - description = <<-EOD - A list of IP address ranges which will be considered safe to ignore when evaluating the IP addresses of requests like - those made to the IACT endpoint. - EOD + description = "A list of IP address ranges which will be considered safe to ignore when evaluating the IP addresses of requests like those made to the IACT endpoint." type = list(string) } @@ -471,20 +515,13 @@ variable "trusted_proxies" { variable "airgap_url" { default = null type = string - description = <<-EOD - The URL of the storage bucket object that comprises an airgap package. This is only used in development - environments when bootstapping the TFE instance with the airgap package. You would not use this for an - actual airgapped environment. - EOD + description = "The URL of the storage bucket object that comprises an airgap package. This is only used in development environments when bootstapping the TFE instance with the airgap package. You would not use this for an actual airgapped environment." } variable "tfe_license_bootstrap_airgap_package_path" { default = null type = string - description = <<-EOD - (Required if air-gapped installation) The URL of a Replicated airgap package for Terraform - Enterprise. The suggested path is "/var/lib/ptfe/ptfe.airgap". - EOD + description = "(Required if air-gapped installation) The URL of a Replicated airgap package for Terraform Enterprise. The suggested path is '/var/lib/ptfe/ptfe.airgap'." } # Mounted Disk Installations ONLY @@ -510,10 +547,7 @@ variable "ebs_iops" { variable "ebs_renamed_device_name" { type = string default = "nvme1n1" - description = <<-EOD - (Required if Mounted Disk installation) The device name that AWS renames the ebs_device_name to. - See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/device_naming.html for more details. - EOD + description = "(Required if Mounted Disk installation) The device name that AWS renames the ebs_device_name to. See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/device_naming.html for more details." } variable "ebs_volume_size" { From 32c31913324aed41ef75185db93e3c45d2bfd972 Mon Sep 17 00:00:00 2001 From: anniehedgpeth Date: Wed, 20 Sep 2023 16:41:15 -0600 Subject: [PATCH 2/8] fmt and linting --- .tflint.hcl | 4 ++++ main.tf | 6 +++--- modules/service_accounts/main.tf | 2 +- modules/vm/main.tf | 10 +++++----- tests/private-tcp-active-active/outputs.tf | 12 ++++++------ variables.tf | 3 ++- 6 files changed, 21 insertions(+), 16 deletions(-) diff --git a/.tflint.hcl b/.tflint.hcl index e94b9545..b3d2baf3 100644 --- a/.tflint.hcl +++ b/.tflint.hcl @@ -50,3 +50,7 @@ rule "terraform_unused_required_providers" { rule "terraform_standard_module_structure" { enabled = true } + +rule "terraform_module_pinned_source" { + enabled = false +} \ No newline at end of file diff --git a/main.tf b/main.tf index bcd44788..c9d8fab8 100644 --- a/main.tf +++ b/main.tf @@ -175,9 +175,9 @@ module "tfe_init_fdo" { custom_image_tag = var.custom_image_tag enable_monitoring = var.enable_monitoring - disk_path = local.enable_disk ? var.disk_path : null - disk_device_name = local.enable_disk ? var.ebs_renamed_device_name : null - distribution = var.distribution + disk_path = local.enable_disk ? var.disk_path : null + disk_device_name = local.enable_disk ? var.ebs_renamed_device_name : null + distribution = var.distribution ca_certificate_secret_id = var.ca_certificate_secret_id == null ? null : var.ca_certificate_secret_id certificate_secret_id = var.vm_certificate_secret_id == null ? null : var.vm_certificate_secret_id diff --git a/modules/service_accounts/main.tf b/modules/service_accounts/main.tf index dd470a1d..d7c7b8ed 100644 --- a/modules/service_accounts/main.tf +++ b/modules/service_accounts/main.tf @@ -109,7 +109,7 @@ resource "aws_iam_policy" "kms_policy" { "kms:ReEncryptTo", ] Effect = "Allow" - Resource = "${var.kms_key_arn}" + Resource = var.kms_key_arn }, ] }) diff --git a/modules/vm/main.tf b/modules/vm/main.tf index 72571bc7..e60ad9a6 100644 --- a/modules/vm/main.tf +++ b/modules/vm/main.tf @@ -34,11 +34,11 @@ resource "aws_security_group_rule" "vault_cluster" { resource "aws_security_group_rule" "ssh_inbound" { count = var.enable_ssh ? 1 : 0 - security_group_id = aws_security_group.tfe_instance.id - type = "ingress" - from_port = 22 - to_port = 22 - protocol = "tcp" + security_group_id = aws_security_group.tfe_instance.id + type = "ingress" + from_port = 22 + to_port = 22 + protocol = "tcp" source_security_group_id = var.aws_lb cidr_blocks = var.aws_lb == null ? var.network_private_subnet_cidrs : null } diff --git a/tests/private-tcp-active-active/outputs.tf b/tests/private-tcp-active-active/outputs.tf index 34623512..7f03f2d8 100644 --- a/tests/private-tcp-active-active/outputs.tf +++ b/tests/private-tcp-active-active/outputs.tf @@ -9,33 +9,33 @@ output "private_tcp_active_active" { } output "tfe_url" { - value = module.private_tcp_active_active.tfe_url + value = module.private_tcp_active_active.tfe_url description = "The URL to the TFE application." } output "health_check_url" { - value = module.private_tcp_active_active.health_check_url + value = module.private_tcp_active_active.health_check_url description = "The URL with path to access the TFE instance health check." } output "iact_url" { - value = "${module.private_tcp_active_active.tfe_url}/admin/retrieve-iact" + value = "${module.private_tcp_active_active.tfe_url}/admin/retrieve-iact" description = "The URL with path to access the TFE instance Retrieve IACT." } output "initial_admin_user_url" { - value = "${module.private_tcp_active_active.tfe_url}/admin/initial-admin-user" + value = "${module.private_tcp_active_active.tfe_url}/admin/initial-admin-user" description = "The URL with path to access the TFE instance Initial Admin User." } output "tfe_autoscaling_group_name" { - value = module.private_tcp_active_active.tfe_autoscaling_group.name + value = module.private_tcp_active_active.tfe_autoscaling_group.name description = "The name of the autoscaling group which hosts the TFE EC2 instance(s)." # This output is marked as sensitive to work around a bug in Terraform 0.14 sensitive = true } output "proxy_instance_id" { - value = module.test_proxy.proxy_instance_id + value = module.test_proxy.proxy_instance_id description = "The ID of the proxy EC2 instance." } diff --git a/variables.tf b/variables.tf index 00b2e03a..8b3d3dd9 100644 --- a/variables.tf +++ b/variables.tf @@ -70,8 +70,9 @@ variable "object_storage_iam_user" { } variable "s3_endpoint" { - default = null + default = null description = "S3 endpoint. Useful when using a private S3 endpoint. Leave blank to use the default AWS S3 endpoint. Defaults to \"\"." + type = string } From b541c19a86c4b29c329b61ca7f281111ba6ec64d Mon Sep 17 00:00:00 2001 From: anniehedgpeth Date: Wed, 20 Sep 2023 16:49:39 -0600 Subject: [PATCH 3/8] fix deprecation warning; add cnd'l for legacy init --- examples/active-active-proxy/main.tf | 2 +- examples/existing-image/main.tf | 2 +- examples/existing-network/main.tf | 2 +- examples/standalone-airgap-dev/main.tf | 2 +- examples/standalone-airgap/main.tf | 2 +- examples/standalone-mounted/main.tf | 2 +- main.tf | 1 + tests/active-active-rhel7-proxy/main.tf | 2 +- tests/private-active-active/main.tf | 2 +- tests/private-tcp-active-active/main.tf | 2 +- tests/standalone-vault/main.tf | 2 +- 11 files changed, 11 insertions(+), 10 deletions(-) diff --git a/examples/active-active-proxy/main.tf b/examples/active-active-proxy/main.tf index b7eaeb68..499f2f9c 100644 --- a/examples/active-active-proxy/main.tf +++ b/examples/active-active-proxy/main.tf @@ -4,7 +4,7 @@ resource "random_string" "friendly_name" { length = 4 upper = false # Some AWS resources do not accept uppercase characters. - number = false + numeric = false special = false } diff --git a/examples/existing-image/main.tf b/examples/existing-image/main.tf index 83813467..3f8d4cb0 100644 --- a/examples/existing-image/main.tf +++ b/examples/existing-image/main.tf @@ -4,7 +4,7 @@ resource "random_string" "friendly_name" { length = 4 upper = false # Some AWS resources do not accept uppercase characters. - number = false + numeric = false special = false } diff --git a/examples/existing-network/main.tf b/examples/existing-network/main.tf index cbd0a8e9..4907ad55 100644 --- a/examples/existing-network/main.tf +++ b/examples/existing-network/main.tf @@ -13,7 +13,7 @@ provider "aws" { resource "random_string" "friendly_name" { length = 4 upper = false # Some AWS resources do not accept uppercase characters. - number = false + numeric = false special = false } diff --git a/examples/standalone-airgap-dev/main.tf b/examples/standalone-airgap-dev/main.tf index dba72429..108860b3 100644 --- a/examples/standalone-airgap-dev/main.tf +++ b/examples/standalone-airgap-dev/main.tf @@ -6,7 +6,7 @@ resource "random_string" "friendly_name" { length = 4 upper = false - number = false + numeric = false special = false } diff --git a/examples/standalone-airgap/main.tf b/examples/standalone-airgap/main.tf index 44a5a56b..25132af6 100644 --- a/examples/standalone-airgap/main.tf +++ b/examples/standalone-airgap/main.tf @@ -6,7 +6,7 @@ resource "random_string" "friendly_name" { length = 4 upper = false - number = false + numeric = false special = false } diff --git a/examples/standalone-mounted/main.tf b/examples/standalone-mounted/main.tf index d4388929..80415bcf 100644 --- a/examples/standalone-mounted/main.tf +++ b/examples/standalone-mounted/main.tf @@ -6,7 +6,7 @@ resource "random_string" "friendly_name" { length = 4 upper = false - number = false + numeric = false special = false } diff --git a/main.tf b/main.tf index c9d8fab8..5fde26da 100644 --- a/main.tf +++ b/main.tf @@ -275,6 +275,7 @@ module "settings" { # ----------------------------------------------------------------------------- module "tfe_init_legacy" { source = "git::https://github.com/hashicorp/terraform-random-tfe-utility//modules/tfe_init_legacy?ref=ah/tf-5370" + count = var.is_legacy_deployment ? 1 : 0 # TFE & Replicated Configuration data cloud = "aws" diff --git a/tests/active-active-rhel7-proxy/main.tf b/tests/active-active-rhel7-proxy/main.tf index 951dc11c..23563bbe 100644 --- a/tests/active-active-rhel7-proxy/main.tf +++ b/tests/active-active-rhel7-proxy/main.tf @@ -14,7 +14,7 @@ provider "aws" { resource "random_string" "friendly_name" { length = 4 upper = false # Some AWS resources do not accept uppercase characters. - number = false + numeric = false special = false } diff --git a/tests/private-active-active/main.tf b/tests/private-active-active/main.tf index 2f170a1e..97d770a1 100644 --- a/tests/private-active-active/main.tf +++ b/tests/private-active-active/main.tf @@ -14,7 +14,7 @@ provider "aws" { resource "random_string" "friendly_name" { length = 4 upper = false # Some AWS resources do not accept uppercase characters. - number = false + numeric = false special = false } diff --git a/tests/private-tcp-active-active/main.tf b/tests/private-tcp-active-active/main.tf index 68b62614..df80c44a 100644 --- a/tests/private-tcp-active-active/main.tf +++ b/tests/private-tcp-active-active/main.tf @@ -14,7 +14,7 @@ provider "aws" { resource "random_string" "friendly_name" { length = 4 upper = false # Some AWS resources do not accept uppercase characters. - number = false + numeric = false special = false } diff --git a/tests/standalone-vault/main.tf b/tests/standalone-vault/main.tf index a7bc7bee..e37d18bf 100644 --- a/tests/standalone-vault/main.tf +++ b/tests/standalone-vault/main.tf @@ -6,7 +6,7 @@ resource "random_string" "friendly_name" { length = 4 upper = false # Some AWS resources do not accept uppercase characters. - number = false + numeric = false special = false } From 4928f0d8e0134e6e057147082d01f0deebbe5fc0 Mon Sep 17 00:00:00 2001 From: anniehedgpeth Date: Wed, 20 Sep 2023 16:51:36 -0600 Subject: [PATCH 4/8] remove whitespace --- .github/workflows/handler-destroy.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/handler-destroy.yml b/.github/workflows/handler-destroy.yml index a2cd7ff3..b5728cc3 100644 --- a/.github/workflows/handler-destroy.yml +++ b/.github/workflows/handler-destroy.yml @@ -150,7 +150,6 @@ jobs: TFC_token_secret_name: PUBLIC_ACTIVE_ACTIVE_LEGACY_TFC_TOKEN TFC_workspace_substitution_pattern: s/aws-public-active-active/aws-public-active-active-legacy/ - private_active_active_legacy: uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@ah/tf-5370 secrets: inherit @@ -169,7 +168,6 @@ jobs: TFC_token_secret_name: PRIVATE_ACTIVE_ACTIVE_LEGACY_TFC_TOKEN TFC_workspace_substitution_pattern: s/aws-private-active-active/aws-private-active-active-legacy/ - private_tcp_active_active_legacy: uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@ah/tf-5370 secrets: inherit From cd6ca3440cdba367298d8b6a90cda840e4c33a53 Mon Sep 17 00:00:00 2001 From: anniehedgpeth Date: Wed, 20 Sep 2023 17:23:24 -0600 Subject: [PATCH 5/8] use reusable test workflow --- .github/workflows/handler-help.yml | 12 +- .github/workflows/handler-test.yml | 824 +++++++---------------------- 2 files changed, 208 insertions(+), 628 deletions(-) diff --git a/.github/workflows/handler-help.yml b/.github/workflows/handler-help.yml index b8a60d28..4108ffe2 100644 --- a/.github/workflows/handler-help.yml +++ b/.github/workflows/handler-help.yml @@ -26,9 +26,19 @@ jobs: > | /help | Shows this help message | ## Test Case Names - + + FDO: + * active-active-rhel7-proxy * private-active-active * private-tcp-active-active * public-active-active + * standalone-vault + + Legacy: + * active-active-rhel7-proxy-legacy + * private-active-active-legacy + * private-tcp-active-active-legacy + * public-active-active-legacy + * standalone-vault-legacy reaction-type: confused diff --git a/.github/workflows/handler-test.yml b/.github/workflows/handler-test.yml index 75f90c66..f6caee92 100644 --- a/.github/workflows/handler-test.yml +++ b/.github/workflows/handler-test.yml @@ -5,639 +5,209 @@ on: types: - test-command +env: + AWS_DEFAULT_REGION: us-east-2 + jobs: + active_active_rhel7_proxy: + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@ah/tf-5370 + secrets: inherit + name: Test AWS Active/Active RHEL7 Proxy Scenario + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'active-active-rhel7-proxy') }} + with: + test_name: Active/Active RHEL7 Proxy + utility_test: false + is_legacy_deployment: false + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + k6_work_dir: ./tests/tfe-load-test + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/active-active-rhel7-proxy + TFC_token_secret_name: ACTIVE_ACTIVE_RHEL7_PROXY_TFC_TOKEN + TFC_workspace_substitution_pattern: 's/terraform {/terraform {\n\ + backend "remote" {\n\ + organization = "terraform-enterprise-modules-test"\n\ + workspaces {\n\ + name = "aws-active-active-rhel7-proxy"\n\ + }\n\ + }\n/' + public_active_active: - name: Run tf-test on Public Active/Active + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@ah/tf-5370 + secrets: inherit + name: Test AWS Public Active/Active Scenario if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'public-active-active') }} - runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: write - env: - WORK_DIR_PATH: ./tests/public-active-active - K6_WORK_DIR_PATH: ./tests/tfe-load-test - AWS_DEFAULT_REGION: us-east-2 - steps: - - name: Create URL to the run output - id: vars - run: echo ::set-output name=run-url::https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID - - # Checkout the branch of the pull request being tested - - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - with: - repository: ${{ github.event.client_payload.pull_request.head.repo.full_name }} - ref: ${{ github.event.client_payload.pull_request.head.sha }} - token: ${{ secrets.GITHUB_TOKEN }} - persist-credentials: false - - # Checkout the hashicorp/tfe-load-test repository - - name: Checkout TFE Load Test - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - with: - path: ${{ env.K6_WORK_DIR_PATH }} - repository: hashicorp/tfe-load-test - token: ${{ secrets.GH_TFE_LOAD_TEST_TOKEN }} - persist-credentials: false - - - name: Install required tools - working-directory: ${{ env.K6_WORK_DIR_PATH }} - env: - K6_URL: https://github.com/loadimpact/k6/releases/download/v0.31.1/k6-v0.31.1-linux64.tar.gz - run: | - sudo apt-get install jq - curl -L $K6_URL | tar -xz --strip-components=1 - - - name: Setup Terraform - uses: hashicorp/setup-terraform@v1 - with: - cli_config_credentials_hostname: 'app.terraform.io' - cli_config_credentials_token: ${{ secrets.PUBLIC_ACTIVE_ACTIVE_TFC_TOKEN }} - terraform_version: 0.14.8 - terraform_wrapper: true - - # Run Terraform commands between these comments vvv - - - name: Terraform Init - id: init - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform init -input=false -no-color - - - name: Terraform Validate - id: validate - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform validate -no-color - - - name: Write GitHub Actions runner CIDR to Terraform Variables - working-directory: ${{ env.WORK_DIR_PATH }} - run: | - echo "iact_subnet_list = [\"$( dig +short @resolver1.opendns.com myip.opendns.com )/32\"]" > github.auto.tfvars - - - name: Terraform Apply - id: apply - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform apply -auto-approve -input=false -no-color - - - name: Retrieve Health Check URL - id: retrieve-health-check-url - working-directory: ${{ env.WORK_DIR_PATH }} - run: | - terraform output -no-color -raw health_check_url - - - name: Wait For TFE - id: wait-for-tfe - timeout-minutes: 15 - env: - HEALTH_CHECK_URL: ${{ steps.retrieve-health-check-url.outputs.stdout }} - run: | - echo "Curling \`health_check_url\` for a return status of 200..." - while ! curl -sfS --max-time 5 "$HEALTH_CHECK_URL"; do sleep 5; done - - - name: Retrieve TFE URL - id: retrieve-tfe-url - working-directory: ${{ env.WORK_DIR_PATH }} - run: | - terraform output -no-color -raw tfe_url - - - name: Retrieve IACT URL - id: retrieve-iact-url - working-directory: ${{ env.WORK_DIR_PATH }} - run: | - terraform output -no-color -raw iact_url - - - name: Retrieve IACT - id: retrieve-iact - env: - IACT_URL: ${{ steps.retrieve-iact-url.outputs.stdout }} - run: | - token=$(curl --fail --retry 5 --verbose "$IACT_URL") - echo "::set-output name=token::$token" - - - name: Retrieve Initial Admin User URL - id: retrieve-initial-admin-user-url - working-directory: ${{ env.WORK_DIR_PATH }} - run: | - terraform output -no-color -raw initial_admin_user_url - - - name: Create Admin in TFE - id: create-admin - env: - TFE_PASSWORD: ${{ secrets.TFE_PASSWORD }} - IAU_URL: ${{ steps.retrieve-initial-admin-user-url.outputs.stdout }} - IACT: ${{ steps.retrieve-iact.outputs.token }} - run: | - echo \ - '{"username": "test", "email": "tf-onprem-team@hashicorp.com", "password": "$TFE_PASSWORD"}' \ - > ./payload.json - response=$( \ - curl \ - --fail \ - --retry 5 \ - --verbose \ - --header 'Content-Type: application/json' \ - --data @./payload.json \ - "$IAU_URL"?token="$IACT") - echo "::set-output name=response::$response" - - - name: Retrieve Admin Token - id: retrieve-admin-token - env: - RESPONSE: ${{ steps.create-admin.outputs.response }} - run: | - token=$(echo "$RESPONSE" | jq --raw-output '.token') - echo "::set-output name=token::$token" - - - name: Run k6 Smoke Test - id: run-smoke-test - working-directory: ${{ env.K6_WORK_DIR_PATH }} - env: - K6_PATHNAME: "./k6" - TFE_URL: "${{ steps.retrieve-tfe-url.outputs.stdout }}" - TFE_API_TOKEN: "${{ steps.retrieve-admin-token.outputs.token }}" - TFE_EMAIL: tf-onprem-team@hashicorp.com - run: | - make smoke-test - - - name: Terraform Destroy - id: destroy - if: ${{ always() && github.event.client_payload.slash_command.args.named.destroy != 'false' }} - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform destroy -auto-approve -input=false -no-color - - # Run Terraform commands between these comments ^^^ - - - name: Update comment - if: ${{ always() }} - uses: peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d # v2.1.1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - repository: ${{ github.event.client_payload.github.payload.repository.full_name }} - comment-id: ${{ github.event.client_payload.github.payload.comment.id }} - body: | - ${{ format('### {0} Terraform Public Active/Active Test Report', job.status == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format(':link: [Action Summary Page]({0})', steps.vars.outputs.run-url) }} - - ${{ format('- {0} Terraform Init', steps.init.outcome == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format('- {0} Terraform Validate', steps.validate.outcome == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format('- {0} Terraform Apply', steps.apply.outcome == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format('- {0} Run k6 Smoke Test', steps.run-smoke-test.outcome == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ github.event.client_payload.slash_command.args.named.destroy != 'false' && format('- {0} Terraform Destroy', steps.destroy.outcome == 'success' && ':white_check_mark:' || ':x:') || '' }} + with: + test_name: Public Active/Active + utility_test: false + is_legacy_deployment: false + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + k6_work_dir: ./tests/tfe-load-test + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/public-active-active + TFC_token_secret_name: PUBLIC_ACTIVE_ACTIVE_TFC_TOKEN private_active_active: - name: Run tf-test on Private Active/Active + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@ah/tf-5370 + secrets: inherit + name: Test AWS Private Active/Active Scenario if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'private-active-active') }} - runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: write - env: - WORK_DIR_PATH: ./tests/private-active-active - K6_WORK_DIR_PATH: ./tests/tfe-load-test - AWS_DEFAULT_REGION: us-east-2 - steps: - - name: Create URL to the run output - id: vars - run: echo ::set-output name=run-url::https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID - - # Checkout the branch of the pull request being tested - - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - with: - repository: ${{ github.event.client_payload.pull_request.head.repo.full_name }} - ref: ${{ github.event.client_payload.pull_request.head.sha }} - token: ${{ secrets.GITHUB_TOKEN }} - persist-credentials: false - - # Checkout the hashicorp/tfe-load-test repository - - name: Checkout TFE Load Test - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - with: - path: ${{ env.K6_WORK_DIR_PATH }} - repository: hashicorp/tfe-load-test - token: ${{ secrets.GH_TFE_LOAD_TEST_TOKEN }} - persist-credentials: false - - - name: Install required tools - working-directory: ${{ env.K6_WORK_DIR_PATH }} - env: - K6_URL: https://github.com/loadimpact/k6/releases/download/v0.31.1/k6-v0.31.1-linux64.tar.gz - run: | - sudo apt-get install jq - curl -L $K6_URL | tar -xz --strip-components=1 - - - name: Setup Terraform - uses: hashicorp/setup-terraform@v1 - with: - cli_config_credentials_hostname: 'app.terraform.io' - cli_config_credentials_token: ${{ secrets.PRIVATE_ACTIVE_ACTIVE_TFC_TOKEN }} - terraform_version: 0.14.8 - terraform_wrapper: true - - # Run Terraform commands between these comments vvv - - - name: Terraform Init - id: init - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform init -input=false -no-color - - - name: Terraform Validate - id: validate - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform validate -no-color - - - name: Terraform Apply - id: apply - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform apply -auto-approve -input=false -no-color - - - name: Retrieve Health Check URL - id: retrieve-health-check-url - working-directory: ${{ env.WORK_DIR_PATH }} - run: | - terraform output -no-color -raw health_check_url - - - name: Retrieve Instance ID - id: retrieve-instance-id - working-directory: ${{ env.WORK_DIR_PATH }} - run: | - terraform output -no-color -raw proxy_instance_id - - - name: Write Private SSH Key - env: - SSH_KEY_BASE64: ${{ secrets.PRIVATE_ACTIVE_ACTIVE_SSH_KEY_BASE64 }} - run: | - echo "$SSH_KEY_BASE64" | base64 --decode > ./ssh-key.pem - chmod 0400 ./ssh-key.pem - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 - with: - aws-access-key-id: ${{ secrets.PRIVATE_ACTIVE_ACTIVE_AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.PRIVATE_ACTIVE_ACTIVE_AWS_SECRET_ACCESS_KEY }} - aws-region: us-east-2 - role-to-assume: ${{ secrets.PRIVATE_ACTIVE_ACTIVE_AWS_ROLE_TO_ASSUME }} - role-duration-seconds: 2400 - role-skip-session-tagging: true - - - name: Start SOCKS5 Proxy - env: - INSTANCE_ID: ${{ steps.retrieve-instance-id.outputs.stdout }} - run: | - aws ec2 wait instance-status-ok --instance-ids "$INSTANCE_ID" - ssh \ - -o 'BatchMode yes' \ - -o 'StrictHostKeyChecking accept-new' \ - -o 'ProxyCommand sh -c \ - "aws ssm start-session \ - --target %h \ - --document-name AWS-StartSSHSession \ - --parameters \"portNumber=%p\""' \ - -i ./ssh-key.pem \ - -f -N -p 22 -D localhost:5000 \ - ubuntu@"$INSTANCE_ID" - - - name: Wait For TFE - id: wait-for-tfe - timeout-minutes: 15 - env: - HEALTH_CHECK_URL: ${{ steps.retrieve-health-check-url.outputs.stdout }} - run: | - echo "Curling \`health_check_url\` for a return status of 200..." - while ! curl \ - -sfS --max-time 5 --proxy socks5://localhost:5000 \ - $HEALTH_CHECK_URL; \ - do sleep 5; done - - - name: Retrieve TFE URL - id: retrieve-tfe-url - working-directory: ${{ env.WORK_DIR_PATH }} - run: | - terraform output -no-color -raw tfe_url - - - name: Retrieve IACT URL - id: retrieve-iact-url - working-directory: ${{ env.WORK_DIR_PATH }} - run: | - terraform output -no-color -raw iact_url - - - name: Retrieve IACT - id: retrieve-iact - env: - IACT_URL: ${{ steps.retrieve-iact-url.outputs.stdout }} - run: | - token=$(curl --fail --retry 5 --verbose --proxy socks5://localhost:5000 "$IACT_URL") - echo "::set-output name=token::$token" - - - name: Retrieve Initial Admin User URL - id: retrieve-initial-admin-user-url - working-directory: ${{ env.WORK_DIR_PATH }} - run: | - terraform output -no-color -raw initial_admin_user_url - - - name: Create Admin in TFE - id: create-admin - env: - TFE_PASSWORD: ${{ secrets.TFE_PASSWORD }} - IAU_URL: ${{ steps.retrieve-initial-admin-user-url.outputs.stdout }} - IACT_TOKEN: ${{ steps.retrieve-iact.outputs.token }} - run: | - echo \ - '{"username": "test", "email": "tf-onprem-team@hashicorp.com", "password": "$TFE_PASSWORD"}' \ - > ./payload.json - response=$( \ - curl \ - --fail \ - --retry 5 \ - --verbose \ - --header 'Content-Type: application/json' \ - --data @./payload.json \ - --proxy socks5://localhost:5000 \ - "$IAU_URL"?token="$IACT_TOKEN") - echo "::set-output name=response::$response" - - - name: Retrieve Admin Token - id: retrieve-admin-token - env: - RESPONSE: ${{ steps.create-admin.outputs.response }} - run: | - token=$(echo "$RESPONSE" | jq --raw-output '.token') - echo "::set-output name=token::$token" - - - name: Run k6 Smoke Test - id: run-smoke-test - working-directory: ${{ env.K6_WORK_DIR_PATH }} - env: - K6_PATHNAME: "./k6" - TFE_URL: "${{ steps.retrieve-tfe-url.outputs.stdout }}" - TFE_API_TOKEN: "${{ steps.retrieve-admin-token.outputs.token }}" - TFE_EMAIL: tf-onprem-team@hashicorp.com - http_proxy: socks5://localhost:5000/ - https_proxy: socks5://localhost:5000/ - run: | - make smoke-test - - - name: Terraform Destroy - id: destroy - if: ${{ always() && github.event.client_payload.slash_command.args.named.destroy != 'false' }} - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform destroy -auto-approve -input=false -no-color - - # Run Terraform commands between these comments ^^^ - - - name: Update comment - if: ${{ always() }} - uses: peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d # v2.1.1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - repository: ${{ github.event.client_payload.github.payload.repository.full_name }} - comment-id: ${{ github.event.client_payload.github.payload.comment.id }} - body: | - ${{ format('### {0} Terraform Private Active/Active Test Report', job.status == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format(':link: [Action Summary Page]({0})', steps.vars.outputs.run-url) }} - - ${{ format('- {0} Terraform Init', steps.init.outcome == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format('- {0} Terraform Validate', steps.validate.outcome == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format('- {0} Terraform Apply', steps.apply.outcome == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format('- {0} Run k6 Smoke Test', steps.run-smoke-test.outcome == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ github.event.client_payload.slash_command.args.named.destroy != 'false' && format('- {0} Terraform Destroy', steps.destroy.outcome == 'success' && ':white_check_mark:' || ':x:') || '' }} + with: + test_name: Private Active/Active + utility_test: false + is_legacy_deployment: false + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + k6_work_dir: ./tests/tfe-load-test + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/private-active-active + TFC_token_secret_name: PRIVATE_ACTIVE_ACTIVE_TFC_TOKEN private_tcp_active_active: - name: Run tf-test on Private TCP Active/Active + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@ah/tf-5370 + secrets: inherit + name: Test AWS Private TCP Active/Active Scenario if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'private-tcp-active-active') }} - runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: write - env: - WORK_DIR_PATH: ./tests/private-tcp-active-active - K6_WORK_DIR_PATH: ./tests/tfe-load-test - AWS_DEFAULT_REGION: us-east-2 - steps: - - name: Create URL to the run output - id: vars - run: echo ::set-output name=run-url::https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID - - # Checkout the branch of the pull request being tested - - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - with: - repository: ${{ github.event.client_payload.pull_request.head.repo.full_name }} - ref: ${{ github.event.client_payload.pull_request.head.sha }} - token: ${{ secrets.GITHUB_TOKEN }} - persist-credentials: false - - # Checkout the hashicorp/tfe-load-test repository - - name: Checkout TFE Load Test - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - with: - path: ${{ env.K6_WORK_DIR_PATH }} - repository: hashicorp/tfe-load-test - token: ${{ secrets.GH_TFE_LOAD_TEST_TOKEN }} - persist-credentials: false - - - name: Install required tools - working-directory: ${{ env.K6_WORK_DIR_PATH }} - env: - K6_URL: https://github.com/loadimpact/k6/releases/download/v0.31.1/k6-v0.31.1-linux64.tar.gz - run: | - sudo apt-get install jq - curl -L $K6_URL | tar -xz --strip-components=1 - - - name: Setup Terraform - uses: hashicorp/setup-terraform@v1 - with: - cli_config_credentials_hostname: 'app.terraform.io' - cli_config_credentials_token: ${{ secrets.PRIVATE_TCP_ACTIVE_ACTIVE_TFC_TOKEN }} - terraform_version: 0.14.8 - terraform_wrapper: true - - # Run Terraform commands between these comments vvv - - - name: Terraform Init - id: init - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform init -input=false -no-color - - - name: Terraform Validate - id: validate - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform validate -no-color - - - name: Terraform Apply - id: apply - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform apply -auto-approve -input=false -no-color - - - name: Retrieve Health Check URL - id: retrieve-health-check-url - working-directory: ${{ env.WORK_DIR_PATH }} - run: | - terraform output -no-color -raw health_check_url - - - name: Retrieve Instance ID - id: retrieve-instance-id - working-directory: ${{ env.WORK_DIR_PATH }} - run: | - terraform output -no-color -raw proxy_instance_id - - - name: Write Private TCP SSH Key - env: - SSH_KEY_BASE64: ${{ secrets.PRIVATE_TCP_ACTIVE_ACTIVE_SSH_KEY_BASE64 }} - run: | - echo "$SSH_KEY_BASE64" | base64 --decode > ./ssh-key.pem - chmod 0400 ./ssh-key.pem - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 - with: - aws-access-key-id: ${{ secrets.PRIVATE_TCP_ACTIVE_ACTIVE_AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.PRIVATE_TCP_ACTIVE_ACTIVE_AWS_SECRET_ACCESS_KEY }} - aws-region: us-east-2 - role-to-assume: ${{ secrets.PRIVATE_TCP_ACTIVE_ACTIVE_AWS_ROLE_TO_ASSUME }} - role-duration-seconds: 2400 - role-skip-session-tagging: true - - - name: Start SOCKS5 Proxy - env: - INSTANCE_ID: ${{ steps.retrieve-instance-id.outputs.stdout }} - run: | - aws ec2 wait instance-status-ok --instance-ids "$INSTANCE_ID" - ssh \ - -o 'BatchMode yes' \ - -o 'StrictHostKeyChecking accept-new' \ - -o 'ServerAliveInterval 5' \ - -o 'ServerAliveCountMax 3' \ - -o 'ProxyCommand sh -c \ - "aws ssm start-session \ - --target %h \ - --document-name AWS-StartSSHSession \ - --parameters \"portNumber=%p\""' \ - -i ./ssh-key.pem \ - -f -N -p 22 -D localhost:5000 \ - ubuntu@"$INSTANCE_ID" - - - name: Wait For TFE - id: wait-for-tfe - timeout-minutes: 20 - env: - HEALTH_CHECK_URL: ${{ steps.retrieve-health-check-url.outputs.stdout }} - run: | - echo "Curling \`health_check_url\` for a return status of 200..." - while ! curl \ - --connect-timeout 10 \ - -sfS --max-time 5 --proxy socks5://localhost:5000 \ - --verbose \ - $HEALTH_CHECK_URL; \ - do sleep 5; done - - - name: Retrieve TFE URL - id: retrieve-tfe-url - working-directory: ${{ env.WORK_DIR_PATH }} - run: | - terraform output -no-color -raw tfe_url - - - name: Retrieve IACT URL - id: retrieve-iact-url - working-directory: ${{ env.WORK_DIR_PATH }} - run: | - terraform output -no-color -raw iact_url - - - name: Retrieve IACT - id: retrieve-iact - env: - IACT_URL: ${{ steps.retrieve-iact-url.outputs.stdout }} - run: | - token=$( \ - curl --fail --retry 5 --verbose \ - --connect-timeout 10 \ - --proxy socks5://localhost:5000 "$IACT_URL") - echo "::set-output name=token::$token" - - - name: Retrieve Initial Admin User URL - id: retrieve-initial-admin-user-url - working-directory: ${{ env.WORK_DIR_PATH }} - run: | - terraform output -no-color -raw initial_admin_user_url - - - name: Create Admin in TFE - id: create-admin - env: - TFE_PASSWORD: ${{ secrets.TFE_PASSWORD }} - IAU_URL: ${{ steps.retrieve-initial-admin-user-url.outputs.stdout }} - IACT_TOKEN: ${{ steps.retrieve-iact.outputs.token }} - run: | - echo \ - '{"username": "test", "email": "tf-onprem-team@hashicorp.com", "password": "$TFE_PASSWORD"}' \ - > ./payload.json - response=$( \ - curl \ - --connect-timeout 10 \ - --fail \ - --retry 5 \ - --verbose \ - --header 'Content-Type: application/json' \ - --data @./payload.json \ - --proxy socks5://localhost:5000 \ - "$IAU_URL"?token="$IACT_TOKEN") - echo "::set-output name=response::$response" - - - name: Retrieve Admin Token - id: retrieve-admin-token - env: - RESPONSE: ${{ steps.create-admin.outputs.response }} - run: | - token=$(echo "$RESPONSE" | jq --raw-output '.token') - echo "::set-output name=token::$token" - - - name: Run k6 Smoke Test - id: run-smoke-test - working-directory: ${{ env.K6_WORK_DIR_PATH }} - env: - K6_PATHNAME: "./k6" - TFE_URL: "${{ steps.retrieve-tfe-url.outputs.stdout }}" - TFE_API_TOKEN: "${{ steps.retrieve-admin-token.outputs.token }}" - TFE_EMAIL: tf-onprem-team@hashicorp.com - http_proxy: socks5://localhost:5000/ - https_proxy: socks5://localhost:5000/ - run: | - make smoke-test - - - name: Terraform Destroy - id: destroy - if: ${{ always() && github.event.client_payload.slash_command.args.named.destroy != 'false' }} - working-directory: ${{ env.WORK_DIR_PATH }} - run: terraform destroy -auto-approve -input=false -no-color - - # Run Terraform commands between these comments ^^^ - - - name: Update comment - if: ${{ always() }} - uses: peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d # v2.1.1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - repository: ${{ github.event.client_payload.github.payload.repository.full_name }} - comment-id: ${{ github.event.client_payload.github.payload.comment.id }} - body: | - ${{ format('### {0} Terraform Private TCP Active/Active Test Report', job.status == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format(':link: [Action Summary Page]({0})', steps.vars.outputs.run-url) }} - - ${{ format('- {0} Terraform Init', steps.init.outcome == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format('- {0} Terraform Validate', steps.validate.outcome == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format('- {0} Terraform Apply', steps.apply.outcome == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ format('- {0} Run k6 Smoke Test', steps.run-smoke-test.outcome == 'success' && ':white_check_mark:' || ':x:') }} - - ${{ github.event.client_payload.slash_command.args.named.destroy != 'false' && format('- {0} Terraform Destroy', steps.destroy.outcome == 'success' && ':white_check_mark:' || ':x:') || '' }} + with: + test_name: Private TCP Active/Active + utility_test: false + is_legacy_deployment: false + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + k6_work_dir: ./tests/tfe-load-test + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/private-tcp-active-active + TFC_token_secret_name: PRIVATE_TCP_ACTIVE_ACTIVE_TFC_TOKEN + + standalone_vault: + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@ah/tf-5370 + secrets: inherit + name: Test AWS Standalone Vault Scenario + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'standalone-vault') }} + with: + test_name: Standalone Vault + utility_test: false + is_legacy_deployment: false + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + k6_work_dir: ./tests/tfe-load-test + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/standalone-vault + first_apply_args: "-target=module.hcp_vault.hcp_vault_cluster.test -target=module.hcp_vault.hcp_vault_cluster_admin_token.test" + TFC_token_secret_name: STANDALONE_VAULT_TFC_TOKEN + TFC_workspace_substitution_pattern: 's/terraform {/terraform {\n\ + backend "remote" {\n\ + organization = "terraform-enterprise-modules-test"\n\ + workspaces {\n\ + name = "aws-standalone-vault"\n\ + }\n\ + }\n/' + + active_active_rhel7_proxy_legacy: + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@ah/tf-5370 + secrets: inherit + name: Test AWS Active/Active RHEL7 Proxy (Legacy) Scenario + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'active-active-rhel7-proxy-legacy') }} + with: + test_name: Active/Active RHEL7 Proxy (Legacy) + utility_test: false + is_legacy_deployment: true + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + k6_work_dir: ./tests/tfe-load-test + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/active-active-rhel7-proxy + TFC_token_secret_name: ACTIVE_ACTIVE_RHEL7_PROXY_LEGACY_TFC_TOKEN + TFC_workspace_substitution_pattern: 's/terraform {/terraform {\n\ + backend "remote" {\n\ + organization = "terraform-enterprise-modules-test"\n\ + workspaces {\n\ + name = "aws-active-active-rhel7-proxy-legacy"\n\ + }\n\ + }\n/' + + public_active_active_legacy: + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@ah/tf-5370 + secrets: inherit + name: Test AWS Public Active/Active (Legacy) Scenario + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'public-active-active-legacy') }} + with: + test_name: Public Active/Active (Legacy) + utility_test: false + is_legacy_deployment: true + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + k6_work_dir: ./tests/tfe-load-test + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/public-active-active + TFC_token_secret_name: PUBLIC_ACTIVE_ACTIVE_LEGACY_TFC_TOKEN + TFC_workspace_substitution_pattern: s/aws-public-active-active/aws-public-active-active-legacy/ + + private_active_active_legacy: + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@ah/tf-5370 + secrets: inherit + name: Test AWS Private Active/Active (Legacy) Scenario + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'private-active-active-legacy') }} + with: + test_name: Private Active/Active (Legacy) + utility_test: false + is_legacy_deployment: true + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + k6_work_dir: ./tests/tfe-load-test + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/private-active-active + TFC_token_secret_name: PRIVATE_ACTIVE_ACTIVE_LEGACY_TFC_TOKEN + TFC_workspace_substitution_pattern: s/aws-private-active-active/aws-private-active-active-legacy/ + + private_tcp_active_active_legacy: + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@ah/tf-5370 + secrets: inherit + name: Test AWS Private TCP Active/Active (Legacy) Scenario + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'private-tcp-active-active-legacy') }} + with: + test_name: Private TCP Active/Active (Legacy) + utility_test: false + is_legacy_deployment: true + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + k6_work_dir: ./tests/tfe-load-test + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/private-tcp-active-active + TFC_token_secret_name: PRIVATE_TCP_ACTIVE_ACTIVE_LEGACY_TFC_TOKEN + TFC_workspace_substitution_pattern: s/aws-private-tcp-active-active/aws-private-tcp-active-active-legacy/ + + standalone_vault_legacy: + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@ah/tf-5370 + secrets: inherit + name: Test AWS Standalone Vault (Legacy) Scenario + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'public-active-active-legacy') }} + with: + test_name: Standalone Vault (Legacy) + utility_test: false + is_legacy_deployment: true + module_repository_id: hashicorp/terraform-aws-terraform-enterprise + k6_work_dir: ./tests/tfe-load-test + pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} + pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} + pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} + work_dir: ./tests/standalone-vault + first_apply_args: "-target=module.hcp_vault.hcp_vault_cluster.test -target=module.hcp_vault.hcp_vault_cluster_admin_token.test" + TFC_token_secret_name: STANDALONE_VAULT_LEGACY_TFC_TOKEN + TFC_workspace_substitution_pattern: 's/terraform {/terraform {\n\ + backend "remote" {\n\ + organization = "terraform-enterprise-modules-test"\n\ + workspaces {\n\ + name = "aws-standalone-vault-legacy"\n\ + }\n\ + }\n/' From f398ea126f33aa8cf0f569dca0291c2447806135 Mon Sep 17 00:00:00 2001 From: anniehedgpeth Date: Thu, 21 Sep 2023 11:41:56 -0600 Subject: [PATCH 6/8] revert refs to main --- .github/workflows/handler-destroy.yml | 20 ++++++++++---------- .github/workflows/handler-test.yml | 20 ++++++++++---------- main.tf | 8 ++++---- 3 files changed, 24 insertions(+), 24 deletions(-) diff --git a/.github/workflows/handler-destroy.yml b/.github/workflows/handler-destroy.yml index b5728cc3..382379a1 100644 --- a/.github/workflows/handler-destroy.yml +++ b/.github/workflows/handler-destroy.yml @@ -10,7 +10,7 @@ env: jobs: active_active_rhel7_proxy: - uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@ah/tf-5370 + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main secrets: inherit name: Destroy resources from AWS Active/Active RHEL7 Proxy if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'active-active-rhel7-proxy') }} @@ -34,7 +34,7 @@ jobs: }\n/' public_active_active: - uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@ah/tf-5370 + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main secrets: inherit name: Destroy resources from AWS Public Active/Active if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'public-active-active') }} @@ -51,7 +51,7 @@ jobs: TFC_token_secret_name: PUBLIC_ACTIVE_ACTIVE_TFC_TOKEN private_active_active: - uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@ah/tf-5370 + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main secrets: inherit name: Destroy resources from AWS Private Active/Active if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'private-active-active') }} @@ -68,7 +68,7 @@ jobs: TFC_token_secret_name: PRIVATE_ACTIVE_ACTIVE_TFC_TOKEN private_tcp_active_active: - uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@ah/tf-5370 + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main secrets: inherit name: Destroy resources from AWS Private TCP Active/Active if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'private-tcp-active-active') }} @@ -85,7 +85,7 @@ jobs: TFC_token_secret_name: PRIVATE_TCP_ACTIVE_ACTIVE_TFC_TOKEN standalone_vault: - uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@ah/tf-5370 + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main secrets: inherit name: Destroy resources from AWS Standalone Vault if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'standalone-vault') }} @@ -109,7 +109,7 @@ jobs: }\n/' active_active_rhel7_proxy_legacy: - uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@ah/tf-5370 + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main secrets: inherit name: Destroy resources from AWS Active/Active RHEL7 Proxy (Legacy) if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'active-active-rhel7-proxy-legacy') }} @@ -133,7 +133,7 @@ jobs: }\n/' public_active_active_legacy: - uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@ah/tf-5370 + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main secrets: inherit name: Destroy resources from AWS Public Active/Active (Legacy) if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'public-active-active-legacy') }} @@ -151,7 +151,7 @@ jobs: TFC_workspace_substitution_pattern: s/aws-public-active-active/aws-public-active-active-legacy/ private_active_active_legacy: - uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@ah/tf-5370 + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main secrets: inherit name: Destroy resources from AWS Private Active/Active (Legacy) if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'private-active-active-legacy') }} @@ -169,7 +169,7 @@ jobs: TFC_workspace_substitution_pattern: s/aws-private-active-active/aws-private-active-active-legacy/ private_tcp_active_active_legacy: - uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@ah/tf-5370 + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main secrets: inherit name: Destroy resources from AWS Private TCP Active/Active (Legacy) if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'private-tcp-active-active-legacy') }} @@ -187,7 +187,7 @@ jobs: TFC_workspace_substitution_pattern: s/aws-private-tcp-active-active/aws-private-tcp-active-active-legacy/ standalone_vault_legacy: - uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@ah/tf-5370 + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main secrets: inherit name: Destroy resources from AWS Standalone Vault (Legacy) if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'public-active-active-legacy') }} diff --git a/.github/workflows/handler-test.yml b/.github/workflows/handler-test.yml index f6caee92..46782731 100644 --- a/.github/workflows/handler-test.yml +++ b/.github/workflows/handler-test.yml @@ -10,7 +10,7 @@ env: jobs: active_active_rhel7_proxy: - uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@ah/tf-5370 + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@main secrets: inherit name: Test AWS Active/Active RHEL7 Proxy Scenario if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'active-active-rhel7-proxy') }} @@ -34,7 +34,7 @@ jobs: }\n/' public_active_active: - uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@ah/tf-5370 + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@main secrets: inherit name: Test AWS Public Active/Active Scenario if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'public-active-active') }} @@ -51,7 +51,7 @@ jobs: TFC_token_secret_name: PUBLIC_ACTIVE_ACTIVE_TFC_TOKEN private_active_active: - uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@ah/tf-5370 + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@main secrets: inherit name: Test AWS Private Active/Active Scenario if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'private-active-active') }} @@ -68,7 +68,7 @@ jobs: TFC_token_secret_name: PRIVATE_ACTIVE_ACTIVE_TFC_TOKEN private_tcp_active_active: - uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@ah/tf-5370 + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@main secrets: inherit name: Test AWS Private TCP Active/Active Scenario if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'private-tcp-active-active') }} @@ -85,7 +85,7 @@ jobs: TFC_token_secret_name: PRIVATE_TCP_ACTIVE_ACTIVE_TFC_TOKEN standalone_vault: - uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@ah/tf-5370 + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@main secrets: inherit name: Test AWS Standalone Vault Scenario if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'standalone-vault') }} @@ -110,7 +110,7 @@ jobs: }\n/' active_active_rhel7_proxy_legacy: - uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@ah/tf-5370 + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@main secrets: inherit name: Test AWS Active/Active RHEL7 Proxy (Legacy) Scenario if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'active-active-rhel7-proxy-legacy') }} @@ -134,7 +134,7 @@ jobs: }\n/' public_active_active_legacy: - uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@ah/tf-5370 + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@main secrets: inherit name: Test AWS Public Active/Active (Legacy) Scenario if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'public-active-active-legacy') }} @@ -152,7 +152,7 @@ jobs: TFC_workspace_substitution_pattern: s/aws-public-active-active/aws-public-active-active-legacy/ private_active_active_legacy: - uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@ah/tf-5370 + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@main secrets: inherit name: Test AWS Private Active/Active (Legacy) Scenario if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'private-active-active-legacy') }} @@ -170,7 +170,7 @@ jobs: TFC_workspace_substitution_pattern: s/aws-private-active-active/aws-private-active-active-legacy/ private_tcp_active_active_legacy: - uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@ah/tf-5370 + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@main secrets: inherit name: Test AWS Private TCP Active/Active (Legacy) Scenario if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'private-tcp-active-active-legacy') }} @@ -188,7 +188,7 @@ jobs: TFC_workspace_substitution_pattern: s/aws-private-tcp-active-active/aws-private-tcp-active-active-legacy/ standalone_vault_legacy: - uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@ah/tf-5370 + uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@main secrets: inherit name: Test AWS Standalone Vault (Legacy) Scenario if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'public-active-active-legacy') }} diff --git a/main.tf b/main.tf index 5fde26da..8a946804 100644 --- a/main.tf +++ b/main.tf @@ -114,7 +114,7 @@ module "database" { # Docker Compose File Config for TFE on instance(s) using Flexible Deployment Options # ------------------------------------------------------------------------------------ module "docker_compose_config" { - source = "git::https://github.com/hashicorp/terraform-random-tfe-utility//modules/docker_compose_config?ref=ah/tf-5370" + source = "git::https://github.com/hashicorp/terraform-random-tfe-utility//modules/docker_compose_config?ref=main" count = var.is_legacy_deployment ? 0 : 1 hostname = local.fqdn @@ -167,7 +167,7 @@ module "docker_compose_config" { # AWS cloud init used to install and configure TFE on instance(s) using Flexible Deployment Options # -------------------------------------------------------------------------------------------------- module "tfe_init_fdo" { - source = "git::https://github.com/hashicorp/terraform-random-tfe-utility//modules/tfe_init?ref=ah/tf-5370" + source = "git::https://github.com/hashicorp/terraform-random-tfe-utility//modules/tfe_init?ref=main" count = var.is_legacy_deployment ? 0 : 1 cloud = "aws" @@ -203,7 +203,7 @@ module "tfe_init_fdo" { # TFE and Replicated settings to pass to the tfe_init_legacy module for legacy deployment # ---------------------------------------------------------------------------------------- module "settings" { - source = "git::https://github.com/hashicorp/terraform-random-tfe-utility//modules/settings?ref=ah/tf-5370" + source = "git::https://github.com/hashicorp/terraform-random-tfe-utility//modules/settings?ref=main" count = var.is_legacy_deployment ? 1 : 0 # TFE Base Configuration @@ -274,7 +274,7 @@ module "settings" { # AWS user data / cloud init used to install and configure TFE on instance(s) # ----------------------------------------------------------------------------- module "tfe_init_legacy" { - source = "git::https://github.com/hashicorp/terraform-random-tfe-utility//modules/tfe_init_legacy?ref=ah/tf-5370" + source = "git::https://github.com/hashicorp/terraform-random-tfe-utility//modules/tfe_init_legacy?ref=main" count = var.is_legacy_deployment ? 1 : 0 # TFE & Replicated Configuration data From 1377b0c07931a6068b872367c2ea039277df9b40 Mon Sep 17 00:00:00 2001 From: anniehedgpeth Date: Thu, 21 Sep 2023 14:06:59 -0600 Subject: [PATCH 7/8] rename to is_replicated_deployment --- .github/workflows/handler-destroy.yml | 20 ++++++++++---------- .github/workflows/handler-test.yml | 20 ++++++++++---------- main.tf | 12 ++++++------ modules/vm/main.tf | 6 +++--- modules/vm/variables.tf | 2 +- outputs.tf | 6 +++--- tests/active-active-rhel7-proxy/main.tf | 2 +- tests/active-active-rhel7-proxy/variables.tf | 10 +++++----- tests/private-active-active/main.tf | 2 +- tests/private-active-active/variables.tf | 10 +++++----- tests/private-tcp-active-active/main.tf | 2 +- tests/private-tcp-active-active/variables.tf | 10 +++++----- tests/public-active-active/main.tf | 2 +- tests/public-active-active/variables.tf | 10 +++++----- tests/standalone-vault/main.tf | 2 +- tests/standalone-vault/variables.tf | 10 +++++----- variables.tf | 20 ++++++++++---------- 17 files changed, 73 insertions(+), 73 deletions(-) diff --git a/.github/workflows/handler-destroy.yml b/.github/workflows/handler-destroy.yml index 382379a1..d2a1d0f1 100644 --- a/.github/workflows/handler-destroy.yml +++ b/.github/workflows/handler-destroy.yml @@ -18,7 +18,7 @@ jobs: cloud: AWS test_name: Active/Active RHEL7 Proxy utility_test: false - is_legacy_deployment: false + is_replicated_deployment: false module_repository_id: hashicorp/terraform-aws-terraform-enterprise pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} @@ -42,7 +42,7 @@ jobs: cloud: AWS test_name: Public Active/Active utility_test: false - is_legacy_deployment: false + is_replicated_deployment: false module_repository_id: hashicorp/terraform-aws-terraform-enterprise pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} @@ -59,7 +59,7 @@ jobs: cloud: AWS test_name: Private Active/Active utility_test: false - is_legacy_deployment: false + is_replicated_deployment: false module_repository_id: hashicorp/terraform-aws-terraform-enterprise pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} @@ -76,7 +76,7 @@ jobs: cloud: AWS test_name: Private TCP Active/Active utility_test: false - is_legacy_deployment: false + is_replicated_deployment: false module_repository_id: hashicorp/terraform-aws-terraform-enterprise pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} @@ -93,7 +93,7 @@ jobs: cloud: AWS test_name: Standalone Vault utility_test: false - is_legacy_deployment: false + is_replicated_deployment: false module_repository_id: hashicorp/terraform-aws-terraform-enterprise pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} @@ -117,7 +117,7 @@ jobs: cloud: AWS test_name: Active/Active RHEL7 Proxy (Legacy) utility_test: false - is_legacy_deployment: true + is_replicated_deployment: true module_repository_id: hashicorp/terraform-aws-terraform-enterprise pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} @@ -141,7 +141,7 @@ jobs: cloud: AWS test_name: Public Active/Active (Legacy) utility_test: false - is_legacy_deployment: true + is_replicated_deployment: true module_repository_id: hashicorp/terraform-aws-terraform-enterprise pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} @@ -159,7 +159,7 @@ jobs: cloud: AWS test_name: Private Active/Active (Legacy) utility_test: false - is_legacy_deployment: true + is_replicated_deployment: true module_repository_id: hashicorp/terraform-aws-terraform-enterprise pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} @@ -177,7 +177,7 @@ jobs: cloud: AWS test_name: Private TCP Active/Active (Legacy) utility_test: false - is_legacy_deployment: true + is_replicated_deployment: true module_repository_id: hashicorp/terraform-aws-terraform-enterprise pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} @@ -195,7 +195,7 @@ jobs: cloud: AWS test_name: Standalone Vault (Legacy) utility_test: false - is_legacy_deployment: true + is_replicated_deployment: true module_repository_id: hashicorp/terraform-aws-terraform-enterprise pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} diff --git a/.github/workflows/handler-test.yml b/.github/workflows/handler-test.yml index 46782731..55dc602f 100644 --- a/.github/workflows/handler-test.yml +++ b/.github/workflows/handler-test.yml @@ -17,7 +17,7 @@ jobs: with: test_name: Active/Active RHEL7 Proxy utility_test: false - is_legacy_deployment: false + is_replicated_deployment: false module_repository_id: hashicorp/terraform-aws-terraform-enterprise k6_work_dir: ./tests/tfe-load-test pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} @@ -41,7 +41,7 @@ jobs: with: test_name: Public Active/Active utility_test: false - is_legacy_deployment: false + is_replicated_deployment: false module_repository_id: hashicorp/terraform-aws-terraform-enterprise k6_work_dir: ./tests/tfe-load-test pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} @@ -58,7 +58,7 @@ jobs: with: test_name: Private Active/Active utility_test: false - is_legacy_deployment: false + is_replicated_deployment: false module_repository_id: hashicorp/terraform-aws-terraform-enterprise k6_work_dir: ./tests/tfe-load-test pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} @@ -75,7 +75,7 @@ jobs: with: test_name: Private TCP Active/Active utility_test: false - is_legacy_deployment: false + is_replicated_deployment: false module_repository_id: hashicorp/terraform-aws-terraform-enterprise k6_work_dir: ./tests/tfe-load-test pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} @@ -92,7 +92,7 @@ jobs: with: test_name: Standalone Vault utility_test: false - is_legacy_deployment: false + is_replicated_deployment: false module_repository_id: hashicorp/terraform-aws-terraform-enterprise k6_work_dir: ./tests/tfe-load-test pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} @@ -117,7 +117,7 @@ jobs: with: test_name: Active/Active RHEL7 Proxy (Legacy) utility_test: false - is_legacy_deployment: true + is_replicated_deployment: true module_repository_id: hashicorp/terraform-aws-terraform-enterprise k6_work_dir: ./tests/tfe-load-test pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} @@ -141,7 +141,7 @@ jobs: with: test_name: Public Active/Active (Legacy) utility_test: false - is_legacy_deployment: true + is_replicated_deployment: true module_repository_id: hashicorp/terraform-aws-terraform-enterprise k6_work_dir: ./tests/tfe-load-test pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} @@ -159,7 +159,7 @@ jobs: with: test_name: Private Active/Active (Legacy) utility_test: false - is_legacy_deployment: true + is_replicated_deployment: true module_repository_id: hashicorp/terraform-aws-terraform-enterprise k6_work_dir: ./tests/tfe-load-test pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} @@ -177,7 +177,7 @@ jobs: with: test_name: Private TCP Active/Active (Legacy) utility_test: false - is_legacy_deployment: true + is_replicated_deployment: true module_repository_id: hashicorp/terraform-aws-terraform-enterprise k6_work_dir: ./tests/tfe-load-test pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} @@ -195,7 +195,7 @@ jobs: with: test_name: Standalone Vault (Legacy) utility_test: false - is_legacy_deployment: true + is_replicated_deployment: true module_repository_id: hashicorp/terraform-aws-terraform-enterprise k6_work_dir: ./tests/tfe-load-test pull_request_repo_name: ${{ github.event.client_payload.github.payload.repository.full_name }} diff --git a/main.tf b/main.tf index 8a946804..400856db 100644 --- a/main.tf +++ b/main.tf @@ -115,7 +115,7 @@ module "database" { # ------------------------------------------------------------------------------------ module "docker_compose_config" { source = "git::https://github.com/hashicorp/terraform-random-tfe-utility//modules/docker_compose_config?ref=main" - count = var.is_legacy_deployment ? 0 : 1 + count = var.is_replicated_deployment ? 0 : 1 hostname = local.fqdn tfe_license = var.hc_license @@ -168,7 +168,7 @@ module "docker_compose_config" { # -------------------------------------------------------------------------------------------------- module "tfe_init_fdo" { source = "git::https://github.com/hashicorp/terraform-random-tfe-utility//modules/tfe_init?ref=main" - count = var.is_legacy_deployment ? 0 : 1 + count = var.is_replicated_deployment ? 0 : 1 cloud = "aws" operational_mode = var.operational_mode @@ -204,7 +204,7 @@ module "tfe_init_fdo" { # ---------------------------------------------------------------------------------------- module "settings" { source = "git::https://github.com/hashicorp/terraform-random-tfe-utility//modules/settings?ref=main" - count = var.is_legacy_deployment ? 1 : 0 + count = var.is_replicated_deployment ? 1 : 0 # TFE Base Configuration consolidated_services = var.consolidated_services @@ -275,7 +275,7 @@ module "settings" { # ----------------------------------------------------------------------------- module "tfe_init_legacy" { source = "git::https://github.com/hashicorp/terraform-random-tfe-utility//modules/tfe_init_legacy?ref=main" - count = var.is_legacy_deployment ? 1 : 0 + count = var.is_replicated_deployment ? 1 : 0 # TFE & Replicated Configuration data cloud = "aws" @@ -349,10 +349,10 @@ module "vm" { friendly_name_prefix = var.friendly_name_prefix key_name = var.key_name instance_type = var.instance_type - is_legacy_deployment = var.is_legacy_deployment + is_replicated_deployment = var.is_replicated_deployment network_id = local.network_id network_subnets_private = local.network_private_subnets network_private_subnet_cidrs = local.network_private_subnet_cidrs node_count = var.node_count - user_data_base64 = var.is_legacy_deployment ? module.tfe_init_legacy[0].tfe_userdata_base64_encoded : module.tfe_init_fdo[0].tfe_userdata_base64_encoded + user_data_base64 = var.is_replicated_deployment ? module.tfe_init_legacy[0].tfe_userdata_base64_encoded : module.tfe_init_fdo[0].tfe_userdata_base64_encoded } diff --git a/modules/vm/main.tf b/modules/vm/main.tf index e60ad9a6..e7a93eaf 100644 --- a/modules/vm/main.tf +++ b/modules/vm/main.tf @@ -20,7 +20,7 @@ resource "aws_security_group_rule" "tfe_ui" { } resource "aws_security_group_rule" "vault_cluster" { - count = var.active_active && !var.is_legacy_deployment ? 1 : 0 + count = var.active_active && !var.is_replicated_deployment ? 1 : 0 security_group_id = aws_security_group.tfe_instance.id type = "ingress" @@ -62,7 +62,7 @@ resource "aws_security_group_rule" "tfe_outbound" { } resource "aws_security_group_rule" "tfe_dashboard" { - count = !var.active_active || var.is_legacy_deployment ? 1 : 0 + count = !var.active_active || var.is_replicated_deployment ? 1 : 0 security_group_id = aws_security_group.tfe_instance.id type = "ingress" from_port = 8800 @@ -119,7 +119,7 @@ resource "aws_autoscaling_group" "tfe_asg" { max_size = var.node_count desired_capacity = var.node_count vpc_zone_identifier = var.network_subnets_private - target_group_arns = var.active_active || !var.is_legacy_deployment ? [var.aws_lb_target_group_tfe_tg_443_arn] : [ + target_group_arns = var.active_active || !var.is_replicated_deployment ? [var.aws_lb_target_group_tfe_tg_443_arn] : [ var.aws_lb_target_group_tfe_tg_8800_arn, var.aws_lb_target_group_tfe_tg_443_arn, ] diff --git a/modules/vm/variables.tf b/modules/vm/variables.tf index 7e81463a..c0f6624c 100644 --- a/modules/vm/variables.tf +++ b/modules/vm/variables.tf @@ -66,7 +66,7 @@ variable "friendly_name_prefix" { description = "(Required) Friendly name prefix used for tagging and naming AWS resources." } -variable "is_legacy_deployment" { +variable "is_replicated_deployment" { type = bool description = "TFE will be installed using a Replicated license and deployment method." } diff --git a/outputs.tf b/outputs.tf index 18396ab5..203e1b5b 100644 --- a/outputs.tf +++ b/outputs.tf @@ -61,12 +61,12 @@ output "health_check_url" { } output "login_url" { - value = var.is_legacy_deployment ? "https://${local.fqdn}/admin/account/new?token=${module.settings[0].tfe_configuration.user_token.value}" : "On the TFE instance, retrieve the IACT Token with `docker exec -t terraform-enterprise-tfe-1 /bin/bash -c /usr/local/bin/retrieve-iact` and then navigate to https://${local.fqdn}/admin/account/new?token=." + value = var.is_replicated_deployment ? "https://${local.fqdn}/admin/account/new?token=${module.settings[0].tfe_configuration.user_token.value}" : "On the TFE instance, retrieve the IACT Token with `docker exec -t terraform-enterprise-tfe-1 /bin/bash -c /usr/local/bin/retrieve-iact` and then navigate to https://${local.fqdn}/admin/account/new?token=." description = "Login URL to setup the TFE instance once it is initialized" } output "replicated_console_url" { - value = var.is_legacy_deployment ? "https://${local.fqdn}:8800/" : "FDO deployments do not have a console." + value = var.is_replicated_deployment ? "https://${local.fqdn}:8800/" : "FDO deployments do not have a console." description = "The URL of the Terraform Enterprise Replicated administration console." } @@ -84,7 +84,7 @@ output "tfe_autoscaling_group" { } output "replicated_dashboard_password" { - value = var.is_legacy_deployment ? module.settings[0].replicated_configuration.DaemonAuthenticationPassword : "This is only used for legacy deployments." + value = var.is_replicated_deployment ? module.settings[0].replicated_configuration.DaemonAuthenticationPassword : "This is only used for legacy deployments." description = "The password for the TFE console" sensitive = true } diff --git a/tests/active-active-rhel7-proxy/main.tf b/tests/active-active-rhel7-proxy/main.tf index 23563bbe..a1a84b58 100644 --- a/tests/active-active-rhel7-proxy/main.tf +++ b/tests/active-active-rhel7-proxy/main.tf @@ -100,7 +100,7 @@ module "tfe" { asg_tags = local.common_tags # FDO Specific Values - is_legacy_deployment = var.is_legacy_deployment + is_replicated_deployment = var.is_replicated_deployment hc_license = var.hc_license license_reporting_opt_out = true registry_password = var.registry_password diff --git a/tests/active-active-rhel7-proxy/variables.tf b/tests/active-active-rhel7-proxy/variables.tf index a9e29edd..e1167c68 100644 --- a/tests/active-active-rhel7-proxy/variables.tf +++ b/tests/active-active-rhel7-proxy/variables.tf @@ -45,10 +45,10 @@ variable "domain_name" { variable "hc_license" { default = null type = string - description = "(Not needed if is_legacy_deployment is true) The raw TFE license that is validated on application startup." + description = "(Not needed if is_replicated_deployment is true) The raw TFE license that is validated on application startup." } -variable "is_legacy_deployment" { +variable "is_replicated_deployment" { type = bool description = "TFE will be installed using a Replicated license and deployment method." default = true @@ -74,19 +74,19 @@ variable "object_storage_iam_user_name" { variable "registry_username" { default = null type = string - description = "(Not needed if is_legacy_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." + description = "(Not needed if is_replicated_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." } variable "registry_password" { default = null type = string - description = "(Not needed if is_legacy_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." + description = "(Not needed if is_replicated_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." } variable "tfe_image_tag" { default = "latest" type = string - description = "(Not needed if is_legacy_deployment is true) The image version of the terraform-enterprise image (e.g. \"1234567\")" + description = "(Not needed if is_replicated_deployment is true) The image version of the terraform-enterprise image (e.g. \"1234567\")" } variable "tfe_license_secret_id" { diff --git a/tests/private-active-active/main.tf b/tests/private-active-active/main.tf index 97d770a1..e27868d9 100644 --- a/tests/private-active-active/main.tf +++ b/tests/private-active-active/main.tf @@ -69,7 +69,7 @@ module "private_active_active" { asg_tags = local.common_tags # FDO Specific Values - is_legacy_deployment = var.is_legacy_deployment + is_replicated_deployment = var.is_replicated_deployment hc_license = var.hc_license license_reporting_opt_out = true registry_password = var.registry_password diff --git a/tests/private-active-active/variables.tf b/tests/private-active-active/variables.tf index e37fa6ec..30da6ffe 100644 --- a/tests/private-active-active/variables.tf +++ b/tests/private-active-active/variables.tf @@ -25,10 +25,10 @@ variable "domain_name" { variable "hc_license" { default = null type = string - description = "(Not needed if is_legacy_deployment is true) The raw TFE license that is validated on application startup." + description = "(Not needed if is_replicated_deployment is true) The raw TFE license that is validated on application startup." } -variable "is_legacy_deployment" { +variable "is_replicated_deployment" { type = bool description = "TFE will be installed using a Replicated license and deployment method." default = true @@ -48,19 +48,19 @@ variable "license_file" { variable "registry_username" { default = null type = string - description = "(Not needed if is_legacy_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." + description = "(Not needed if is_replicated_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." } variable "registry_password" { default = null type = string - description = "(Not needed if is_legacy_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." + description = "(Not needed if is_replicated_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." } variable "tfe_image_tag" { default = "latest" type = string - description = "(Not needed if is_legacy_deployment is true) The image version of the terraform-enterprise image (e.g. \"1234567\")" + description = "(Not needed if is_replicated_deployment is true) The image version of the terraform-enterprise image (e.g. \"1234567\")" } variable "tfe_license_secret_id" { diff --git a/tests/private-tcp-active-active/main.tf b/tests/private-tcp-active-active/main.tf index df80c44a..8b667943 100644 --- a/tests/private-tcp-active-active/main.tf +++ b/tests/private-tcp-active-active/main.tf @@ -76,7 +76,7 @@ module "private_tcp_active_active" { asg_tags = local.common_tags # FDO Specific Values - is_legacy_deployment = var.is_legacy_deployment + is_replicated_deployment = var.is_replicated_deployment hc_license = var.hc_license license_reporting_opt_out = true registry_password = var.registry_password diff --git a/tests/private-tcp-active-active/variables.tf b/tests/private-tcp-active-active/variables.tf index 17d5d4ea..42d9ca0f 100644 --- a/tests/private-tcp-active-active/variables.tf +++ b/tests/private-tcp-active-active/variables.tf @@ -40,10 +40,10 @@ variable "domain_name" { variable "hc_license" { default = null type = string - description = "(Not needed if is_legacy_deployment is true) The raw TFE license that is validated on application startup." + description = "(Not needed if is_replicated_deployment is true) The raw TFE license that is validated on application startup." } -variable "is_legacy_deployment" { +variable "is_replicated_deployment" { type = bool description = "TFE will be installed using a Replicated license and deployment method." default = true @@ -68,19 +68,19 @@ variable "private_key_pem_secret_id" { variable "registry_username" { default = null type = string - description = "(Not needed if is_legacy_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." + description = "(Not needed if is_replicated_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." } variable "registry_password" { default = null type = string - description = "(Not needed if is_legacy_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." + description = "(Not needed if is_replicated_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." } variable "tfe_image_tag" { default = "latest" type = string - description = "(Not needed if is_legacy_deployment is true) The image version of the terraform-enterprise image (e.g. \"1234567\")" + description = "(Not needed if is_replicated_deployment is true) The image version of the terraform-enterprise image (e.g. \"1234567\")" } variable "tfe_license_secret_id" { diff --git a/tests/public-active-active/main.tf b/tests/public-active-active/main.tf index 03afd9de..870e4a1b 100644 --- a/tests/public-active-active/main.tf +++ b/tests/public-active-active/main.tf @@ -59,7 +59,7 @@ module "public_active_active" { asg_tags = local.common_tags # FDO Specific Values - is_legacy_deployment = var.is_legacy_deployment + is_replicated_deployment = var.is_replicated_deployment hc_license = var.hc_license license_reporting_opt_out = true registry_password = var.registry_password diff --git a/tests/public-active-active/variables.tf b/tests/public-active-active/variables.tf index 7adef03e..eef37957 100644 --- a/tests/public-active-active/variables.tf +++ b/tests/public-active-active/variables.tf @@ -25,7 +25,7 @@ variable "domain_name" { variable "hc_license" { default = null type = string - description = "(Not needed if is_legacy_deployment is true) The raw TFE license that is validated on application startup." + description = "(Not needed if is_replicated_deployment is true) The raw TFE license that is validated on application startup." } variable "iact_subnet_list" { @@ -34,7 +34,7 @@ variable "iact_subnet_list" { type = list(string) } -variable "is_legacy_deployment" { +variable "is_replicated_deployment" { type = bool description = "TFE will be installed using a Replicated license and deployment method." default = true @@ -54,19 +54,19 @@ variable "license_file" { variable "registry_username" { default = null type = string - description = "(Not needed if is_legacy_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." + description = "(Not needed if is_replicated_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." } variable "registry_password" { default = null type = string - description = "(Not needed if is_legacy_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." + description = "(Not needed if is_replicated_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." } variable "tfe_image_tag" { default = "latest" type = string - description = "(Not needed if is_legacy_deployment is true) The image version of the terraform-enterprise image (e.g. \"1234567\")" + description = "(Not needed if is_replicated_deployment is true) The image version of the terraform-enterprise image (e.g. \"1234567\")" } variable "tfe_license_secret_id" { diff --git a/tests/standalone-vault/main.tf b/tests/standalone-vault/main.tf index e37d18bf..df98163c 100644 --- a/tests/standalone-vault/main.tf +++ b/tests/standalone-vault/main.tf @@ -73,7 +73,7 @@ module "standalone_vault" { asg_tags = local.common_tags # FDO Specific Values - is_legacy_deployment = var.is_legacy_deployment + is_replicated_deployment = var.is_replicated_deployment hc_license = var.hc_license license_reporting_opt_out = true registry_password = var.registry_password diff --git a/tests/standalone-vault/variables.tf b/tests/standalone-vault/variables.tf index 2c9ed082..36ba7f1e 100644 --- a/tests/standalone-vault/variables.tf +++ b/tests/standalone-vault/variables.tf @@ -25,10 +25,10 @@ variable "domain_name" { variable "hc_license" { default = null type = string - description = "(Not needed if is_legacy_deployment is true) The raw TFE license that is validated on application startup." + description = "(Not needed if is_replicated_deployment is true) The raw TFE license that is validated on application startup." } -variable "is_legacy_deployment" { +variable "is_replicated_deployment" { type = bool description = "TFE will be installed using a Replicated license and deployment method." default = true @@ -49,19 +49,19 @@ variable "license_file" { variable "registry_username" { default = null type = string - description = "(Not needed if is_legacy_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." + description = "(Not needed if is_replicated_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." } variable "registry_password" { default = null type = string - description = "(Not needed if is_legacy_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." + description = "(Not needed if is_replicated_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." } variable "tfe_image_tag" { default = "latest" type = string - description = "(Not needed if is_legacy_deployment is true) The image version of the terraform-enterprise image (e.g. \"1234567\")" + description = "(Not needed if is_replicated_deployment is true) The image version of the terraform-enterprise image (e.g. \"1234567\")" } variable "tfe_license_secret_id" { diff --git a/variables.tf b/variables.tf index 8b3d3dd9..b02b8e07 100644 --- a/variables.tf +++ b/variables.tf @@ -290,10 +290,10 @@ variable "enable_ssh" { variable "hc_license" { default = null type = string - description = "(Not needed if is_legacy_deployment is true) The raw TFE license that is validated on application startup." + description = "(Not needed if is_replicated_deployment is true) The raw TFE license that is validated on application startup." } -variable "is_legacy_deployment" { +variable "is_replicated_deployment" { type = bool description = "TFE will be installed using a Replicated license and deployment method." default = true @@ -366,7 +366,7 @@ variable "key_name" { variable "license_reporting_opt_out" { default = false type = bool - description = "(Not needed if is_legacy_deployment is true) Whether to opt out of reporting licensing information to HashiCorp. Defaults to false." + description = "(Not needed if is_replicated_deployment is true) Whether to opt out of reporting licensing information to HashiCorp. Defaults to false." } variable "node_count" { @@ -389,13 +389,13 @@ variable "pg_extra_params" { variable "registry_username" { default = null type = string - description = "(Not needed if is_legacy_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." + description = "(Not needed if is_replicated_deployment is true) The username for the docker registry from which to source the terraform_enterprise container images." } variable "registry_password" { default = null type = string - description = "(Not needed if is_legacy_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." + description = "(Not needed if is_replicated_deployment is true) The password for the docker registry from which to source the terraform_enterprise container images." } variable "release_sequence" { @@ -407,7 +407,7 @@ variable "release_sequence" { variable "run_pipeline_image" { default = null type = string - description = "(Not needed if is_legacy_deployment is true) Container image used to execute Terraform runs. Leave blank to use the default image that comes with Terraform Enterprise. Defaults to ''." + description = "(Not needed if is_replicated_deployment is true) Container image used to execute Terraform runs. Leave blank to use the default image that comes with Terraform Enterprise. Defaults to ''." } variable "ssl_policy" { @@ -419,19 +419,19 @@ variable "ssl_policy" { variable "tls_ca_bundle_file" { default = null type = string - description = "(Not needed if is_legacy_deployment is true) Path to a file containing TLS CA certificates to be added to the OS CA certificates bundle. Leave blank to not add CA certificates to the OS CA certificates bundle. Defaults to ''." + description = "(Not needed if is_replicated_deployment is true) Path to a file containing TLS CA certificates to be added to the OS CA certificates bundle. Leave blank to not add CA certificates to the OS CA certificates bundle. Defaults to ''." } variable "tls_ciphers" { default = null type = string - description = "(Not needed if is_legacy_deployment is true) TLS ciphers to use for TLS. Must be valid OpenSSL format. Leave blank to use the default ciphers. Defaults to ''" + description = "(Not needed if is_replicated_deployment is true) TLS ciphers to use for TLS. Must be valid OpenSSL format. Leave blank to use the default ciphers. Defaults to ''" } variable "tls_version" { default = null type = string - description = "(Not needed if is_legacy_deployment is true) TLS version to use. Leave blank to use both TLS v1.2 and TLS v1.3. Defaults to '' if no value is given." + description = "(Not needed if is_replicated_deployment is true) TLS version to use. Leave blank to use both TLS v1.2 and TLS v1.3. Defaults to '' if no value is given." validation { condition = ( var.tls_version == null || @@ -445,7 +445,7 @@ variable "tls_version" { variable "tfe_image" { default = "quay.io/hashicorp/terraform-enterprise:latest" type = string - description = "(Not needed if is_legacy_deployment is true) The registry path, image name, and image version (e.g. \"quay.io/hashicorp/terraform-enterprise:1234567\")" + description = "(Not needed if is_replicated_deployment is true) The registry path, image name, and image version (e.g. \"quay.io/hashicorp/terraform-enterprise:1234567\")" } variable "tfe_subdomain" { From 9bebb9566dcab9389e407c85d377bb0c3231d72b Mon Sep 17 00:00:00 2001 From: anniehedgpeth Date: Thu, 21 Sep 2023 14:13:14 -0600 Subject: [PATCH 8/8] legacy/replicated change --- .github/workflows/handler-destroy.yml | 60 +++++++++++++-------------- .github/workflows/handler-help.yml | 12 +++--- .github/workflows/handler-test.yml | 60 +++++++++++++-------------- main.tf | 12 +++--- outputs.tf | 2 +- variables.tf | 2 +- 6 files changed, 74 insertions(+), 74 deletions(-) diff --git a/.github/workflows/handler-destroy.yml b/.github/workflows/handler-destroy.yml index d2a1d0f1..8b2cc162 100644 --- a/.github/workflows/handler-destroy.yml +++ b/.github/workflows/handler-destroy.yml @@ -108,14 +108,14 @@ jobs: }\n\ }\n/' - active_active_rhel7_proxy_legacy: + active_active_rhel7_proxy_replicated: uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main secrets: inherit - name: Destroy resources from AWS Active/Active RHEL7 Proxy (Legacy) - if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'active-active-rhel7-proxy-legacy') }} + name: Destroy resources from AWS Active/Active RHEL7 Proxy (Replicated) + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'active-active-rhel7-proxy-replicated') }} with: cloud: AWS - test_name: Active/Active RHEL7 Proxy (Legacy) + test_name: Active/Active RHEL7 Proxy (Replicated) utility_test: false is_replicated_deployment: true module_repository_id: hashicorp/terraform-aws-terraform-enterprise @@ -123,23 +123,23 @@ jobs: pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} work_dir: ./tests/active-active-rhel7-proxy - TFC_token_secret_name: ACTIVE_ACTIVE_RHEL7_PROXY_LEGACY_TFC_TOKEN + TFC_token_secret_name: ACTIVE_ACTIVE_RHEL7_PROXY_REPLICATED_TFC_TOKEN TFC_workspace_substitution_pattern: 's/terraform {/terraform {\n\ backend "remote" {\n\ organization = "terraform-enterprise-modules-test"\n\ workspaces {\n\ - name = "aws-active-active-rhel7-proxy-legacy"\n\ + name = "aws-active-active-rhel7-proxy-replicated"\n\ }\n\ }\n/' - public_active_active_legacy: + public_active_active_replicated: uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main secrets: inherit - name: Destroy resources from AWS Public Active/Active (Legacy) - if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'public-active-active-legacy') }} + name: Destroy resources from AWS Public Active/Active (Replicated) + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'public-active-active-replicated') }} with: cloud: AWS - test_name: Public Active/Active (Legacy) + test_name: Public Active/Active (Replicated) utility_test: false is_replicated_deployment: true module_repository_id: hashicorp/terraform-aws-terraform-enterprise @@ -147,17 +147,17 @@ jobs: pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} work_dir: ./tests/public-active-active - TFC_token_secret_name: PUBLIC_ACTIVE_ACTIVE_LEGACY_TFC_TOKEN - TFC_workspace_substitution_pattern: s/aws-public-active-active/aws-public-active-active-legacy/ + TFC_token_secret_name: PUBLIC_ACTIVE_ACTIVE_REPLICATED_TFC_TOKEN + TFC_workspace_substitution_pattern: s/aws-public-active-active/aws-public-active-active-replicated/ - private_active_active_legacy: + private_active_active_replicated: uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main secrets: inherit - name: Destroy resources from AWS Private Active/Active (Legacy) - if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'private-active-active-legacy') }} + name: Destroy resources from AWS Private Active/Active (Replicated) + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'private-active-active-replicated') }} with: cloud: AWS - test_name: Private Active/Active (Legacy) + test_name: Private Active/Active (Replicated) utility_test: false is_replicated_deployment: true module_repository_id: hashicorp/terraform-aws-terraform-enterprise @@ -165,17 +165,17 @@ jobs: pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} work_dir: ./tests/private-active-active - TFC_token_secret_name: PRIVATE_ACTIVE_ACTIVE_LEGACY_TFC_TOKEN - TFC_workspace_substitution_pattern: s/aws-private-active-active/aws-private-active-active-legacy/ + TFC_token_secret_name: PRIVATE_ACTIVE_ACTIVE_REPLICATED_TFC_TOKEN + TFC_workspace_substitution_pattern: s/aws-private-active-active/aws-private-active-active-replicated/ - private_tcp_active_active_legacy: + private_tcp_active_active_replicated: uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main secrets: inherit - name: Destroy resources from AWS Private TCP Active/Active (Legacy) - if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'private-tcp-active-active-legacy') }} + name: Destroy resources from AWS Private TCP Active/Active (Replicated) + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'private-tcp-active-active-replicated') }} with: cloud: AWS - test_name: Private TCP Active/Active (Legacy) + test_name: Private TCP Active/Active (Replicated) utility_test: false is_replicated_deployment: true module_repository_id: hashicorp/terraform-aws-terraform-enterprise @@ -183,17 +183,17 @@ jobs: pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} work_dir: ./tests/private-tcp-active-active - TFC_token_secret_name: PRIVATE_TCP_ACTIVE_ACTIVE_LEGACY_TFC_TOKEN - TFC_workspace_substitution_pattern: s/aws-private-tcp-active-active/aws-private-tcp-active-active-legacy/ + TFC_token_secret_name: PRIVATE_TCP_ACTIVE_ACTIVE_REPLICATED_TFC_TOKEN + TFC_workspace_substitution_pattern: s/aws-private-tcp-active-active/aws-private-tcp-active-active-replicated/ - standalone_vault_legacy: + standalone_vault_replicated: uses: hashicorp/terraform-random-tfe-utility/.github/workflows/destroy.yml@main secrets: inherit - name: Destroy resources from AWS Standalone Vault (Legacy) - if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'public-active-active-legacy') }} + name: Destroy resources from AWS Standalone Vault (Replicated) + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'public-active-active-replicated') }} with: cloud: AWS - test_name: Standalone Vault (Legacy) + test_name: Standalone Vault (Replicated) utility_test: false is_replicated_deployment: true module_repository_id: hashicorp/terraform-aws-terraform-enterprise @@ -201,11 +201,11 @@ jobs: pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} work_dir: ./tests/standalone-vault - TFC_token_secret_name: STANDALONE_VAULT_LEGACY_TFC_TOKEN + TFC_token_secret_name: STANDALONE_VAULT_REPLICATED_TFC_TOKEN TFC_workspace_substitution_pattern: 's/terraform {/terraform {\n\ backend "remote" {\n\ organization = "terraform-enterprise-modules-test"\n\ workspaces {\n\ - name = "aws-standalone-vault-legacy"\n\ + name = "aws-standalone-vault-replicated"\n\ }\n\ }\n/' diff --git a/.github/workflows/handler-help.yml b/.github/workflows/handler-help.yml index 4108ffe2..35a0d752 100644 --- a/.github/workflows/handler-help.yml +++ b/.github/workflows/handler-help.yml @@ -34,11 +34,11 @@ jobs: * public-active-active * standalone-vault - Legacy: - * active-active-rhel7-proxy-legacy - * private-active-active-legacy - * private-tcp-active-active-legacy - * public-active-active-legacy - * standalone-vault-legacy + Replicated: + * active-active-rhel7-proxy-replicated + * private-active-active-replicated + * private-tcp-active-active-replicated + * public-active-active-replicated + * standalone-vault-replicated reaction-type: confused diff --git a/.github/workflows/handler-test.yml b/.github/workflows/handler-test.yml index 55dc602f..4dc01e30 100644 --- a/.github/workflows/handler-test.yml +++ b/.github/workflows/handler-test.yml @@ -109,13 +109,13 @@ jobs: }\n\ }\n/' - active_active_rhel7_proxy_legacy: + active_active_rhel7_proxy_replicated: uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@main secrets: inherit - name: Test AWS Active/Active RHEL7 Proxy (Legacy) Scenario - if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'active-active-rhel7-proxy-legacy') }} + name: Test AWS Active/Active RHEL7 Proxy (Replicated) Scenario + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'active-active-rhel7-proxy-replicated') }} with: - test_name: Active/Active RHEL7 Proxy (Legacy) + test_name: Active/Active RHEL7 Proxy (Replicated) utility_test: false is_replicated_deployment: true module_repository_id: hashicorp/terraform-aws-terraform-enterprise @@ -124,22 +124,22 @@ jobs: pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} work_dir: ./tests/active-active-rhel7-proxy - TFC_token_secret_name: ACTIVE_ACTIVE_RHEL7_PROXY_LEGACY_TFC_TOKEN + TFC_token_secret_name: ACTIVE_ACTIVE_RHEL7_PROXY_REPLICATED_TFC_TOKEN TFC_workspace_substitution_pattern: 's/terraform {/terraform {\n\ backend "remote" {\n\ organization = "terraform-enterprise-modules-test"\n\ workspaces {\n\ - name = "aws-active-active-rhel7-proxy-legacy"\n\ + name = "aws-active-active-rhel7-proxy-replicated"\n\ }\n\ }\n/' - public_active_active_legacy: + public_active_active_replicated: uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@main secrets: inherit - name: Test AWS Public Active/Active (Legacy) Scenario - if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'public-active-active-legacy') }} + name: Test AWS Public Active/Active (Replicated) Scenario + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'public-active-active-replicated') }} with: - test_name: Public Active/Active (Legacy) + test_name: Public Active/Active (Replicated) utility_test: false is_replicated_deployment: true module_repository_id: hashicorp/terraform-aws-terraform-enterprise @@ -148,16 +148,16 @@ jobs: pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} work_dir: ./tests/public-active-active - TFC_token_secret_name: PUBLIC_ACTIVE_ACTIVE_LEGACY_TFC_TOKEN - TFC_workspace_substitution_pattern: s/aws-public-active-active/aws-public-active-active-legacy/ + TFC_token_secret_name: PUBLIC_ACTIVE_ACTIVE_REPLICATED_TFC_TOKEN + TFC_workspace_substitution_pattern: s/aws-public-active-active/aws-public-active-active-replicated/ - private_active_active_legacy: + private_active_active_replicated: uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@main secrets: inherit - name: Test AWS Private Active/Active (Legacy) Scenario - if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'private-active-active-legacy') }} + name: Test AWS Private Active/Active (Replicated) Scenario + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'private-active-active-replicated') }} with: - test_name: Private Active/Active (Legacy) + test_name: Private Active/Active (Replicated) utility_test: false is_replicated_deployment: true module_repository_id: hashicorp/terraform-aws-terraform-enterprise @@ -166,16 +166,16 @@ jobs: pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} work_dir: ./tests/private-active-active - TFC_token_secret_name: PRIVATE_ACTIVE_ACTIVE_LEGACY_TFC_TOKEN - TFC_workspace_substitution_pattern: s/aws-private-active-active/aws-private-active-active-legacy/ + TFC_token_secret_name: PRIVATE_ACTIVE_ACTIVE_REPLICATED_TFC_TOKEN + TFC_workspace_substitution_pattern: s/aws-private-active-active/aws-private-active-active-replicated/ - private_tcp_active_active_legacy: + private_tcp_active_active_replicated: uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@main secrets: inherit - name: Test AWS Private TCP Active/Active (Legacy) Scenario - if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'private-tcp-active-active-legacy') }} + name: Test AWS Private TCP Active/Active (Replicated) Scenario + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'private-tcp-active-active-replicated') }} with: - test_name: Private TCP Active/Active (Legacy) + test_name: Private TCP Active/Active (Replicated) utility_test: false is_replicated_deployment: true module_repository_id: hashicorp/terraform-aws-terraform-enterprise @@ -184,16 +184,16 @@ jobs: pull_request_ref: ${{ github.event.client_payload.pull_request.head.sha }} pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} work_dir: ./tests/private-tcp-active-active - TFC_token_secret_name: PRIVATE_TCP_ACTIVE_ACTIVE_LEGACY_TFC_TOKEN - TFC_workspace_substitution_pattern: s/aws-private-tcp-active-active/aws-private-tcp-active-active-legacy/ + TFC_token_secret_name: PRIVATE_TCP_ACTIVE_ACTIVE_REPLICATED_TFC_TOKEN + TFC_workspace_substitution_pattern: s/aws-private-tcp-active-active/aws-private-tcp-active-active-replicated/ - standalone_vault_legacy: + standalone_vault_replicated: uses: hashicorp/terraform-random-tfe-utility/.github/workflows/aws-tests.yml@main secrets: inherit - name: Test AWS Standalone Vault (Legacy) Scenario - if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'public-active-active-legacy') }} + name: Test AWS Standalone Vault (Replicated) Scenario + if: ${{ contains(github.event.client_payload.slash_command.args.unnamed.all, 'all') || contains(github.event.client_payload.slash_command.args.unnamed.all, 'public-active-active-replicated') }} with: - test_name: Standalone Vault (Legacy) + test_name: Standalone Vault (Replicated) utility_test: false is_replicated_deployment: true module_repository_id: hashicorp/terraform-aws-terraform-enterprise @@ -203,11 +203,11 @@ jobs: pull_request_comment_id: ${{ github.event.client_payload.github.payload.comment.id }} work_dir: ./tests/standalone-vault first_apply_args: "-target=module.hcp_vault.hcp_vault_cluster.test -target=module.hcp_vault.hcp_vault_cluster_admin_token.test" - TFC_token_secret_name: STANDALONE_VAULT_LEGACY_TFC_TOKEN + TFC_token_secret_name: STANDALONE_VAULT_REPLICATED_TFC_TOKEN TFC_workspace_substitution_pattern: 's/terraform {/terraform {\n\ backend "remote" {\n\ organization = "terraform-enterprise-modules-test"\n\ workspaces {\n\ - name = "aws-standalone-vault-legacy"\n\ + name = "aws-standalone-vault-replicated"\n\ }\n\ }\n/' diff --git a/main.tf b/main.tf index 400856db..c8fb8af6 100644 --- a/main.tf +++ b/main.tf @@ -199,9 +199,9 @@ module "tfe_init_fdo" { docker_compose_yaml = module.docker_compose_config[0].docker_compose_yaml } -# ---------------------------------------------------------------------------------------- -# TFE and Replicated settings to pass to the tfe_init_legacy module for legacy deployment -# ---------------------------------------------------------------------------------------- +# -------------------------------------------------------------------------------------------- +# TFE and Replicated settings to pass to the tfe_init_replicated module for replicated deployment +# -------------------------------------------------------------------------------------------- module "settings" { source = "git::https://github.com/hashicorp/terraform-random-tfe-utility//modules/settings?ref=main" count = var.is_replicated_deployment ? 1 : 0 @@ -273,8 +273,8 @@ module "settings" { # ----------------------------------------------------------------------------- # AWS user data / cloud init used to install and configure TFE on instance(s) # ----------------------------------------------------------------------------- -module "tfe_init_legacy" { - source = "git::https://github.com/hashicorp/terraform-random-tfe-utility//modules/tfe_init_legacy?ref=main" +module "tfe_init_replicated" { + source = "git::https://github.com/hashicorp/terraform-random-tfe-utility//modules/tfe_init_replicated?ref=main" count = var.is_replicated_deployment ? 1 : 0 # TFE & Replicated Configuration data @@ -354,5 +354,5 @@ module "vm" { network_subnets_private = local.network_private_subnets network_private_subnet_cidrs = local.network_private_subnet_cidrs node_count = var.node_count - user_data_base64 = var.is_replicated_deployment ? module.tfe_init_legacy[0].tfe_userdata_base64_encoded : module.tfe_init_fdo[0].tfe_userdata_base64_encoded + user_data_base64 = var.is_replicated_deployment ? module.tfe_init_replicated[0].tfe_userdata_base64_encoded : module.tfe_init_fdo[0].tfe_userdata_base64_encoded } diff --git a/outputs.tf b/outputs.tf index 203e1b5b..671d915d 100644 --- a/outputs.tf +++ b/outputs.tf @@ -84,7 +84,7 @@ output "tfe_autoscaling_group" { } output "replicated_dashboard_password" { - value = var.is_replicated_deployment ? module.settings[0].replicated_configuration.DaemonAuthenticationPassword : "This is only used for legacy deployments." + value = var.is_replicated_deployment ? module.settings[0].replicated_configuration.DaemonAuthenticationPassword : "This is only used for replicated deployments." description = "The password for the TFE console" sensitive = true } diff --git a/variables.tf b/variables.tf index b02b8e07..0b3a5d3c 100644 --- a/variables.tf +++ b/variables.tf @@ -175,7 +175,7 @@ variable "capacity_concurrency" { variable "capacity_memory" { default = 2048 type = number - description = "The maximum amount of memory (in megabytes) that a Terraform plan or apply can use on the system; defaults to `512` for legacy mode and `2048` for FDO." + description = "The maximum amount of memory (in megabytes) that a Terraform plan or apply can use on the system; defaults to `512` for replicated mode and `2048` for FDO." } variable "consolidated_services" {