From 14655b497d16523d19e989e9d62d38b678bb85e1 Mon Sep 17 00:00:00 2001 From: Rowan Gill Date: Tue, 24 Oct 2023 11:55:53 +0100 Subject: [PATCH] feature/PI-43-stored-properties secret stuff 8 --- .../per_account/dev/parameters/provider.tf | 1 + .../per_account/dev/parameters/vars.tf | 5 ++ .../terraform/terraform-commands.sh | 69 ++++++++++++------- 3 files changed, 52 insertions(+), 23 deletions(-) diff --git a/infrastructure/terraform/per_account/dev/parameters/provider.tf b/infrastructure/terraform/per_account/dev/parameters/provider.tf index 607260513..9a5af6795 100644 --- a/infrastructure/terraform/per_account/dev/parameters/provider.tf +++ b/infrastructure/terraform/per_account/dev/parameters/provider.tf @@ -16,6 +16,7 @@ provider "aws" { ProjectShortName = "CPM" ProjectFullname = "Connecting Party Manager" ExpirationDate = var.expiration_date + WorkspaceType = var.workspace_type } } } diff --git a/infrastructure/terraform/per_account/dev/parameters/vars.tf b/infrastructure/terraform/per_account/dev/parameters/vars.tf index dee321ea5..8b585d3c0 100644 --- a/infrastructure/terraform/per_account/dev/parameters/vars.tf +++ b/infrastructure/terraform/per_account/dev/parameters/vars.tf @@ -22,3 +22,8 @@ variable "expiration_date" { variable "updated_date" { default = "NEVER" } + +variable "workspace_type" { + type = string + default = "PERSISTENT" +} diff --git a/scripts/infrastructure/terraform/terraform-commands.sh b/scripts/infrastructure/terraform/terraform-commands.sh index ee606c5d4..d474473e3 100644 --- a/scripts/infrastructure/terraform/terraform-commands.sh +++ b/scripts/infrastructure/terraform/terraform-commands.sh @@ -12,7 +12,6 @@ TERRAFORM_ARGS="$5" AWS_REGION_NAME="eu-west-2" function _terraform() { - local account_wide=$3 local workspace local aws_account_id local var_file @@ -62,7 +61,7 @@ function _terraform() { fi cd "$terraform_dir" || return 1 - _terraform_plan "$workspace" "$var_file" "$plan_file" "$aws_account_id" + _terraform_plan "$workspace" "$var_file" "$plan_file" "$aws_account_id" "$ACCOUNT_WIDE" ;; #---------------- "apply") @@ -72,7 +71,7 @@ function _terraform() { fi cd "$terraform_dir" || return 1 - _terraform_apply "$workspace" "$plan_file" + _terraform_apply "$workspace" "$plan_file" "$ACCOUNT_WIDE" ;; #---------------- "destroy") @@ -87,7 +86,7 @@ function _terraform() { fi cd "$terraform_dir" || return 1 - _terraform_destroy "$workspace" "$var_file" "$aws_account_id" + _terraform_destroy "$workspace" "$var_file" "$aws_account_id" "$ACCOUNT_WIDE" ;; #---------------- "unlock") @@ -114,11 +113,23 @@ function _terraform_plan() { local var_file=$2 local plan_file=$3 local aws_account_id=$4 - local args=${@:5} + local account_wide=$5 + local args=${@:6} terraform init || return 1 terraform workspace select "$workspace" || terraform workspace new "$workspace" || return 1 + + if [[ "${account_wide}" = "account_wide" ]]; then + terraform plan \ + -out="$plan_file" \ + -var-file="$var_file" \ + -var "assume_account=${aws_account_id}" \ + -var "assume_role=${TERRAFORM_ROLE_NAME}" \ + -var "updated_date=${current_date}" \ + -var "expiration_date=${expiration_date}" || return 1 + fi + terraform plan \ -out="$plan_file" \ -var-file="$var_file" \ @@ -134,6 +145,7 @@ function _terraform_plan() { function _terraform_apply() { local workspace=$1 local plan_file=$2 + local account_wide=$3 local args=${@:4} terraform workspace select "$workspace" || terraform workspace new "$workspace" || return 1 @@ -142,24 +154,35 @@ function _terraform_apply() { } function _terraform_destroy() { - local workspace=$1 - local var_file=$2 - local aws_account_id=$3 - local args=${@:4} - - terraform workspace select "$workspace" || terraform workspace new "$workspace" || return 1 - terraform destroy \ - -var-file="$var_file" \ - -var "assume_account=${aws_account_id}" \ - -var "assume_role=${TERRAFORM_ROLE_NAME}" \ - -var "workspace_type=${workspace_type}" \ - -var "lambdas=${lambdas}" \ - -var "layers=${layers}" \ - $args || return 1 - if [ "$workspace" != "default" ]; then - terraform workspace select default || return 1 - terraform workspace delete "$workspace" || return 1 - fi + local workspace=$1 + local var_file=$2 + local aws_account_id=$3 + local account_wide=$4 + local args=${@:5} + + terraform workspace select "$workspace" || terraform workspace new "$workspace" || return 1 + + if [[ "${account_wide}" = "account_wide" ]]; then + terraform destroy \ + -var-file="$var_file" \ + -var "assume_account=${aws_account_id}" \ + -var "assume_role=${TERRAFORM_ROLE_NAME}" \ + $args || return 1 + fi + + terraform destroy \ + -var-file="$var_file" \ + -var "assume_account=${aws_account_id}" \ + -var "assume_role=${TERRAFORM_ROLE_NAME}" \ + -var "workspace_type=${workspace_type}" \ + -var "lambdas=${lambdas}" \ + -var "layers=${layers}" \ + $args || return 1 + + if [ "$workspace" != "default" ]; then + terraform workspace select default || return 1 + terraform workspace delete "$workspace" || return 1 + fi } function _terraform_unlock() {