Skip to content
This repository has been archived by the owner on Oct 7, 2021. It is now read-only.

Commit

Permalink
Support Network CIDR Calculations (#3)
Browse files Browse the repository at this point in the history
* Support Network CIDR Calculations

* Minor fixes
  • Loading branch information
osterman authored Dec 30, 2018
1 parent 87a6eb1 commit 7bc0a13
Show file tree
Hide file tree
Showing 14 changed files with 132 additions and 8 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@ make root

Subaccounts are created by the root account, but are ultimately provisioned using the subaccount containers.

Update the configuration for all the child accounts by editing the `configs/root.tfvar` file.
Update the configuration for all the child accounts by editing the `configs/$stage.tfvar` file (replace `$stage` with the name of the account).

To get started, run:

Expand Down
4 changes: 3 additions & 1 deletion modules/README.md
Original file line number Diff line number Diff line change
@@ -1 +1,3 @@
This directory contains modules used to create all the scaffolding. It's basically a code generator which creates directories, `Dockerfiles` and builds docker images.
This directory contains modules used to create all the scaffolding. It's basically a **code generator** which creates directories, `Dockerfiles`, some boilerplate terraform code and then builds docker images.

These terraform modules are not intended to be used (or useful) outside of this repository.
14 changes: 11 additions & 3 deletions modules/account/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -27,15 +27,23 @@ locals {
geodesic_base_image = "${var.geodesic_base_image}"
terraform_root_modules_image = "${var.terraform_root_modules_image}"
terraform_root_modules = "${join("\n", data.null_data_source.terraform_root_modules.*.outputs.copy_from)}"
org_network_cidr = "${var.org_network_cidr}"
account_network_cidr = "${var.account_network_cidr}"
}

vars = "${merge(var.vars, local.context)}"

env = {
TERRAFORM_ROOT_MODULES = "${join(" ", data.null_data_source.terraform_root_modules.*.outputs.module_name)}"
}
}

# Write an env file for this stage that we can use from shell scripts
resource "local_file" "artifacts" {
content = "export TERRAFORM_ROOT_MODULES=\"${join(" ", data.null_data_source.terraform_root_modules.*.outputs.module_name)}\"\n"
filename = "${var.artifacts_dir}/${var.stage}.env"
module "export_env" {
source = "../../modules/export-env"
env = "${local.env}"
output_file = "${var.artifacts_dir}/${var.stage}.env"
format = "export %s=%s"
}

module "init_dirs" {
Expand Down
4 changes: 4 additions & 0 deletions modules/account/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,10 @@ variable "strip" {
default = ""
}

variable "org_network_cidr" {}

variable "account_network_cidr" {}

variable "artifacts_dir" {}

variable "repos_dir" {}
Expand Down
2 changes: 2 additions & 0 deletions modules/child/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -20,4 +20,6 @@ module "account" {
geodesic_base_image = "${var.geodesic_base_image}"
terraform_root_modules_image = "${var.terraform_root_modules_image}"
terraform_root_modules = "${var.terraform_root_modules}"
org_network_cidr = "${var.org_network_cidr}"
account_network_cidr = "${length(var.account_network_cidr) > 0 ? var.account_network_cidr : var.networks[var.stage]}"
}
11 changes: 11 additions & 0 deletions modules/child/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,17 @@ variable "strip" {
default = "/\\.(child)$/"
}

variable "networks" {
type = "map"
default = {}
}

variable "org_network_cidr" {}

variable "account_network_cidr" {
default = ""
}

variable "artifacts_dir" {}

variable "repos_dir" {}
Expand Down
27 changes: 27 additions & 0 deletions modules/export-env/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@

locals {
keys = "${keys(var.env)}"
values = "${values(var.env)}"
}

data "null_data_source" "envs" {
count = "${length(local.keys)}"

inputs = {
encoded = "${format(var.format, element(local.keys, count.index), jsonencode(element(local.values, count.index)))}"
raw = "${format(var.format, element(local.keys, count.index), element(local.values, count.index))}"
}
}

locals {
export = {
encoded = "${format(var.template, join("\n", data.null_data_source.envs.*.outputs.encoded))}"
raw = "${format(var.template, join("\n", data.null_data_source.envs.*.outputs.raw))}"
}
}

# Write an env file that we can use from shell scripts
resource "local_file" "env_file" {
content = "${local.export[var.type]}"
filename = "${var.output_file}"
}
17 changes: 17 additions & 0 deletions modules/export-env/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
variable "env" {
type = "map"
}

variable "output_file" {}

variable "template" {
default = "%s\n"
}

variable "format" {
default = "export %s=%s"
}

variable "type" {
default = "encoded"
}
44 changes: 41 additions & 3 deletions modules/root/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,24 @@ locals {
vars = "${merge(var.vars, local.context)}"
}


locals {
all_accounts = "${concat(list("root"), var.accounts_enabled)}"
}

data "null_data_source" "networks" {
count = "${length(local.all_accounts)}"

inputs = {
cidr = "${cidrsubnet(var.org_network_cidr, 8, count.index)}"
}
}

locals {
networks = "${zipmap(local.all_accounts, data.null_data_source.networks.*.outputs.cidr)}"
}


module "account" {
source = "../../modules/account/"

Expand All @@ -37,6 +55,8 @@ module "account" {
geodesic_base_image = "${var.geodesic_base_image}"
terraform_root_modules_image = "${var.terraform_root_modules_image}"
terraform_root_modules = "${var.terraform_root_modules}"
org_network_cidr = "${var.org_network_cidr}"
account_network_cidr = "${length(var.account_network_cidr) > 0 ? var.account_network_cidr : local.networks[var.stage]}"
}

module "add_users" {
Expand All @@ -46,8 +66,26 @@ module "add_users" {
output_dir = "${module.account.repo_dir}/conf/users"
}

locals {
makefile_env = {
ACCOUNTS_ENABLED = "${join(" ", var.accounts_enabled)}"
}
}

# Write an env file that we can use from other Makefiles
resource "local_file" "makefile_env" {
content = "ACCOUNTS_ENABLED = ${join(" ", var.accounts_enabled)}\n"
filename = "${var.artifacts_dir}/Makefile.env"
module "export_makefile_env" {
source = "../../modules/export-env"
env = "${local.makefile_env}"
output_file = "${var.artifacts_dir}/Makefile.env"
format = "%s = %s"
type = "raw"
}

# Write an tfvar file for this stage that we can use from terraform modules
module "export_tfvars" {
source = "../../modules/export-env"
env = "${local.networks}"
output_file = "${var.artifacts_dir}/networks.tfvars"
template = "networks = {\n%s\n}\n"
format = " %s = %s"
}
6 changes: 6 additions & 0 deletions modules/root/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,12 @@ variable "strip" {
default = "/\\.(root)$/"
}

variable "org_network_cidr" {}

variable "account_network_cidr" {
default = ""
}

variable "artifacts_dir" {}

variable "repos_dir" {}
Expand Down
1 change: 1 addition & 0 deletions tasks/Makefile.child
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ $(1)/init: $(1)/validate $(1)/clean
$(call terraform,$(1)) apply \
-var-file=artifacts/aws.tfvars \
-var-file=artifacts/accounts.tfvars \
-var-file=artifacts/networks.tfvars \
-var-file=$$(CONFIGS)/root.tfvars \
-var-file=$$(CONFIGS)/$(1).tfvars \
-state=$(1).tfstate \
Expand Down
4 changes: 4 additions & 0 deletions templates/Dockerfile.child
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,10 @@ ENV AWS_REGION="${aws_region}"
ENV AWS_ACCOUNT_ID="${aws_account_id}"
ENV AWS_ROOT_ACCOUNT_ID="${aws_root_account_id}"

# Network CIDR Ranges
ENV ORG_NETWORK_CIDR="${org_network_cidr}"
ENV ACCOUNT_NETWORK_CIDR="${account_network_cidr}"

# chamber KMS config
ENV CHAMBER_KMS_KEY_ALIAS="alias/$${NAMESPACE}-$${STAGE}-chamber"

Expand Down
4 changes: 4 additions & 0 deletions templates/Dockerfile.root
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,10 @@ ENV AWS_DEFAULT_REGION="$${AWS_REGION}"
ENV AWS_ACCOUNT_ID="${aws_account_id}"
ENV AWS_ROOT_ACCOUNT_ID="${aws_root_account_id}"

# Network CIDR Ranges
ENV ORG_NETWORK_CIDR="${org_network_cidr}"
ENV ACCOUNT_NETWORK_CIDR="${account_network_cidr}"

# Terraform state bucket and DynamoDB table for state locking
ENV TF_BUCKET_REGION="$${AWS_REGION}"
ENV TF_BUCKET="$${NAMESPACE}-$${STAGE}-terraform-state"
Expand Down
Empty file added templates/README.md
Empty file.

0 comments on commit 7bc0a13

Please sign in to comment.