-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathtasks
executable file
·84 lines (73 loc) · 2.34 KB
/
tasks
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
#!/bin/bash
set -Eeo pipefail
AWS_REGION=eu-west-2
AWS_HELPERS_VERSION="0.2.26"
echo "AWS helper scripts version: $AWS_HELPERS_VERSION"
# Do not change the file name as the aws helper scripts depend on it
AWS_HELPERS_FILE="utils/$AWS_HELPERS_VERSION/aws-helpers"
mkdir -p "utils/$AWS_HELPERS_VERSION"
if [[ ! -f $AWS_HELPERS_FILE ]];then
wget --quiet -O $AWS_HELPERS_FILE https://github.com/nhsconnect/prm-deductions-support-infra/releases/download/${AWS_HELPERS_VERSION}/aws-helpers
fi
chmod +x $AWS_HELPERS_FILE
source $AWS_HELPERS_FILE
function tf_plan {
operation=$1
aws_account_arn=$(aws sts get-caller-identity | jq -r .Arn)
if [[ $aws_account_arn =~ "gocd_agent-prod" || $aws_account_arn =~ "Deployer" ]]; then
COMMON_ACCOUNT_ROLE="CiToEnvLinker"
else
COMMON_ACCOUNT_ROLE="CiReadOnly"
fi
echo "Instructing terraform to assume ${COMMON_ACCOUNT_ROLE} role for cross account actions"
COMMON_ACCOUNT_ID=$(_get_aws_ssm_secret "/repo/ci/user-input/external/aws-account-id")
terraform init
terraform get # modules
if [[ "${operation}" == "create" ]]; then
terraform plan -var common_account_id="${COMMON_ACCOUNT_ID}" -var common_account_role="${COMMON_ACCOUNT_ROLE}" -var-file=terraform.tfvars -out="nhs_deployment.tfplan"
elif [[ "${operation}" == "destroy" ]]; then
terraform plan -var common_account_id="${COMMON_ACCOUNT_ID}" -var common_account_role="${COMMON_ACCOUNT_ROLE}" -var-file=terraform.tfvars -out="nhs_deployment.tfplan" -destroy
else
echo "Unknown operation (should be create or destroy), got: ${operation}"
exit 1
fi
}
function tf_apply {
terraform init
terraform get # modules
terraform apply nhs_deployment.tfplan
}
function _get_aws_ssm_secret {
secret_id=$1
json=$(aws ssm get-parameter --with-decryption --region $AWS_REGION --name $secret_id)
if [ $? != 0 ]; then
>&2 echo "Failed to obtain AWS secret from SSM: $secret_id"
exit 5
fi
echo $json | jq -r ".Parameter.Value"
}
command="$1"
case "${command}" in
tf)
dojo "bash"
;;
_tf_plan)
_assume_environment_role "prod" true
tf_plan "$2"
;;
tf_plan)
dojo "./tasks _tf_plan $2"
;;
_tf_apply)
_assume_environment_role "prod" true
tf_apply
;;
tf_apply)
dojo "./tasks _tf_apply"
;;
*)
echo "Invalid command: '${command}'"
exit 1
;;
esac
set +e