tf 5

elastic · Jan 7, 2024 · 1d0197a · 1d0197a
1 parent 305d43a
commit 1d0197a
Show file tree

Hide file tree

Showing 5 changed files with 209 additions and 10 deletions.
diff --git a/.github/workflows/test-gcp-dm.yml b/.github/workflows/test-gcp-dm.yml
@@ -13,15 +13,10 @@ on:
     #   - "deploy/deployment-manager/set_env.sh"
 
 env:
-  WORKING_DIR: deploy/test-environments
+  WORKING_DIR: deploy/gcp
   TF_VAR_ec_api_key: ${{ secrets.EC_API_KEY }}
   TF_VAR_ess_region: gcp-us-west2 # default region for testing deployments
 
-  # this is required for terraform to work because main includes multiple modules
-  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-  AWS_REGION: "eu-west-1"
-
 jobs:
   Test-GCP-DM:
     name: GCP Deployment Manager Test
@@ -64,11 +59,11 @@ jobs:
         if: success()
         working-directory: ${{ env.WORKING_DIR }}
         run: |
-          terraform -v
+          terraform -vs
           terraform init
           terraform validate
-          terraform apply --auto-approve -target=module.ec_deployment -var="deployment_name=gcp-ci-test"
-          terraform refresh -target=module.ec_deployment
+          terraform apply --auto-approve -var="deployment_name=gcp-ci-test"
+          terraform refresh
           terraform output
       # - name: Set Environment Output
       #   id: env-output
@@ -112,5 +107,5 @@ jobs:
         if: always()
         working-directory: ${{ env.WORKING_DIR }}
         run: |
-          terraform destroy --auto-approve -target=module.ec_deployment
+          terraform destroy --auto-approve
           # todo: delete gcp deployment
diff --git a/deploy/gcp/main.tf b/deploy/gcp/main.tf
@@ -0,0 +1,53 @@
+locals {
+  common_tags = {
+    division = "${var.division}"
+    org      = "${var.org}"
+    team     = "${var.team}"
+    project  = "${var.project}"
+  }
+  ec_url = "https://cloud.elastic.co"
+  ec_headers = {
+    Content-type  = "application/json"
+    Authorization = "ApiKey ${var.ec_api_key}"
+  }
+}
+
+resource "random_string" "suffix" {
+  length  = 3
+  special = false
+}
+
+provider "ec" {
+  apikey = var.ec_api_key
+}
+
+provider "restapi" {
+  alias                = "ec"
+  uri                  = local.ec_url
+  write_returns_object = true
+  headers              = local.ec_headers
+}
+
+# Elastic Cloud (EC) deployment
+module "ec_deployment" {
+  count  = 1
+  source = "github.com/elastic/apm-server/testing/infra/terraform/modules/ec_deployment"
+
+  region        = var.ess_region
+  stack_version = var.stack_version
+
+  deployment_template    = var.deployment_template
+  deployment_name_prefix = "${var.deployment_name}-${random_string.suffix.result}"
+
+  integrations_server = true
+
+  elasticsearch_size       = var.elasticsearch_size
+  elasticsearch_zone_count = var.elasticsearch_zone_count
+
+  docker_image = var.docker_image_override
+  docker_image_tag_override = {
+    "elasticsearch" : "",
+    "kibana" : "",
+    "apm" : ""
+  }
+}
diff --git a/deploy/gcp/output.tf b/deploy/gcp/output.tf
@@ -0,0 +1,33 @@
+# Global output
+# ============================================================
+output "deployment_name" {
+  value       = var.deployment_name
+  description = "Terraform deployment name"
+}
+
+# Elastic Cloud output
+# =============================================================
+output "elasticsearch_url" {
+  value       = var.serverless_mode ? module.ec_project[0].elasticsearch_url : module.ec_deployment[0].elasticsearch_url
+  description = "The secure Elasticsearch URL"
+}
+
+output "elasticsearch_username" {
+  value       = var.serverless_mode ? module.ec_project[0].elasticsearch_username : module.ec_deployment[0].elasticsearch_username
+  description = "The Elasticsearch username"
+  sensitive   = true
+}
+
+output "elasticsearch_password" {
+  value       = var.serverless_mode ? module.ec_project[0].elasticsearch_password : module.ec_deployment[0].elasticsearch_password
+  description = "The Elasticsearch password"
+  sensitive   = true
+}
+
+output "kibana_url" {
+  value       = var.serverless_mode ? module.ec_project[0].kibana_url : module.ec_deployment[0].kibana_url
+  description = "The secure Kibana URL"
+}
+
+# =============================================================
+
diff --git a/deploy/gcp/terraform.tf b/deploy/gcp/terraform.tf
@@ -0,0 +1,26 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.15.0"
+    }
+
+    ec = {
+      source  = "elastic/ec"
+      version = ">=0.5.0"
+    }
+
+    restapi = {
+      source  = "mastercard/restapi"
+      version = "~> 1.18.0"
+    }
+
+    random = {
+      source  = "hashicorp/random"
+      version = "~> 3.5.1"
+    }
+
+  }
+
+  required_version = ">= 1.3, <2.0.0"
+}
diff --git a/deploy/gcp/variables.tf b/deploy/gcp/variables.tf
@@ -0,0 +1,92 @@
+# Elastic Cloud variables
+# ===========================================
+variable "ec_api_key" {
+  description = "Provide Elastic Cloud API key or use export TF_VAR_ec_api_key={TOKEN}"
+  type        = string
+}
+
+variable "ess_region" {
+  default     = "gcp-us-west2"
+  description = "Optional ESS region where the deployment will be created. Defaults to gcp-us-west2"
+  type        = string
+}
+
+variable "stack_version" {
+  default     = "latest"
+  description = "Optional stack version"
+  type        = string
+}
+
+variable "serverless_mode" {
+  default     = false
+  description = "Set to true to create a serverless security project instead of an ESS deployment"
+  type        = bool
+}
+
+variable "deployment_template" {
+  default     = "gcp-compute-optimized-v2"
+  description = "Optional deployment template. Defaults to the CPU optimized template for GCP"
+  type        = string
+}
+
+variable "deployment_name" {
+  default     = "test-env-ci-tf"
+  description = "Optional set a prefix of the deployment. Defaults to test-env-ci-tf"
+}
+
+variable "elasticsearch_size" {
+  default     = "8g"
+  type        = string
+  description = "Optional Elasticsearch instance size"
+}
+
+variable "elasticsearch_zone_count" {
+  default     = 1
+  type        = number
+  description = "Optional Elasticsearch zone count"
+}
+
+variable "docker_image_tag_override" {
+  default = {
+    "elasticsearch" : "",
+    "kibana" : "",
+    "apm" : "",
+  }
+  description = "Optional docker image tag override"
+  type        = map(string)
+}
+
+variable "docker_image_override" {
+  default = {
+    "elasticsearch" : "docker.elastic.co/cloud-release/elasticsearch-cloud-ess",
+    "kibana" : "docker.elastic.co/cloud-release/kibana-cloud",
+    "apm" : "docker.elastic.co/cloud-release/elastic-agent-cloud",
+  }
+  type = map(string)
+}
+
+variable "division" {
+  default     = "engineering"
+  type        = string
+  description = "Optional division resource tag"
+}
+
+variable "org" {
+  default     = "security"
+  type        = string
+  description = "Optional org resource tag"
+}
+
+variable "team" {
+  default     = "cloud-security-posture"
+  type        = string
+  description = "Optional team resource tag"
+}
+
+variable "project" {
+  default     = "test-environments"
+  type        = string
+  description = "Optional project resource tag"
+}
+
+# ============================================