kanaksinghal · akashcldcvr · Oct 5, 2023 · Oct 5, 2023 · Oct 5, 2023 · Oct 5, 2023
diff --git a/.github/workflows/infra.yml b/.github/workflows/infra.yml
@@ -2,26 +2,25 @@ name: 'Infra'
 
 on:
   pull_request:
-  push:
-    branches:
-      - main
+
 
 env:
   PLATFORM_REPO: "cldcvr/terrarium"
-  PLATFORM_BRANCH: "shwetanshu/TER-89"
+  PLATFORM_BRANCH: "main"
   PLATFORM_DIR: "examples/platform-demo/platform"
-  TERRARIUM_VERSION: "v0.2"
+  TERRARIUM_VERSION: "v0.6"
   TF_API_TOKEN: "${{ secrets.TF_API_TOKEN }}"
   TF_CLOUD_ORGANIZATION: "kanak"
   TF_WORKSPACE: "demo-go-pgsql-workflow"
   TF_CONFIG_DIRECTORY: "./.terrarium-output"
 
+
 jobs:
   t8-generate:
     name: "Terrarium generate"
     runs-on: ubuntu-latest
     permissions:
-      contents: read
+      contents: write
       pull-requests: write
     steps:
       - name: Checkout
@@ -44,119 +43,13 @@ jobs:
 
       - name: Terrarium Generate
         run: |
+          rm -rf $TF_CONFIG_DIRECTORY
           terrarium generate -p .platform-repo/$PLATFORM_DIR -a . -o $TF_CONFIG_DIRECTORY/src
-          cp -r .platform-repo/examples/platform-demo/modules ./$TF_CONFIG_DIRECTORY/modules
-
-      - name: Archive Terrarium generated code
-        uses: actions/upload-artifact@v3
-        with:
-          name: terrarium-generate-code
-          path: ${{ env.TF_CONFIG_DIRECTORY }}
-
-  tf-plan:
-    if: github.ref != 'refs/heads/main'
-    needs: t8-generate
-    name: "Terraform plan"
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      pull-requests: write
-    steps:
-      - name: Download Terrarium generated code
-        uses: actions/download-artifact@v3
-        with:
-          name: terrarium-generate-code
-          path: ${{ env.TF_CONFIG_DIRECTORY }}
-
-      - name: Upload Configuration
-        uses: hashicorp/tfc-workflows-github/actions/[email protected]
-        id: plan-upload
-        with:
-          workspace: ${{ env.TF_WORKSPACE }}
-          directory: ${{ env.TF_CONFIG_DIRECTORY }}
-          speculative: true
-
-      - name: Create Plan Run
-        uses: hashicorp/tfc-workflows-github/actions/[email protected]
-        id: plan-run
-        with:
-          workspace: ${{ env.TF_WORKSPACE }}
-          configuration_version: ${{ steps.plan-upload.outputs.configuration_version_id }}
-          plan_only: true
-
-      - name: Get Plan Output
-        uses: hashicorp/tfc-workflows-github/actions/[email protected]
-        id: plan-output
-        with:
-          plan: ${{ fromJSON(steps.plan-run.outputs.payload).data.relationships.plan.data.id }}
-
-      - name: Update PR
-        uses: actions/github-script@v6
-        id: plan-comment
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          script: |
-            // Retrieve existing bot comments for the PR
-            const { data: comments } = await github.rest.issues.listComments({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              issue_number: context.issue.number,
-            });
-            const botComment = comments.find(comment => {
-              return comment.user.type === 'Bot' && comment.body.includes('Terraform Plan Output')
-            });
-            const output = `#### Terraform Plan Output
-                Plan: ${{ steps.plan-output.outputs.add }} to add, ${{ steps.plan-output.outputs.change }} to change, ${{ steps.plan-output.outputs.destroy }} to destroy.
-
-            [Terraform Plan](${{ steps.plan-run.outputs.run_link }})`;
-            // Delete previous comment so PR timeline makes sense
-            if (botComment) {
-              github.rest.issues.deleteComment({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                comment_id: botComment.id,
-              });
-            }
-            github.rest.issues.createComment({
-              issue_number: context.issue.number,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              body: output
-            });
-
-  tf-apply:
-    if: github.ref == 'refs/heads/main'
-    needs: t8-generate
-    name: "Terraform apply"
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      pull-requests: write
-    steps:
-      - name: Download Terrarium generated code
-        uses: actions/download-artifact@v3
-        with:
-          name: terrarium-generate-code
-          path: .terrarium-output
-
-      - name: Upload Configuration
-        uses: hashicorp/tfc-workflows-github/actions/[email protected]
-        id: apply-upload
-        with:
-          workspace: ${{ env.TF_WORKSPACE }}
-          directory: ${{ env.TF_CONFIG_DIRECTORY }}
-
-      - name: Create Apply Run
-        uses: hashicorp/tfc-workflows-github/actions/[email protected]
-        id: apply-run
-        with:
-          workspace: ${{ env.TF_WORKSPACE }}
-          configuration_version: ${{ steps.apply-upload.outputs.configuration_version_id }}
+          cp -r .platform-repo/examples/platform-demo/modules $TF_CONFIG_DIRECTORY/modules
+          rm -rf .platform-repo
 
-      - name: Apply
-        uses: hashicorp/tfc-workflows-github/actions/[email protected]
-        if: fromJSON(steps.apply-run.outputs.payload).data.attributes.actions.IsConfirmable
-        id: apply
+      - name: "Push Terrarium generated code at path : ${{ env.TF_CONFIG_DIRECTORY }}"
+        uses: stefanzweifel/git-auto-commit-action@v4
         with:
-          run: ${{ steps.apply-run.outputs.run_id }}
-          comment: "Apply Run from GitHub Actions CI ${{ github.sha }}"
+          commit_message: terrarium-generate-code
+          branch: ${{ github.head_ref || github.ref_name }}
diff --git a/.terrarium-output/modules/alb/alb_main.tf b/.terrarium-output/modules/alb/alb_main.tf
@@ -0,0 +1,109 @@
+module "alb" {
+  source  = "terraform-aws-modules/alb/aws"
+  version = "~> 8.7"
+
+  for_each = var.tf_component_lb
+
+  name = "${var.extract_resource_name}-alb"
+
+  create_lb = local.tr_web_service == true ? true : false
+
+  load_balancer_type = each.value.load_balancer_type
+  create_security_group = true
+
+  vpc_id          = var.vpc_id
+  subnets         = var.public_subnet_ids
+  security_groups = var.security_group_ids
+
+  access_logs = {
+    bucket = module.s3_bucket[each.key].s3_bucket_id
+  }
+
+  security_group_rules = [
+    {
+      type        = "ingress"
+      from_port   = 80
+      to_port     = 80
+      protocol    = "TCP"
+      cidr_blocks = ["0.0.0.0/0"]
+    },
+    {
+      type        = "ingress"
+      from_port   = 443
+      to_port     = 443
+      protocol    = "TCP"
+      cidr_blocks = ["0.0.0.0/0"]
+    },
+    {
+      type        = "egress"
+      from_port   = 0
+      to_port     = 0
+      protocol    = "-1"
+      cidr_blocks = ["0.0.0.0/0"]
+    }
+  ]
+
+
+  target_groups = [
+    for service_key, service_value in var.tr_component_ecs_services : {
+      name_prefix      = substr("${service_key}",0,6)
+      backend_protocol = "HTTP"
+      backend_port     = try(service_value.port, null)
+      target_type      = "ip"
+    }
+    if try(service_value.port, null) != null
+  ]
+
+  https_listeners = [
+    {
+      port               = 443
+      protocol           = "HTTPS"
+      certificate_arn    = each.value.certificate_arn
+      target_group_index = 0
+    }
+  ]
+
+  http_tcp_listeners = [
+    {
+      port        = 80
+      protocol    = "HTTP"
+      action_type = "redirect"
+      redirect = {
+        port        = "443"
+        protocol    = "HTTPS"
+        status_code = "HTTP_301"
+      }
+    }
+  ]
+
+  tags = {
+    Environment = "Test"
+  }
+}
+
+resource "random_id" "bucket_suffix" {
+  byte_length = 4
+  keepers = {
+    bucket_base_name = var.extract_resource_name
+  }
+}
+
+module "s3_bucket" {
+  source  = "terraform-aws-modules/s3-bucket/aws"
+  version = "3.14.0"
+
+  for_each = var.tf_component_lb
+
+  bucket = "${var.extract_resource_name}-alb-logs-${random_id.bucket_suffix.hex}"
+  acl    = "log-delivery-write"
+
+  # Allow deletion of non-empty bucket
+  force_destroy = var.environment == "production" || var.environment == "prod" ? false : true
+
+  control_object_ownership = true
+  object_ownership         = "ObjectWriter"
+
+  attach_elb_log_delivery_policy = true # Required for ALB logs
+  attach_lb_log_delivery_policy  = true # Required for ALB/NLB logs
+}
+
diff --git a/.terrarium-output/modules/alb/alb_outputs.tf b/.terrarium-output/modules/alb/alb_outputs.tf
@@ -0,0 +1,29 @@
+output "alb_names" {
+  value = [for k, v in module.alb : v.name]
+  description = "A list of the names of the ALBs that were created."
+}
+
+output "alb_dns_names" {
+  value = [for k, v in module.alb : v.dns_name]
+  description = "A list of the DNS names of the ALBs that were created."
+}
+
+output "alb_arns" {
+  value = [for k, v in module.alb : v.arn]
+  description = "A list of the ARNs of the ALBs that were created."
+}
+
+output "alb_security_group_ids" {
+  value = [for k, v in module.alb : v.security_group_id]
+  description = "A list of the security group IDs of the ALBs that were created."
+}
+
+output "alb_target_group_arns" {
+  value = module.alb.alb_target_group_arns
+  description = "A list of the ARNs of the target groups associated with the ALBs."
+}
+
+output "alb_log_bucket_names" {
+  value = [for k, v in module.s3_bucket : v.bucket]
+  description = "A list of the names of the S3 buckets used for ALB access logs."
+}
diff --git a/.terrarium-output/modules/alb/alb_varibles.tf b/.terrarium-output/modules/alb/alb_varibles.tf
@@ -0,0 +1,34 @@
+variable "extract_resource_name" {
+  type        = string
+  description = "The base name to use for all resources created by this module."
+}
+
+variable "environment" {
+  type        = string
+  description = "The environment in which the infrastructure is being deployed (e.g. dev, prod, etc.)."
+}
+
+variable "tf_component_lb" {
+  type        = any
+  description = "A map of objects that define the load balancers to create."
+}
+
+variable "tr_component_ecs_services" {
+  type        = any
+  description = "A map of objects that define the ECS services to create."
+}
+
+variable "vpc_id" {
+  type        = string
+  description = "The ID of the VPC in which to create the load balancer."
+}
+
+variable "public_subnet_ids" {
+  type        = any
+  description = "A list of IDs of the public subnets in which to create the load balancer."
+}
+
+variable "security_group_ids" {
+  type        = any
+  description = "A list of IDs of the security groups to associate with the load balancer."
+}