site.tf 4.66 KB
Newer Older
John Jarvis's avatar
John Jarvis committed
1 2 3 4 5 6 7 8 9 10
variable "GCP_CRED_JSON_FNAME" {
  type    = string
  default = "../private/google/cmdchallenge.json"
}

variable "CA_PEM_FNAME" {
  type    = string
  default = "../private/ca/ca.pem"
}

11 12 13 14 15 16 17 18 19 20
variable "SSH_PUBLIC_KEY" {
  type    = string
  default = "../private/ssh/cmd_rsa.pub"
}

variable "SSH_PRIVATE_KEY" {
  type    = string
  default = "../private/ssh/cmd_rsa"
}

John Jarvis's avatar
John Jarvis committed
21 22 23 24 25 26 27 28
provider "archive" {
  version = "~> 1.3"
}

provider "null" {
  version = "~> 2.1"
}

29 30 31 32
provider "external" {
  version = "~> 1.2"
}

John Jarvis's avatar
John Jarvis committed
33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49
terraform {
  backend "s3" {
    bucket  = "terraform-cmdchallenge"
    region  = "us-east-1"
    profile = "cmdchallenge-cicd"
    key     = "cicd"
  }
}

output "invoke-url" {
  value = module.api.invoke_url
}

output "test-hello-world" {
  value = "curl '${module.api.invoke_url}/?cmd=echo+hello+world&challenge_slug=hello_world'"
}

50 51 52 53
data "external" "short-sha" {
  program = ["sh", "short-sha.sh"]
}

John Jarvis's avatar
John Jarvis committed
54 55 56 57 58 59
output "instance-fqdn" {
  value = module.gce.public_dns
}

locals {
  is_prod             = terraform.workspace == "prod" ? "yes" : "no"
John Jarvis's avatar
John Jarvis committed
60 61
  timestamp           = timestamp()
  timestamp_sanitized = replace(local.timestamp, "/[- TZ:]/", "")
John Jarvis's avatar
John Jarvis committed
62
  name                = "${terraform.workspace}-cmdchallenge"
John Jarvis's avatar
John Jarvis committed
63
  short_sha           = data.external.short-sha.result.short_sha
John Jarvis's avatar
John Jarvis committed
64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85
}

# Hack to assert if the terraform workspace
# is set to default
# https://github.com/hashicorp/terraform/issues/15469#issuecomment-507689324
resource "null_resource" "assert_workspace" {
  triggers = terraform.workspace != "default" ? {} : file("Default workspace not allowed")
  lifecycle {
    ignore_changes = [
      triggers
    ]
  }
}

provider "aws" {
  region                  = "us-east-1"
  shared_credentials_file = pathexpand("~/.aws/credentials")
  profile                 = "cmdchallenge-cicd"
  version                 = "~> 2.59"
}

provider "google" {
John Jarvis's avatar
John Jarvis committed
86
  credentials = file(var.GCP_CRED_JSON_FNAME)
John Jarvis's avatar
John Jarvis committed
87 88
  project     = "cmdchallenge-1"
  region      = "us-east1"
John Jarvis's avatar
John Jarvis committed
89
  version     = "~> 3.39"
John Jarvis's avatar
John Jarvis committed
90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149
}

data "aws_caller_identity" "current" {
}

resource "null_resource" "generate_client_keys" {
  triggers = {
    build_number = timestamp()
  }
  provisioner "local-exec" {
    command = "${path.root}/../bin/create-client-keys"
  }
}

resource "null_resource" "copy_files_for_lambda" {
  triggers = {
    build_number = timestamp()
  }
  provisioner "local-exec" {
    command = "${path.root}/../bin/copy-files-for-lambda"
  }
  depends_on = [null_resource.generate_client_keys]
}

data "archive_file" "lambda_runcmd_zip" {
  type        = "zip"
  source_dir  = "../lambda_src/runcmd"
  output_path = "lambda-runcmd.zip"
  depends_on  = [null_resource.copy_files_for_lambda, null_resource.generate_client_keys]
}

data "archive_file" "lambda_runcmd_cron_zip" {
  type        = "zip"
  source_dir  = "../lambda_src/runcmd_cron"
  output_path = "lambda-runcmd-cron.zip"
  depends_on  = [null_resource.copy_files_for_lambda, null_resource.generate_client_keys]
}

module "dynamo" {
  source  = "./modules/dynamo"
  is_prod = local.is_prod
  name    = "${local.name}-db"
}

module "api" {
  source     = "./modules/api"
  lambda_arn = module.lambda.arn
  name       = "${local.name}-api"
}

module "lambda" {
  source                 = "./modules/lambda"
  submissions_table_name = module.dynamo.submissions_table_name
  commands_table_name    = module.dynamo.commands_table_name

  ec2_public_dns = module.gce.public_dns.0
  code_base64    = data.archive_file.lambda_runcmd_zip.output_base64sha256
  code_fname     = data.archive_file.lambda_runcmd_zip.output_path
  is_prod        = local.is_prod
  name           = "${local.name}-lambda"
150
  short_sha      = local.short_sha
John Jarvis's avatar
John Jarvis committed
151 152 153 154 155 156 157 158 159 160 161 162 163 164
}

module "lambda-cron" {
  source                 = "./modules/lambda-cron"
  num_shards             = 10
  submissions_table_name = module.dynamo.submissions_table_name
  commands_table_name    = module.dynamo.commands_table_name
  code_base64            = data.archive_file.lambda_runcmd_cron_zip.output_base64sha256
  code_fname             = data.archive_file.lambda_runcmd_cron_zip.output_path
  bucket_name            = local.is_prod == "yes" ? "cmdchallenge.com" : "testing.cmdchallenge.com"
  name                   = "${local.name}-lambda-cron"
}

module "gce" {
John Jarvis's avatar
John Jarvis committed
165 166 167
  num_instances     = 1
  source            = "./modules/gce"
  name              = local.is_prod == "yes" ? local.name : format("%v-%v", local.name, local.timestamp_sanitized)
168
  machine_type      = local.is_prod == "yes" ? "e2-micro" : "f1-micro"
169
  ca_pem_fname      = var.CA_PEM_FNAME
John Jarvis's avatar
John Jarvis committed
170 171 172
  use_static_ip     = local.is_prod == "yes" ? true : false
  preemptible       = local.is_prod == "yes" ? false : true
  automatic_restart = local.is_prod == "yes" ? true : false
173 174
  ssh_private_key   = var.SSH_PRIVATE_KEY
  ssh_public_key    = var.SSH_PUBLIC_KEY
John Jarvis's avatar
John Jarvis committed
175
}