use intermediate DNS names and remove Terraform lookup

briskt · briskt · commit 16b4d6cb9b11 · 2023-08-04T14:45:49.000-06:00
diff --git a/cmd/cli/flags/flags.go b/cmd/cli/flags/flags.go
@@ -18,12 +18,10 @@ const (
 
 // Persistent flags for multiregion commands
 const (
-	DomainName        = "domain-name"
-	Env               = "env"
-	Region2           = "region2"
-	TfcToken          = "tfc-token"
-	OrgAlternate      = "org-alternate"
-	TfcTokenAlternate = "tfc-token-alternate"
+	DomainName = "domain-name"
+	Env        = "env"
+	Region2    = "region2"
+	TfcToken   = "tfc-token"
 )
 
 func NewStringFlag(command *cobra.Command, name, shorthand string, value, usage string) {
diff --git a/cmd/cli/multiregion/dns.go b/cmd/cli/multiregion/dns.go
@@ -10,23 +10,21 @@ import (
 	"log"
 
 	"github.com/cloudflare/cloudflare-go"
-	"github.com/hashicorp/go-tfe"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 
 	"github.com/silinternational/idp-cli/cmd/cli/flags"
 )
 
 type DnsCommand struct {
-	cfClient    *cloudflare.API
-	cfZone      *cloudflare.ResourceContainer
-	domainName  string
-	failback    bool
-	tfcOrg      string
-	tfcOrgAlt   string
-	tfcToken    string
-	tfcTokenAlt string
-	testMode    bool
+	cfClient   *cloudflare.API
+	cfZone     *cloudflare.ResourceContainer
+	domainName string
+	env        string
+	failback   bool
+	region     string
+	region2    string
+	testMode   bool
 }
 
 type DnsValues struct {
@@ -60,8 +58,7 @@ func runDnsCommand(failback bool) {
 
 	d := newDnsCommand(pFlags, failback)
 
-	values := d.getDnsValuesFromTfc(pFlags)
-	d.setDnsRecordValues(pFlags.idp, values)
+	d.setDnsRecordValues(pFlags.idp)
 }
 
 func newDnsCommand(pFlags PersistentFlags, failback bool) *DnsCommand {
@@ -92,57 +89,58 @@ func newDnsCommand(pFlags PersistentFlags, failback bool) *DnsCommand {
 	fmt.Printf("Using domain name %s with ID %s\n", d.domainName, zoneID)
 	d.cfZone = cloudflare.ZoneIdentifier(zoneID)
 
-	d.tfcToken = pFlags.tfcToken
-	d.tfcTokenAlt = pFlags.tfcTokenAlt
-	d.tfcOrg = pFlags.org
-	d.tfcOrgAlt = pFlags.orgAlt
+	d.env = pFlags.env
+	d.region = pFlags.region
+	d.region2 = pFlags.secondaryRegion
+
 	d.failback = failback
 
 	return &d
 }
 
-func (d *DnsCommand) setDnsRecordValues(idpKey string, dnsValues DnsValues) {
+func (d *DnsCommand) setDnsRecordValues(idpKey string) {
 	if d.failback {
 		fmt.Println("Setting DNS records to primary region...")
 	} else {
 		fmt.Println("Setting DNS records to secondary region...")
 	}
 
+	region := d.region2
+	if d.failback {
+		region = d.region
+	}
+
+	supportBotName := "sherlock"
+	if d.env != "prod" {
+		supportBotName = "watson"
+	}
+
 	dnsRecords := []struct {
-		name      string
-		valueFlag string
-		tfcValue  string
+		name  string
+		value string
 	}{
 		// "mfa-api" is the TOTP API, also known as serverless-mfa-api
-		{"mfa-api", "mfa-api-value", dnsValues.mfa},
+		{"mfa-api", "mfa-api-" + region},
 
 		// "twosv-api" is the Webauthn API, also known as serverless-mfa-api-go
-		{"twosv-api", "twosv-api-value", dnsValues.twosv},
+		{"twosv-api", "twosv-api-" + region},
 
-		// "support-bot" is the idp-support-bot API that is configured in the Slack API dashboard
-		{"sherlock", "support-bot-value", dnsValues.bot},
+		// this is the idp-support-bot API that is configured in the Slack API dashboard
+		{supportBotName, supportBotName + "-" + region},
 
 		// ECS services
-		{idpKey + "-email", "email-service-value", dnsValues.albInternal},
-		{idpKey + "-broker", "id-broker-value", dnsValues.albInternal},
-		{idpKey + "-pw-api", "pw-api-value", dnsValues.albExternal},
-		{idpKey, "ssp-value", dnsValues.albExternal},
-		{idpKey + "-sync", "id-sync-value", dnsValues.albExternal},
+		{idpKey + "-email", idpKey + "-email-" + region},
+		{idpKey + "-broker", idpKey + "-broker-" + region},
+		{idpKey + "-pw-api", idpKey + "-pw-api-" + region},
+		{idpKey, idpKey + "-" + region},
+		{idpKey + "-sync", idpKey + "-sync-" + region},
 	}
 
 	for _, record := range dnsRecords {
-		value := getDnsValue(record.valueFlag, record.tfcValue)
-		d.setCloudflareCname(record.name, value)
+		d.setCloudflareCname(record.name, record.value)
 	}
 }
 
-func getDnsValue(valueFlag, tfcValue string) string {
-	if tfcValue != "" {
-		return tfcValue
-	}
-	return viper.GetString(valueFlag)
-}
-
 func (d *DnsCommand) setCloudflareCname(name, value string) {
 	if value == "" {
 		fmt.Printf("  skipping %s (no value provided)\n", name)
@@ -186,142 +184,3 @@ func (d *DnsCommand) setCloudflareCname(name, value string) {
 		log.Fatalf("error updating DNS record %s: %s", name, err)
 	}
 }
-
-func (d *DnsCommand) getDnsValuesFromTfc(pFlags PersistentFlags) (values DnsValues) {
-	ctx := context.Background()
-
-	var clusterWorkspaceName string
-	if d.failback {
-		clusterWorkspaceName = clusterWorkspace(pFlags)
-	} else {
-		clusterWorkspaceName = clusterSecondaryWorkspace(pFlags)
-	}
-
-	internal, external := d.getAlbValuesFromTfc(ctx, clusterWorkspaceName)
-	values.albInternal = internal
-	values.albExternal = external
-
-	bot := "idp-support-bot-prod"
-	if pFlags.env != envProd {
-		bot = "idp-support-bot-dev" // TODO: consider renaming the workspace name so this can be simplified
-	}
-	values.bot = d.getLambdaDnsValueFromTfc(ctx, bot)
-
-	twosv := "serverless-mfa-api-go-prod"
-	if pFlags.env != envProd {
-		twosv = "serverless-mfa-api-go-dev" // TODO: consider renaming the workspace name so this can be simplified
-	}
-	values.twosv = d.getLambdaDnsValueFromTfc(ctx, twosv)
-
-	mfa := "serverless-mfa-api-prod"
-	if pFlags.env != envProd {
-		mfa = "serverless-mfa-api-dev" // TODO: consider renaming the workspace name so this can be simplified
-	}
-	values.mfa = d.getLambdaDnsValueFromTfc(ctx, mfa)
-	return
-}
-
-func (d *DnsCommand) getAlbValuesFromTfc(ctx context.Context, workspaceName string) (internal, external string) {
-	workspaceID, client, err := d.findTfcWorkspace(ctx, workspaceName)
-	if err != nil {
-		fmt.Printf("Failed to get ALB DNS values: %s\n  Will use DNS config values if provided.\n", err)
-		return
-	}
-
-	outputs, err := client.StateVersionOutputs.ReadCurrent(ctx, workspaceID)
-	if err != nil {
-		fmt.Printf("Error reading Terraform state outputs on workspace %s: %s", workspaceName, err)
-		return
-	}
-
-	for _, item := range outputs.Items {
-		itemValue, _ := item.Value.(string)
-		switch item.Name {
-		case "alb_dns_name":
-			external = itemValue
-		case "internal_alb_dns_name":
-			internal = itemValue
-		}
-	}
-	return
-}
-
-func (d *DnsCommand) getLambdaDnsValueFromTfc(ctx context.Context, workspaceName string) string {
-	outputName := "secondary_region_domain_name"
-	if d.failback {
-		outputName = "primary_region_domain_name"
-	}
-	val, err := d.getTfcOutputFromWorkspace(ctx, workspaceName, outputName)
-	if err != nil {
-		fmt.Printf("Error: %s\n Will use config value if provided.\n", err)
-		return ""
-	}
-	return val
-}
-
-func (d *DnsCommand) getTfcOutputFromWorkspace(ctx context.Context, workspaceName, outputName string) (string, error) {
-	workspaceID, client, err := d.findTfcWorkspace(ctx, workspaceName)
-	if err != nil {
-		return "", fmt.Errorf("failed to get DNS value from %s: %w", workspaceName, err)
-	}
-
-	outputs, err := client.StateVersionOutputs.ReadCurrent(ctx, workspaceID)
-	if err != nil {
-		return "", fmt.Errorf("error reading Terraform state outputs on workspace %s: %w", workspaceName, err)
-	}
-
-	for _, item := range outputs.Items {
-		if item.Name == outputName {
-			if itemValue, ok := item.Value.(string); ok {
-				return itemValue, nil
-			}
-			break
-		}
-	}
-
-	return "", fmt.Errorf("value for %s not found in %s\n", outputName, workspaceName)
-}
-
-// findTfcWorkspace looks for a workspace by name in two different Terraform Cloud accounts and returns
-// the workspace ID and an API client for the account where the workspace was found
-func (d *DnsCommand) findTfcWorkspace(ctx context.Context, workspaceName string) (id string, client *tfe.Client, err error) {
-	config := &tfe.Config{
-		Token:             d.tfcToken,
-		RetryServerErrors: true,
-	}
-
-	client, err = tfe.NewClient(config)
-	if err != nil {
-		err = fmt.Errorf("error creating Terraform client: %s", err)
-		return
-	}
-
-	w, err := client.Workspaces.Read(ctx, d.tfcOrg, workspaceName)
-	if err == nil {
-		id = w.ID
-		return
-	}
-
-	if d.tfcTokenAlt == "" {
-		err = fmt.Errorf("error reading Terraform workspace %s: %s", workspaceName, err)
-		return
-	}
-
-	fmt.Printf("Workspace %s not found using %s, trying %s\n", workspaceName, flags.TfcToken, flags.TfcTokenAlternate)
-
-	config.Token = d.tfcTokenAlt
-	client, err = tfe.NewClient(config)
-	if err != nil {
-		err = fmt.Errorf("error creating alternate Terraform client: %s", err)
-		return
-	}
-
-	w, err = client.Workspaces.Read(ctx, d.tfcOrgAlt, workspaceName)
-	if err != nil {
-		err = fmt.Errorf("error reading Terraform workspace %s using %s: %s", workspaceName, flags.TfcTokenAlternate, err)
-		return
-	}
-
-	id = w.ID
-	return
-}
diff --git a/cmd/cli/multiregion/multiregion.go b/cmd/cli/multiregion/multiregion.go
@@ -33,8 +33,6 @@ func SetupMultiregionCmd(parentCommand *cobra.Command) {
 	flags.NewStringFlag(multiregionCmd, flags.Env, "", envProd, "Execution environment")
 	flags.NewStringFlag(multiregionCmd, flags.Region2, "", "", "Secondary AWS region")
 	flags.NewStringFlag(multiregionCmd, flags.TfcToken, "", "", "Token for Terraform Cloud authentication")
-	flags.NewStringFlag(multiregionCmd, flags.OrgAlternate, "", "", "Alternate Terraform Cloud organization")
-	flags.NewStringFlag(multiregionCmd, flags.TfcTokenAlternate, "", "", "Alternate token for Terraform Cloud")
 }
 
 func outputFlagError(cmd *cobra.Command, err error) {
@@ -46,11 +44,10 @@ type PersistentFlags struct {
 	env             string
 	idp             string
 	org             string
-	orgAlt          string
 	readOnlyMode    bool
+	region          string
 	secondaryRegion string
 	tfcToken        string
-	tfcTokenAlt     string
 }
 
 func getPersistentFlags() PersistentFlags {
@@ -59,19 +56,9 @@ func getPersistentFlags() PersistentFlags {
 		idp:             getRequiredParam(flags.Idp),
 		org:             getRequiredParam(flags.Org),
 		tfcToken:        getRequiredParam(flags.TfcToken),
+		region:          getRequiredParam(flags.Region),
 		secondaryRegion: getRequiredParam(flags.Region2),
 		readOnlyMode:    viper.GetBool(flags.ReadOnlyMode),
-		tfcTokenAlt:     getOption(flags.TfcTokenAlternate, ""),
-		orgAlt:          getOption(flags.OrgAlternate, viper.GetString(flags.OrgAlternate)),
-	}
-
-	if pFlags.orgAlt != "" && pFlags.tfcTokenAlt == "" {
-		log.Fatalf("%[1]s was specified without %[2]s. Please include %[2]s or remove %[1]s.",
-			flags.OrgAlternate, flags.TfcTokenAlternate)
-	}
-
-	if pFlags.orgAlt == "" {
-		pFlags.orgAlt = pFlags.org
 	}
 
 	return pFlags
diff --git a/go.mod b/go.mod
@@ -6,7 +6,6 @@ go 1.20
 
 require (
 	github.com/cloudflare/cloudflare-go v0.69.0
-	github.com/hashicorp/go-tfe v1.31.0
 	github.com/silinternational/tfc-ops/v3 v3.5.0
 	github.com/spf13/cobra v1.7.0
 	github.com/spf13/viper v1.16.0
@@ -18,10 +17,7 @@ require (
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.4 // indirect
-	github.com/hashicorp/go-slug v0.12.0 // indirect
-	github.com/hashicorp/go-version v1.6.0 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/hashicorp/jsonapi v0.0.0-20210826224640-ee7dae0fb22d // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
@@ -32,7 +28,6 @@ require (
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/subosito/gotenv v1.4.2 // indirect
 	golang.org/x/net v0.10.0 // indirect
-	golang.org/x/sync v0.3.0 // indirect
 	golang.org/x/sys v0.9.0 // indirect
 	golang.org/x/text v0.10.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
diff --git a/go.sum b/go.sum
@@ -130,19 +130,10 @@ github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrj
 github.com/hashicorp/go-hclog v1.2.0 h1:La19f8d7WIlm4ogzNHB0JGqs5AUDAZ2UfCY4sJXcJdM=
 github.com/hashicorp/go-retryablehttp v0.7.4 h1:ZQgVdpTdAL7WpMIwLzCfbalOcSUdkDZnpUv3/+BxzFA=
 github.com/hashicorp/go-retryablehttp v0.7.4/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
-github.com/hashicorp/go-slug v0.12.0 h1:y1ArGp5RFF85uvD8nq5VZug/bup/kGN5Ft4xFOQ5GPM=
-github.com/hashicorp/go-slug v0.12.0/go.mod h1:JZVtycnZZbiJ4oxpJ/zfhyfBD8XxT4f0uOSyjNLCqFY=
-github.com/hashicorp/go-tfe v1.31.0 h1:R1CokrAVBHxrsvRw1vKes7RQxTRTWcula7gjQK7Jfsk=
-github.com/hashicorp/go-tfe v1.31.0/go.mod h1:vcfy2u52JQ4sYLFi941qcQXQYfUq2RjEW466tZ+m97Y=
-github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
-github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek=
-github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hashicorp/jsonapi v0.0.0-20210826224640-ee7dae0fb22d h1:9ARUJJ1VVynB176G1HCwleORqCaXm/Vx0uUi0dL26I0=
-github.com/hashicorp/jsonapi v0.0.0-20210826224640-ee7dae0fb22d/go.mod h1:Yog5+CPEM3c99L1CL2CFCYoSzgWm5vTU58idbRUaLik=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
@@ -302,8 +293,6 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
-golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
diff --git a/idp-cli-example.toml b/idp-cli-example.toml
