From 8870f6b6401a93fa8d65c627e3564040822ed0d7 Mon Sep 17 00:00:00 2001 From: Katalina Okano Date: Sun, 6 Dec 2020 04:20:12 -0500 Subject: [PATCH] make terraform stuff --- terraform/.terraform.lock.hcl | 75 +++++++++++++++++++++++++++++++ terraform/providers.tf | 52 +++++++++++++++++++++ terraform/variables.tf | 40 +++++++++++++++++ terraform/variables/.gitignore | 2 + terraform/variables/global.tfvars | 3 ++ terraform/variables/prod.tfvars | 11 +++++ terraform/variables/stage.tfvars | 4 ++ terraform/workers.tf | 70 +++++++++++++++++++++++++++++ 8 files changed, 257 insertions(+) create mode 100755 terraform/.terraform.lock.hcl create mode 100644 terraform/providers.tf create mode 100644 terraform/variables.tf create mode 100644 terraform/variables/.gitignore create mode 100644 terraform/variables/global.tfvars create mode 100644 terraform/variables/prod.tfvars create mode 100644 terraform/variables/stage.tfvars create mode 100644 terraform/workers.tf diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl new file mode 100755 index 0000000..135f90f --- /dev/null +++ b/terraform/.terraform.lock.hcl @@ -0,0 +1,75 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/cloudflare/cloudflare" { + version = "2.14.0" + constraints = ">= 2.14.0" + hashes = [ + "h1:yCRAzW0sfs3LvDBKOMMlEIBhu5JFNhV7LCDb7Gk7wo0=", + "zh:061d269ab25d0a9b0bc72f7833c72f71facd467e3c3e40c8ab6e2de9fa6b6818", + "zh:299299f7881097367cc619b30ea9e1cdc3f575da2513b155897ed5339ee606d3", + "zh:52f9c07667cd6f67ee0f80725fc45b067ecfbba08f0af66f808b06b0ccc88c20", + "zh:54fbbf932c6ab5681ad96bd5d2111642c65379e2fe5239aa717a47a07831bee7", + "zh:6edd716fde5dea1a1eed955c9d87893871462716d8069e5960072536e343fa57", + "zh:6fc6bfc4ef7a8a105f1b1722442413efed7a496eaef768328e362f412a832ad9", + "zh:8473d2db5cc55859facc6ef00c3757d19d88ea49e9144f8f7997030fccbcfe02", + "zh:91a2b18020939457d62b4596193474c096fc86f64f9990261389b0e7ef01819e", + "zh:afe1708986117da60e1790ec274083e7c3921ee20f9389eca1e34b4aeee7f7b9", + "zh:f7a54f5c3ddc212a56f43669a754d0c3552e76a6154cdf747bdbdeae80338796", + "zh:f8ec3bebbbc52caca49030a65c2ffa79cea046516035832181388037065ff5e7", + ] +} + +provider "registry.terraform.io/hashicorp/google" { + version = "3.49.0" + constraints = ">= 3.49.0" + hashes = [ + "h1:MgihBNqO052m2jthWBu00wWYkz+eNrETwLqBfWmvMMY=", + "zh:00ea68b3a3b6e11ea469f47ee949c7f8f5751f935a3366152f9d3c6660c27e9b", + "zh:1ef3efc2e81fa31ceb04e39ae25acd0f061629f104827e127bdb4345e95f37d0", + "zh:6bf00943baa776adef0bbc914886359cf95c505b0494f3936cedac5cd1e01a00", + "zh:7d2cce5a9be476d8eee67435d854d094f82b5814a0e34964d10f28c1e88a2c8f", + "zh:841d074e3fb06f0df7c930bc0c4a9733ce0c5f1a19d6af98632a7931d2ca6a59", + "zh:8920ccd27c8904fcf5d701d71baee4f64d9d6f1383e66c4673909d9c53895057", + "zh:91d4479d2d461ad582d127d47aa7094bd74a1278cc8d78ad36a1c4f31301f4f0", + "zh:a97c19cdb42b5f7e4e297183d60eaa45843ee7b0adde1120e47026c4cae456c1", + "zh:cbd862cc4d21866bb832e3e7fe4e6ed959f5e5363bcf3d74e476b42fec716efe", + "zh:ec3c63ba6db74b353fafff6aedbb30e3eb1a4e5c856b4920c7ffa10d7081cbbd", + ] +} + +provider "registry.terraform.io/hashicorp/null" { + version = "3.0.0" + constraints = ">= 3.0.0" + hashes = [ + "h1:ysHGBhBNkIiJLEpthB/IVCLpA1Qoncp3KbCTFGFZTO0=", + "zh:05fb7eab469324c97e9b73a61d2ece6f91de4e9b493e573bfeda0f2077bc3a4c", + "zh:1688aa91885a395c4ae67636d411475d0b831e422e005dcf02eedacaafac3bb4", + "zh:24a0b1292e3a474f57c483a7a4512d797e041bc9c2fbaac42fe12e86a7fb5a3c", + "zh:2fc951bd0d1b9b23427acc93be09b6909d72871e464088171da60fbee4fdde03", + "zh:6db825759425599a326385a68acc6be2d9ba0d7d6ef587191d0cdc6daef9ac63", + "zh:85985763d02618993c32c294072cc6ec51f1692b803cb506fcfedca9d40eaec9", + "zh:a53186599c57058be1509f904da512342cfdc5d808efdaf02dec15f0f3cb039a", + "zh:c2e07b49b6efa676bdc7b00c06333ea1792a983a5720f9e2233db27323d2707c", + "zh:cdc8fe1096103cf5374751e2e8408ec4abd2eb67d5a1c5151fe2c7ecfd525bef", + "zh:dbdef21df0c012b0d08776f3d4f34eb0f2f229adfde07ff252a119e52c0f65b7", + ] +} + +provider "registry.terraform.io/hashicorp/random" { + version = "3.0.0" + constraints = ">= 3.0.0" + hashes = [ + "h1:grDzxfnOdFXi90FRIIwP/ZrCzirJ/SfsGBe6cE0Shg4=", + "zh:0fcb00ff8b87dcac1b0ee10831e47e0203a6c46aafd76cb140ba2bab81f02c6b", + "zh:123c984c0e04bad910c421028d18aa2ca4af25a153264aef747521f4e7c36a17", + "zh:287443bc6fd7fa9a4341dec235589293cbcc6e467a042ae225fd5d161e4e68dc", + "zh:2c1be5596dd3cca4859466885eaedf0345c8e7628503872610629e275d71b0d2", + "zh:684a2ef6f415287944a3d966c4c8cee82c20e393e096e2f7cdcb4b2528407f6b", + "zh:7625ccbc6ff17c2d5360ff2af7f9261c3f213765642dcd84e84ae02a3768fd51", + "zh:9a60811ab9e6a5bfa6352fbb943bb530acb6198282a49373283a8fa3aa2b43fc", + "zh:c73e0eaeea6c65b1cf5098b101d51a2789b054201ce7986a6d206a9e2dacaefd", + "zh:e8f9ed41ac83dbe407de9f0206ef1148204a0d51ba240318af801ffb3ee5f578", + "zh:fbdd0684e62563d3ac33425b0ac9439d543a3942465f4b26582bcfabcb149515", + ] +} diff --git a/terraform/providers.tf b/terraform/providers.tf new file mode 100644 index 0000000..aef51dd --- /dev/null +++ b/terraform/providers.tf @@ -0,0 +1,52 @@ +terraform { + required_version = ">=0.14" + required_providers { + google = { + version = ">=3.49.0" + source = "hashicorp/google" + } + + cloudflare = { + version = ">=2.14.0" + source = "cloudflare/cloudflare" + } + + random = { + version = ">=3.0.0" + source = "hashicorp/random" + } + + null = { + version = ">=3.0.0" + source = "hashicorp/null" + } + } +} + +variable "cloudflare_email" { + type = string + sensitive = true +} + +variable "cloudflare_api_token" { + type = string + sensitive = true +} + +variable "cloudflare_account_id" { + type = string + sensitive = true +} + +variable "cloudflare_zone_id" { + type = string + sensitive = true +} + +provider "cloudflare" { + email = var.cloudflare_email + api_token = var.cloudflare_api_token + account_id = var.cloudflare_account_id +} + + diff --git a/terraform/variables.tf b/terraform/variables.tf new file mode 100644 index 0000000..9428f23 --- /dev/null +++ b/terraform/variables.tf @@ -0,0 +1,40 @@ +variable "environment_tag" { + type = string + description = "Environment to deploy. One of: stage, prod" + + validation { + condition = var.environment_tag == "stage" || var.environment_tag == "prod" || var.environment_tag == "test" + error_message = "You must set environment_tag to one of: test, stage, or prod." + } +} + +variable "ui_regions" { + type = list(string) + description = "Cloud Run regions to deploy UI to" +} + +variable "bot_client_id" { + type = string + description = "Bot Client ID" +} + +variable "bot_client_secret" { + type = string + description = "Bot Client Secret" + sensitive = true +} + +variable "ui_public_uri" { + type = string + description = "UI Public Base Path" +} + +variable "api_public_uri" { + type = string + description = "API Public Base Path" +} + +variable "root_users" { + type = list(string) + description = "Root users to use for role elevation calculations" +} diff --git a/terraform/variables/.gitignore b/terraform/variables/.gitignore new file mode 100644 index 0000000..f47398a --- /dev/null +++ b/terraform/variables/.gitignore @@ -0,0 +1,2 @@ +# Do not commit your test environments. +test.tfvars diff --git a/terraform/variables/global.tfvars b/terraform/variables/global.tfvars new file mode 100644 index 0000000..e70e063 --- /dev/null +++ b/terraform/variables/global.tfvars @@ -0,0 +1,3 @@ +root_users = [ + "62601275618889728" +] \ No newline at end of file diff --git a/terraform/variables/prod.tfvars b/terraform/variables/prod.tfvars new file mode 100644 index 0000000..821be3d --- /dev/null +++ b/terraform/variables/prod.tfvars @@ -0,0 +1,11 @@ +environment_tag = "prod" +ui_regions = [ + "us-east4", + "us-central1", + "us-west1", + "europe-west2", + "europe-west3", + "australia-southeast1", + "asia-northeast1", + "asia-southeast1" +] \ No newline at end of file diff --git a/terraform/variables/stage.tfvars b/terraform/variables/stage.tfvars new file mode 100644 index 0000000..0792be5 --- /dev/null +++ b/terraform/variables/stage.tfvars @@ -0,0 +1,4 @@ +environment_tag = "stage" +ui_regions = [ + "us-east4" +] \ No newline at end of file diff --git a/terraform/workers.tf b/terraform/workers.tf new file mode 100644 index 0000000..bfb826e --- /dev/null +++ b/terraform/workers.tf @@ -0,0 +1,70 @@ +resource "cloudflare_workers_kv_namespace" "sessions" { + title = "roleypoly-sessions-${var.environment_tag}" +} + +resource "cloudflare_workers_kv_namespace" "guilds" { + title = "roleypoly-guilds-${var.environment_tag}" +} + +resource "cloudflare_workers_kv_namespace" "guild_data" { + title = "roleypoly-guild_data-${var.environment_tag}" +} + +resource "cloudflare_worker_script" "backend" { + name = "roleypoly-backend-${var.environment_tag}" + content = file("${path.module}/../worker/script.js") + + kv_namespace_binding { + name = "KV_SESSIONS" + namespace_id = cloudflare_workers_kv_namespace.sessions.id + } + + kv_namespace_binding { + name = "KV_GUILDS" + namespace_id = cloudflare_workers_kv_namespace.guilds.id + } + + kv_namespace_binding { + name = "KV_GUILD_DATA" + namespace_id = cloudflare_workers_kv_namespace.guild_data.id + } + + plain_text_binding { + name = "BOT_CLIENT_ID" + text = var.bot_client_id + } + + secret_text_binding { + name = "BOT_CLIENT_SECRET" + text = var.bot_client_secret + } + + plain_text_binding { + name = "UI_PUBLIC_URI" + text = var.ui_public_uri + } + + plain_text_binding { + name = "API_PUBLIC_URI" + text = var.api_public_uri + } + + plain_text_binding { + name = "ROOT_USERS" + text = join(",", var.root_users) + } +} + +resource "cloudflare_record" "api" { + zone_id = var.cloudflare_zone_id + name = "api-${var.environment_tag}" + type = "AAAA" + value = "100::" + proxied = true +} + +resource "cloudflare_worker_route" "backend" { + zone_id = var.cloudflare_zone_id + pattern = "api-${var.environment_tag}.roleypoly.com/*" + script_name = cloudflare_worker_script.backend.name +}