[tfstate-backend] Update scripts to use true/false (#60)

* Update logic

Author: osterman

aws/tfstate-backend/scripts/delete-bucket.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+ 
+# Remove all versions and delete markers for each object
+OBJECT_VERSIONS=$(aws --output text s3api list-object-versions --bucket "$1" | grep -E '^VERSIONS|^DELETEMARKERS')
+
+if [ $? -ne 0 ]; then
+	echo "Aborting"
+	exit 1
+fi
+
+while read -r OBJECT_VERSION; do
+	if [[ "$OBJECT_VERSION" == DELETEMARKERS* ]]; then
+		KEY=$(echo $OBJECT_VERSION | awk '{print $3}')
+		VERSION_ID=$(echo $OBJECT_VERSION | awk '{print $5}')
+	else
+		KEY=$(echo $OBJECT_VERSION | awk '{print $4}')
+		VERSION_ID=$(echo $OBJECT_VERSION | awk '{print $8}')
+	fi
+	if [ -n "${KEY}" ] && [ -n "${VERSION_ID}" ]; then
+		aws s3api delete-object --bucket $1 --key $KEY --version-id $VERSION_ID >/dev/null
+	fi
+done <<< "$OBJECT_VERSIONS"
+ 
+# Remove the bucket with --force option to remove any remaining files without versions.
+aws s3 rb --force s3://$1

aws/tfstate-backend/scripts/destroy.sh

@@ -1,6 +1,17 @@
+#!/usr/bin/env bash
+# This script destroys the tfstate backend
+
+# We use this variable consistently to pass the role we wish to assume in our root modules
+export TF_VAR_aws_assume_role_arn="${TF_VAR_aws_assume_role_arn:-false}"
+
+DISABLE_ROLE_ARN=${DISABLE_ROLE_ARN:-false}
+
 # Start with a clean slate
 rm -rf .terraform terraform.tfstate
 
+# Disable Role ARN (necessary for root account when using master credentials)
+[ "${DISABLE_ROLE_ARN}" == "true" ] || sed -Ei 's/^(\s+role_arn\s+)/#\1/' main.tf
+
 # Init terraform with S3 state enabled. Assumes state was previously initialized.
 init-terraform
 
@@ -26,5 +37,8 @@ terraform destroy -auto-approve
 # Re-enable S3 backend
 sed -Ei 's/^#(\s+backend\s+)/\1/' main.tf
 
+# Re-enable Role ARN
+[ "${DISABLE_ROLE_ARN}" == "true" ] || sed -Ei 's/^#(\s+role_arn\s+)/\1/' main.tf
+
 # Clean up
 rm -rf .terraform terraform.tfstate

aws/tfstate-backend/scripts/init.sh

@@ -1,25 +1,30 @@
 #!/usr/bin/env bash
 # This script automates the cold-start process of provisioning the Terraform state backend using terraform
 
-DISABLE_ROLE_ARN=${DISABLE_ROLE_ARN:-0}
+set -e
+
+# We use this variable consistently to pass the role we wish to assume in our root modules
+export TF_VAR_aws_assume_role_arn="${TF_VAR_aws_assume_role_arn:-false}"
+
+DISABLE_ROLE_ARN=${DISABLE_ROLE_ARN:-false}
 
 # Start from a clean slate
 rm -rf .terraform terraform.tfstate
 
-# Disable S3 backend
+# Disable S3 backend. We'll import state afterwards.
 sed -Ei 's/^(\s+backend\s+)/#\1/' main.tf
 
 # Disable Role ARN (necessary for root account on cold-start)
-[ "${DISABLE_ROLE_ARN}" == "0" ] || sed -Ei 's/^(\s+role_arn\s+)/#\1/' main.tf
+[ "${DISABLE_ROLE_ARN}" == "true" ] || sed -Ei 's/^(\s+role_arn\s+)/#\1/' main.tf
 
 # Initialize terraform modules and providers
 init-terraform
 
 # Provision S3 bucket and dynamodb tables
-terraform apply -auto-approve
+terraform apply -auto-approve -input=false
 
-export TF_BUCKET=$(terraform output -json | jq -r .tfstate_backend_s3_bucket_id.value)
-export TF_DYNAMODB_TABLE=$(terraform output -json | jq -r .tfstate_backend_dynamodb_table_id.value)
+export TF_BUCKET=$(terraform output tfstate_backend_s3_bucket_id)
+export TF_DYNAMODB_TABLE=$(terraform output tfstate_backend_dynamodb_table_id)
 export TF_BUCKET_REGION=${TF_VAR_region}
 
 # Re-enable S3 backend
@@ -29,7 +34,7 @@ sed -Ei 's/^#(\s+backend\s+)/\1/' main.tf
 echo "yes" | init-terraform
 
 # Re-enable Role ARN
-[ "${DISABLE_ROLE_ARN}" == "0" ] || sed -Ei 's/^#(\s+role_arn\s+)/\1/' main.tf
+[ "${DISABLE_ROLE_ARN}" == "true" ] || sed -Ei 's/^#(\s+role_arn\s+)/\1/' main.tf
 
 # Describe how to use the S3/DynamoDB resources with Geodesic
 echo "Add the following to the Geodesic Module's Dockerfile:"