Merge pull request #6 from AtomiCloud/ernest/sul-20-create-full-deplo…

…yment-script feat: secerets operator creation playbook
AtomiCloud · Sep 8, 2024 · 14ad6bc · 14ad6bc
2 parents b896c7f + e48571e
commit 14ad6bc
Show file tree

Hide file tree

Showing 3 changed files with 424 additions and 281 deletions.
diff --git a/src/books/secrets-operator-creation/index.ts b/src/books/secrets-operator-creation/index.ts
@@ -0,0 +1,122 @@
+import type { CloudTreeCluster, ServiceTreeService } from '../../lib/service-tree-def.ts';
+import type { TaskRunner } from '../../tasks/tasks.ts';
+import type { ServiceTreePrompter } from '../../lib/prompts/landscape.ts';
+import { $ } from 'bun';
+import type { UtilPrompter } from '../../lib/prompts/util-prompter.ts';
+import { input, password } from '@inquirer/prompts';
+import type { YamlManipulator } from '../../lib/utility/yaml-manipulator.ts';
+import path from 'node:path';
+import type { RunBook } from '../run-book.ts';
+
+class SecretsOperatorCreator implements RunBook {
+  constructor(
+    private task: TaskRunner,
+    private stp: ServiceTreePrompter,
+    private up: UtilPrompter,
+    private y: YamlManipulator,
+    private sulfoxide_infisical: ServiceTreeService,
+  ) {}
+
+  name: string = 'Create Secrets Operator';
+  desc: string = 'Deploy the secrets operator to a selected cloud-cluster';
+
+  async Run(): Promise<void> {
+    const cluster: CloudTreeCluster = await this.stp.Cluster(
+      'Which cloud do you want to create infisical in?',
+      'Which cluster do you want to create infisical in?',
+    );
+
+    const infisical = this.sulfoxide_infisical;
+
+    const i_path = `./platforms/${infisical.platform.slug}/${infisical.principal.slug}`;
+
+    await this.task.Run([
+      'Setup infisical',
+      async () => {
+        const pw = await password({ message: 'Enter your Bitwarden password' });
+
+        await $`echo ${pw} | nix develop -c pls setup`.cwd(i_path);
+      },
+    ]);
+
+    // prompt to check if we want new secrets
+    const newSecrets = await this.up.YesNo(`Do you want to inject new secrets for ${cluster.principal.name}?`);
+    if (newSecrets) {
+      await this.task.Run([
+        'Inject new secrets',
+        async () => {
+          const token = await input({ message: `Enter your ${cluster.cloud.name} token` });
+
+          const yamlPath = path.join(i_path, 'bw.secrets.yaml');
+          await this.y.Mutate(yamlPath, [[['Tokens', cluster.cloud.name, cluster.principal.name], token]]);
+
+          console.log('✅ Secrets modified. Remember to update Bitwarden the new secrets');
+
+          let updated = false;
+
+          while (!updated) {
+            updated = await this.up.YesNo('Have you updated Bitwarden with the new secrets?');
+          }
+        },
+      ]);
+    }
+
+    // synchronize secrets
+    await this.task.Run([
+      'Synchronize secrets',
+      async () => {
+        await $`nix develop -c pls sync`.cwd(i_path);
+      },
+    ]);
+
+    await this.task.Run([
+      'Initialize general (database and ingress) Tofu',
+      async () => {
+        await $`pls general:init`.cwd(i_path);
+      },
+    ]);
+
+    await this.task.Run([
+      'Apply general (database and ingress) Tofu',
+      async () => {
+        await $`pls general:apply -- -auto-approve`.cwd(i_path);
+      },
+    ]);
+
+    await this.task.Run([
+      'Generate .env',
+      async () => {
+        await $`nix develop -c pls generate:env`.cwd(i_path);
+      },
+    ]);
+
+    // provision compute
+    const compute = cluster.principal.slug;
+    await this.task.Run([
+      'Provision compute',
+      async () => {
+        await $`pls ${{ raw: compute }}:init`.cwd(i_path);
+      },
+    ]);
+
+    await this.task.Run([
+      'Apply compute',
+      async () => {
+        await $`pls ${{ raw: compute }}:apply -- -auto-approve`.cwd(i_path);
+      },
+    ]);
+
+    // deploy secrets operator
+    const c = cluster.principal.slug;
+    await this.task.Run([
+      'Deploy secrets operator',
+      async () => {
+        await $`nix develop -c pls deploy -- ${{ raw: c }}`.cwd(i_path).env({
+          ANSIBLE_HOST_KEY_CHECKING: 'False',
+        });
+      },
+    ]);
+  }
+}
+
+export { SecretsOperatorCreator };
diff --git a/src/init/runbooks.ts b/src/init/runbooks.ts
@@ -21,6 +21,7 @@ import { AwsPhysicalClusterCreator } from '../books/physical-cluster-creation/aw
 import { AwsGracefulPhysicalClusterDestructor } from '../books/graceful-physical-cluster-destruction/aws.ts';
 import { VultrPhysicalClusterCreator } from "../books/physical-cluster-creation/vultr.ts";
 import { VultrGracefulPhysicalClusterDestructor } from "../books/graceful-physical-cluster-destruction/vultr.ts";
+import { SecretsOperatorCreator } from "../books/secrets-operator-creation";
 
 function initRunBooks(d: Dependencies, t: TaskGenerator): RunBook[] {
   const sulfoxide = SERVICE_TREE.sulfoxide;
@@ -175,13 +176,24 @@ function initRunBooks(d: Dependencies, t: TaskGenerator): RunBook[] {
     adminClusterTransitioner,
   );
 
+  // create secrets operator
+  const secretsOperatorCreator = new SecretsOperatorCreator(
+    d.taskRunner,
+    d.stp,
+    d.utilPrompter,
+    d.yamlManipulator,
+    sulfoxide.services.infisical,
+  );
+
+
   return [
     physicalClusterCreator,
     phyGracefulDestructor,
     bareAdminClusterCreator,
     fullAdminCloudCreator,
     adminGracefulDestructor,
     adminClusterMigrator,
+    secretsOperatorCreator,
   ];
 }