From 131b650069b5228e4e0b2f6a8fb4b1f684e3517b Mon Sep 17 00:00:00 2001 From: smneal Date: Wed, 30 Aug 2023 16:25:57 +0100 Subject: [PATCH] Domain migration prep and add Terrafile Prepare the configs for the migration Add Terrafile support to DNS management --- Makefile | 12 ++++++------ bin/.gitkeep | 0 .../environment_domains/.terraform.lock.hcl | 1 + .../config/development.tfvars.json | 3 ++- .../config/development_Terrafile | 3 +++ .../config/preproduction.tfvars.json | 3 ++- .../config/preproduction_Terrafile | 3 +++ .../config/production.tfvars.json | 17 +++++++++++++++-- .../config/production_Terrafile | 3 +++ .../environment_domains/config/test.tfvars.json | 3 ++- .../environment_domains/config/test_Terrafile | 3 +++ terraform/domains/environment_domains/main.tf | 10 +++++++++- .../domains/environment_domains/variables.tf | 16 ++++++++++++++++ .../environment_domains/vendor/modules/domains | 1 + .../domains/infrastructure/.terraform.lock.hcl | 1 + .../infrastructure/config/zones_Terrafile | 3 +++ terraform/domains/infrastructure/main.tf | 2 +- .../infrastructure/vendor/modules/domains | 1 + 18 files changed, 72 insertions(+), 13 deletions(-) create mode 100644 bin/.gitkeep create mode 100644 terraform/domains/environment_domains/config/development_Terrafile create mode 100644 terraform/domains/environment_domains/config/preproduction_Terrafile create mode 100644 terraform/domains/environment_domains/config/production_Terrafile create mode 100644 terraform/domains/environment_domains/config/test_Terrafile create mode 160000 terraform/domains/environment_domains/vendor/modules/domains create mode 100644 terraform/domains/infrastructure/config/zones_Terrafile create mode 160000 terraform/domains/infrastructure/vendor/modules/domains diff --git a/Makefile b/Makefile index e48d0c83..4afa08de 100644 --- a/Makefile +++ b/Makefile @@ -30,7 +30,7 @@ dev: .PHONY: development_aks ## For AKS development_aks: aks ## Specify development aks environment $(eval include global_config/development_aks.sh) - + .PHONY: test test: $(eval DEPLOY_ENV=test) @@ -240,15 +240,15 @@ set-key-vault-names: $(eval KEY_VAULT_APPLICATION_NAME=$(AZURE_RESOURCE_PREFIX)-$(SERVICE_SHORT)-$(CONFIG_SHORT)-app-kv) $(eval KEY_VAULT_INFRASTRUCTURE_NAME=$(AZURE_RESOURCE_PREFIX)-$(SERVICE_SHORT)-$(CONFIG_SHORT)-inf-kv) - domain-azure-resources: set-azure-account set-azure-template-tag set-azure-resource-group-tags ## deploy container to store terraform state for all dns resources -run validate first $(if $(AUTO_APPROVE), , $(error can only run with AUTO_APPROVE)) az deployment sub create -l "UK South" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/${ARM_TEMPLATE_TAG}/azure/resourcedeploy.json" \ --name "${DNS_ZONE}domains-$(shell date +%Y%m%d%H%M%S)" --parameters "resourceGroupName=${RESOURCE_NAME_PREFIX}-${DNS_ZONE}domains-rg" 'tags=${RG_TAGS}' \ "tfStorageAccountName=${RESOURCE_NAME_PREFIX}${DNS_ZONE}domainstf" "tfStorageContainerName=${DNS_ZONE}domains-tf" "keyVaultName=${RESOURCE_NAME_PREFIX}-${DNS_ZONE}domains-kv" ${WHAT_IF} +domains-infra-init: bin/terrafile faltrn_domain set-azure-account ## make domains-infra-init - terraform init for dns core resources, eg Main FrontDoor resource + ./bin/terrafile -p terraform/domains/infrastructure/vendor/modules -f terraform/domains/infrastructure/config/zones_Terrafile -domains-infra-init: faltrn_domain set-azure-account ## make domains-infra-init - terraform init for dns core resources, eg Main FrontDoor resource terraform -chdir=terraform/domains/infrastructure init -reconfigure -upgrade domains-infra-plan: domains-infra-init ## terraform plan for dns core resources @@ -257,10 +257,11 @@ domains-infra-plan: domains-infra-init ## terraform plan for dns core resources domains-infra-apply: domains-infra-init ## terraform apply for dns core resources terraform -chdir=terraform/domains/infrastructure apply -var-file config/zones.tfvars.json ${AUTO_APPROVE} - ###################################### -domains-init: faltrn_domain set-azure-account ## terraform init for dns resources: make domains-init +domains-init: bin/terrafile faltrn_domain set-azure-account ## terraform init for dns resources: make domains-init + ./bin/terrafile -p terraform/domains/environment_domains/vendor/modules -f terraform/domains/environment_domains/config/${CONFIG}_Terrafile + terraform -chdir=terraform/domains/environment_domains init -upgrade -reconfigure -backend-config=key=$(or $(DOMAINS_TERRAFORM_BACKEND_KEY),faltrndomains_$(DEPLOY_ENV).tfstate) domains-plan: domains-init ## terraform plan for dns resources, eg dev. dns records and frontdoor routing @@ -272,7 +273,6 @@ domains-apply: domains-init ## terraform apply for dns resources domains-destroy: domains-init ## terraform destroy for dns resources terraform -chdir=terraform/domains/environment_domains destroy -var-file config/$(DEPLOY_ENV).tfvars.json - arm-deployment: set-resource-group-name set-storage-account-name set-azure-template-tag set-azure-account set-azure-resource-group-tags set-key-vault-names ## deploy container/kv to store terraform state for each environment az deployment sub create --name "resourcedeploy-tsc-$(shell date +%Y%m%d%H%M%S)" \ -l "UK South" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/${ARM_TEMPLATE_TAG}/azure/resourcedeploy.json" \ diff --git a/bin/.gitkeep b/bin/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/terraform/domains/environment_domains/.terraform.lock.hcl b/terraform/domains/environment_domains/.terraform.lock.hcl index 105a261a..9eb66e0e 100644 --- a/terraform/domains/environment_domains/.terraform.lock.hcl +++ b/terraform/domains/environment_domains/.terraform.lock.hcl @@ -6,6 +6,7 @@ provider "registry.terraform.io/hashicorp/azurerm" { constraints = "3.45.0" hashes = [ "h1:4BOYXFMiLk4ozEZHUhquRnE5urebcWvaCUV3uys646o=", + "h1:VQWxV5+qelZeUCjpdLvZ7iAom4RvG+fVVgK6ELvw/cs=", "h1:gQLNY1I5e9kcle1p/VYEWb0eteQ/t5kUfnqVu2/GBNY=", "zh:04c5dbb8845366ce5eb0dc2d55e151270cc2c0ace20993867fdae9af43b953ad", "zh:2589585da615ccae341400d45d672ee3fae413fdd88449b5befeff12a85a44b2", diff --git a/terraform/domains/environment_domains/config/development.tfvars.json b/terraform/domains/environment_domains/config/development.tfvars.json index 3a34389c..7576dd8c 100644 --- a/terraform/domains/environment_domains/config/development.tfvars.json +++ b/terraform/domains/environment_domains/config/development.tfvars.json @@ -1,6 +1,7 @@ { "domains": ["dev"], - "environment_short": "dev", + "cached_paths": ["/assets/*"], + "environment_short": "dv", "environment_tag": "dev", "origin_hostname": "find-a-lost-trn-development-web.test.teacherservices.cloud" } diff --git a/terraform/domains/environment_domains/config/development_Terrafile b/terraform/domains/environment_domains/config/development_Terrafile new file mode 100644 index 00000000..dfce270e --- /dev/null +++ b/terraform/domains/environment_domains/config/development_Terrafile @@ -0,0 +1,3 @@ +domains: + source: "https://github.com/DFE-Digital/terraform-modules" + version: "testing" diff --git a/terraform/domains/environment_domains/config/preproduction.tfvars.json b/terraform/domains/environment_domains/config/preproduction.tfvars.json index b8e339a0..f8777bf5 100644 --- a/terraform/domains/environment_domains/config/preproduction.tfvars.json +++ b/terraform/domains/environment_domains/config/preproduction.tfvars.json @@ -1,6 +1,7 @@ { "domains": ["preprod"], - "environment_short": "preprod", + "cached_paths": ["/assets/*"], + "environment_short": "pp", "environment_tag": "pre-prod", "origin_hostname": "find-a-lost-trn-preproduction-web.test.teacherservices.cloud" } diff --git a/terraform/domains/environment_domains/config/preproduction_Terrafile b/terraform/domains/environment_domains/config/preproduction_Terrafile new file mode 100644 index 00000000..dfce270e --- /dev/null +++ b/terraform/domains/environment_domains/config/preproduction_Terrafile @@ -0,0 +1,3 @@ +domains: + source: "https://github.com/DFE-Digital/terraform-modules" + version: "testing" diff --git a/terraform/domains/environment_domains/config/production.tfvars.json b/terraform/domains/environment_domains/config/production.tfvars.json index 545f497e..76c57317 100644 --- a/terraform/domains/environment_domains/config/production.tfvars.json +++ b/terraform/domains/environment_domains/config/production.tfvars.json @@ -1,6 +1,19 @@ { - "domains": ["www", "apex"], + "domains": ["apex"], + "cached_paths": ["/assets/*"], "environment_short": "pd", "environment_tag": "Prod", - "origin_hostname": "find-a-lost-trn-production-web.teacherservices.cloud" + "origin_hostname": "find-a-lost-trn-production.london.cloudapps.digital", + "null_host_header": true, + "hosted_zone": { + "find-a-lost-trn.education.gov.uk": { + "resource_group_name": "s189p01-faltrndomains-rg", + "cnames": { + "_443ce8e523e08d5e5f44703bcffa0875": { + "target": "_680e92e9fa66938e47a0348221196c28.mntkzmhvxg.acm-validations.aws.", + "ttl": 86400 + } + } + } + } } diff --git a/terraform/domains/environment_domains/config/production_Terrafile b/terraform/domains/environment_domains/config/production_Terrafile new file mode 100644 index 00000000..58e60b3c --- /dev/null +++ b/terraform/domains/environment_domains/config/production_Terrafile @@ -0,0 +1,3 @@ +domains: + source: "https://github.com/DFE-Digital/terraform-modules" + version: "stable" diff --git a/terraform/domains/environment_domains/config/test.tfvars.json b/terraform/domains/environment_domains/config/test.tfvars.json index 0a8d327a..3f2f7415 100644 --- a/terraform/domains/environment_domains/config/test.tfvars.json +++ b/terraform/domains/environment_domains/config/test.tfvars.json @@ -1,6 +1,7 @@ { "domains": ["test"], - "environment_short": "test", + "cached_paths": ["/assets/*"], + "environment_short": "ts", "environment_tag": "test", "origin_hostname": "find-a-lost-trn-test-web.test.teacherservices.cloud" } diff --git a/terraform/domains/environment_domains/config/test_Terrafile b/terraform/domains/environment_domains/config/test_Terrafile new file mode 100644 index 00000000..dfce270e --- /dev/null +++ b/terraform/domains/environment_domains/config/test_Terrafile @@ -0,0 +1,3 @@ +domains: + source: "https://github.com/DFE-Digital/terraform-modules" + version: "testing" diff --git a/terraform/domains/environment_domains/main.tf b/terraform/domains/environment_domains/main.tf index 43e56651..b3c08407 100644 --- a/terraform/domains/environment_domains/main.tf +++ b/terraform/domains/environment_domains/main.tf @@ -1,11 +1,13 @@ module "domains" { - source = "git::https://github.com/DFE-Digital/terraform-modules.git//domains/environment_domains?ref=stable" + source = "./vendor/modules/domains//domains/environment_domains" zone = var.zone front_door_name = var.front_door_name resource_group_name = var.resource_group_name domains = var.domains environment = var.environment_short host_name = var.origin_hostname + null_host_header = try(var.null_host_header, false) + cached_paths = try(var.cached_paths, []) } data "azurerm_cdn_frontdoor_profile" "main" { @@ -17,3 +19,9 @@ data "azurerm_dns_zone" "main" { name = var.zone resource_group_name = var.resource_group_name } + +# Takes values from hosted_zone.domain_name.cnames (or txt_records, a-records). Use for domains which are not associated with front door. +module "dns_records" { + source = "./vendor/modules/domains//dns/records" + hosted_zone = var.hosted_zone +} diff --git a/terraform/domains/environment_domains/variables.tf b/terraform/domains/environment_domains/variables.tf index d17d5ad3..4135e381 100644 --- a/terraform/domains/environment_domains/variables.tf +++ b/terraform/domains/environment_domains/variables.tf @@ -38,3 +38,19 @@ variable "origin_hostname" { locals { hostname = "${var.domains[0]}.${var.zone}" } + +variable "hosted_zone" { + type = map(any) + default = {} +} + +variable "null_host_header" { + default = false + description = "The origin_host_header for the azurerm_cdn_frontdoor_origin resource will be var.host_name (if false) or null (if true). If null then the host name from the incoming request will be used." +} + +variable "cached_paths" { + type = list(string) + default = [] + description = "List of path patterns such as /assets/* that front door will cache" +} diff --git a/terraform/domains/environment_domains/vendor/modules/domains b/terraform/domains/environment_domains/vendor/modules/domains new file mode 160000 index 00000000..1c4ac58e --- /dev/null +++ b/terraform/domains/environment_domains/vendor/modules/domains @@ -0,0 +1 @@ +Subproject commit 1c4ac58edab84138a9cd8f712acc894849507267 diff --git a/terraform/domains/infrastructure/.terraform.lock.hcl b/terraform/domains/infrastructure/.terraform.lock.hcl index 617d685d..dcdde875 100644 --- a/terraform/domains/infrastructure/.terraform.lock.hcl +++ b/terraform/domains/infrastructure/.terraform.lock.hcl @@ -5,6 +5,7 @@ provider "registry.terraform.io/hashicorp/azurerm" { version = "3.53.0" constraints = "3.53.0" hashes = [ + "h1:NqV7ilkolM3jBsmAx5Bh6mA9zfUHCQh3hyjOPBUeWlo=", "h1:bK70LV1NldhodSm58cUpawKwdUL1A5AKKglAV2wZ/QY=", "zh:078ece8318ad7d6c1cd2e5f2044188e74af63921b93223c7f8d477539fa91888", "zh:1bdc98ff8c2d3f3e81a746762e03d39794b2f5c90dc478cdb23dcc3d3f9947b6", diff --git a/terraform/domains/infrastructure/config/zones_Terrafile b/terraform/domains/infrastructure/config/zones_Terrafile new file mode 100644 index 00000000..58e60b3c --- /dev/null +++ b/terraform/domains/infrastructure/config/zones_Terrafile @@ -0,0 +1,3 @@ +domains: + source: "https://github.com/DFE-Digital/terraform-modules" + version: "stable" diff --git a/terraform/domains/infrastructure/main.tf b/terraform/domains/infrastructure/main.tf index 1628da9d..b2fee8cb 100644 --- a/terraform/domains/infrastructure/main.tf +++ b/terraform/domains/infrastructure/main.tf @@ -1,5 +1,5 @@ module "domains_infrastructure" { - source = "git::https://github.com/DFE-Digital/terraform-modules.git//domains/infrastructure?ref=stable" + source = "./vendor/modules/domains//domains/infrastructure" hosted_zone = var.hosted_zone tags = var.tags deploy_default_records = var.deploy_default_records diff --git a/terraform/domains/infrastructure/vendor/modules/domains b/terraform/domains/infrastructure/vendor/modules/domains new file mode 160000 index 00000000..1c4ac58e --- /dev/null +++ b/terraform/domains/infrastructure/vendor/modules/domains @@ -0,0 +1 @@ +Subproject commit 1c4ac58edab84138a9cd8f712acc894849507267