Merge pull request #47 from GSA-TTS/reset-spaces

Reset spaces

terraform/bootstrap/import.sh

@@ -5,8 +5,8 @@ read -p "Are you sure you want to import terraform state (y/n)? " verify
 if [[ $verify == "y" ]]; then
   echo "Importing bootstrap state"
   ./run.sh init
-  ./run.sh import module.s3.cloudfoundry_service_instance.bucket a26c2475-be53-4b1d-a61c-240530426fde
-  ./run.sh import cloudfoundry_service_key.bucket_creds b2e6d07e-d72a-4880-b364-c9d39e87d5db
+  ./run.sh import module.s3.cloudfoundry_service_instance.bucket 7ecc7fa5-6da9-4df7-bfbc-59d957a2d61e
+  ./run.sh import cloudfoundry_service_key.bucket_creds da42df77-ee50-43ba-87a7-ecedd872620d
   ./run.sh plan
 else
   echo "Not importing bootstrap state"

terraform/bootstrap/main.tf

@@ -6,7 +6,7 @@ module "s3" {
   source = "github.com/gsa-tts/terraform-cloudgov//s3?ref=v1.0.0"
 
   cf_org_name   = "gsa-tts-devtools-prototyping"
-  cf_space_name = "rahearn"
+  cf_space_name = "rahearn-mgmt"
   name          = local.s3_service_name
 }
 

terraform/bootstrap/run.sh

@@ -16,7 +16,8 @@ dig_output () {
 }
 
 if [[ ! -f "secrets.auto.tfvars" ]]; then
-  ../../bin/ops/create_service_account.sh -s rahearn -u config-bootstrap-deployer > secrets.auto.tfvars
+  cf target -s rahearn-mgmt || cf create-space rahearn-mgmt && cf disallow-space-ssh rahearn-mgmt
+  ../../bin/ops/create_service_account.sh -s rahearn-mgmt -u config-bootstrap-deployer > secrets.auto.tfvars
 fi
 
 if [[ $# -gt 0 ]]; then

terraform/bootstrap/teardown_creds.sh

@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
 
-../../bin/ops/destroy_service_account.sh -s rahearn -u config-bootstrap-deployer
+../../bin/ops/destroy_service_account.sh -s rahearn-mgmt -u config-bootstrap-deployer
 
 rm secrets.auto.tfvars

terraform/staging/main.tf

@@ -10,12 +10,11 @@ module "app_space" {
 
   cf_org_name   = local.cf_org_name
   cf_space_name = local.cf_space_name
+  allow_ssh     = false
   # deployers should include any user or service account ID that will deploy the app
-  deployers = [
-    "[email protected]",
-    var.cf_user
-  ]
-  asg_names = ["trusted_local_networks_egress"]
+  deployers  = ["[email protected]"]
+  developers = [var.cf_user]
+  asg_names  = ["trusted_local_networks_egress"]
 }
 
 module "database" {
@@ -25,6 +24,7 @@ module "database" {
   cf_space_name = local.cf_space_name
   name          = "${local.app_name}-rds-${local.env}"
   rds_plan_name = "micro-psql"
+  depends_on    = [module.app_space]
 }
 
 module "redis" {
@@ -34,19 +34,19 @@ module "redis" {
   cf_space_name   = local.cf_space_name
   name            = "${local.app_name}-redis-${local.env}"
   redis_plan_name = "redis-dev"
+  depends_on      = [module.app_space]
 }
 
 module "egress_space" {
   source = "github.com/gsa-tts/terraform-cloudgov//cg_space?ref=cg-space-asg"
 
   cf_org_name   = local.cf_org_name
   cf_space_name = "${local.cf_space_name}-egress"
+  allow_ssh     = false
   # deployers should include any user or service account ID that will deploy the egress proxy
-  deployers = [
-    "[email protected]",
-    var.cf_user
-  ]
-  asg_names = ["public_networks_egress"]
+  deployers  = ["[email protected]"]
+  developers = [var.cf_user]
+  asg_names  = ["public_networks_egress"]
 }
 
 module "egress_proxy" {
@@ -56,7 +56,8 @@ module "egress_proxy" {
   cf_space_name = module.egress_space.space_name
   client_space  = local.cf_space_name
   name          = "tfm-egress-proxy-${local.env}"
-  allowlist = {
-    "${local.app_name}-${local.env}" = ["raw.githubusercontent.com"]
-  }
+  # allowlist = {
+  # "${local.app_name}-${local.env}" = ["raw.githubusercontent.com"]
+  # }
+  depends_on = [module.app_space, module.egress_space]
 }

terraform/staging/providers.tf

@@ -8,7 +8,7 @@ terraform {
   }
 
   backend "s3" {
-    bucket  = "cg-a26c2475-be53-4b1d-a61c-240530426fde"
+    bucket  = "cg-7ecc7fa5-6da9-4df7-bfbc-59d957a2d61e"
     key     = "terraform.tfstate.stage"
     encrypt = "true"
     region  = "us-gov-west-1"