changed tenant source to github for premium tenants

sourcefuse · Aug 23, 2024 · 6b2d0a3 · 6b2d0a3
1 parent c39088d
commit 6b2d0a3
Show file tree

Hide file tree

Showing 6 changed files with 104 additions and 41 deletions.
diff --git a/files/tenant-samples/silo/terraform/data.tf b/files/tenant-samples/silo/terraform/data.tf
@@ -3,6 +3,14 @@
 #############################################################################
 data "aws_partition" "this" {}
 
+data "aws_ssm_parameter" "github_token" {
+   name = "/github_token"
+}
+
+data "aws_ssm_parameter" "github_user" {
+   name = "/github_user"
+}
+
 data "aws_caller_identity" "current" {}
 
 data "aws_eks_cluster" "EKScluster" {

diff --git a/files/tenant-samples/silo/terraform/eks.tf b/files/tenant-samples/silo/terraform/eks.tf
@@ -171,8 +171,8 @@ spec:
     namespace: ${var.tenant_tier}-${var.tenant}
     server: 'https://kubernetes.default.svc'
   source:
-    path: silo/application
-    repoURL: 'https://git-codecommit.${var.region}.amazonaws.com/v1/repos/${var.namespace}-${var.environment}-tenant-management-gitops-repository'
+    path: onboarded-tenants/silo/application
+    repoURL: 'https://${data.aws_ssm_parameter.github_user.value}:${data.aws_ssm_parameter.github_token.value}@github.com/${data.aws_ssm_parameter.github_user.value}/${var.namespace}-saas-management-repository.git'
     targetRevision: main
     helm:
       valueFiles:
@@ -213,7 +213,7 @@ spec:
           - name: terraform
             path: /home/terraform
             git:
-              repo: https://git-codecommit.${var.region}.amazonaws.com/v1/repos/${var.namespace}-${var.environment}-tenant-management-gitops-repository
+              repo: https://${data.aws_ssm_parameter.github_user.value}:${data.aws_ssm_parameter.github_token.value}@github.com/${data.aws_ssm_parameter.github_user.value}/${var.namespace}-saas-management-repository.git
               depth: 1
               usernameSecret:
                 name: codecommit-secret
@@ -236,7 +236,7 @@ spec:
             export AWS_SESSION_TOKEN=$(echo "$CREDENTIALS" | jq -r '.Credentials.SessionToken')
             export AWS_EXPIRATION=$(echo "$CREDENTIALS" | jq -r '.Credentials.Expiration')
             aws eks update-kubeconfig --name ${var.cluster_name} --region ${var.region}
-            cp -r /home/terraform/silo/infra/* /home/myuser/
+            cp -r /home/terraform/onboarded_tenants/silo/infra/* /home/myuser/
             cd terraform
             /bin/terraform init --backend-config=config.${var.tenant}.hcl
             /bin/terraform plan --var-file=${var.tenant}.tfvars --refresh=false

diff --git a/files/tenant-samples/silo/terraform/push-values.sh b/files/tenant-samples/silo/terraform/push-values.sh
@@ -6,51 +6,58 @@ export NAMESPACE=sf-arc-saas
 export ENVIRONMENT=dev
 
 
-# Install git-remote-codecommit
-pip3 install git-remote-codecommit || { echo "Failed to install git-remote-codecommit"; exit 1; }
+# Retrieve GitHub username from SSM Parameter Store
+GITHUB_USERNAME=$(aws ssm get-parameter --name "/github_user" --with-decryption --region "${AWS_REGION}" --query "Parameter.Value" --output text)
+if [ -z "$GITHUB_USERNAME" ]; then
+  echo "Failed to retrieve GitHub username from SSM Parameter Store"
+  exit 1
+fi
+
+# Retrieve GitHub token from SSM Parameter Store
+GITHUB_TOKEN=$(aws ssm get-parameter --name "/github_token" --with-decryption --region "${AWS_REGION}" --query "Parameter.Value" --output text)
+if [ -z "$GITHUB_TOKEN" ]; then
+  echo "Failed to retrieve GitHub token from SSM Parameter Store"
+  exit 1
+fi
 
-# Clone codecommit repo
-git clone codecommit::${AWS_REGION}://${NAMESPACE}-${ENVIRONMENT}-tenant-management-gitops-repository || { echo "Failed to clone repository"; exit 1; }
+# Construct the GitHub repository URL
+GITHUB_REPO_URL="https://${GITHUB_USERNAME}:${GITHUB_TOKEN}@github.com/${GITHUB_USERNAME}/${NAMESPACE}-saas-management-repository.git"
 
-# Change directory 
-cd ${NAMESPACE}-${ENVIRONMENT}-tenant-management-gitops-repository || { echo "Failed to change directory"; exit 1; }
+# Check if the directory already exists and remove it if necessary
+if [ -d "${NAMESPACE}-saas-management-repository" ]; then
+    echo "Directory '${NAMESPACE}-saas-management-repository' already exists. Removing it."
+    rm -rf "${NAMESPACE}-saas-management-repository" || { echo "Failed to remove existing directory"; exit 1; }
+fi
+
+# Clone the GitHub repository
+git clone "${GITHUB_REPO_URL}" || { echo "Failed to clone GitHub repository"; exit 1; }
+
+# Change to the cloned repository directory
+cd "${NAMESPACE}-saas-management-repository" || { echo "Failed to change directory to cloned repository"; exit 1; }
 
 # Copy tenant values.yaml to silo directory
 if [ -d "../output" ]; then
-    cp -r ../output/* silo/application/ || { echo "Failed to copy files"; exit 1; }
+    cp -r ../output/* onboarded-tenants/silo/application/ || { echo "Failed to copy files"; exit 1; }
 else
     echo "'output' folder does not exist. Skipping file copy."
 fi
 
 # Copy tenant specific terraform tfvars and config file to codecommit repository
-cp -r ../*.tfvars silo/infra/terraform/ || { echo "Failed to copy files"; exit 1; }
-
-cp -r ../*.hcl silo/infra/terraform/ || { echo "Failed to copy files"; exit 1; }
+cp -r ../*.tfvars onboarded-tenants/silo/infra/terraform/ || { echo "Failed to copy files"; exit 1; }
 
-# Set origin URL
-git remote set-url origin codecommit::${AWS_REGION}://${NAMESPACE}-${ENVIRONMENT}-tenant-management-gitops-repository || { echo "Failed to set remote URL"; exit 1; }
+cp -r ../*.hcl onboarded-tenants/silo/infra/terraform/ || { echo "Failed to copy files"; exit 1; }
 
-# Check if main branch already exists
-if git show-ref --verify --quiet refs/heads/main; then
-    echo "Main branch already exists. Skipping branch creation."
-else
-    # Create and switch to main branch
-    git checkout -b main || { echo "Failed to create and switch to main branch"; exit 1; }
-fi
-
-# Configure user email
+# Configure Git with user details
+git config --global --unset credential.helper
+git config --global credential.helper 'cache --timeout=900'
 git config --global user.email 'devops@sourcefuse.com' || { echo "Failed to configure user email"; exit 1; }
-
-# Configure user name
 git config --global user.name 'sfdevops' || { echo "Failed to configure user name"; exit 1; }
 
+# Add and commit changes
 if [ -n "$(git status --porcelain)" ]; then
     git add . || { echo "Failed to add files"; exit 1; }
-
-    git commit -m 'Helm Chart Updated' || { echo "Failed to commit changes"; exit 1; }
-
-    git push origin main || { echo "Failed to push changes"; exit 1; }
-
+    git commit -m 'Tenant configs updated' || { echo "Failed to commit changes"; exit 1; }
+    git push ${GITHUB_REPO_URL} main || { echo "Failed to push changes"; exit 1; }
     echo "Changes committed and pushed successfully"
 else
     echo "Nothing to commit, working tree clean. Exiting..."

diff --git a/terraform/control-plane-application/data.tf b/terraform/control-plane-application/data.tf
@@ -3,6 +3,17 @@
 ############################################################################
 data "aws_caller_identity" "current" {}
 
+############################################################################
+## github data
+############################################################################
+data "aws_ssm_parameter" "github_token" {
+   name = "/github_token"
+}
+
+data "aws_ssm_parameter" "github_user" {
+   name = "/github_user"
+}
+
 ############################################################################
 ## EKS data
 ############################################################################

diff --git a/terraform/control-plane-application/main.tf b/terraform/control-plane-application/main.tf
@@ -260,6 +260,25 @@ resource "kubectl_manifest" "argocd_repo_secret" {
 YAML
 }
 
+resource "kubectl_manifest" "argocd_reposiotry_secret" {
+  yaml_body = <<YAML
+  apiVersion: v1
+  kind: Secret
+  metadata:
+    name: tenant-helm-github-secret
+    namespace: argocd
+    labels:
+      argocd.argoproj.io/secret-type: repository
+  stringData:
+    url: https://${data.aws_ssm_parameter.github_user.value}:${data.aws_ssm_parameter.github_token.value}@github.com/${data.aws_ssm_parameter.github_user.value}/${var.namespace}-saas-management-repository.git
+    password: ${data.aws_ssm_parameter.github_token.value}
+    username: ${data.aws_ssm_parameter.github_user.value}
+    insecure: "true" # Ignore validity of server's TLS certificate. Defaults to "false"
+    forceHttpBasicAuth: "true" # Skip auth method negotiation and force usage of HTTP basic auth. Defaults to "false"
+    enableLfs: "true"
+YAML
+}
+
 #argo-workflow
 resource "kubectl_manifest" "argo_workflow_repo_secret" {
   yaml_body = <<YAML
@@ -280,6 +299,24 @@ resource "kubectl_manifest" "argo_workflow_repo_secret" {
 YAML
 }
 
+resource "kubectl_manifest" "argo_workflow_repository_secret" {
+  yaml_body = <<YAML
+  apiVersion: v1
+  kind: Secret
+  metadata:
+    name: github-secret
+    namespace: argo-workflows
+    labels:
+      argocd.argoproj.io/secret-type: repository
+  stringData:
+    url: https://${data.aws_ssm_parameter.github_user.value}:${data.aws_ssm_parameter.github_token.value}@github.com/${data.aws_ssm_parameter.github_user.value}/${var.namespace}-saas-management-repository.git
+    password: ${data.aws_ssm_parameter.github_token.value}
+    username: ${data.aws_ssm_parameter.github_user.value}
+    insecure: "true" # Ignore validity of server's TLS certificate. Defaults to "false"
+    forceHttpBasicAuth: "true" # Skip auth method negotiation and force usage of HTTP basic auth. Defaults to "false"
+    enableLfs: "true"
+YAML
+}
 ###############################################################################################
 ## Register control plane Helm App on ArgoCD
 ###############################################################################################

diff --git a/terraform/tenant-codebuilds/main.tf b/terraform/tenant-codebuilds/main.tf
@@ -190,15 +190,15 @@ module "premium_plan_codebuild_project" {
   depends_on = [module.tenant_ssm_parameters, aws_codecommit_repository.premium_repo]
 }
 
-resource "aws_codecommit_repository" "premium_repo" {
-  repository_name = "${var.namespace}-${var.environment}-premium-plan-repository"
-  description     = "${var.namespace}-${var.environment}-premium-repository."
-  default_branch  = "main"
-
-  lifecycle {
-    prevent_destroy = true
-  }
-}
+# resource "aws_codecommit_repository" "premium_repo" {
+#   repository_name = "${var.namespace}-${var.environment}-premium-plan-repository"
+#   description     = "${var.namespace}-${var.environment}-premium-repository."
+#   default_branch  = "main"
+
+#   lifecycle {
+#     prevent_destroy = true
+#   }
+# }
 #standard
 module "standard_plan_codebuild_project" {
   count       = var.create_standard_codebuild ? 1 : 0