Merge pull request #44 from yunkon-kim/yunkon-kim-240327-1

Use the `.tofu` directory only for TF operations

.dockerignore

@@ -26,8 +26,10 @@ logs/
 
 # Files for tofu and infrastructure configurations
 !.tofu/
-.tofu/*
-!.tofu/secrets
-.tofu/secrets/*
-!.tofu/secrets/.keep
-!.tofu/template-tfs
+.tofu/**
+!.tofu/.keep
+
+!secrets
+secrets/**
+!secrets/.keep
+!secrets/README.md

.gitignore

@@ -44,8 +44,10 @@ logs/
 
 # Files for tofu and infrastructure configurations
 !.tofu/
-.tofu/*
-!.tofu/secrets
-.tofu/secrets/*
-!.tofu/secrets/.keep
-!.tofu/template-tfs
+.tofu/**
+!.tofu/.keep
+
+!secrets
+secrets/**
+!secrets/.keep
+!secrets/README.md

Dockerfile

@@ -39,6 +39,8 @@ WORKDIR /app
 # Assets, scripts, and configuration files are copied excluding credentials.conf
 # which should be specified in .dockerignore
 COPY --from=builder /go/src/github.com/cloud-barista/poc-mc-net-tf/.tofu/ /app/.tofu/
+COPY --from=builder /go/src/github.com/cloud-barista/poc-mc-net-tf/templates/ /app/templates/
+COPY --from=builder /go/src/github.com/cloud-barista/poc-mc-net-tf/secrets/ /app/secrets/
 COPY --from=builder /go/src/github.com/cloud-barista/poc-mc-net-tf/conf/ /app/conf/
 COPY --from=builder /go/src/github.com/cloud-barista/poc-mc-net-tf/scripts/ /app/scripts/
 COPY --from=builder /go/src/github.com/cloud-barista/poc-mc-net-tf/cmd/poc-mc-net-tf/poc-mc-net-tf /app/
@@ -48,7 +50,7 @@ RUN apt-get update && apt-get install -y git
 
 # Setting various environment variables required by the application
 ENV POCMCNETTF_ROOT=/app \
-    LOGFILE_PATH=poc-mc-net-tf.log \
+    LOGFILE_PATH=/app/.tofu/poc-mc-net-tf.log \
     LOGFILE_MAXSIZE=10 \
     LOGFILE_MAXBACKUPS=3 \
     LOGFILE_MAXAGE=30 \

README.md

@@ -79,7 +79,7 @@ See [How to install the Azure CLI](https://learn.microsoft.com/en-us/cli/azure/i
 See [Create a service principal for use with Microsoft Purview](https://learn.microsoft.com/en-us/purview/create-service-principal-azure)
 See [Create an Azure service principal with Azure CLI](https://learn.microsoft.com/en-us/cli/azure/azure-cli-sp-tutorial-1?tabs=bash)
 
-3. Store MS Azure credential `.tofu/secrets/credential-azure.env`
+3. Store MS Azure credential `secrets/credential-azure.env`
 
 <details>
   <summary>Click to see sample</summary>
@@ -95,7 +95,7 @@ See [Create an Azure service principal with Azure CLI](https://learn.microsoft.c
 
 4. Run
 ```bash
-source .tofu/secrets/credential-azure.env
+source secrets/credential-azure.env
 az login --service-principal -u "$ARM_CLIENT_ID" -p "$ARM_CLIENT_SECRET" --tenant "$ARM_TENANT_ID"
 ```
 
@@ -105,7 +105,7 @@ az login --service-principal -u "$ARM_CLIENT_ID" -p "$ARM_CLIENT_SECRET" --tenan
 
 See [Service account credentials](https://developers.google.com/workspace/guides/create-credentials#service-account)
 
-2. Store your GCP credential `.tofu/secrets/credential-gcp.json`
+2. Store your GCP credential `secrets/credential-gcp.json`
 
 <details>
   <summary>Click to see sample</summary>
@@ -152,26 +152,27 @@ Check a tag of poc-mc-net-tf container image in cloudbaristaorg/poc-mc-net-tf
 
 Note - Credentials for AWS, Azure, and GCP must be prepared and injected when running a container.
 
-Note - Modify `source="${PWD}"/.tofu/secrets/` to the appropriate path.
+Note - Modify `source="${PWD}"/secrets/` to the appropriate path.
 
 Note - About credential injection:
-  * Set AWS credenttal as environment variable: `--env-file "${PWD}"/.tofu/secrets/credentials`
-  * Set Azure credential as environment variable: `--env-file "${PWD}"/.tofu/secrets/credential-azure.env`
-  * Mount GCP credential file: `--mount type=bind,source="${PWD}"/.tofu/secrets/,target=/app/.tofu/secrets/`  
+  * Set AWS credenttal as environment variable: `--env-file "${PWD}"/secrets/credentials`
+  * Set Azure credential as environment variable: `--env-file "${PWD}"/secrets/credentials`
+  * Mount GCP credential file: `--mount type=bind,source="${PWD}"/secrets/,target=/app/secrets/`  
 
 ```bash
+
 docker run \
---env-file "${PWD}"/.tofu/secrets/credentials \
---env-file "${PWD}"/.tofu/secrets/credential-azure.env \
---mount type=bind,source="${PWD}"/.tofu/secrets/,target=/app/.tofu/secrets/ \
+--env-file "${PWD}"/secrets/credentials \
+--env-file "${PWD}"/secrets/credential-azure.env \
+--mount type=bind,source="${PWD}"/secrets/,target=/app/secrets/ \
 -p 8888:8888 \
 --name poc-mc-net-tf \
 cloudbaristaorg/poc-mc-net-tf:latest
 ```
 
 #### Access Swagger UI
 
-You can find the default username and apssword to access to API dashboard when the API server runs.
+You can find the default username and password to access to API dashboard when the API server runs.
 
 URL: http://localhost:8888/mc-net/swagger/index.html
 

pkg/api/rest/handlers/test-env.go

@@ -54,7 +54,7 @@ func InitTestEnv(c echo.Context) error {
 	}
 
 	// Copy template files to the working directory (overwrite)
-	templateTfsPath := projectRoot + "/.tofu/template-tfs/test-env"
+	templateTfsPath := projectRoot + "/templates/test-env"
 
 	err := tofu.CopyFiles(templateTfsPath, workingDir)
 	if err != nil {

pkg/api/rest/handlers/vpn-gcp-aws.go

@@ -71,7 +71,7 @@ func InitGcpAndAwsForVpn(c echo.Context) error {
 	}
 
 	// Copy template files to the working directory (overwrite)
-	templateTfsPath := projectRoot + "/.tofu/template-tfs/vpn/gcp-aws"
+	templateTfsPath := projectRoot + "/templates/vpn/gcp-aws"
 
 	err := tofu.CopyFiles(templateTfsPath, workingDir)
 	if err != nil {

pkg/api/rest/handlers/vpn-gcp-azure.go

@@ -72,7 +72,7 @@ func InitGcpAndAzureForVpn(c echo.Context) error {
 	}
 
 	// Copy template files to the working directory (overwrite)
-	templateTfsPath := projectRoot + "/.tofu/template-tfs/vpn/gcp-azure"
+	templateTfsPath := projectRoot + "/templates/vpn/gcp-azure"
 
 	err := tofu.CopyFiles(templateTfsPath, workingDir)
 	if err != nil {

pkg/tofu/tofu.go

@@ -18,14 +18,18 @@ import (
 	"github.com/spf13/viper"
 )
 
-const statusFilePath = "runningStatusMap.db"
+const statusFile = "runningStatusMap.db"
 
 // Manage the running status of tofu commands.
 var requestStatusMap = make(map[string]string)
 var mapMutex = &sync.Mutex{}
 
 // Save the running status map to file
 func SaveRunningStatusMap() error {
+
+	projectRoot := viper.GetString("pocmcnettf.root")
+	statusFilePath := fmt.Sprintf("%s/.tofu/%s", projectRoot, statusFile)
+
 	mapMutex.Lock()
 	defer mapMutex.Unlock()
 
@@ -45,6 +49,10 @@ func SaveRunningStatusMap() error {
 
 // Load the running status map from file
 func LoadRunningStatusMap() error {
+
+	projectRoot := viper.GetString("pocmcnettf.root")
+	statusFilePath := fmt.Sprintf("%s/.tofu/%s", projectRoot, statusFile)
+
 	mapMutex.Lock()
 	defer mapMutex.Unlock()
 
@@ -268,15 +276,15 @@ func CopyFile(src string, des string) error {
 func CopyGCPCredentials(des string) error {
 
 	projectRoot := viper.GetString("pocmcnettf.root")
-	cred := projectRoot + "/.tofu/secrets/credential-gcp.json"
+	cred := projectRoot + "/secrets/credential-gcp.json"
 
 	return CopyFile(cred, des)
 }
 
 func CopyAzureCredentials(des string) error {
 
 	projectRoot := viper.GetString("pocmcnettf.root")
-	cred := projectRoot + "/.tofu/secrets/credential-azure.env"
+	cred := projectRoot + "/secrets/credential-azure.env"
 
 	return CopyFile(cred, des)
 }

secrets/README.md

@@ -0,0 +1,5 @@
+## CSP secrets
+
+This is a directory for CSP credentials.
+
+It would be best if you managed CSP credentials securely. **Take special pay attention to prevent leakage to the outside.**

templates/README.md

@@ -0,0 +1,13 @@
+## TF configuration templates
+
+The templates provided in this directory enable network infrastructure setup across Cloud Service Providers (CSPs). 
+
+A set of templates defines providers, resources and relationships needed to configure a network infrastructure. 
+Information to be inserted by users is set as variables in `variables.tf`.
+You can set the value of a variable in `terraform.tfvars` or `terraform.tfvars.json`. 
+You can create a file or modify an existing file as needed.
+
+Currently, the following templates are available:
+- GCP to AWS VPN tunnel,
+- GCP to Azure VPN tunnel, and
+- VM infrastructure over GCP, AWS, and Azure (as a test environment).