feat: cleanup before split

infra/Makefile

@@ -0,0 +1,15 @@
+
+.PHONY: fmt
+fmt:
+	@tf fmt ../**/*.tf
+	@tf fmt ../**/*.tfvars
+	@tf fmt ../**/*.tftest.hcl
+
+.PHONY: check
+check:
+	@tf validate
+
+.PHONY: yolo
+yolo:
+	@echo "Wise, you are not..."
+	@tf apply -auto-approve

infra/cdn/main.tf

@@ -1,15 +1,3 @@
-variable "name" { type = string }
-variable "domain" { type = string }
-variable "extra_domains" { type = list(string) }
-variable "backend_address" { type = string }
-variable "default_ttl" { type = number }
-variable "stale_if_error" { type = bool }
-variable "stale_if_error_ttl" { type = number }
-variable "aws_access_key_id" { type = string }
-variable "aws_secret_access_key" { type = string }
-variable "datadog_api_key" { type = string }
-variable "fastly_header_token" { type = string }
-
 resource "fastly_service_vcl" "python_org" {
   name               = var.name
   default_ttl        = var.default_ttl
@@ -194,7 +182,7 @@ resource "fastly_service_vcl" "python_org" {
     destination = "http.Fastly-Token"
     name        = "Fastly Token"
     priority    = 10
-    source      = "\"${var.FASTLY_HEADER_TOKEN}\""
+    source      = "\"${var.fastly_header_token}\""
     type        = "request"
   }
   header {
@@ -259,7 +247,7 @@ resource "fastly_service_vcl" "python_org" {
 
   logging_datadog {
     name   = "ratelimit-debug"
-    token  = var.DATADOG_API_KEY
+    token  = var.datadog_key
     region = "US"
   }
 
@@ -275,8 +263,8 @@ resource "fastly_service_vcl" "python_org" {
     redundancy       = "standard"
     format_version   = 2
     message_type     = "classic"
-    s3_access_key    = var.s3_logging_keys
-    s3_secret_key    = var.s3_logging_keys
+    s3_access_key    = var.fastly_s3_logging["access_key"]
+    s3_secret_key    = var.fastly_s3_logging["secret_key"]
   }
 
   logging_syslog {
@@ -355,4 +343,4 @@ resource "fastly_service_vcl" "python_org" {
   }
 
   force_destroy = true
-}
+}

infra/cdn/variables.tf

@@ -1,14 +1,39 @@
-variable "FASTLY_API_KEY" {
+variable "fastly_key" {
   type        = string
   description = "API key for the Fastly VCL edge configuration."
 }
-variable "FASTLY_HEADER_TOKEN" {
-  description = "Fastly Token for authentication"
+variable "fastly_header_token" {
+  description = "Fastly header token ensure we only allow Fastly to access the service"
   type        = string
   sensitive   = true
 }
-variable "DATADOG_API_KEY" {
+variable "datadog_key" {
   type        = string
   description = "API key for Datadog logging"
   sensitive   = true
+}
+variable "fastly_s3_logging" {
+  type        = string
+  description = "S3 bucket keys for Fastly logging"
+  sensitive   = true
+}
+variable "name" {
+  type        = string
+  description = "The name of the Fastly service."
+}
+variable "domain" {
+  type        = string
+  description = "The domain name of the service."
+}
+variable "extra_domains" {
+  type        = list(string)
+  description = "Extra domains to add to the service."
+}
+variable "backend_address" {
+  type        = string
+  description = "The hostname of the backend service."
+}
+variable "default_ttl" {
+  type        = number
+  description = "The default TTL for the service."
 }

infra/dns/main.tf

@@ -5,16 +5,7 @@
 # Retrieve the current AWS account data (based on secrets provided in .tfvars or TF Cloud)
 data "aws_caller_identity" "current" {}
 
-# Input variables passed in from `$root/infra/main.tf`
-variable "tags" { type = map(any) }
-variable "primary_domain" { type = string }
-variable "user_content_domain" { type = string }
-variable "apex_txt" { type = list(any) }
-variable "name" { type = string }
-variable "zone_id" { type = string }
-variable "domain" { type = string }
-variable "fastly_endpoints" { type = map(any) }
-variable "domain_map" { type = map(any) }
+
 
 # see if we're dealing with an apex domain or subdomain by splitting the domain name and counting the parts
 locals {

infra/dns/providers.tf

@@ -1,6 +1,6 @@
 provider "aws" {
   alias      = "dns"
   region     = "us-east-2"
-  access_key = var.AWS_ACCESS_KEY_ID
-  secret_key = var.AWS_SECRET_ACCESS_KEY
+  access_key = var.aws_access_key
+  secret_key = var.aws_secret_key
 }

infra/dns/variables.tf

@@ -1,10 +1,10 @@
-variable "AWS_ACCESS_KEY_ID" {
+variable "aws_access_key" {
   type        = string
   description = "Access key for the AWS account."
   sensitive   = true
 }
 
-variable "AWS_SECRET_ACCESS_KEY" {
+variable "aws_secret_key" {
   type        = string
   description = "Secret access key for the AWS account."
   sensitive   = true
@@ -27,3 +27,40 @@ variable "route53_record_ttl" {
   description = "The TTL for the CNAME record"
   default     = 60
 }
+
+variable "tags" {
+  type        = map(any)
+  description = "Tags to apply to all resources"
+}
+variable "primary_domain" {
+  type        = string
+  description = "The primary domain name"
+}
+variable "user_content_domain" {
+  type        = string
+  description = "The user content (sub)domain name"
+}
+variable "apex_txt" {
+  type        = list(any)
+  description = "The TXT record for the apex domain"
+}
+variable "name" {
+  type        = string
+  description = "The name of the Fastly service"
+}
+variable "zone_id" {
+  type        = string
+  description = "The Route 53 hosted zone ID"
+}
+variable "domain" {
+  type        = string
+  description = "The domain name of the service"
+}
+variable "fastly_endpoints" {
+  type        = map(any)
+  description = "The Fastly endpoints"
+}
+variable "domain_map" {
+  type        = map(any)
+  description = "The domain map"
+}

infra/main.tf

@@ -1,5 +1,3 @@
-variable "fastly_s3_logging" { type = map(any) }
-
 locals {
   tags = {
     Application = "Python.org"
@@ -20,47 +18,52 @@ locals {
 }
 
 module "dns" {
+  # TODO: this doesn't accommodate for DNS management splits between environments
   source         = "./dns"
   tags           = local.tags
   primary_domain = "python.org"
+  zone_id         = module.dns.primary_zone_id
+  fastly_endpoints = local.fastly_endpoints
+  domain_map       = local.domain_map
+
+  aws_access_key = var.AWS_ACCESS_KEY_ID
+  aws_secret_key = var.AWS_SECRET_ACCESS_KEY
+
+  # TODO: the below needs to be parameterized or fixed
+  apex_txt = []
+  domain = ""
+  name = ""
+  user_content_domain = ""
 }
 
-module "pythondotorg_production" {
+module "fastly_production" {
   source = "./cdn"
 
   name               = "Python.org"
   domain             = "python.org"
   extra_domains      = ["www.python.org"]
   backend_address    = "pythondotorg.ingress.us-east-2.psfhosted.computer"
   default_ttl        = 3600
-  stale_if_error     = false
-  stale_if_error_ttl = 43200
-
-  zone_id         = module.dns.primary_zone_id
-  backend         = "pythondotorg.ingress.us-east-2.psfhosted.computer"
-  s3_logging_keys = var.fastly_s3_logging
 
-  fastly_endpoints = local.fastly_endpoints
-  domain_map       = local.domain_map
+  datadog_key  = var.DATADOG_API_KEY
+  fastly_key   = var.FASTLY_API_KEY
+  fastly_header_token = var.FASTLY_HEADER_TOKEN
+  fastly_s3_logging = var.fastly_s3_logging
 }
 
-module "pythondotorg_staging" {
+module "fastly_staging" {
   source = "./cdn"
 
   name               = "test.Python.org"
   domain             = "test.python.org"
   extra_domains      = []
   backend_address    = "test-pythondotorg.ingress.us-east-2.psfhosted.computer"
   default_ttl        = 3600
-  stale_if_error     = false
-  stale_if_error_ttl = 43200
 
-  zone_id         = module.dns.primary_zone_id
-  backend         = "test-pythondotorg.ingress.us-east-2.psfhosted.computer"
-  s3_logging_keys = var.fastly_s3_logging
-
-  fastly_endpoints = local.fastly_endpoints
-  domain_map       = local.domain_map
+  datadog_key  = var.DATADOG_API_KEY
+  fastly_key   = var.FASTLY_API_KEY
+  fastly_header_token = var.FASTLY_HEADER_TOKEN
+  fastly_s3_logging = var.fastly_s3_logging
 }