From 0f26448d3c5035abdd9b77d63580869eb55a540b Mon Sep 17 00:00:00 2001 From: Chris Patti Date: Thu, 9 Feb 2023 15:31:14 -0500 Subject: [PATCH] #1090 - Add Micromasters VPC Pulumi code --- .../Pulumi.applications.micromasters.CI.yaml | 15 ++++-- .../Pulumi.infrastructure.aws.network.CI.yaml | 2 +- .../infrastructure/aws/network/__main__.py | 47 +++++++++++++++++++ 3 files changed, 60 insertions(+), 4 deletions(-) diff --git a/src/ol_infrastructure/applications/micromasters/Pulumi.applications.micromasters.CI.yaml b/src/ol_infrastructure/applications/micromasters/Pulumi.applications.micromasters.CI.yaml index 6f1fc093d6..92f2bd350b 100644 --- a/src/ol_infrastructure/applications/micromasters/Pulumi.applications.micromasters.CI.yaml +++ b/src/ol_infrastructure/applications/micromasters/Pulumi.applications.micromasters.CI.yaml @@ -1,3 +1,12 @@ ---- -secretsprovider: awskms://alias/infrastructure-secrets-qa -encryptedkey: AQICAHijXuVxVlAL6bY9xCOrzO3YYhFlQBPt6jNyJGkhYu+q4QGMy4yIannSd/lzkrjExmbaAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMRoeZfasDehG5AcrtAgEQgDvOsnwTDAZrd6xg7FQjOcT8onJyrpUcL9r4WsBRqifRGolaRMEVohz4EbNnqmE0kxybvS6CKoiC0f16EA== +secretsprovider: awskms://alias/infrastructure-secrets-ci +encryptedkey: AQICAHi+npazf3LfzV9oCtcYyCMYLOzaQhbo9xt6lJVVpz9tkQHmbQbdOIGG4Jt34XVtsKrHAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMzjNghqk4vTeob3lJAgEQgDt7H0yPqnjaQpouv/pngrLocorB4cYIcu+1zjTT95OxLKYWG6n4zAOokfTG64Ut0fyLkxA2EvI7vytTgg== +config: + aws:region: us-east-1 + consul:address: https://consul-micromasters-ci.odl.mit.edu + consul:scheme: https + micromasters:db_password: + secure: v1:DTEttuHYUMFQ5AJM:FSsYgItu3JT8hNcO/kz/JJn3t/dSHEWl5RSNUzlErvov6GDajBte9cvhMjrWi1itHopHJCkiseHdBxjz8Iulaodo9eeHQwSMrAq3+HuWgXE= + micromasters:domain: ci.micromasters.mit.edu + micromasters:proctortrack_url: https://preproduction.verificient.com + vault:address: https://vault-ci.odl.mit.edu + vault_server:env_namespace: operations.ci diff --git a/src/ol_infrastructure/infrastructure/aws/network/Pulumi.infrastructure.aws.network.CI.yaml b/src/ol_infrastructure/infrastructure/aws/network/Pulumi.infrastructure.aws.network.CI.yaml index 134274fb91..e2c702ed17 100644 --- a/src/ol_infrastructure/infrastructure/aws/network/Pulumi.infrastructure.aws.network.CI.yaml +++ b/src/ol_infrastructure/infrastructure/aws/network/Pulumi.infrastructure.aws.network.CI.yaml @@ -1,4 +1,3 @@ ---- secretsprovider: awskms://alias/PulumiSecrets encryptedkey: AQICAHionUR8LBW1ALuVC0rCH3AE2oQIfGMCx3XmpDH9HjM2LQGBLco/RG9oGViri+qOtu1pAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMdFHq4mWeThJCfms3AgEQgDvJ5h2BbmqsJftNs+lFvcyA5ovBM88JNbMXulpPU9kib6kpO1GxxqHG7eLIe2brFv3gph1xB6+heONLww== config: @@ -7,6 +6,7 @@ config: data_vpc:cidr_block: 172.17.0.0/16 k8s_vpc:cidr_block: 172.30.0.0/17 k8s_vpc:k8s_service_subnet: 172.30.48.0/20 + micromasters_vpc:cidr_block: 172.23.0.0/16 mitx_online_vpc:cidr_block: 10.20.0.0/16 ocw_vpc:cidr_block: 172.21.0.0/16 operations_vpc:cidr_block: 172.16.0.0/16 diff --git a/src/ol_infrastructure/infrastructure/aws/network/__main__.py b/src/ol_infrastructure/infrastructure/aws/network/__main__.py index 192220cb3a..b0b7808ade 100644 --- a/src/ol_infrastructure/infrastructure/aws/network/__main__.py +++ b/src/ol_infrastructure/infrastructure/aws/network/__main__.py @@ -170,6 +170,20 @@ def vpc_exports(vpc: OLVPC, peers: Optional[list[str]] = None) -> dict[str, Any] ) xpro_vpc = OLVPC(xpro_vpc_config) +micromasters_config = Config("micromasters_vpc") +micromasters_vpc_config = OLVPCConfig( + vpc_name=f"micromasters-{stack_info.env_suffix}", + cidr_block=micromasters_config.require("cidr_block"), + num_subnets=5, + tags={ + "OU": "micromasters", + "Environment": f"micromasters-{stack_info.env_suffix}", + "business_unit": "micromasters", + "Name": f"Micromasters {stack_info.name}", + }, +) +micromasters_vpc = OLVPC(micromasters_vpc_config) + data_vpc_exports = vpc_exports( data_vpc, [ @@ -372,6 +386,29 @@ def vpc_exports(vpc: OLVPC, peers: Optional[list[str]] = None) -> dict[str, Any] ) export("xpro_vpc", xpro_vpc_exports) + +micromasters_vpc_exports = vpc_exports(micromasters_vpc, ["data_vpc", "operations_vpc"]) +micromasters_vpc_exports.update( + { + "security_groups": { + "default": micromasters_vpc.olvpc.id.apply(default_group).id, + "ssh": public_ssh(micromasters_vpc_config.vpc_name, micromasters_vpc.olvpc)( + tags=micromasters_vpc_config.merged_tags( + {"Name": f"micromasters-{stack_info.env_suffix}-public-ssh"} + ), + name=f"micromasters-{stack_info.env_suffix}-public-ssh", + ).id, + "web": public_web(micromasters_vpc_config.vpc_name, micromasters_vpc.olvpc)( + tags=micromasters_vpc_config.merged_tags( + {"Name": f"micromasters-{stack_info.env_suffix}-public-web"} + ), + name=f"micromasters-{stack_info.env_suffix}-public-web", + ).id, + } + } +) +export("micromasters_vpc", micromasters_vpc_exports) + # TODO: MD 2022-05-13 This probably needs to be expanded upon once the k8s network is peered to others # noqa: E501 # when it gains some security groups. k8s_vpc_exports = vpc_exports(k8s_vpc) @@ -482,6 +519,11 @@ def vpc_exports(vpc: OLVPC, peers: Optional[list[str]] = None) -> dict[str, Any] data_vpc, xpro_vpc, ) +data_to_micromasters_peer = OLVPCPeeringConnection( + "ol-data-{0}-to-micromasters-{0}-vpc-peer".format(stack_info.env_suffix), + data_vpc, + micromasters_vpc, +) operations_to_applications_peer = OLVPCPeeringConnection( "ol-operations-{0}-to-applications-{0}-vpc-peer".format(stack_info.env_suffix), operations_vpc, @@ -514,6 +556,11 @@ def vpc_exports(vpc: OLVPC, peers: Optional[list[str]] = None) -> dict[str, Any] operations_vpc, xpro_vpc, ) +operations_to_micromasters_peer = OLVPCPeeringConnection( + "ol-operations-{0}-to-micromasters-{0}-vpc-peer".format(stack_info.env_suffix), + operations_vpc, + micromasters_vpc, +) if stack_info.env_suffix == "production": # TODO: Delete this once we migrate the Micromasters RDS into the applications VPC