From 6f91e9eee3b47c392c202ffac3650156b24e2405 Mon Sep 17 00:00:00 2001 From: Michal Tekel Date: Fri, 4 Dec 2015 14:32:41 +0000 Subject: [PATCH] Add destroy pipeline Add a pipeline to destroy environments. It currently consists of 2 jobs - one to destroy VPC which then triggers a job to destroy S3 bucket. We used default/recommended pipeline/task/script distribution with this pipeline. We include taks from file, because this task repeats. Never- theless, in this case, the pipeline needs to contain quite chunky config definitions (params), because they can't be included in the task itself, due to fly only expanding params in the pipeline. In comparison with deploy pipeline, we don't use terraform's ability to pull remote state file, due to bug encountered with `bucket.tfstate`: https://github.com/hashicorp/terraform/issues/4154 The remote state file worked with VPC, but we wanted to unify both tasks on same code to demonstrate default concourse pipeline file organization. We also use fake/dummy `trigger-bucket-destroy` resource here to trigger bucket destroy job after vpc destroy job. The terraform bucket destroy job currently doesnt't work, due to bugs: https://github.com/hashicorp/terraform/issues/3981 and missing functionality - the old file versions are actually not removed. @combor has risen PR to add this functionality here: https://github.com/hashicorp/terraform/pull/4168 --- concourse/pipelines/destroy.yml | 81 +++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 concourse/pipelines/destroy.yml diff --git a/concourse/pipelines/destroy.yml b/concourse/pipelines/destroy.yml new file mode 100644 index 0000000000..5a3e832cd7 --- /dev/null +++ b/concourse/pipelines/destroy.yml @@ -0,0 +1,81 @@ +--- +resources: + - name: paas-cf + type: git + source: + uri: https://github.com/alphagov/paas-cf + branch: {{branch_name}} + + - name: tf-state-bucket + type: s3 + source: + bucket: {{state_bucket}} + region_name: {{aws_region}} + access_key_id: {{aws_access_key_id}} + secret_access_key: {{aws_secret_access_key}} + versioned_file: bucket.tfstate + + - name: tf-state-vpc + type: s3 + source: + bucket: {{state_bucket}} + region_name: {{aws_region}} + access_key_id: {{aws_access_key_id}} + secret_access_key: {{aws_secret_access_key}} + versioned_file: vpc.tfstate + + - name: trigger-bucket-destroy + type: semver + source: + bucket: {{state_bucket}} + region_name: {{aws_region}} + access_key_id: {{aws_access_key_id}} + secret_access_key: {{aws_secret_access_key}} + key: destroy-trigger + +jobs: + - name: destroy-vpc + plan: + - get: paas-cf + - get: tf-state-vpc + - task: tf-destroy-vpc + file: paas-cf/concourse/tasks/tf-destroy.yml + config: + params: + DEPLOY_ENV: {{deploy_env}} + AWS_DEFAULT_REGION: {{aws_region}} + AWS_ACCESS_KEY_ID: {{aws_access_key_id}} + AWS_SECRET_ACCESS_KEY: {{aws_secret_access_key}} + TF_VAR_AWS_ACCESS_KEY_ID: {{aws_access_key_id}} + TF_VAR_AWS_SECRET_ACCESS_KEY: {{aws_secret_access_key}} + TF_FILES_PATH: paas-cf/terraform/vpc + TF_STATE_PATH: tf-state-vpc/vpc.tfstate + inputs: + - name: paas-cf + - name: tf-state-vpc + - put: trigger-bucket-destroy + params: {bump: patch} + + - name: destroy-init-bucket + plan: + - get: paas-cf + - get: tf-state-bucket + - get: trigger-bucket-destroy + trigger: true + passed: [destroy-vpc] + - task: tf-destroy-init-bucket + file: paas-cf/concourse/tasks/tf-destroy.yml + config: + params: + DEPLOY_ENV: {{deploy_env}} + AWS_DEFAULT_REGION: {{aws_region}} + AWS_ACCESS_KEY_ID: {{aws_access_key_id}} + AWS_SECRET_ACCESS_KEY: {{aws_secret_access_key}} + TF_VAR_AWS_ACCESS_KEY_ID: {{aws_access_key_id}} + TF_VAR_AWS_SECRET_ACCESS_KEY: {{aws_secret_access_key}} + TF_FILES_PATH: paas-cf/terraform/bucket + TF_STATE_PATH: tf-state-bucket/bucket.tfstate + inputs: + - name: paas-cf + - name: tf-state-bucket +