configure and import existing resources

2022-04-26 02:12:45 +01:00 · 2022-04-26 02:12:45 +01:00 · ce8d270477
commit ce8d270477
parent 966e006196
5 changed files with 199 additions and 101 deletions
--- a/Pulumi.infra.yaml
+++ b/Pulumi.infra.yaml
@ -1,7 +1,7 @@
 config:
-  flow:domain:
+  flow:records:
-    description: A sub-domain for the Flow infrastructure.
+    codeflow: codeflow
-    name: flow.dananglin.me.uk
+    root: .
-    soaEmail: d.n.i.anglin@gmail.com
+    workflow: workflow
-    tags:
+  flow:region: eu-west
-    - flow
+  flow:rootDomain: dananglin.me.uk
--- a/domain.go
+++ b/domain.go
@ -1,36 +0,0 @@
 package main
 import (
 	"github.com/pulumi/pulumi-linode/sdk/v3/go/linode"
 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
 )
 type Domain struct {
 	Name        string
 	Description string
 	SoaEmail    string
 	Tags        []string
 }
 func domain(ctx *pulumi.Context) error {
 	var d Domain
 	cfg := config.New(ctx, "")
 	cfg.RequireObject("domain", &d)
 	domainArgs := linode.DomainArgs{
 		Description: pulumi.String(d.Description),
 		Type:        pulumi.String("master"),
 		Domain:      pulumi.String(d.Name),
 		SoaEmail:    pulumi.String(d.SoaEmail),
 		Tags:        pulumi.ToStringArray(d.Tags),
 	}
 	_, err := linode.NewDomain(ctx, d.Name, &domainArgs, pulumi.Protect(true))
 	if err != nil {
 		return err
 	}
 	return nil
 }
--- a/firewall.go
+++ b/firewall.go
@ -1,57 +0,0 @@
 package main
 import (
 	"github.com/pulumi/pulumi-linode/sdk/v3/go/linode"
 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 )
 func firewall(ctx *pulumi.Context) error {
 	allowHttp := linode.FirewallInboundArgs{
 		Label: pulumi.String("accept-inbound-tcp-80"),
 		Action: pulumi.String("ACCEPT"),
 		Protocol: pulumi.String("TCP"),
 		Ports: pulumi.String("80"),
 		Ipv4s: pulumi.StringArray{
 			pulumi.String("0.0.0.0/0"),
 		},
 		Ipv6s: pulumi.StringArray{
 			pulumi.String("::/0"),
 		},
 	}
 	allowHttps := linode.FirewallInboundArgs{
 		Label: pulumi.String("accept-inbound-tcp-443"),
 		Action: pulumi.String("ACCEPT"),
 		Protocol: pulumi.String("TCP"),
 		Ports: pulumi.String("443"),
 		Ipv4s: pulumi.StringArray{
 			pulumi.String("0.0.0.0/0"),
 		},
 		Ipv6s: pulumi.StringArray{
 			pulumi.String("::/0"),
 		},
 	}
 	tags := []string{"flow"}
 	label := "fireflow"
 	firewallArgs := linode.FirewallArgs{
 		Label: pulumi.String(label),
 		Tags: pulumi.ToStringArray(tags),
 		InboundPolicy: pulumi.String("DROP"),
 		Inbounds: linode.FirewallInboundArray{
 			&allowHttp,
 			&allowHttps,
 		},
 		OutboundPolicy: pulumi.String("ACCEPT"),
 	}
 	_, err := linode.NewFirewall(ctx, label, &firewallArgs)
 	if err != nil {
 		return err
 	}
 	return nil
 }
--- a/infra.go
+++ b/infra.go
@ -0,0 +1,181 @@
 package main
 import (
 	"fmt"
 	"strconv"
 	"github.com/pulumi/pulumi-linode/sdk/v3/go/linode"
 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
 )
 type instanceOutput struct {
 	ipv4 pulumi.StringOutput
 	id   pulumi.IntOutput
 }
 func instance(ctx *pulumi.Context) (instanceOutput, error) {
 	var output instanceOutput
 	cfg := config.New(ctx, "")
 	region := cfg.Require("region")
 	tags := []string{"flow"}
 	instanceLabelID := "flow-platform"
 	instanceType := "g6-standard-1"
 	// TODO: finish instance arguments to completion
 	instanceArgs := linode.InstanceArgs{
 		BackupsEnabled:  pulumi.Bool(false),
 		Label:           pulumi.String(instanceLabelID),
 		PrivateIp:       pulumi.Bool(false),
 		Region:          pulumi.String(region),
 		Tags:            pulumi.ToStringArray(tags),
 		SwapSize:        pulumi.Int(512),
 		Type:            pulumi.String(instanceType),
 		WatchdogEnabled: pulumi.Bool(true),
 	}
 	instance, err := linode.NewInstance(ctx, instanceLabelID, &instanceArgs, pulumi.Protect(true))
 	if err != nil {
 		return output, fmt.Errorf("unable to update instance; %w", err)
 	}
 	instanceID := instance.ID().ToStringOutput().ApplyT(func(id string) (int, error) {
 		return strconv.Atoi(id)
 	}).(pulumi.IntOutput)
 	output = instanceOutput{
 		id: instanceID,
 		ipv4: instance.IpAddress,
 	}
 	return output, nil
 }
 func volume(ctx *pulumi.Context, instanceID pulumi.IntInput) error {
 	volumeLabelID := "flow-platform-volume"
 	cfg := config.New(ctx, "")
 	region := cfg.Require("region")
 	tags := []string{"flow"}
 	volumeArgs := linode.VolumeArgs{
 		Label:    pulumi.String(volumeLabelID),
 		LinodeId: instanceID,
 		Region:   pulumi.String(region),
 		Size:     pulumi.Int(10),
 		Tags:     pulumi.ToStringArray(tags),
 	}
 	_, err := linode.NewVolume(ctx, volumeLabelID, &volumeArgs, pulumi.Protect(true))
 	if err != nil {
 		return fmt.Errorf("unable to update volume; %w", err)
 	}
 	return nil
 }
 func firewall(ctx *pulumi.Context, instanceID pulumi.IntOutput) error {
 	allowHttp := linode.FirewallInboundArgs{
 		Label:    pulumi.String("accept-inbound-tcp-80"),
 		Action:   pulumi.String("ACCEPT"),
 		Protocol: pulumi.String("TCP"),
 		Ports:    pulumi.String("80"),
 		Ipv4s: pulumi.StringArray{
 			pulumi.String("0.0.0.0/0"),
 		},
 		Ipv6s: pulumi.StringArray{
 			pulumi.String("::/0"),
 		},
 	}
 	allowHttps := linode.FirewallInboundArgs{
 		Label:    pulumi.String("accept-inbound-tcp-443"),
 		Action:   pulumi.String("ACCEPT"),
 		Protocol: pulumi.String("TCP"),
 		Ports:    pulumi.String("443"),
 		Ipv4s: pulumi.StringArray{
 			pulumi.String("0.0.0.0/0"),
 		},
 		Ipv6s: pulumi.StringArray{
 			pulumi.String("::/0"),
 		},
 	}
 	tags := []string{"flow"}
 	label := "fireflow"
 	firewallArgs := linode.FirewallArgs{
 		Label:         pulumi.String(label),
 		Tags:          pulumi.ToStringArray(tags),
 		InboundPolicy: pulumi.String("DROP"),
 		Inbounds: linode.FirewallInboundArray{
 			&allowHttp,
 			&allowHttps,
 		},
 		OutboundPolicy: pulumi.String("ACCEPT"),
 		Linodes: pulumi.IntArray{
 			instanceID,
 		},
 	}
 	_, err := linode.NewFirewall(ctx, label, &firewallArgs)
 	if err != nil {
 		return fmt.Errorf("unable to update the firewall; %w", err)
 	}
 	return nil
 }
 func records(ctx *pulumi.Context, ipv4 pulumi.StringOutput) error {
 	cfg := config.New(ctx, "")
 	rootDomainName := cfg.Require("rootDomain")
 	domainArgs := linode.LookupDomainArgs{
 		Domain: &rootDomainName,
 	}
 	domain, err := linode.LookupDomain(ctx, &domainArgs, nil)
 	if err != nil {
 		return fmt.Errorf("unable to lookup domain %s; %w", rootDomainName, err)
 	}
 	domainID, err := strconv.Atoi(*domain.Id)
 	if err != nil {
 		return fmt.Errorf("unable to get the Domain ID; %w", err)
 	}
 	records := make(map[string]string)
 	cfg.RequireObject("records", &records)
 	for _, r := range records {
 		args := linode.DomainRecordArgs{
 			DomainId:   pulumi.Int(domainID),
 			Name:       pulumi.String(r),
 			RecordType: pulumi.String("A"),
 			Target:     ipv4,
 			TtlSec:     pulumi.Int(300),
 		}
 		var resourceName string
 		if r == "." {
 			resourceName = "root-record"
 		} else {
 			resourceName = r + "-record"
 		}
 		_, err := linode.NewDomainRecord(ctx, resourceName, &args, nil)
 		if err != nil {
 			return fmt.Errorf("unable to update the domain record '%s'; %w", r, err)
 		}
 	}
 	return nil
 }
--- a/main.go
+++ b/main.go
@ -9,11 +9,21 @@ func main() {
 }
 func infra(ctx *pulumi.Context) error {
-	if err := domain(ctx); err != nil {
+	instance, err := instance(ctx)
 	if err != nil {
 		return err
 	}
-	if err := firewall(ctx); err != nil {
+	if err := volume(ctx, instance.id); err != nil {
 		return err
 	}
 	err = firewall(ctx, instance.id)
 	if err != nil {
 		return err
 	}
 	if err := records(ctx, instance.ipv4); err != nil {
 		return err
 	}