-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathtasks
executable file
·128 lines (109 loc) · 3.34 KB
/
tasks
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
#!/bin/bash
set -Eeo pipefail
if [ "$#" -ne 3 ]; then
echo "Usage: $0 TASK STACK STACK-ENVIRONMENT"
exit 1
fi
task="$1"
stack_name="$2"
stack_env="$3"
state_region="eu-west-2"
tf_dir=stacks/${stack_name}/terraform
env_name=$(jq -r .${stack_env}.name environment.json)
state_lock_table=$(jq -r .${stack_env}.dynamo_table environment.json)
state_bucket=$(jq -r .${stack_env}.bucket_name environment.json)
s3_state_key=$(jq -r .${stack_env}.state_key_prefix environment.json)${stack_name}/terraform.tfstate
echo "Terraform state stored in s3://${state_bucket}/${s3_state_key}"
function assume_role() {
role_arn_param=$(jq -r .${stack_env}.role_arn_param environment.json)
if [ "$role_arn_param" != "null" ]; then
role_arn=$(aws ssm get-parameters --region ${state_region} --names ${role_arn_param} --query 'Parameters[0].Value' --output text)
session_name="registrations-dashboard-${env_name}-session"
sts=$(
aws sts assume-role \
--role-arn $role_arn \
--role-session-name $session_name \
--output json
)
export AWS_ACCESS_KEY_ID=$(echo $sts | jq -r .Credentials.AccessKeyId)
export AWS_SECRET_ACCESS_KEY=$(echo $sts | jq -r .Credentials.SecretAccessKey)
export AWS_SESSION_TOKEN=$(echo $sts | jq -r .Credentials.SessionToken)
fi
}
export TF_DATA_DIR=.terraform/${stack_env}/${stack_name}
function tf_init() {
assume_role
terraform -chdir=${tf_dir} init \
-backend-config key=${s3_state_key} \
-backend-config bucket=${state_bucket} \
-backend-config dynamodb_table=${state_lock_table} \
-backend-config region=${state_region}
}
function build_lambda {
lambda_name=$1
build_dir=lambda/build/$lambda_name
rm -rf $build_dir
mkdir -p $build_dir
requirements_file=lambda/$lambda_name/requirements.txt
if test -f "$requirements_file"; then
pip install -r $requirements_file -t $build_dir
fi
cp lambda/$lambda_name/*.py $build_dir
pushd $build_dir
zip -r -X ../$lambda_name.zip .
popd
}
echo "--- ${task} ---"
case "${task}" in
validate)
tf_init
terraform -chdir=${tf_dir} validate
;;
dojo-validate)
dojo "./tasks validate ${stack_name} ${stack_env}"
;;
plan)
build_lambda log-alerts-technical-failures-above-threshold
build_lambda log-alerts-pipeline-error
build_lambda email-report
build_lambda validate-metrics
build_lambda gp2gp-dashboard-alert
tf_init
var_file=$(eval "pwd")/stacks/${stack_name}/vars/${stack_env}.tfvars
plan_output=$(eval "pwd")/stacks/${stack_name}/terraform/${stack_env}.tfplan
terraform -chdir=${tf_dir} plan -var environment=$env_name \
-var-file=${var_file} \
-out=${plan_output}
;;
dojo-plan)
dojo "./tasks plan ${stack_name} ${stack_env}"
;;
apply)
tf_init
terraform -chdir=${tf_dir} apply ${stack_env}.tfplan
;;
dojo-apply)
dojo "./tasks apply ${stack_name} ${stack_env}"
;;
format)
terraform -chdir=${tf_dir} fmt
;;
destroy)
tf_init
var_file=$(eval "pwd")/stacks/${stack_name}/vars/${stack_env}.tfvars
terraform -chdir=${tf_dir} destroy -var environment=$env_name \
-var-file=${var_file}
;;
build-lambda)
build_lambda log-alerts-pipeline-error
build_lambda log-alerts-technical-failures-above-threshold
build_lambda email-report
build_lambda validate-metrics
build_lambda gp2gp-dashboard-alert
;;
*)
echo "Invalid task: '${task}'"
exit 1
;;
esac
set +e