diff --git a/.dockerignore b/.dockerignore index d94fa60..aa84bc8 100644 --- a/.dockerignore +++ b/.dockerignore @@ -26,8 +26,10 @@ logs/ # Files for tofu and infrastructure configurations !.tofu/ -.tofu/* -!.tofu/secrets -.tofu/secrets/* -!.tofu/secrets/.keep -!.tofu/template-tfs \ No newline at end of file +.tofu/** +!.tofu/.keep + +!secrets +secrets/** +!secrets/.keep +!secrets/README.md \ No newline at end of file diff --git a/.gitignore b/.gitignore index 72e3383..692ac2d 100644 --- a/.gitignore +++ b/.gitignore @@ -44,8 +44,10 @@ logs/ # Files for tofu and infrastructure configurations !.tofu/ -.tofu/* -!.tofu/secrets -.tofu/secrets/* -!.tofu/secrets/.keep -!.tofu/template-tfs +.tofu/** +!.tofu/.keep + +!secrets +secrets/** +!secrets/.keep +!secrets/README.md diff --git a/.tofu/secrets/.keep b/.tofu/.keep similarity index 100% rename from .tofu/secrets/.keep rename to .tofu/.keep diff --git a/Dockerfile b/Dockerfile index 57de1bb..842b9e8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -39,6 +39,8 @@ WORKDIR /app # Assets, scripts, and configuration files are copied excluding credentials.conf # which should be specified in .dockerignore COPY --from=builder /go/src/github.com/cloud-barista/poc-mc-net-tf/.tofu/ /app/.tofu/ +COPY --from=builder /go/src/github.com/cloud-barista/poc-mc-net-tf/templates/ /app/templates/ +COPY --from=builder /go/src/github.com/cloud-barista/poc-mc-net-tf/secrets/ /app/secrets/ COPY --from=builder /go/src/github.com/cloud-barista/poc-mc-net-tf/conf/ /app/conf/ COPY --from=builder /go/src/github.com/cloud-barista/poc-mc-net-tf/scripts/ /app/scripts/ COPY --from=builder /go/src/github.com/cloud-barista/poc-mc-net-tf/cmd/poc-mc-net-tf/poc-mc-net-tf /app/ @@ -48,7 +50,7 @@ RUN apt-get update && apt-get install -y git # Setting various environment variables required by the application ENV POCMCNETTF_ROOT=/app \ - LOGFILE_PATH=poc-mc-net-tf.log \ + LOGFILE_PATH=/app/.tofu/poc-mc-net-tf.log \ LOGFILE_MAXSIZE=10 \ LOGFILE_MAXBACKUPS=3 \ LOGFILE_MAXAGE=30 \ diff --git a/README.md b/README.md index 7e92224..11d903f 100644 --- a/README.md +++ b/README.md @@ -79,7 +79,7 @@ See [How to install the Azure CLI](https://learn.microsoft.com/en-us/cli/azure/i See [Create a service principal for use with Microsoft Purview](https://learn.microsoft.com/en-us/purview/create-service-principal-azure) See [Create an Azure service principal with Azure CLI](https://learn.microsoft.com/en-us/cli/azure/azure-cli-sp-tutorial-1?tabs=bash) -3. Store MS Azure credential `.tofu/secrets/credential-azure.env` +3. Store MS Azure credential `secrets/credential-azure.env`
Click to see sample @@ -95,7 +95,7 @@ See [Create an Azure service principal with Azure CLI](https://learn.microsoft.c 4. Run ```bash -source .tofu/secrets/credential-azure.env +source secrets/credential-azure.env az login --service-principal -u "$ARM_CLIENT_ID" -p "$ARM_CLIENT_SECRET" --tenant "$ARM_TENANT_ID" ``` @@ -105,7 +105,7 @@ az login --service-principal -u "$ARM_CLIENT_ID" -p "$ARM_CLIENT_SECRET" --tenan See [Service account credentials](https://developers.google.com/workspace/guides/create-credentials#service-account) -2. Store your GCP credential `.tofu/secrets/credential-gcp.json` +2. Store your GCP credential `secrets/credential-gcp.json`
Click to see sample @@ -152,18 +152,19 @@ Check a tag of poc-mc-net-tf container image in cloudbaristaorg/poc-mc-net-tf Note - Credentials for AWS, Azure, and GCP must be prepared and injected when running a container. -Note - Modify `source="${PWD}"/.tofu/secrets/` to the appropriate path. +Note - Modify `source="${PWD}"/secrets/` to the appropriate path. Note - About credential injection: - * Set AWS credenttal as environment variable: `--env-file "${PWD}"/.tofu/secrets/credentials` - * Set Azure credential as environment variable: `--env-file "${PWD}"/.tofu/secrets/credential-azure.env` - * Mount GCP credential file: `--mount type=bind,source="${PWD}"/.tofu/secrets/,target=/app/.tofu/secrets/` + * Set AWS credenttal as environment variable: `--env-file "${PWD}"/secrets/credentials` + * Set Azure credential as environment variable: `--env-file "${PWD}"/secrets/credentials` + * Mount GCP credential file: `--mount type=bind,source="${PWD}"/secrets/,target=/app/secrets/` ```bash + docker run \ ---env-file "${PWD}"/.tofu/secrets/credentials \ ---env-file "${PWD}"/.tofu/secrets/credential-azure.env \ ---mount type=bind,source="${PWD}"/.tofu/secrets/,target=/app/.tofu/secrets/ \ +--env-file "${PWD}"/secrets/credentials \ +--env-file "${PWD}"/secrets/credential-azure.env \ +--mount type=bind,source="${PWD}"/secrets/,target=/app/secrets/ \ -p 8888:8888 \ --name poc-mc-net-tf \ cloudbaristaorg/poc-mc-net-tf:latest @@ -171,7 +172,7 @@ cloudbaristaorg/poc-mc-net-tf:latest #### Access Swagger UI -You can find the default username and apssword to access to API dashboard when the API server runs. +You can find the default username and password to access to API dashboard when the API server runs. URL: http://localhost:8888/mc-net/swagger/index.html diff --git a/pkg/api/rest/handlers/test-env.go b/pkg/api/rest/handlers/test-env.go index 86a9a92..6978935 100644 --- a/pkg/api/rest/handlers/test-env.go +++ b/pkg/api/rest/handlers/test-env.go @@ -54,7 +54,7 @@ func InitTestEnv(c echo.Context) error { } // Copy template files to the working directory (overwrite) - templateTfsPath := projectRoot + "/.tofu/template-tfs/test-env" + templateTfsPath := projectRoot + "/templates/test-env" err := tofu.CopyFiles(templateTfsPath, workingDir) if err != nil { diff --git a/pkg/api/rest/handlers/vpn-gcp-aws.go b/pkg/api/rest/handlers/vpn-gcp-aws.go index bb01e15..75c966c 100644 --- a/pkg/api/rest/handlers/vpn-gcp-aws.go +++ b/pkg/api/rest/handlers/vpn-gcp-aws.go @@ -71,7 +71,7 @@ func InitGcpAndAwsForVpn(c echo.Context) error { } // Copy template files to the working directory (overwrite) - templateTfsPath := projectRoot + "/.tofu/template-tfs/vpn/gcp-aws" + templateTfsPath := projectRoot + "/templates/vpn/gcp-aws" err := tofu.CopyFiles(templateTfsPath, workingDir) if err != nil { diff --git a/pkg/api/rest/handlers/vpn-gcp-azure.go b/pkg/api/rest/handlers/vpn-gcp-azure.go index aaaa1cc..ac9a085 100644 --- a/pkg/api/rest/handlers/vpn-gcp-azure.go +++ b/pkg/api/rest/handlers/vpn-gcp-azure.go @@ -72,7 +72,7 @@ func InitGcpAndAzureForVpn(c echo.Context) error { } // Copy template files to the working directory (overwrite) - templateTfsPath := projectRoot + "/.tofu/template-tfs/vpn/gcp-azure" + templateTfsPath := projectRoot + "/templates/vpn/gcp-azure" err := tofu.CopyFiles(templateTfsPath, workingDir) if err != nil { diff --git a/pkg/tofu/tofu.go b/pkg/tofu/tofu.go index b594c59..b42bead 100644 --- a/pkg/tofu/tofu.go +++ b/pkg/tofu/tofu.go @@ -18,7 +18,7 @@ import ( "github.com/spf13/viper" ) -const statusFilePath = "runningStatusMap.db" +const statusFile = "runningStatusMap.db" // Manage the running status of tofu commands. var requestStatusMap = make(map[string]string) @@ -26,6 +26,10 @@ var mapMutex = &sync.Mutex{} // Save the running status map to file func SaveRunningStatusMap() error { + + projectRoot := viper.GetString("pocmcnettf.root") + statusFilePath := fmt.Sprintf("%s/.tofu/%s", projectRoot, statusFile) + mapMutex.Lock() defer mapMutex.Unlock() @@ -45,6 +49,10 @@ func SaveRunningStatusMap() error { // Load the running status map from file func LoadRunningStatusMap() error { + + projectRoot := viper.GetString("pocmcnettf.root") + statusFilePath := fmt.Sprintf("%s/.tofu/%s", projectRoot, statusFile) + mapMutex.Lock() defer mapMutex.Unlock() @@ -268,7 +276,7 @@ func CopyFile(src string, des string) error { func CopyGCPCredentials(des string) error { projectRoot := viper.GetString("pocmcnettf.root") - cred := projectRoot + "/.tofu/secrets/credential-gcp.json" + cred := projectRoot + "/secrets/credential-gcp.json" return CopyFile(cred, des) } @@ -276,7 +284,7 @@ func CopyGCPCredentials(des string) error { func CopyAzureCredentials(des string) error { projectRoot := viper.GetString("pocmcnettf.root") - cred := projectRoot + "/.tofu/secrets/credential-azure.env" + cred := projectRoot + "/secrets/credential-azure.env" return CopyFile(cred, des) } diff --git a/secrets/.keep b/secrets/.keep new file mode 100644 index 0000000..e69de29 diff --git a/secrets/README.md b/secrets/README.md new file mode 100644 index 0000000..9e2e9fa --- /dev/null +++ b/secrets/README.md @@ -0,0 +1,5 @@ +## CSP secrets + +This is a directory for CSP credentials. + +It would be best if you managed CSP credentials securely. **Take special pay attention to prevent leakage to the outside.** diff --git a/templates/README.md b/templates/README.md new file mode 100644 index 0000000..dffc900 --- /dev/null +++ b/templates/README.md @@ -0,0 +1,13 @@ +## TF configuration templates + +The templates provided in this directory enable network infrastructure setup across Cloud Service Providers (CSPs). + +A set of templates defines providers, resources and relationships needed to configure a network infrastructure. +Information to be inserted by users is set as variables in `variables.tf`. +You can set the value of a variable in `terraform.tfvars` or `terraform.tfvars.json`. +You can create a file or modify an existing file as needed. + +Currently, the following templates are available: +- GCP to AWS VPN tunnel, +- GCP to Azure VPN tunnel, and +- VM infrastructure over GCP, AWS, and Azure (as a test environment). diff --git a/.tofu/template-tfs/test-env/aws-instance.tf b/templates/test-env/aws-instance.tf similarity index 100% rename from .tofu/template-tfs/test-env/aws-instance.tf rename to templates/test-env/aws-instance.tf diff --git a/.tofu/template-tfs/test-env/aws-network.tf b/templates/test-env/aws-network.tf similarity index 100% rename from .tofu/template-tfs/test-env/aws-network.tf rename to templates/test-env/aws-network.tf diff --git a/.tofu/template-tfs/test-env/aws-security-groups.tf b/templates/test-env/aws-security-groups.tf similarity index 100% rename from .tofu/template-tfs/test-env/aws-security-groups.tf rename to templates/test-env/aws-security-groups.tf diff --git a/.tofu/template-tfs/test-env/azure-network-security-group.tf b/templates/test-env/azure-network-security-group.tf similarity index 100% rename from .tofu/template-tfs/test-env/azure-network-security-group.tf rename to templates/test-env/azure-network-security-group.tf diff --git a/.tofu/template-tfs/test-env/azure-network.tf b/templates/test-env/azure-network.tf similarity index 100% rename from .tofu/template-tfs/test-env/azure-network.tf rename to templates/test-env/azure-network.tf diff --git a/.tofu/template-tfs/test-env/azure-ssh.tf b/templates/test-env/azure-ssh.tf similarity index 100% rename from .tofu/template-tfs/test-env/azure-ssh.tf rename to templates/test-env/azure-ssh.tf diff --git a/.tofu/template-tfs/test-env/azure-virtual-machine.tf b/templates/test-env/azure-virtual-machine.tf similarity index 100% rename from .tofu/template-tfs/test-env/azure-virtual-machine.tf rename to templates/test-env/azure-virtual-machine.tf diff --git a/.tofu/template-tfs/test-env/gcp-firewall.tf b/templates/test-env/gcp-firewall.tf similarity index 100% rename from .tofu/template-tfs/test-env/gcp-firewall.tf rename to templates/test-env/gcp-firewall.tf diff --git a/.tofu/template-tfs/test-env/gcp-instance.tf b/templates/test-env/gcp-instance.tf similarity index 100% rename from .tofu/template-tfs/test-env/gcp-instance.tf rename to templates/test-env/gcp-instance.tf diff --git a/.tofu/template-tfs/test-env/gcp-network.tf b/templates/test-env/gcp-network.tf similarity index 100% rename from .tofu/template-tfs/test-env/gcp-network.tf rename to templates/test-env/gcp-network.tf diff --git a/.tofu/template-tfs/test-env/providers.tf b/templates/test-env/providers.tf similarity index 100% rename from .tofu/template-tfs/test-env/providers.tf rename to templates/test-env/providers.tf diff --git a/.tofu/template-tfs/test-env/variables.tf b/templates/test-env/variables.tf similarity index 100% rename from .tofu/template-tfs/test-env/variables.tf rename to templates/test-env/variables.tf diff --git a/.tofu/template-tfs/vpn/gcp-aws/aws-instance.tf b/templates/vpn/gcp-aws/aws-instance.tf similarity index 100% rename from .tofu/template-tfs/vpn/gcp-aws/aws-instance.tf rename to templates/vpn/gcp-aws/aws-instance.tf diff --git a/.tofu/template-tfs/vpn/gcp-aws/aws-network.tf b/templates/vpn/gcp-aws/aws-network.tf similarity index 100% rename from .tofu/template-tfs/vpn/gcp-aws/aws-network.tf rename to templates/vpn/gcp-aws/aws-network.tf diff --git a/.tofu/template-tfs/vpn/gcp-aws/aws-networking.tf b/templates/vpn/gcp-aws/aws-networking.tf similarity index 100% rename from .tofu/template-tfs/vpn/gcp-aws/aws-networking.tf rename to templates/vpn/gcp-aws/aws-networking.tf diff --git a/.tofu/template-tfs/vpn/gcp-aws/aws-security-groups.tf b/templates/vpn/gcp-aws/aws-security-groups.tf similarity index 100% rename from .tofu/template-tfs/vpn/gcp-aws/aws-security-groups.tf rename to templates/vpn/gcp-aws/aws-security-groups.tf diff --git a/.tofu/template-tfs/vpn/gcp-aws/gcp-firewall.tf b/templates/vpn/gcp-aws/gcp-firewall.tf similarity index 100% rename from .tofu/template-tfs/vpn/gcp-aws/gcp-firewall.tf rename to templates/vpn/gcp-aws/gcp-firewall.tf diff --git a/.tofu/template-tfs/vpn/gcp-aws/gcp-instance.tf b/templates/vpn/gcp-aws/gcp-instance.tf similarity index 100% rename from .tofu/template-tfs/vpn/gcp-aws/gcp-instance.tf rename to templates/vpn/gcp-aws/gcp-instance.tf diff --git a/.tofu/template-tfs/vpn/gcp-aws/gcp-network.tf b/templates/vpn/gcp-aws/gcp-network.tf similarity index 100% rename from .tofu/template-tfs/vpn/gcp-aws/gcp-network.tf rename to templates/vpn/gcp-aws/gcp-network.tf diff --git a/.tofu/template-tfs/vpn/gcp-aws/gcp-networking.tf b/templates/vpn/gcp-aws/gcp-networking.tf similarity index 100% rename from .tofu/template-tfs/vpn/gcp-aws/gcp-networking.tf rename to templates/vpn/gcp-aws/gcp-networking.tf diff --git a/.tofu/template-tfs/vpn/gcp-aws/imports.tf b/templates/vpn/gcp-aws/imports.tf similarity index 100% rename from .tofu/template-tfs/vpn/gcp-aws/imports.tf rename to templates/vpn/gcp-aws/imports.tf diff --git a/.tofu/template-tfs/vpn/gcp-aws/providers.tf b/templates/vpn/gcp-aws/providers.tf similarity index 100% rename from .tofu/template-tfs/vpn/gcp-aws/providers.tf rename to templates/vpn/gcp-aws/providers.tf diff --git a/.tofu/template-tfs/vpn/gcp-aws/variables.tf b/templates/vpn/gcp-aws/variables.tf similarity index 100% rename from .tofu/template-tfs/vpn/gcp-aws/variables.tf rename to templates/vpn/gcp-aws/variables.tf diff --git a/.tofu/template-tfs/vpn/gcp-azure/azure-network.tf b/templates/vpn/gcp-azure/azure-network.tf similarity index 100% rename from .tofu/template-tfs/vpn/gcp-azure/azure-network.tf rename to templates/vpn/gcp-azure/azure-network.tf diff --git a/.tofu/template-tfs/vpn/gcp-azure/gcp-network.tf b/templates/vpn/gcp-azure/gcp-network.tf similarity index 100% rename from .tofu/template-tfs/vpn/gcp-azure/gcp-network.tf rename to templates/vpn/gcp-azure/gcp-network.tf diff --git a/.tofu/template-tfs/vpn/gcp-azure/output.tf b/templates/vpn/gcp-azure/output.tf similarity index 100% rename from .tofu/template-tfs/vpn/gcp-azure/output.tf rename to templates/vpn/gcp-azure/output.tf diff --git a/.tofu/template-tfs/vpn/gcp-azure/providers.tf b/templates/vpn/gcp-azure/providers.tf similarity index 100% rename from .tofu/template-tfs/vpn/gcp-azure/providers.tf rename to templates/vpn/gcp-azure/providers.tf diff --git a/.tofu/template-tfs/vpn/gcp-azure/variables.tf b/templates/vpn/gcp-azure/variables.tf similarity index 100% rename from .tofu/template-tfs/vpn/gcp-azure/variables.tf rename to templates/vpn/gcp-azure/variables.tf