Add support for the Pulumi Automation API (#167)

* feat: add Pulumi Automation API scripts with only AWS support

This change adds Python scripts that use the Pulumi Automation
API to stand up MARA like how the bin/start.sh scripts currently
do.

* feat: integrate Automation API scripts with k8s secrets

This change adds a new Pulumi project named 'secrets' to
MARA. This project is used in conjuction with the Pulumi
Automation API to store secrets using the Kubernetes
secret store so the secrets can be used across Pulumi
projects.

* feat: improve authentication error output

This change outputs the results of the AWS cli command
'aws sts get-caller-identity' more tersely and without
a stacktrace when the command fails.

* feat: add differing behavior for container push per provider

* docs: update examples to reflect changes to secrets

* feat: add support for Digital Ocean to automation API scripts

* feat: add support for Digital Ocean Container Registry

* chore: upgrade default helm chart version

* chore: upgrade example version for ingress image name

* refactor: break headers into separate file

* refactor: normalize PulumiProject path property naming

The naming of the property "root_path" conflicted with the
initialization parameter "path" AS WELL AS the method
"path()". This change normalizes the property names such
that they do not ambiguously overlap.

* refactor: on_success closure params to single class

We want to be able to easily add new references to the state that
can be processed for on_success events. As such, the three variables
passed to those closures has been refactored to a single type which
references the original three variables. This will make adding new
variables easier.

* refactor: separate namespace creation from ingress controller

When using container registry credentials with nginx ingress controller,
one must create the credential secrets for the registry in the same
namespace as the ingress controller. By breaking it apart as a separate
step, it allows us to layer in additional logic (such as adding credentials)
after the namespace has been created and before the ingress controller
has been deployed.

* refactor: add DO Registry credentials to k8s secrets via a project

This change adds a new Pulumi project that gets the authentication
credentials for a Digital Ocean Container Repository, encodes them
as a Kubernetes secret, and then stores the secret in the running
cluster's nginx-ingress namespace.

* refactor: make pulumi color settings a method on EnvConfig

* refactor: add container registry implementation name method

* fix: AWS registry not being referenced using 'repository'

AWS ECR refers to itself as a repository and not a registry, we aim
to keep that naming consistent when referring directly to ECR nouns.

This change fixes a bug where we became over-eager using the word
'registry' instead of the noun 'repository' that is hardcoded in
the ECR stack reference.

* bugfix: change pipenv install to pipenv sync to avoid updating deps at build time (#157)

(cherry picked from commit 01ef1ff)

* chore: deprecated convenience scripts and projects (#159)

* chore: remove non-functional kubevip project

* chore: deprecation of resources as discussed in #155

(cherry picked from commit b4ff561)

* fix: typo in find command was causing pulumi stacks to not be deleted (#160)

(cherry picked from commit 0619d5d)

* chore: jenkins fixes and general cleanup of jenkinsfiles (#161)

* fix: typo in find command was causing pulumi stacks to not be deleted

* fix: formatting and find syntax in jenkins (esc for Groovy)

* fix: formatting and find syntax in jenkins (esc for Groovy)

* chore: clean up the comments a bit

(cherry picked from commit cf655d0)

* refactor: improve naming and fix typos

* feat: install Digital Ocean CLI tool

* feat: prompt user for parameters when starting up DO

* feat: add dns record support to Digital Ocean provider

* refactor: change name of container registry credentials project

* docs: small comment addition and doc change

Reference to the DO CLI is removed from the documentation
because it is installed as part of the setup_venv.sh script.

* chore: double Helm timeout for Prometheus install

* feat: allow adding new clusters to the kubectl config

Allow for adding and merging new clusters into the
users kubectl config. The AWS and Digital Ocean
CLIs do this automatically. However, not all SDKs
nor CLI tools do this. Here we add code that does
this so that the same type of functionality can be
done no matter what the underlying infrastructure
provider is.

* refactor: add method to insert project in exec order

Add a method to allow for the insertion of a project
anywhere in the execution order of a provider.

* chore: simplify function name

* feat: add check for empty configuration file

* refactor: break apart read and prompt operations

* chore: change encoding to ascii because it is correct

* feat: add automation API support for LKE and Harbor on Linode

This adds support for Linode using the Automation API scripts.
In order to provide support, the Harbor Container Registry was
added to the requirements. Now, before starting LKE an instance
of Harbor will be started in a Linode compute instance.

* refactor: remove bash provision and destroy scripts

* fix: typo in function parameter

* docs: add additional code comments

* feat: migrate to python logging for output

* docs: add MARA Runner design document

* fix: change sed flag from -r to posix compat -E

Fixes #168

* feat: add easy runner script to MARA automation

This change adds a bash script that sets up the
virtual environment and invokes the automation/main.py
script. Ideally, this would make running MARA much
easier than it currently is.

* fix: properly pass parameters to main.py from runner

* refactor: improve error messaging and operations parsing

* fix: fixes object has no attribute '__debug_logger_func' error

Fixes #166

There is an issue with methods being named with two leading
underscores being passed correctly to Pulumi's async handlers.
In this change, we rename the method and add a check for
the method's existence.

* test: fix test runner to work after directory refactor

* fix: enable force delete on ECR so that MARA can remove it

* fix: sensible message on refresh run without prev deployment

* fix: change import for better compatibility with test runner

* chore: upgrade pulumi deps and kubectl versions

* fix: add in updates to automation-api branch for version bumps (#172)

* chore: update cert-manager chart and crds

* chore: update logagent (filebeat) chart version

* chore: update nginx IC to latest chart version

* chore: update prometheus chart to latest version

* chore: update logstore (Elasticsearch) to latest chart versoin

* chore: update observability to new yaml and new chart

* chore: update example config with new values

* fix: remediation of deployment bugs

* chore: additional bug fixes and usability fixes to automation branch (#174)

* chore: update cert-manager chart and crds

* chore: update logagent (filebeat) chart version

* chore: update nginx IC to latest chart version

* chore: update prometheus chart to latest version

* chore: update logstore (Elasticsearch) to latest chart versoin

* chore: update observability to new yaml and new chart

* chore: update example config with new values

* fix: remediation of deployment bugs

* fix: removed JWT-only logic from BoS

* fix: remove logic for sirius_host from deprecated jwt deploys

* fix: remove deprecated ingress-repo-only project

* fix: adjust min kubectl version deployed

* chore: updates to fix digital ocean deployment (#177)

* chore: update cert-manager chart and crds

* chore: update logagent (filebeat) chart version

* chore: update nginx IC to latest chart version

* chore: update prometheus chart to latest version

* chore: update logstore (Elasticsearch) to latest chart versoin

* chore: update observability to new yaml and new chart

* chore: update example config with new values

* fix: remediation of deployment bugs

* fix: removed JWT-only logic from BoS

* fix: remove logic for sirius_host from deprecated jwt deploys

* fix: remove deprecated ingress-repo-only project

* fix: adjust min kubectl version deployed

* fix: refactor digitalocean to docean for variables

* fix: provide ability to still run kubeconfig deploys until they are cut over to automation api (#179)

* chore: update cert-manager chart and crds

* chore: update logagent (filebeat) chart version

* chore: update nginx IC to latest chart version

* chore: update prometheus chart to latest version

* chore: update logstore (Elasticsearch) to latest chart versoin

* chore: update observability to new yaml and new chart

* chore: update example config with new values

* fix: remediation of deployment bugs

* fix: removed JWT-only logic from BoS

* fix: remove logic for sirius_host from deprecated jwt deploys

* fix: remove deprecated ingress-repo-only project

* fix: adjust min kubectl version deployed

* fix: refactor digitalocean to docean for variables

* fix: add repo-only IC deploy to support kubeconfig deploys

* fix: modifications to handle kubeconfig deploys for now

* fix: recommission bash scripts to support kubeconfig deploys for now

* fix: added gitkeep for IC manifests dir which is required for repo-only deploy (#180)

* chore: update cert-manager chart and crds

* chore: update logagent (filebeat) chart version

* chore: update nginx IC to latest chart version

* chore: update prometheus chart to latest version

* chore: update logstore (Elasticsearch) to latest chart versoin

* chore: update observability to new yaml and new chart

* chore: update example config with new values

* fix: remediation of deployment bugs

* fix: removed JWT-only logic from BoS

* fix: remove logic for sirius_host from deprecated jwt deploys

* fix: remove deprecated ingress-repo-only project

* fix: adjust min kubectl version deployed

* fix: refactor digitalocean to docean for variables

* fix: add repo-only IC deploy to support kubeconfig deploys

* fix: modifications to handle kubeconfig deploys for now

* fix: recommission bash scripts to support kubeconfig deploys for now

* fix: gitkeep needed for manifests dir under repo nginx

* fix: updated jenkinsfiles for automation api work (#181)

* chore: update cert-manager chart and crds

* chore: update logagent (filebeat) chart version

* chore: update nginx IC to latest chart version

* chore: update prometheus chart to latest version

* chore: update logstore (Elasticsearch) to latest chart versoin

* chore: update observability to new yaml and new chart

* chore: update example config with new values

* fix: remediation of deployment bugs

* fix: removed JWT-only logic from BoS

* fix: remove logic for sirius_host from deprecated jwt deploys

* fix: remove deprecated ingress-repo-only project

* fix: adjust min kubectl version deployed

* fix: refactor digitalocean to docean for variables

* fix: add repo-only IC deploy to support kubeconfig deploys

* fix: modifications to handle kubeconfig deploys for now

* fix: recommission bash scripts to support kubeconfig deploys for now

* fix: gitkeep needed for manifests dir under repo nginx

* chore: update jenkinsfiles for automation api

* chore: doc updates for automation-api changes (#183)

* fix: adding updates to jenkinsfiles (#185)

* chore: update cert-manager chart and crds

* chore: update logagent (filebeat) chart version

* chore: update nginx IC to latest chart version

* chore: update prometheus chart to latest version

* chore: update logstore (Elasticsearch) to latest chart versoin

* chore: update observability to new yaml and new chart

* chore: update example config with new values

* fix: remediation of deployment bugs

* fix: removed JWT-only logic from BoS

* fix: remove logic for sirius_host from deprecated jwt deploys

* fix: remove deprecated ingress-repo-only project

* fix: adjust min kubectl version deployed

* fix: refactor digitalocean to docean for variables

* fix: add repo-only IC deploy to support kubeconfig deploys

* fix: modifications to handle kubeconfig deploys for now

* fix: recommission bash scripts to support kubeconfig deploys for now

* fix: gitkeep needed for manifests dir under repo nginx

* chore: update jenkinsfiles for automation api

* fix: updates to the jenkinsfiles

* chore: doc updates for automation-api changes

* fix: update to docker instance for minikube jenkins

* fix: add wheel back into setup_venv.sh (#187)

* fix: add variable for password fields in jenkins runs / accept stack argument / formatting (#188)

* chore: update cert-manager chart and crds

* chore: update logagent (filebeat) chart version

* chore: update nginx IC to latest chart version

* chore: update prometheus chart to latest version

* chore: update logstore (Elasticsearch) to latest chart versoin

* chore: update observability to new yaml and new chart

* chore: update example config with new values

* fix: remediation of deployment bugs

* fix: removed JWT-only logic from BoS

* fix: remove logic for sirius_host from deprecated jwt deploys

* fix: remove deprecated ingress-repo-only project

* fix: adjust min kubectl version deployed

* fix: refactor digitalocean to docean for variables

* fix: add repo-only IC deploy to support kubeconfig deploys

* fix: modifications to handle kubeconfig deploys for now

* fix: recommission bash scripts to support kubeconfig deploys for now

* fix: gitkeep needed for manifests dir under repo nginx

* chore: update jenkinsfiles for automation api

* fix: updates to the jenkinsfiles

* chore: doc updates for automation-api changes

* fix: update to docker instance for minikube jenkins

* fix: add wheel back into setup_venv.sh

* fix: jenkinsfile updates

* feat: accept stack value on CLI, handle mis-match

* chore: reformat markdown to fit standards

* fix: changes requested in #188

* refactor: break up stack environment logic into fnctions

* refactor: formatting changes to main.py

* fix: address PR comments and formatting

* refactor: formatting fixes

* fix: formatting and PR requested changes

* refactor: bash script cleanup

* chore: remove deprecated testcap script

* fix: shell isn't interpreting the args to pulumi right

* fix: still having weird globbing issues.

* fix: adjust jenkinsfiles for new runner syntax

* fix: linode jenkinsfile and log level adjust / comment add (#194)

* fix: update log level and add comment to clarify print stmt

* fix: add closing braces for Linode Jenkinsfile

* fix: cosmetic fix for || construct

* feat: add new logo to repo (#195)

Co-authored-by: Javier Evans <[email protected]>
Co-authored-by: Jason Schmidt <[email protected]>
Co-authored-by: Jason Schmidt <[email protected]>

Author: 4 people

.github/ISSUE_TEMPLATE/feature_request.md

@@ -14,4 +14,4 @@ A clear and concise description of what you want to happen.
 A clear and concise description of any alternative solutions or features you've considered.
 
 **Additional context**
-Add any other context or screenshots about the feature request here.
+Add any other context or screenshots about the feature request here.

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,12 +1,12 @@
 ### Proposed changes
-Describe the use case and detail of the change. If this PR addresses an issue 
-on GitHub, make sure to include a link to that issue here in this description 
+Describe the use case and detail of the change. If this PR addresses an issue
+on GitHub, make sure to include a link to that issue here in this description
 (not in the title of the PR).
 
 ### Checklist
 Before creating a PR, run through this checklist and mark each as complete.
 
-- [ ] I have written my commit messages in the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) format. 
+- [ ] I have written my commit messages in the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) format.
 - [ ] I have read the [CONTRIBUTING](/CONTRIBUTING.md) doc
 - [ ] I have added tests (when possible) that prove my fix is effective or that my feature works
 - [ ] I have checked that all unit tests pass after adding my changes

.gitignore

@@ -260,6 +260,9 @@ override.tf.json
 
 # End of https://www.toptal.com/developers/gitignore/api/python,pycharm+all,terraform
 
+# Ignore locally installed pyenv environment
+.pyenv
+
 *.pyc
 !/extras/jwt.token
 /pulumi/python/tools/common/config/*.yaml

.pre-commit-config.yaml

@@ -0,0 +1,49 @@
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+repos:
+-   repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.3.0
+    hooks:
+    -   id: check-yaml
+        args: [--allow-multiple-documents]
+    -   id: check-added-large-files
+    -   id: check-merge-conflict
+    -   id: detect-private-key
+    -   id: trailing-whitespace
+    -   id: mixed-line-ending
+    -   id: end-of-file-fixer
+    -   id: debug-statements
+    -   id: check-merge-conflict
+    -   id: check-ast
+
+-   repo: https://github.com/pre-commit/mirrors-autopep8
+    rev: v1.7.0
+    hooks:
+    -   id: autopep8
+
+-   repo: https://github.com/asottile/dead
+    rev: v1.5.0
+    hooks:
+    -   id: dead
+
+-   repo: https://github.com/jumanjihouse/pre-commit-hooks
+    rev: 3.0.0
+    hooks:
+    -  id: shellcheck
+    -  id: shfmt
+    -  id: markdownlint
+
+-   repo: https://github.com/PyCQA/flake8
+    rev: 5.0.4
+    hooks:
+    -  id: flake8
+
+-   repo: https://github.com/zricethezav/gitleaks
+    rev: v8.11.0
+    hooks:
+    -  id: gitleaks
+
+-   repo: https://github.com/Yelp/detect-secrets
+    rev: v1.3.0
+    hooks:
+    -  id: detect-secrets

CODE_OF_CONDUCT.md

@@ -117,13 +117,15 @@ the community.
 
 This Code of Conduct is adapted from the [Contributor Covenant][homepage],
 version 2.0, available at
-https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
+[https://www.contributor-covenant.org/version/2/0/code_of_conduct.html](https://www.contributor-covenant.org/version/2/0/code_of_conduct.html)
+.
 
-Community Impact Guidelines were inspired by [Mozilla's code of conduct
-enforcement ladder](https://github.com/mozilla/diversity).
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder](https://github.com/mozilla/diversity).
 
 [homepage]: https://www.contributor-covenant.org
 
 For answers to common questions about this code of conduct, see the FAQ at
-https://www.contributor-covenant.org/faq. Translations are available at
-https://www.contributor-covenant.org/translations.
+[https://www.contributor-covenant.org/faq](https://www.contributor-covenant.org/faq)
+. Translations are available at
+[https://www.contributor-covenant.org/translations](https://www.contributor-covenant.org/translations).

CONTRIBUTING.md

@@ -1,16 +1,18 @@
 # Contributing Guidelines
 
-The following is a set of guidelines for contributing. We really appreciate that you are considering contributing!
+The following is a set of guidelines for contributing. We really appreciate
+that you are considering contributing!
 
-#### Table Of Contents
+## Table Of Contents
 
 [Ask a Question](#ask-a-question)
 
 [Contributing](#contributing)
 
 [Style Guides](#style-guides)
-  * [Git Style Guide](#git-style-guide)
-  * [Go Style Guide](#go-style-guide)
+
+* [Git Style Guide](#git-style-guide)
+* [Go Style Guide](#go-style-guide)
 
 [Code of Conduct](https://github.com/nginxinc/nginx-wrapper/blob/master/CODE_OF_CONDUCT.md)
 
@@ -22,33 +24,50 @@ Please open an Issue on GitHub with the label `question`.
 
 ### Report a Bug
 
-To report a bug, open an issue on GitHub with the label `bug` using the available bug report issue template. Please ensure the issue has not already been reported.
+To report a bug, open an issue on GitHub with the label `bug` using the
+available bug report issue template. Please ensure the issue has not already
+been reported.
 
 ### Suggest an Enhancement
 
-To suggest an enhancement, please create an issue on GitHub with the label `enhancement` using the available feature issue template.
+To suggest an enhancement, please create an issue on GitHub with the label
+`enhancement` using the available feature issue template.
 
 ### Open a Pull Request
 
-* Fork the repo, create a branch, submit a PR when your changes are tested and ready for review.
+* Fork the repo, create a branch, submit a PR when your changes are tested and
+  ready for review.
 * Fill in [our pull request template](/.github/PULL_REQUEST_TEMPLATE.md)
 
-Note: if you’d like to implement a new feature, please consider creating a feature request issue first to start a discussion about the feature.
+Note: if you’d like to implement a new feature, please consider creating a
+feature request issue first to start a discussion about the feature.
 
 ## Style Guides
 
 ### Git Style Guide
 
-* Keep a clean, concise and meaningful git commit history on your branch, rebasing locally and squashing before submitting a PR
-* Use the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) format when writing a commit message, so that changelogs can be automatically generated
-* Follow the guidelines of writing a good commit message as described [here](https://chris.beams.io/posts/git-commit/) and summarised in the next few points
-    * In the subject line, use the present tense ("Add feature" not "Added feature")
-    * In the subject line, use the imperative mood ("Move cursor to..." not "Moves cursor to...")
-    * Limit the subject line to 72 characters or less
-    * Reference issues and pull requests liberally after the subject line
-    * Add more detailed description in the body of the git message (`git commit -a` to give you more space and time in your text editor to write a good message instead of `git commit -am`)
+* Keep a clean, concise and meaningful git commit history on your branch,
+  rebasing locally and squashing before submitting a PR
+* Use the
+  [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) format
+  when writing a commit message, so that changelogs can be automatically
+  generated
+* Follow the guidelines of writing a good commit message as described
+  [here](https://chris.beams.io/posts/git-commit/) and summarised in the next
+  few points
+  * In the subject line, use the present tense
+    ("Add feature" not "Added feature")
+  * In the subject line, use the imperative mood ("Move cursor to..." not
+    "Moves cursor to...")
+  * Limit the subject line to 72 characters or less
+  * Reference issues and pull requests liberally after the subject line
+  * Add more detailed description in the body of the git message (
+    `git commit -a` to give you more space and time in your text editor to
+    write a good message instead of `git commit -am`)
 
 ### Code Style Guide
 
-* Python code should conform to the [PEP-8 style guidelines](https://www.python.org/dev/peps/pep-0008/) whenever possible.
+* Python code should conform to the
+  [PEP-8 style guidelines](https://www.python.org/dev/peps/pep-0008/)
+  whenever possible.
 * Where feasible, include unit tests.

README.md

@@ -1,40 +1,47 @@
+# NGINX Modern Reference Architectures
+
+## Current Test Status
+
 [![FOSSA Status](https://app.fossa.com/api/projects/custom%2B5618%2Fgit%40github.com%3Anginxinc%2Fkic-reference-architectures.git.svg?type=shield)](https://app.fossa.com/projects/custom%2B5618%2Fgit%40github.com%3Anginxinc%2Fkic-reference-architectures.git?ref=badge_shield)
-![AWS Status](https://jenkins.mantawang.com/buildStatus/icon?job=mara_aws_prod&subject=AWS) 
-![DO Status](https://jenkins.mantawang.com/buildStatus/icon?job=mara_do_prod&subject=DigitalOcean) 
-![LKE Status](https://jenkins.mantawang.com/buildStatus/icon?job=mara_lke_prod&subject=Linode) 
+![AWS Status](https://jenkins.mantawang.com/buildStatus/icon?job=mara_aws_prod&subject=AWS)
+![DO Status](https://jenkins.mantawang.com/buildStatus/icon?job=mara_do_prod&subject=DigitalOcean)
+![LKE Status](https://jenkins.mantawang.com/buildStatus/icon?job=mara_lke_prod&subject=Linode)
 ![K3s Status](https://jenkins.mantawang.com/buildStatus/icon?job=mara_k3s_prod&subject=K3s)
 ![MicroK8s Status](https://jenkins.mantawang.com/buildStatus/icon?job=mara_mk8s_prod&subject=MicroK8s)
-![Minikube Status](https://jenkins.mantawang.com/buildStatus/icon?job=mara_minikube_prod&subject=Minikube) 
+![Minikube Status](https://jenkins.mantawang.com/buildStatus/icon?job=mara_minikube_prod&subject=Minikube)
 
-# NGINX Modern Reference Architectures
+![MARA Project](./docs/NGINX-MARA-icon.png)  
 
-This repository has the basics for a common way to deploy and manage modern apps. Over time, we'll build more example
-architectures using different deployment models and options – including other clouds – and you’ll be able to find those
-here.
+This repository has the basics for a common way to deploy and manage modern
+apps. Over time, we'll build more example architectures using different
+deployment models and options – including other clouds – and you’ll be able
+to find those here.
 
 ## Nomenclature
 
-Internally, we refer to this project as MARA for Modern Application Reference Architecture. The current repository name
-reflects the humble origins of this project, as it was started with the purpose of allowing users to build custom
-versions of the NGINX Ingress Controller in Kubernetes. This went so well that we expanded it to the project you're
-currently viewing.
+Internally, we refer to this project as MARA for Modern Application Reference
+Architecture. The current repository name reflects the humble origins of this
+project, as it was started with the purpose of allowing users to build custom
+versions of the NGINX Ingress Controller in Kubernetes. This went so well that
+we expanded it to the project you're currently viewing.
 
 ## Modern App Architectures
 
 We define modern app architectures as those driven by four characteristics:
-*scalability*, *portability*, *resiliency*, and *agility*. While many different aspects of a modern architecture exist,
-these are fundamental.
+*scalability*, *portability*, *resiliency*, and *agility*. While many different
+aspects of a modern architecture exist, these are fundamental.
 
-* **Scalability** – Quickly and seamlessly scale up or down to accommodate spikes or reductions in demand, anywhere in
-  the world.
+* **Scalability** – Quickly and seamlessly scale up or down to accommodate
+  spikes or reductions in demand, anywhere in the world.
 
-* **Portability** – Easy to deploy on multiple types of devices and infrastructures, on public clouds, and on premises.
+* **Portability** – Easy to deploy on multiple types of devices and
+  infrastructures, on public clouds, and on premises.
 
-* **Resiliency** – Can fail over to newly spun‑up clusters or virtual environments in different availability regions,
-  clouds, or data centers.
+* **Resiliency** – Can fail over to newly spun‑up clusters or virtual
+  environments in different availability regions, clouds, or data centers.
 
-* **Agility** – Ability to update through automated CI/CD pipelines with higher code velocity and more frequent code
-  pushes.
+* **Agility** – Ability to update through automated CI/CD pipelines with higher
+  code velocity and more frequent code pushes.
 
 This diagram is an example of what we mean by a **modern app architecture**:
 ![Modern Apps Architecture Example Diagram](docs/DIAG-NGINX-ModernAppsRefArch-NGINX-MARA-1-0-blog-1024x800.png)
@@ -53,26 +60,32 @@ To satisfy the four key characteristics, many modern app architectures employ:
 
 For details on the current state of this project, please see the
 [readme](pulumi/python/README.md) in the [`pulumi/python`](pulumi/python)
-subdirectory. This project is under active development, and the current work is using [Pulumi](https://www.pulumi.com/)
-with Python. Additionally, please see
-[Status and Issues](docs/status-and-issues.md) for the project's up-to-date build status and known issues.
-
-Subdirectories contained within the root directory separate reference architectures by infrastructure deployment tooling
-with additional subdirectories as needed. For example, Pulumi allows the use of multiple languages for deployment. As we
-decided to use Python in our first build, there is a `python` subdirectory under the `pulumi` directory.
-
-This project was started to provide a complete, stealable, easy to deploy, and standalone example of how a modern app
-architecture can be built. It was driven by the necessity to be flexible and not require a long list of dependencies to
-get started. It needs to provide examples of tooling used to build this sort of architecture in the real world. Most
-importantly, it needs to work. Hopefully this provides a ‘jumping off’ point for someone to build their own
+subdirectory. This project is under active development, and the current work is
+using [Pulumi](https://www.pulumi.com/) with Python. Additionally, please see
+[Status and Issues](docs/status-and-issues.md) for the project's up-to-date
+build status and known issues.
+
+Subdirectories contained within the root directory separate reference
+architectures by infrastructure deployment tooling with additional
+subdirectories as needed. For example, Pulumi allows the use of multiple
+languages for deployment. As we decided to use Python in our first build, there
+is a `python` subdirectory under the `pulumi` directory.
+
+This project was started to provide a complete, stealable, easy to deploy, and
+standalone example of how a modern app architecture can be built. It was driven
+by the necessity to be flexible and not require a long list of dependencies to
+get started. It needs to provide examples of tooling used to build this sort of
+architecture in the real world. Most importantly, it needs to work. Hopefully
+this provides a ‘jumping off’ point for someone to build their own
 infrastructure.
 
 ## Deployment Tools
 
 ### Pulumi
 
-[Pulumi](https://www.pulumi.com/) is a modern Infrastructure as Code (IaC) tool that allows you to write code (node,
-Python, Go, etc.) that defines cloud infrastructure. Within the [`pulumi`](pulumi) folder are examples of the pulumi
+[Pulumi](https://www.pulumi.com/) is a modern Infrastructure as Code (IaC) tool
+that allows you to write code (node, Python, Go, etc.) that defines cloud
+infrastructure. Within the [`pulumi`](pulumi) folder are examples of the pulumi
 being used to stand up MARA.
 
 ## Contribution
@@ -87,6 +100,7 @@ All code in this repository is licensed under the
 [Apache License v2 license](LICENSE).
 
 Open source license notices for all projects in this repository can be
-found [here](https://app.fossa.com/reports/92595e16-c0b8-4c68-8c76-59696b6ac219).
+found
+[here](https://app.fossa.com/reports/92595e16-c0b8-4c68-8c76-59696b6ac219).
 
 [![FOSSA Status](https://app.fossa.com/api/projects/custom%2B5618%2Fgit%40github.com%3Anginxinc%2Fkic-reference-architectures.git.svg?type=large)](https://app.fossa.com/projects/custom%2B5618%2Fgit%40github.com%3Anginxinc%2Fkic-reference-architectures.git?ref=badge_large)

bin/aws_write_creds.sh

@@ -2,40 +2,38 @@
 set -o errexit  # abort on nonzero exit status
 set -o pipefail # don't hide errors within pipes
 
-# 
-# This script is temporary until we rewrite the AWS deployment following #81 and #82.
-# We look into the environment and if we see environment variables for the AWS 
-# authentication process we move them into a credentials file. This is primarily being
-# done at this time to support Jenkins using env vars for creds
+#
+# This script is temporary until we rewrite the AWS deployment following
+# 81 and #82. # We look into the environment and if we see environment
+# variables for the AWS # authentication process we move them into a
+# credentials file. This is primarily being # done at this time to support
+# Jenkins using env vars for creds
 #
 
 aws_auth_vars=(AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN)
 
 missing_auth_vars=()
-for i in "${aws_auth_vars[@]}"
-do
-    test -n "${!i:+y}" || missing_vars+=("$i")
+for i in "${aws_auth_vars[@]}"; do
+	test -n "${!i:+y}" || missing_vars+=("$i")
 done
 
-if [ ${#missing_auth_vars[@]} -ne 0 ]
-then
-    echo "Did not find values for:" 
-    printf ' %q\n' "${missing_vars[@]}"
-    echo "Will assume they are in credentials file or not needed"
+if [ ${#missing_auth_vars[@]} -ne 0 ]; then
+	echo "Did not find values for:"
+	printf ' %q\n' "${missing_vars[@]}"
+	echo "Will assume they are in credentials file or not needed"
 else
-    echo "Creating credentials file"
-    # Create the directory....
-    mkdir -p ~/.aws
-    CREDS=~/.aws/credentials
-    echo "[default]"                                    >  $CREDS
-    echo "aws_access_key_id=$AWS_ACCESS_KEY_ID"         >> $CREDS 
-    echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" >> $CREDS
-    # This is if we have non-temp credentials...
-    if [[ -z "${AWS_SESSION_TOKEN+x}" ]]; then
-      echo "Variable AWS_SESSION_TOKEN was unset; not adding to credentials"
-    else
-      echo "aws_session_token=$AWS_SESSION_TOKEN"         >> $CREDS
-    fi
+	echo "Creating credentials file"
+	# Create the directory....
+	mkdir -p ~/.aws
+	CREDS=~/.aws/credentials
+	echo "[default]" >$CREDS
+	echo "aws_access_key_id=$AWS_ACCESS_KEY_ID" >>$CREDS
+	echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" >>$CREDS
+	# This is if we have non-temp credentials...
+	if [[ -z "${AWS_SESSION_TOKEN+x}" ]]; then
+		echo "Variable AWS_SESSION_TOKEN was unset; not adding to credentials"
+	else
+		echo "aws_session_token=$AWS_SESSION_TOKEN" >>$CREDS
+	fi
 
 fi
-