Merge pull request #4694 from sgoings/digitalocean-improvements

feat(contrib/digitalocean): improve Digital Ocean provisioning workflow

Author: Seth Goings

contrib/digitalocean/config.sh

@@ -2,18 +2,76 @@ export DEIS_TEST_DOMAIN="xip.io"
 export DO_TOKEN
 export DO_SSH_FINGERPRINT
 
-prompt "What Digital Ocean token should I use?" DO_TOKEN
-prompt "What Digital Ocean ssh fingerprint should I use?" DO_SSH_FINGERPRINT
+function check-do-token {
+  if [ ! -z ${1} ]; then
+    local token="${1}"
+    curl --fail -X GET -H "Authorization: Bearer ${token}" \
+                          "https://api.digitalocean.com/v2/account" &> /dev/null
+  else
+    return 1
+  fi
+}
+
+function check-do-ssh-key {
+  local token="${1}"
+  local ssh_fingerprint="${2}"
+
+  if [ ! -z ${ssh_fingerprint} ]; then
+    curl --fail \
+         -X GET \
+         -H \
+         "Authorization: Bearer ${token}" \
+         "https://api.digitalocean.com/v2/account/keys/${ssh_fingerprint}" &> /dev/null
+  else
+    return 1
+  fi
+}
+
+while true; do
+  password-prompt "What DigitalOcean token should I use?" DO_TOKEN
+
+  if ! check-do-token "${DO_TOKEN:-}"; then
+    rerun_log error "Couldn't login to DigitalOcean using this API token. :-("
+    unset DO_TOKEN
+  else
+    rerun_log info "Successfully logged into DigitalOcean!"
+    break
+  fi
+done
+
+while true; do
+  ssh-private-key-prompt "What private SSH key should I use when creating DigitalOcean droplets?" SSH_PRIVATE_KEY_FILE
+
+  export DO_SSH_FINGERPRINT="$(ssh-fingerprint "${SSH_PRIVATE_KEY_FILE}")"
+
+  if ! check-do-ssh-key "${DO_TOKEN}" "${DO_SSH_FINGERPRINT:-}"; then
+    rerun_log error "Couldn't find the fingerprint for this key in DigitalOcean."
+
+    cat <<EOF
+  Upload the public key by pressing the "Add SSH Key" button on
+  your DigitalOcean security page:
+
+    https://cloud.digitalocean.com/settings/security
+
+  Or pick a different key...
+
+EOF
+
+    unset SSH_PRIVATE_KEY_FILE
+  else
+    rerun_log info "This SSH key is correctly configured for use with DigitalOcean!"
+    break
+  fi
+done
+
+rigger-log "DO_SSH_FINGERPRINT set to ${DO_SSH_FINGERPRINT}"
 
 export TF_VAR_deis_root="${DEIS_ROOT}"
-export TF_VAR_token="${DO_TOKEN}"
 export TF_VAR_ssh_keys="${DO_SSH_FINGERPRINT}"
 export TF_VAR_prefix="deis-${DEIS_ID}"
 
 rigger-save-vars DEIS_TEST_DOMAIN \
-                 DO_TOKEN \
                  DO_SSH_FINGERPRINT \
                  TF_VAR_deis_root \
                  TF_VAR_prefix \
-                 TF_VAR_ssh_keys \
-                 TF_VAR_token
+                 TF_VAR_ssh_keys

contrib/digitalocean/create

@@ -2,7 +2,9 @@
 
 set -eo pipefail -o nounset
 
-terraform apply
+export TF_VAR_token="${DO_TOKEN}"
+
+terraform apply | grep --line-buffered -v user_data
 
 export DEISCTL_TUNNEL="$(terraform output ip)"
 export DEIS_TEST_DOMAIN="${DEISCTL_TUNNEL}.xip.io"

contrib/digitalocean/destroy

@@ -2,4 +2,6 @@
 
 set -eo pipefail -o nounset
 
+export TF_VAR_token="${DO_TOKEN}"
+
 terraform destroy -force

contrib/digitalocean/variables.tf

@@ -19,5 +19,5 @@ variable "ssh_keys" {
 }
 
 variable "token" {
-  description = "Your Digital Ocean auth token"
+  description = "Your DigitalOcean auth token"
 }