From c1d636b1cc0efe2fc22884d4f3934bf6dd34366c Mon Sep 17 00:00:00 2001
From: Frederic Francois <frederic.francois@digital.cabinet-office.gov.uk>
Date: Fri, 13 Aug 2021 15:40:26 +0100
Subject: [PATCH] Add CI Terraform Plan for EKS

Since we switch to EKS from ECS, this PR adds the terraform plans for
the EKS modules and removes the ECS ones.

**Testing**

Tested by setting the CI pipeline to the one defined here and
checking that the 2 terraform plans are done and reported to
GitHub

**Notes**
We use plan with `-lock=false` and `-refresh=false` as done
previously in ECS with justifications in #297 and #306 respectively.

Ref:
1. [EKS cluster](#372)
2. [EKS cluster addons](#377)
3. [Concourse EKS pipeline](#378)
4. [add CI user to k8s](#391)
---
 concourse/parameters/ci/ci.yml                |  3 +-
 concourse/pipelines/ci.yml                    | 58 ++++++++++++-------
 .../tasks/terraform-plan-govuk-deployment.yml | 29 ----------
 concourse/tasks/terraform-plan-monitoring.yml | 26 ---------
 4 files changed, 40 insertions(+), 76 deletions(-)
 delete mode 100644 concourse/tasks/terraform-plan-govuk-deployment.yml
 delete mode 100644 concourse/tasks/terraform-plan-monitoring.yml

diff --git a/concourse/parameters/ci/ci.yml b/concourse/parameters/ci/ci.yml
index 98ef37322..24bbaebfa 100644
--- a/concourse/parameters/ci/ci.yml
+++ b/concourse/parameters/ci/ci.yml
@@ -1,2 +1,3 @@
-govuk_infrastructure_branch: main
+aws_region: eu-west-1
 concourse_ci_role_arn: arn:aws:iam::430354129336:role/govuk-ci-concourse
+govuk_infrastructure_branch: main
diff --git a/concourse/pipelines/ci.yml b/concourse/pipelines/ci.yml
index c3eab94e1..d75cfd746 100644
--- a/concourse/pipelines/ci.yml
+++ b/concourse/pipelines/ci.yml
@@ -35,48 +35,66 @@ jobs:
       var_files:
         - govuk-infrastructure/concourse/parameters/ci/ci.yml
 
-  - name: terraform-plan-govuk-deployment
+  - name: terraform-cluster-infrastructure
     plan:
     - get: govuk-infrastructure-commit
       trigger: true
     - put: govuk-infrastructure-commit
-      params: {status: pending, context: terraform-plan-govuk-deployment}
-    - task: terraform-plan
-      file: govuk-infrastructure-commit/repo/concourse/tasks/terraform-plan-govuk-deployment.yml
-      params:
-        ASSUME_ROLE_ARN: ((concourse_ci_role_arn))
+      params: {status: pending, context: terraform-plan-cluster-infrastructure}
+    - task: terraform-cluster
+      config: &terraform-cluster-config
+        inputs:
+        - name: govuk-infrastructure-commit
+        params: &terraform-cluster-params
+          ASSUME_ROLE_ARN: ((concourse_ci_role_arn))
+          AWS_REGION: ((aws_region))
+          DEPLOYMENT_PATH: govuk-infrastructure-commit/repo/terraform/deployments/cluster-infrastructure
+          ENVIRONMENT: ((govuk_environment))
+        platform: linux
+        image_resource:
+          type: docker-image
+          source:
+            repository: digiticketsgroup/terraforming
+            tag: tf-1.0.1-aws-2.2.18-jq-1.5-git-2.32.0 #TODO: build our own image instead.
+            username: ((docker_hub_username))
+            password: ((docker_hub_authtoken))
+        run:
+          path: govuk-infrastructure-commit/repo/concourse/tasks/terraform.sh
+          args: ["plan", "-lock=false", "-refresh=false"]
       on_success:
         put: govuk-infrastructure-commit
-        params: {status: success, context: terraform-plan-govuk-deployment}
+        params: {status: success, context: terraform-plan-cluster-infrastructure}
       on_failure:
         put: govuk-infrastructure-commit
-        params: {status: failure, context: terraform-plan-govuk-deployment}
+        params: {status: failure, context: terraform-plan-cluster-infrastructure}
       on_abort:
         put: govuk-infrastructure-commit
-        params: {status: error, context: terraform-plan-govuk-deployment}
+        params: {status: error, context: terraform-plan-cluster-infrastructure}
       on_error:
         put: govuk-infrastructure-commit
-        params: {status: error, context: terraform-plan-govuk-deployment}
+        params: {status: error, context: terraform-plan-cluster-infrastructure}
 
-  - name: terraform-plan-monitoring
+  - name: terraform-cluster-services
     plan:
     - get: govuk-infrastructure-commit
       trigger: true
     - put: govuk-infrastructure-commit
-      params: {status: pending, context: terraform-plan-govuk-deployment}
-    - task: terraform-plan
-      file: govuk-infrastructure-commit/repo/concourse/tasks/terraform-plan-monitoring.yml
-      params:
-        ASSUME_ROLE_ARN: ((concourse_ci_role_arn))
+      params: {status: pending, context: terraform-plan-cluster-services}
+    - task: terraform-cluster-addons
+      config:
+        <<: *terraform-cluster-config
+        params:
+          <<: *terraform-cluster-params
+          DEPLOYMENT_PATH: govuk-infrastructure-commit/repo/terraform/deployments/cluster-services
       on_success:
         put: govuk-infrastructure-commit
-        params: {status: success, context: terraform-plan-monitoring}
+        params: {status: success, context: terraform-plan-cluster-services}
       on_failure:
         put: govuk-infrastructure-commit
-        params: {status: failure, context: terraform-plan-monitoring}
+        params: {status: failure, context: terraform-plan-cluster-services}
       on_abort:
         put: govuk-infrastructure-commit
-        params: {status: error, context: terraform-plan-monitoring}
+        params: {status: error, context: terraform-plan-cluster-services}
       on_error:
         put: govuk-infrastructure-commit
-        params: {status: error, context: terraform-plan-monitoring}
+        params: {status: error, context: terraform-plan-cluster-services}
diff --git a/concourse/tasks/terraform-plan-govuk-deployment.yml b/concourse/tasks/terraform-plan-govuk-deployment.yml
deleted file mode 100644
index 1a71318de..000000000
--- a/concourse/tasks/terraform-plan-govuk-deployment.yml
+++ /dev/null
@@ -1,29 +0,0 @@
-platform: linux
-image_resource:
-  type: docker-image
-  source:
-    repository: hashicorp/terraform
-    tag: 1.0.0
-    username: ((docker_hub_username))
-    password: ((docker_hub_authtoken))
-inputs:
-  - name: govuk-infrastructure-commit
-params:
-  ASSUME_ROLE_ARN:
-  AWS_REGION: eu-west-1
-  TF_IN_AUTOMATION: true
-run:
-  dir: govuk-infrastructure-commit/repo/terraform/deployments/govuk-publishing-platform
-  path: sh
-  args:
-  - '-c'
-  - |
-    set -eu
-    terraform init -backend-config=./test.backend -backend-config "role_arn=$ASSUME_ROLE_ARN"
-    terraform plan \
-      -var "assume_role_arn=$ASSUME_ROLE_ARN" \
-      -var-file ../variables/common.tfvars \
-      -var-file ../variables/test/common.tfvars \
-      -var-file ../variables/test/infrastructure.tfvars \
-      -lock=false \
-      -refresh=false
diff --git a/concourse/tasks/terraform-plan-monitoring.yml b/concourse/tasks/terraform-plan-monitoring.yml
deleted file mode 100644
index f9190c89e..000000000
--- a/concourse/tasks/terraform-plan-monitoring.yml
+++ /dev/null
@@ -1,26 +0,0 @@
-platform: linux
-image_resource:
-  type: docker-image
-  source:
-    repository: hashicorp/terraform
-    tag: 1.0.0
-    username: ((docker_hub_username))
-    password: ((docker_hub_authtoken))
-inputs:
-  - name: govuk-infrastructure-commit
-params:
-  ASSUME_ROLE_ARN:
-  AWS_REGION: eu-west-1
-  TF_IN_AUTOMATION: true
-run:
-  dir: govuk-infrastructure-commit/repo/terraform/deployments/monitoring/infra
-  path: sh
-  args:
-  - '-c'
-  - |
-    set -eu
-    terraform init -backend-config=./test.backend -backend-config "role_arn=$ASSUME_ROLE_ARN"
-    terraform plan \
-      -var "assume_role_arn=$ASSUME_ROLE_ARN" \
-      -var-file ../../variables/common.tfvars \
-      -var-file ../../variables/test/common.tfvars