diff --git a/terraform/scaleway/spacelift/backend-vars/main.tfvars b/terraform/scaleway/spacelift/backend-vars/main.tfvars new file mode 100644 index 000000000..cddab2e25 --- /dev/null +++ b/terraform/scaleway/spacelift/backend-vars/main.tfvars @@ -0,0 +1,20 @@ +# Copyright (C) Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 + +endpoint = "https://s3.fr-par.scw.cloud" +region = "fr-par" +bucket = "portefaix-sandbox-tfstates" +key = "spacelift/terraform.tfstate" diff --git a/terraform/scaleway/spacelift/backend.tf b/terraform/scaleway/spacelift/backend.tf new file mode 100644 index 000000000..54d97c764 --- /dev/null +++ b/terraform/scaleway/spacelift/backend.tf @@ -0,0 +1,23 @@ +# Copyright (C) Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 + +terraform { + backend "s3" { + skip_credentials_validation = true + skip_region_validation = true + skip_requesting_account_id = true + } +} diff --git a/terraform/scaleway/spacelift/contexts.tf b/terraform/scaleway/spacelift/contexts.tf new file mode 100644 index 000000000..5474a9ca3 --- /dev/null +++ b/terraform/scaleway/spacelift/contexts.tf @@ -0,0 +1,90 @@ +# Copyright (C) Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 + +resource "spacelift_context" "this" { + for_each = toset(var.environments) + + name = format("scaleway-%s", each.value) + space_id = spacelift_space.environment[each.value].id + description = "Created by Terraform" + labels = local.labels +} + +resource "spacelift_environment_variable" "scw_access_key" { + for_each = var.stacks + + name = "SCW_ACCESS_KEY" + context_id = spacelift_context.this[each.value.environment].id + value = var.scw_access_key + write_only = true +} + +resource "spacelift_environment_variable" "scw_secret_key" { + for_each = var.stacks + + name = "SCW_SECRET_KEY" + context_id = spacelift_context.this[each.value.environment].id + value = var.scw_secret_key + write_only = true +} + +resource "spacelift_environment_variable" "scw_default_organization_id" { + for_each = var.stacks + + name = "SCW_DEFAULT_ORGANIZATION_ID" + context_id = spacelift_context.this[each.value.environment].id + value = var.scw_default_organization_id + write_only = true +} + +resource "spacelift_environment_variable" "scw_default_project_id" { + for_each = var.stacks + + name = "SCW_DEFAULT_PROJECT_ID" + context_id = spacelift_context.this[each.value.environment].id + value = var.scw_default_project_id + write_only = true +} + +resource "spacelift_environment_variable" "aws_acces_key_id" { + for_each = var.stacks + + # context_id = spacelift_context.this.id + context_id = spacelift_context.this[each.value.environment].id + name = "AWS_ACCESS_KEY_ID" + value = var.aws_access_key_id + write_only = true +} + +resource "spacelift_environment_variable" "aws_secret_access_key" { + for_each = var.stacks + + # context_id = spacelift_context.this.id + context_id = spacelift_context.this[each.value.environment].id + name = "AWS_SECRET_ACCESS_KEY" + value = var.aws_secret_access_key + write_only = true +} + +resource "spacelift_environment_variable" "aws_default_region" { + for_each = var.stacks + + # context_id = spacelift_context.this.id + context_id = spacelift_context.this[each.value.environment].id + name = "AWS_SECRET_ACCESS_KEY" + value = var.aws_default_region + write_only = true +} diff --git a/terraform/scaleway/spacelift/data.tf b/terraform/scaleway/spacelift/data.tf new file mode 100644 index 000000000..994d4efa4 --- /dev/null +++ b/terraform/scaleway/spacelift/data.tf @@ -0,0 +1,19 @@ +# Copyright (C) Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 + +data "spacelift_space" "this" { + space_id = var.root_space_id +} diff --git a/terraform/scaleway/spacelift/locals.tf b/terraform/scaleway/spacelift/locals.tf new file mode 100644 index 000000000..d5a4ec326 --- /dev/null +++ b/terraform/scaleway/spacelift/locals.tf @@ -0,0 +1,19 @@ +# Copyright (C) Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 + +locals { + labels = ["scaleway"] +} diff --git a/terraform/scaleway/spacelift/main.tf b/terraform/scaleway/spacelift/main.tf new file mode 100644 index 000000000..ac7e34521 --- /dev/null +++ b/terraform/scaleway/spacelift/main.tf @@ -0,0 +1,30 @@ +# Copyright (C) Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 + +terraform { + required_version = ">= 1.0.0" + + required_providers { + scaleway = { + source = "scaleway/scaleway" + version = "2.46.0" + } + spacelift = { + source = "spacelift-io/spacelift" + version = "1.16.1" + } + } +} diff --git a/terraform/scaleway/spacelift/outputs.tf b/terraform/scaleway/spacelift/outputs.tf new file mode 100644 index 000000000..fa5bec036 --- /dev/null +++ b/terraform/scaleway/spacelift/outputs.tf @@ -0,0 +1,15 @@ +# Copyright (C) Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 diff --git a/terraform/scaleway/spacelift/provider.tf b/terraform/scaleway/spacelift/provider.tf new file mode 100644 index 000000000..f2bf191e4 --- /dev/null +++ b/terraform/scaleway/spacelift/provider.tf @@ -0,0 +1,23 @@ +# Copyright (C) Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 + +provider "scaleway" { + region = var.region + zone = var.zone +} + +provider "spacelift" { +} diff --git a/terraform/scaleway/spacelift/spaces.tf b/terraform/scaleway/spacelift/spaces.tf new file mode 100644 index 000000000..5fd332bb8 --- /dev/null +++ b/terraform/scaleway/spacelift/spaces.tf @@ -0,0 +1,31 @@ +# Copyright (C) Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 + +resource "spacelift_space" "this" { + name = var.space + parent_space_id = data.spacelift_space.this.id + description = "Created by Terraform." + labels = concat(local.labels) +} + +resource "spacelift_space" "environment" { + for_each = toset(var.environments) + + name = format("%s-%s", var.space, each.value) + parent_space_id = spacelift_space.this.id + description = "Created by Terraform." + labels = concat(local.labels, [each.value]) +} diff --git a/terraform/scaleway/spacelift/stacks.tf b/terraform/scaleway/spacelift/stacks.tf new file mode 100644 index 000000000..266f44f19 --- /dev/null +++ b/terraform/scaleway/spacelift/stacks.tf @@ -0,0 +1,41 @@ +# Copyright (C) Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 + +resource "spacelift_stack" "this" { + for_each = var.stacks + + administrative = true + autodeploy = false + branch = each.value.branch + description = "created by Terraform" + name = each.key + project_root = format("%s/%s", each.value.project_root, each.value.environment) + space_id = spacelift_space.environment[each.value.environment].id + protect_from_deletion = false + manage_state = true + terraform_external_state_access = true + terraform_workflow_tool = "OPEN_TOFU" + repository = var.repository + labels = concat(local.labels, each.value.labels, [each.value.environment]) +} + +resource "spacelift_context_attachment" "this" { + for_each = var.stacks + + context_id = spacelift_context.this[each.value.environment].id + stack_id = spacelift_stack.this[each.key].id + priority = 0 +} diff --git a/terraform/scaleway/spacelift/tfvars/main.tfvars b/terraform/scaleway/spacelift/tfvars/main.tfvars new file mode 100644 index 000000000..7d4717cdb --- /dev/null +++ b/terraform/scaleway/spacelift/tfvars/main.tfvars @@ -0,0 +1,64 @@ +# Copyright (C) Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 + +#####################################################################"" +# Provider + +region = "fr-par" + +zone = "fr-par-1" + +############################################################################## +# Spacelift + +repository = "portefaix-infrastructure" + +space = "scaleway" + +environments = ["sandbox"] + +stacks = { + portefaix-scaleway-sandbox-vpc = { + project_root = "terraform/scaleway/vpc" + labels = ["core", "vpc"] + environment = "sandbox" + branch = "main" + }, + portefaix-scaleway-sandbox-registry = { + project_root = "terraform/scaleway/registry" + labels = ["core", "kapsule"] + environment = "sandbox" + branch = "main" + }, + portefaix-scaleway-sandbox-kapsule = { + project_root = "terraform/scaleway/kapsule" + labels = ["core", "kapsule"] + environment = "sandbox" + branch = "main" + }, + portefaix-scaleway-sandbox-observability = { + project_root = "terraform/scaleway/observability" + labels = ["core", "stack"] + environment = "sandbox" + branch = "main" + }, + portefaix-scaleway-sandbox-eso = { + project_root = "terraform/scaleway/eso" + labels = ["core", "stack"] + environment = "sandbox" + branch = "main" + }, +} diff --git a/terraform/scaleway/spacelift/variables.tf b/terraform/scaleway/spacelift/variables.tf new file mode 100644 index 000000000..bf3ac4920 --- /dev/null +++ b/terraform/scaleway/spacelift/variables.tf @@ -0,0 +1,87 @@ +# Copyright (C) Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 + +############################################################################# +# Provider + + +############################################################################# +# Spacelift + +variable "root_space_id" { + type = string + description = "The Portefaix space" +} + +variable "space" { + type = string + description = "The space for this project" +} + +variable "environments" { + type = list(string) + description = "List of environments" +} + +variable "repository" { + type = string + description = "Github repository" +} + +variable "stacks" { + type = map(object({ + project_root = string + branch = string + labels = list(string) + environment = string + })) + description = "Spacelift stacks" +} + +variable "scw_access_key" { + type = string + description = "Scaleway access key" +} + +variable "scw_secret_key" { + type = string + description = "Scaleway secret key" +} + +variable "scw_default_project_id" { + type = string + description = "Scaleway Default Project ID" +} + +variable "scw_default_organization_id" { + type = string + description = "Scaleway Organization ID" +} + +variable "aws_access_key_id" { + type = string + description = "AWS access key" +} + +variable "aws_secret_access_key" { + type = string + description = "AWS secret key" +} + +variable "aws_default_region" { + type = string + description = "The AWS default region" +}