write init script for s3.

mazgi · Sep 8, 2022 · 3628940 · 3628940
1 parent 7d6636c
commit 3628940
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 2 deletions.
diff --git a/scripts/provisioning.init-with-azure.sh → ...g.init-terraform-with-azurerm-backend.zsh b/scripts/provisioning.init-with-azure.sh → ...g.init-terraform-with-azurerm-backend.zsh
@@ -1,4 +1,5 @@
 #!/usr/bin/env -S zsh -eu
+setopt extended_glob
 
 # see: http:https://zsh.sourceforge.net/Doc/Release/Zsh-Modules.html#index-funcstack
 if [[ ${#funcstack[@]} -ne 0 ]]; then
@@ -13,15 +14,33 @@ if [[ ! -v PROJECT_UNIQUE_ID ]]; then
  exit 0
 fi
 
+termColorClear='\033[0m'
+termColorWarn='\033[1;33m'
+echoWarn() {
+ echo -e "${termColorWarn}$1${termColorClear}"
+}
+
+readonly TFSTATE_BACKEND_TYPE=$(echo $0 | sed -e 's/.*init-terraform-with-\([a-z0-9]*\)-backend\.zsh$/\1/')
+for unnecessary_tf in $(ls -1 backend.*.tf~*${TFSTATE_BACKEND_TYPE}*)
+do
+ echoWarn "WARN: The backend config ${unnecessary_tf} will be renamed to disable."
+ echoWarn "$(mv --verbose ${unnecessary_tf}{,.disabled.txt})"
+done
+
 readonly RESOURCE_GROUP_FOR_PROVISIONING="rg-${PROJECT_UNIQUE_ID}-provisioning"
 readonly STORAGE_ACCOUNT_FOR_PROVISIONING="$(echo ${PROJECT_UNIQUE_ID} | tr --complement --delete '0-9a-z' | cut -c-24)"
 readonly CONTAINER_NAME_FOR_PROVISIONING="provisioning"
 
 # Auth Azure with Service Principal
 az login --service-principal\
- --username "${ARM_CLIENT_ID}"\
+ --username ${ARM_CLIENT_ID}\
  --password "${ARM_CLIENT_SECRET}"\
- --tenant "${ARM_TENANT_ID}"
+ --tenant ${ARM_TENANT_ID}\
+ --output none
+az account set\
+ --subscription ${ARM_SUBSCRIPTION_ID}
+az account list\
+ --query "[?isDefault]"
 
 # Create the 
 az group create\

diff --git a/scripts/provisioning.init-with-google.sh → ...oning.init-terraform-with-gcs-backend.zsh b/scripts/provisioning.init-with-google.sh → ...oning.init-terraform-with-gcs-backend.zsh
@@ -1,4 +1,5 @@
 #!/usr/bin/env -S zsh -eu
+setopt extended_glob
 
 # see: http:https://zsh.sourceforge.net/Doc/Release/Zsh-Modules.html#index-funcstack
 if [[ ${#funcstack[@]} -ne 0 ]]; then
@@ -13,6 +14,19 @@ if [[ ! -v PROJECT_UNIQUE_ID ]]; then
  exit 0
 fi
 
+termColorClear='\033[0m'
+termColorWarn='\033[1;33m'
+echoWarn() {
+ echo -e "${termColorWarn}$1${termColorClear}"
+}
+
+readonly TFSTATE_BACKEND_TYPE=$(echo $0 | sed -e 's/.*init-terraform-with-\([a-z0-9]*\)-backend\.zsh$/\1/')
+for unnecessary_tf in $(ls -1 backend.*.tf~*${TFSTATE_BACKEND_TYPE}*)
+do
+ echoWarn "WARN: The backend config ${unnecessary_tf} will be renamed to disable."
+ echoWarn "$(mv --verbose ${unnecessary_tf}{,.disabled.txt})"
+done
+
 readonly BUCKET_NAME_FOR_PROVISIONING="${PROJECT_UNIQUE_ID}-provisioning"
 
 # Auth gcloud

diff --git a/scripts/provisioning.init-terraform-with-s3-backend.zsh b/scripts/provisioning.init-terraform-with-s3-backend.zsh
@@ -0,0 +1,56 @@
+#!/usr/bin/env -S zsh -eu
+setopt extended_glob
+
+# see: http:https://zsh.sourceforge.net/Doc/Release/Zsh-Modules.html#index-funcstack
+if [[ ${#funcstack[@]} -ne 0 ]]; then
+ echo 'the script is being sourced.'
+ echo "please run it is as a subshell such as \"sh $0\""
+ return 0
+fi
+
+if [[ ! -v PROJECT_UNIQUE_ID ]]; then
+ echo 'the $PROJECT_UNIQUE_ID variable is not set.'
+ echo 'it was canceled.'
+ exit 0
+fi
+
+termColorClear='\033[0m'
+termColorWarn='\033[1;33m'
+echoWarn() {
+ echo -e "${termColorWarn}$1${termColorClear}"
+}
+
+readonly TFSTATE_BACKEND_TYPE=$(echo $0 | sed -e 's/.*init-terraform-with-\([a-z0-9]*\)-backend\.zsh$/\1/')
+for unnecessary_tf in $(ls -1 backend.*.tf~*${TFSTATE_BACKEND_TYPE}*)
+do
+ echoWarn "WARN: The backend config ${unnecessary_tf} will be renamed to disable."
+ echoWarn "$(mv --verbose ${unnecessary_tf}{,.disabled.txt})"
+done
+
+readonly BUCKET_NAME_FOR_PROVISIONING="${PROJECT_UNIQUE_ID}-provisioning"
+
+# Create the S3 bucket to save tfstate
+aws s3 mb s3:https://${BUCKET_NAME_FOR_PROVISIONING}
+aws s3api put-public-access-block\
+ --bucket ${BUCKET_NAME_FOR_PROVISIONING}\
+ --public-access-block-configuration 'BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true' 
+aws s3api get-public-access-block\
+ --bucket ${BUCKET_NAME_FOR_PROVISIONING}
+aws s3api put-bucket-versioning\
+ --bucket ${BUCKET_NAME_FOR_PROVISIONING}\
+ --versioning-configuration Status=Enabled
+aws s3api get-bucket-versioning\
+ --bucket ${BUCKET_NAME_FOR_PROVISIONING}
+
+# Detect terraform version
+rm -f .terraform-version
+sudo tfenv install min-required
+sudo tfenv use min-required
+terraform version -json | jq -r '.terraform_version' | tee -a /tmp/.terraform-version
+mv /tmp/.terraform-version .
+# Init terraform
+mkdir -p ${TF_DATA_DIR}
+sudo chmod a+rwx ${TF_DATA_DIR}
+echoWarn 'WARN: The s3 backend currently does not support state locking!'
+echoWarn 'Please read https://www.terraform.io/language/settings/backends/s3 and https://github.com/hashicorp/terraform/issues/27070'
+terraform init -backend-config="bucket=${BUCKET_NAME_FOR_PROVISIONING}"