feature/PI-43-stored-properties secret stuff 8

NHSDigital · Oct 24, 2023 · 14655b4 · 14655b4
1 parent eeac6b8
commit 14655b4
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 23 deletions.
diff --git a/infrastructure/terraform/per_account/dev/parameters/provider.tf b/infrastructure/terraform/per_account/dev/parameters/provider.tf
@@ -16,6 +16,7 @@ provider "aws" {
       ProjectShortName = "CPM"
       ProjectFullname  = "Connecting Party Manager"
       ExpirationDate   = var.expiration_date
+      WorkspaceType    = var.workspace_type
     }
   }
 }
diff --git a/infrastructure/terraform/per_account/dev/parameters/vars.tf b/infrastructure/terraform/per_account/dev/parameters/vars.tf
@@ -22,3 +22,8 @@ variable "expiration_date" {
 variable "updated_date" {
   default = "NEVER"
 }
+
+variable "workspace_type" {
+  type    = string
+  default = "PERSISTENT"
+}
diff --git a/scripts/infrastructure/terraform/terraform-commands.sh b/scripts/infrastructure/terraform/terraform-commands.sh
@@ -12,7 +12,6 @@ TERRAFORM_ARGS="$5"
 AWS_REGION_NAME="eu-west-2"
 
 function _terraform() {
-    local account_wide=$3
     local workspace
     local aws_account_id
     local var_file
@@ -62,7 +61,7 @@ function _terraform() {
             fi
 
             cd "$terraform_dir" || return 1
-            _terraform_plan "$workspace" "$var_file" "$plan_file" "$aws_account_id"
+            _terraform_plan "$workspace" "$var_file" "$plan_file" "$aws_account_id" "$ACCOUNT_WIDE"
         ;;
         #----------------
         "apply")
@@ -72,7 +71,7 @@ function _terraform() {
             fi
 
             cd "$terraform_dir" || return 1
-            _terraform_apply "$workspace" "$plan_file"
+            _terraform_apply "$workspace" "$plan_file" "$ACCOUNT_WIDE"
         ;;
         #----------------
         "destroy")
@@ -87,7 +86,7 @@ function _terraform() {
             fi
 
             cd "$terraform_dir" || return 1
-            _terraform_destroy "$workspace" "$var_file" "$aws_account_id"
+            _terraform_destroy "$workspace" "$var_file" "$aws_account_id" "$ACCOUNT_WIDE"
         ;;
         #----------------
         "unlock")
@@ -114,11 +113,23 @@ function _terraform_plan() {
     local var_file=$2
     local plan_file=$3
     local aws_account_id=$4
-    local args=${@:5}
+    local account_wide=$5
+    local args=${@:6}
 
 
     terraform init || return 1
     terraform workspace select "$workspace" || terraform workspace new "$workspace" || return 1
+
+    if [[ "${account_wide}" = "account_wide" ]]; then
+        terraform plan \
+            -out="$plan_file" \
+            -var-file="$var_file" \
+            -var "assume_account=${aws_account_id}" \
+            -var "assume_role=${TERRAFORM_ROLE_NAME}" \
+            -var "updated_date=${current_date}" \
+            -var "expiration_date=${expiration_date}" || return 1
+    fi
+
     terraform plan \
         -out="$plan_file" \
         -var-file="$var_file" \
@@ -134,6 +145,7 @@ function _terraform_plan() {
 function _terraform_apply() {
     local workspace=$1
     local plan_file=$2
+    local account_wide=$3
     local args=${@:4}
 
     terraform workspace select "$workspace" || terraform workspace new "$workspace" || return 1
@@ -142,24 +154,35 @@ function _terraform_apply() {
 }
 
 function _terraform_destroy() {
-  local workspace=$1
-  local var_file=$2
-  local aws_account_id=$3
-  local args=${@:4}
-
-  terraform workspace select "$workspace" || terraform workspace new "$workspace" || return 1
-  terraform destroy \
-    -var-file="$var_file" \
-    -var "assume_account=${aws_account_id}" \
-    -var "assume_role=${TERRAFORM_ROLE_NAME}" \
-    -var "workspace_type=${workspace_type}" \
-    -var "lambdas=${lambdas}" \
-    -var "layers=${layers}" \
-    $args || return 1
-  if [ "$workspace" != "default" ]; then
-    terraform workspace select default || return 1
-    terraform workspace delete "$workspace" || return 1
-  fi
+    local workspace=$1
+    local var_file=$2
+    local aws_account_id=$3
+    local account_wide=$4
+    local args=${@:5}
+
+    terraform workspace select "$workspace" || terraform workspace new "$workspace" || return 1
+
+    if [[ "${account_wide}" = "account_wide" ]]; then
+        terraform destroy \
+            -var-file="$var_file" \
+            -var "assume_account=${aws_account_id}" \
+            -var "assume_role=${TERRAFORM_ROLE_NAME}" \
+            $args || return 1
+    fi
+
+    terraform destroy \
+        -var-file="$var_file" \
+        -var "assume_account=${aws_account_id}" \
+        -var "assume_role=${TERRAFORM_ROLE_NAME}" \
+        -var "workspace_type=${workspace_type}" \
+        -var "lambdas=${lambdas}" \
+        -var "layers=${layers}" \
+        $args || return 1
+
+    if [ "$workspace" != "default" ]; then
+        terraform workspace select default || return 1
+        terraform workspace delete "$workspace" || return 1
+    fi
 }
 
 function _terraform_unlock() {