Add support for the Pulumi Automation API

.github/ISSUE_TEMPLATE/feature_request.md

@@ -14,4 +14,4 @@ A clear and concise description of what you want to happen.
 A clear and concise description of any alternative solutions or features you've considered.
 
 **Additional context**
-Add any other context or screenshots about the feature request here.
+Add any other context or screenshots about the feature request here.

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,12 +1,12 @@
 ### Proposed changes
-Describe the use case and detail of the change. If this PR addresses an issue 
-on GitHub, make sure to include a link to that issue here in this description 
+Describe the use case and detail of the change. If this PR addresses an issue
+on GitHub, make sure to include a link to that issue here in this description
 (not in the title of the PR).
 
 ### Checklist
 Before creating a PR, run through this checklist and mark each as complete.
 
-- [ ] I have written my commit messages in the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) format. 
+- [ ] I have written my commit messages in the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) format.
 - [ ] I have read the [CONTRIBUTING](/CONTRIBUTING.md) doc
 - [ ] I have added tests (when possible) that prove my fix is effective or that my feature works
 - [ ] I have checked that all unit tests pass after adding my changes

.gitignore

@@ -260,6 +260,9 @@ override.tf.json
 
 # End of https://www.toptal.com/developers/gitignore/api/python,pycharm+all,terraform
 
+# Ignore locally installed pyenv environment
+.pyenv
+
 *.pyc
 !/extras/jwt.token
 /pulumi/python/tools/common/config/*.yaml

.pre-commit-config.yaml

@@ -0,0 +1,49 @@
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+repos:
+-   repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.3.0
+    hooks:
+    -   id: check-yaml
+        args: [--allow-multiple-documents]
+    -   id: check-added-large-files
+    -   id: check-merge-conflict
+    -   id: detect-private-key
+    -   id: trailing-whitespace
+    -   id: mixed-line-ending
+    -   id: end-of-file-fixer
+    -   id: debug-statements
+    -   id: check-merge-conflict
+    -   id: check-ast
+
+-   repo: https://github.com/pre-commit/mirrors-autopep8
+    rev: v1.7.0
+    hooks:
+    -   id: autopep8
+
+-   repo: https://github.com/asottile/dead
+    rev: v1.5.0
+    hooks:
+    -   id: dead
+
+-   repo: https://github.com/jumanjihouse/pre-commit-hooks
+    rev: 3.0.0
+    hooks:
+    -  id: shellcheck
+    -  id: shfmt
+    -  id: markdownlint
+
+-   repo: https://github.com/PyCQA/flake8
+    rev: 5.0.4
+    hooks:
+    -  id: flake8
+
+-   repo: https://github.com/zricethezav/gitleaks
+    rev: v8.11.0
+    hooks:
+    -  id: gitleaks
+
+-   repo: https://github.com/Yelp/detect-secrets
+    rev: v1.3.0
+    hooks:
+    -  id: detect-secrets

CODE_OF_CONDUCT.md

@@ -117,13 +117,15 @@ the community.
 
 This Code of Conduct is adapted from the [Contributor Covenant][homepage],
 version 2.0, available at
-https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
+[https://www.contributor-covenant.org/version/2/0/code_of_conduct.html](https://www.contributor-covenant.org/version/2/0/code_of_conduct.html)
+.
 
-Community Impact Guidelines were inspired by [Mozilla's code of conduct
-enforcement ladder](https://github.com/mozilla/diversity).
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder](https://github.com/mozilla/diversity).
 
 [homepage]: https://www.contributor-covenant.org
 
 For answers to common questions about this code of conduct, see the FAQ at
-https://www.contributor-covenant.org/faq. Translations are available at
-https://www.contributor-covenant.org/translations.
+[https://www.contributor-covenant.org/faq](https://www.contributor-covenant.org/faq)
+. Translations are available at
+[https://www.contributor-covenant.org/translations](https://www.contributor-covenant.org/translations).

CONTRIBUTING.md

@@ -1,16 +1,18 @@
 # Contributing Guidelines
 
-The following is a set of guidelines for contributing. We really appreciate that you are considering contributing!
+The following is a set of guidelines for contributing. We really appreciate
+that you are considering contributing!
 
-#### Table Of Contents
+## Table Of Contents
 
 [Ask a Question](#ask-a-question)
 
 [Contributing](#contributing)
 
 [Style Guides](#style-guides)
-  * [Git Style Guide](#git-style-guide)
-  * [Go Style Guide](#go-style-guide)
+
+* [Git Style Guide](#git-style-guide)
+* [Go Style Guide](#go-style-guide)
 
 [Code of Conduct](https://github.com/nginxinc/nginx-wrapper/blob/master/CODE_OF_CONDUCT.md)
 
@@ -22,33 +24,50 @@ Please open an Issue on GitHub with the label `question`.
 
 ### Report a Bug
 
-To report a bug, open an issue on GitHub with the label `bug` using the available bug report issue template. Please ensure the issue has not already been reported.
+To report a bug, open an issue on GitHub with the label `bug` using the
+available bug report issue template. Please ensure the issue has not already
+been reported.
 
 ### Suggest an Enhancement
 
-To suggest an enhancement, please create an issue on GitHub with the label `enhancement` using the available feature issue template.
+To suggest an enhancement, please create an issue on GitHub with the label
+`enhancement` using the available feature issue template.
 
 ### Open a Pull Request
 
-* Fork the repo, create a branch, submit a PR when your changes are tested and ready for review.
+* Fork the repo, create a branch, submit a PR when your changes are tested and
+  ready for review.
 * Fill in [our pull request template](/.github/PULL_REQUEST_TEMPLATE.md)
 
-Note: if you’d like to implement a new feature, please consider creating a feature request issue first to start a discussion about the feature.
+Note: if you’d like to implement a new feature, please consider creating a
+feature request issue first to start a discussion about the feature.
 
 ## Style Guides
 
 ### Git Style Guide
 
-* Keep a clean, concise and meaningful git commit history on your branch, rebasing locally and squashing before submitting a PR
-* Use the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) format when writing a commit message, so that changelogs can be automatically generated
-* Follow the guidelines of writing a good commit message as described [here](https://chris.beams.io/posts/git-commit/) and summarised in the next few points
-    * In the subject line, use the present tense ("Add feature" not "Added feature")
-    * In the subject line, use the imperative mood ("Move cursor to..." not "Moves cursor to...")
-    * Limit the subject line to 72 characters or less
-    * Reference issues and pull requests liberally after the subject line
-    * Add more detailed description in the body of the git message (`git commit -a` to give you more space and time in your text editor to write a good message instead of `git commit -am`)
+* Keep a clean, concise and meaningful git commit history on your branch,
+  rebasing locally and squashing before submitting a PR
+* Use the
+  [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) format
+  when writing a commit message, so that changelogs can be automatically
+  generated
+* Follow the guidelines of writing a good commit message as described
+  [here](https://chris.beams.io/posts/git-commit/) and summarised in the next
+  few points
+  * In the subject line, use the present tense
+    ("Add feature" not "Added feature")
+  * In the subject line, use the imperative mood ("Move cursor to..." not
+    "Moves cursor to...")
+  * Limit the subject line to 72 characters or less
+  * Reference issues and pull requests liberally after the subject line
+  * Add more detailed description in the body of the git message (
+    `git commit -a` to give you more space and time in your text editor to
+    write a good message instead of `git commit -am`)
 
 ### Code Style Guide
 
-* Python code should conform to the [PEP-8 style guidelines](https://www.python.org/dev/peps/pep-0008/) whenever possible.
+* Python code should conform to the
+  [PEP-8 style guidelines](https://www.python.org/dev/peps/pep-0008/)
+  whenever possible.
 * Where feasible, include unit tests.

README.md

@@ -1,40 +1,47 @@
+# NGINX Modern Reference Architectures
+
+## Current Test Status
+
 [![FOSSA Status](https://app.fossa.com/api/projects/custom%2B5618%2Fgit%40github.heygears.com%3Anginxinc%2Fkic-reference-architectures.git.svg?type=shield)](https://app.fossa.com/projects/custom%2B5618%2Fgit%40github.heygears.com%3Anginxinc%2Fkic-reference-architectures.git?ref=badge_shield)
-![AWS Status](https://jenkins.mantawang.com/buildStatus/icon?job=mara_aws_prod&subject=AWS) 
-![DO Status](https://jenkins.mantawang.com/buildStatus/icon?job=mara_do_prod&subject=DigitalOcean) 
-![LKE Status](https://jenkins.mantawang.com/buildStatus/icon?job=mara_lke_prod&subject=Linode) 
+![AWS Status](https://jenkins.mantawang.com/buildStatus/icon?job=mara_aws_prod&subject=AWS)
+![DO Status](https://jenkins.mantawang.com/buildStatus/icon?job=mara_do_prod&subject=DigitalOcean)
+![LKE Status](https://jenkins.mantawang.com/buildStatus/icon?job=mara_lke_prod&subject=Linode)
 ![K3s Status](https://jenkins.mantawang.com/buildStatus/icon?job=mara_k3s_prod&subject=K3s)
 ![MicroK8s Status](https://jenkins.mantawang.com/buildStatus/icon?job=mara_mk8s_prod&subject=MicroK8s)
-![Minikube Status](https://jenkins.mantawang.com/buildStatus/icon?job=mara_minikube_prod&subject=Minikube) 
+![Minikube Status](https://jenkins.mantawang.com/buildStatus/icon?job=mara_minikube_prod&subject=Minikube)
 
-# NGINX Modern Reference Architectures
+![MARA Project](./docs/NGINX-MARA-icon.png)  
 
-This repository has the basics for a common way to deploy and manage modern apps. Over time, we'll build more example
-architectures using different deployment models and options – including other clouds – and you’ll be able to find those
-here.
+This repository has the basics for a common way to deploy and manage modern
+apps. Over time, we'll build more example architectures using different
+deployment models and options – including other clouds – and you’ll be able
+to find those here.
 
 ## Nomenclature
 
-Internally, we refer to this project as MARA for Modern Application Reference Architecture. The current repository name
-reflects the humble origins of this project, as it was started with the purpose of allowing users to build custom
-versions of the NGINX Ingress Controller in Kubernetes. This went so well that we expanded it to the project you're
-currently viewing.
+Internally, we refer to this project as MARA for Modern Application Reference
+Architecture. The current repository name reflects the humble origins of this
+project, as it was started with the purpose of allowing users to build custom
+versions of the NGINX Ingress Controller in Kubernetes. This went so well that
+we expanded it to the project you're currently viewing.
 
 ## Modern App Architectures
 
 We define modern app architectures as those driven by four characteristics:
-*scalability*, *portability*, *resiliency*, and *agility*. While many different aspects of a modern architecture exist,
-these are fundamental.
+*scalability*, *portability*, *resiliency*, and *agility*. While many different
+aspects of a modern architecture exist, these are fundamental.
 
-* **Scalability** – Quickly and seamlessly scale up or down to accommodate spikes or reductions in demand, anywhere in
-  the world.
+* **Scalability** – Quickly and seamlessly scale up or down to accommodate
+  spikes or reductions in demand, anywhere in the world.
 
-* **Portability** – Easy to deploy on multiple types of devices and infrastructures, on public clouds, and on premises.
+* **Portability** – Easy to deploy on multiple types of devices and
+  infrastructures, on public clouds, and on premises.
 
-* **Resiliency** – Can fail over to newly spun‑up clusters or virtual environments in different availability regions,
-  clouds, or data centers.
+* **Resiliency** – Can fail over to newly spun‑up clusters or virtual
+  environments in different availability regions, clouds, or data centers.
 
-* **Agility** – Ability to update through automated CI/CD pipelines with higher code velocity and more frequent code
-  pushes.
+* **Agility** – Ability to update through automated CI/CD pipelines with higher
+  code velocity and more frequent code pushes.
 
 This diagram is an example of what we mean by a **modern app architecture**:
 ![Modern Apps Architecture Example Diagram](docs/DIAG-NGINX-ModernAppsRefArch-NGINX-MARA-1-0-blog-1024x800.png)
@@ -53,26 +60,32 @@ To satisfy the four key characteristics, many modern app architectures employ:
 
 For details on the current state of this project, please see the
 [readme](pulumi/python/README.md) in the [`pulumi/python`](pulumi/python)
-subdirectory. This project is under active development, and the current work is using [Pulumi](https://www.pulumi.com/)
-with Python. Additionally, please see
-[Status and Issues](docs/status-and-issues.md) for the project's up-to-date build status and known issues.
-
-Subdirectories contained within the root directory separate reference architectures by infrastructure deployment tooling
-with additional subdirectories as needed. For example, Pulumi allows the use of multiple languages for deployment. As we
-decided to use Python in our first build, there is a `python` subdirectory under the `pulumi` directory.
-
-This project was started to provide a complete, stealable, easy to deploy, and standalone example of how a modern app
-architecture can be built. It was driven by the necessity to be flexible and not require a long list of dependencies to
-get started. It needs to provide examples of tooling used to build this sort of architecture in the real world. Most
-importantly, it needs to work. Hopefully this provides a ‘jumping off’ point for someone to build their own
+subdirectory. This project is under active development, and the current work is
+using [Pulumi](https://www.pulumi.com/) with Python. Additionally, please see
+[Status and Issues](docs/status-and-issues.md) for the project's up-to-date
+build status and known issues.
+
+Subdirectories contained within the root directory separate reference
+architectures by infrastructure deployment tooling with additional
+subdirectories as needed. For example, Pulumi allows the use of multiple
+languages for deployment. As we decided to use Python in our first build, there
+is a `python` subdirectory under the `pulumi` directory.
+
+This project was started to provide a complete, stealable, easy to deploy, and
+standalone example of how a modern app architecture can be built. It was driven
+by the necessity to be flexible and not require a long list of dependencies to
+get started. It needs to provide examples of tooling used to build this sort of
+architecture in the real world. Most importantly, it needs to work. Hopefully
+this provides a ‘jumping off’ point for someone to build their own
 infrastructure.
 
 ## Deployment Tools
 
 ### Pulumi
 
-[Pulumi](https://www.pulumi.com/) is a modern Infrastructure as Code (IaC) tool that allows you to write code (node,
-Python, Go, etc.) that defines cloud infrastructure. Within the [`pulumi`](pulumi) folder are examples of the pulumi
+[Pulumi](https://www.pulumi.com/) is a modern Infrastructure as Code (IaC) tool
+that allows you to write code (node, Python, Go, etc.) that defines cloud
+infrastructure. Within the [`pulumi`](pulumi) folder are examples of the pulumi
 being used to stand up MARA.
 
 ## Contribution
@@ -87,6 +100,7 @@ All code in this repository is licensed under the
 [Apache License v2 license](LICENSE).
 
 Open source license notices for all projects in this repository can be
-found [here](https://app.fossa.com/reports/92595e16-c0b8-4c68-8c76-59696b6ac219).
+found
+[here](https://app.fossa.com/reports/92595e16-c0b8-4c68-8c76-59696b6ac219).
 
 [![FOSSA Status](https://app.fossa.com/api/projects/custom%2B5618%2Fgit%40github.heygears.com%3Anginxinc%2Fkic-reference-architectures.git.svg?type=large)](https://app.fossa.com/projects/custom%2B5618%2Fgit%40github.heygears.com%3Anginxinc%2Fkic-reference-architectures.git?ref=badge_large)

bin/aws_write_creds.sh

@@ -2,40 +2,38 @@
 set -o errexit  # abort on nonzero exit status
 set -o pipefail # don't hide errors within pipes
 
-# 
-# This script is temporary until we rewrite the AWS deployment following #81 and #82.
-# We look into the environment and if we see environment variables for the AWS 
-# authentication process we move them into a credentials file. This is primarily being
-# done at this time to support Jenkins using env vars for creds
+#
+# This script is temporary until we rewrite the AWS deployment following
+# 81 and #82. # We look into the environment and if we see environment
+# variables for the AWS # authentication process we move them into a
+# credentials file. This is primarily being # done at this time to support
+# Jenkins using env vars for creds
 #
 
 aws_auth_vars=(AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN)
 
 missing_auth_vars=()
-for i in "${aws_auth_vars[@]}"
-do
-    test -n "${!i:+y}" || missing_vars+=("$i")
+for i in "${aws_auth_vars[@]}"; do
+	test -n "${!i:+y}" || missing_vars+=("$i")
 done
 
-if [ ${#missing_auth_vars[@]} -ne 0 ]
-then
-    echo "Did not find values for:" 
-    printf ' %q\n' "${missing_vars[@]}"
-    echo "Will assume they are in credentials file or not needed"
+if [ ${#missing_auth_vars[@]} -ne 0 ]; then
+	echo "Did not find values for:"
+	printf ' %q\n' "${missing_vars[@]}"
+	echo "Will assume they are in credentials file or not needed"
 else
-    echo "Creating credentials file"
-    # Create the directory....
-    mkdir -p ~/.aws
-    CREDS=~/.aws/credentials
-    echo "[default]"                                    >  $CREDS
-    echo "aws_access_key_id=$AWS_ACCESS_KEY_ID"         >> $CREDS 
-    echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" >> $CREDS
-    # This is if we have non-temp credentials...
-    if [[ -z "${AWS_SESSION_TOKEN+x}" ]]; then
-      echo "Variable AWS_SESSION_TOKEN was unset; not adding to credentials"
-    else
-      echo "aws_session_token=$AWS_SESSION_TOKEN"         >> $CREDS
-    fi
+	echo "Creating credentials file"
+	# Create the directory....
+	mkdir -p ~/.aws
+	CREDS=~/.aws/credentials
+	echo "[default]" >$CREDS
+	echo "aws_access_key_id=$AWS_ACCESS_KEY_ID" >>$CREDS
+	echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" >>$CREDS
+	# This is if we have non-temp credentials...
+	if [[ -z "${AWS_SESSION_TOKEN+x}" ]]; then
+		echo "Variable AWS_SESSION_TOKEN was unset; not adding to credentials"
+	else
+		echo "aws_session_token=$AWS_SESSION_TOKEN" >>$CREDS
+	fi
 
 fi
-