From d2cd67ad2ecbb78dd5edeaad784b1a1071270d54 Mon Sep 17 00:00:00 2001 From: Paul B Date: Sat, 9 Sep 2017 15:28:44 +0200 Subject: [PATCH 1/4] Rewrite wrapping script to fix secret envs --- Makefile | 23 +++++++----------- terraform.sh | 66 ++++++++++++++++++++++++++++++++-------------------- 2 files changed, 50 insertions(+), 39 deletions(-) diff --git a/Makefile b/Makefile index 19542e6..1ab83b8 100644 --- a/Makefile +++ b/Makefile @@ -11,7 +11,7 @@ ## # TERRAFORM INSTALL ## -version ?= "0.10.3" +version ?= "0.10.4" os ?= $(shell uname|tr A-Z a-z) ifeq ($(shell uname -m),x86_64) arch ?= "amd64" @@ -33,11 +33,6 @@ env ?= "" ## # INTERNAL VARIABLES ## -ifneq ("$(provider)", "") - wd ?= providers/$(provider)/$(env) -else - wd ?= "." -endif ifeq ("$(shell which terraform)", "") install ?= "true" endif @@ -51,11 +46,11 @@ endif .PHONY: install install: ## make install # Install terraform and dependencies ifeq ($(install),"true") - @wget -O /usr/bin/terraform.zip https://releases.hashicorp.com/terraform/0.10.3/terraform_$(version)_$(os)_$(arch).zip + @wget -O /usr/bin/terraform.zip https://releases.hashicorp.com/terraform/$(version)/terraform_$(version)_$(os)_$(arch).zip @unzip -d /usr/bin /usr/bin/terraform.zip && rm /usr/bin/terraform.zip endif @terraform --version - @wd=$(wd) ./terraform.sh init + @bash terraform.sh init .PHONY: lint lint: ## make lint # Rewrites config to canonical format @@ -63,23 +58,23 @@ lint: ## make lint # Rewrites config to canonical format .PHONY: validate validate: ## make validate # Basic syntax check - @wd=$(wd) ./terraform.sh validate $(opts) + @bash terraform.sh validate $(opts) .PHONY: list list: ## make list # List infra resources - @wd=$(wd) ./terraform.sh show $(opts) + @bash terraform.sh show $(opts) .PHONY: dry-run -dry-run: ## make dry-run # Dry run resources changes - @wd=$(wd) ./terraform.sh plan $(opts) +dry-run: pass ## make dry-run # Dry run resources changes + @bash terraform.sh plan $(opts) .PHONY: run run: ## make run # Execute resources changes - @wd=$(wd) ./terraform.sh apply $(opts) + @bash terraform.sh apply $(opts) .PHONY: destroy destroy: ## make destroy # Destroy resources - @wd=$(wd) ./terraform.sh destroy $(opts) + @bash terraform.sh destroy $(opts) help: @grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' diff --git a/terraform.sh b/terraform.sh index c744c1f..ecbbcd7 100755 --- a/terraform.sh +++ b/terraform.sh @@ -10,36 +10,52 @@ # #!/bin/bash -e -key="$(echo "${provider}" | tr '[:lower:]' '[:upper:]')_$(echo "${env}" | tr '[:lower:]' '[:upper:]')_KEY" -secret="$(echo "${provider}" | tr '[:lower:]' '[:upper:]')_$(echo "${env}" | tr '[:lower:]' '[:upper:]')_SECRET" +valid_identifier() +{ + echo "$1" | tr '[:lower:]' '[:upper:]' | tr -cs '[:alpha:]\n' '_' +} + +key="$(valid_identifier "${provider}")_$(valid_identifier "${env}")_KEY" +secret="$(valid_identifier "${provider}")_$(valid_identifier "${env}")_SECRET" if (which pass >/dev/null 2>&1); then - pass_key="$(pass "terraform/${provider}/${env}/access_key")" - pass_secret="$(pass "terraform/${provider}/${env}/secret")" + pass_key="$(pass "terraform/${provider}/${env}/access_key")" + pass_secret="$(pass "terraform/${provider}/${env}/secret")" - declare "${key}"="${pass_key}" - declare "${secret}"="${pass_secret}" + declare "${key}"="${pass_key}" + declare "${secret}"="${pass_secret}" fi case $provider in - aws) - declare "AWS_ACCESS_KEY_ID=${!key}" - declare "AWS_SECRET_ACCESS_KEY=${!secret}" - ;; - azurerm) - declare "ARM_CLIENT_ID=${!key}" - declare "ARM_CLIENT_SECRET=${!secret}" - :;; - "do") - declare "DIGITALOCEAN_TOKEN=${!secret}" - :;; - google) - declare "GOOGLE_CREDENTIALS=${!secret}" - :;; - scaleway) - declare "SCALEWAY_ORGANIZATION=${!key}" - declare "SCALEWAY_TOKEN=${!secret}" - :;; + aws) + if [ -z "${AWS_ACCESS_KEY_ID}" ]; then + declare -x "AWS_ACCESS_KEY_ID=${!key}" + declare -x "AWS_SECRET_ACCESS_KEY=${!secret}" + fi + ;; + azurerm) + if [ -z "${ARM_CLIENT_ID}" ]; then + declare -x "ARM_CLIENT_ID=${!key}" + declare -x "ARM_CLIENT_SECRET=${!secret}" + fi + ;; + "do") + if [ -z "${DIGITALOCEAN_TOKEN}" ]; then + declare -x "DIGITALOCEAN_TOKEN=${!secret}" + fi + ;; + google) + if [ -z "${GOOGLE_CREDENTIALS}" ]; then + declare -x "GOOGLE_CREDENTIALS=${!secret}" + fi + ;; + scaleway) + if [ -z "${SCALEWAY_ORGANIZATION}" ]; then + declare -x "SCALEWAY_ORGANIZATION=${!key}" + declare -x "SCALEWAY_TOKEN=${!secret}" + fi + ;; esac -cd "${wd}" && terraform $@ +cd "providers/${provider}/${env}" +terraform "$@" From 9baddafb89bea91bf2f41de62e80f934803a80d8 Mon Sep 17 00:00:00 2001 From: Paul B Date: Sat, 9 Sep 2017 15:42:22 +0200 Subject: [PATCH 2/4] Update README --- README.md | 49 ++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 38 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 18093dd..99cc602 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Makefile for Terraform users -This repository provides a Makefile to give you a simple interface for Terraform. +This repository provides a Makefile to give you a simple interface for [Terraform](https://www.terraform.io/). ## Why? @@ -8,18 +8,45 @@ This repository provides a Makefile to give you a simple interface for Terraform - Don't Repeat Yourself while typing terraform commands - Easier adoption for people that are not used to Terraform - Document common usage -- Unique entrypoint script for credentials management +- Unique entrypoint script for credentials management (only for AWS, Azure, DigitalOcean, Google and Scaleway for now) + - either passing ENV variables. E.g. `__SECRET` will be mapped to `DIGITALOCEAN_TOKEN` if `provider=do` is provided as variable + - either using [`pass`](https://www.passwordstore.org/) as local secret manager. E.g. password `terraform///secret` will be mapped to `DIGITALOCEAN_TOKEN` if `provider=do` is provided as variable ## Installation Simply download the `Makefile` and the `terraform.sh` files in your terraform configuration directory. - wget -O Makefile https://raw.githubusercontent.com/paulRbr/terraform-makefile/master/Makefile - wget -O terraform.sh https://raw.githubusercontent.com/paulRbr/terraform-makefile/master/terraform.sh + wget -N https://raw.githubusercontent.com/paulRbr/terraform-makefile/master/{Makefile,terraform.sh} + +## Convention + +This makefile assumes your terraform configuration files are stored as such: + +``` +providers/ +├── aws +│   ├── prod +│   │   └── empty.tf +│   └── test +│   └── empty.tf +├── do +│   └── prod +│   └── empty.tf +├── google +│   ├── prod +│   │   └── empty.tf +│   └── test +│   └── empty.tf +└── scaleway + └── prod + └── empty.tf +``` + +I.e. `providers///*.tf` ## Commands -This is the list of commands made available +List of commands made available ~~~bash > make @@ -33,11 +60,11 @@ run make run # Execute resources changes ## Variables -This is the explanation of variables that can be passed to commands: +Details of the variables that can be passed to commands: -| Name | Default | Description | Example | -| --------- | ------- | ----------- | ------- | -| `provider`| - | Name of the cloud provider to target | If you have an terraform file in `provider/aws/production/production.tf` you will be able to `make run provider=aws env=production` | -| `env` | - | Name of the environment you want to use | If you have an terraform file in `provider/google/production/production.tf` you will be able to `make run provider=google env=production` | -| `args` | - | Add terraform understandable arguments | `make dry-run args='-no-color'` | +| Name | Default | Values | Description | Example | +| --------- | ------- | ------ | ----------- | ------- | +| `provider`| - | `aws`
`azure`
`do`
`google`
`scaleway` | Name of the cloud provider to target | With your terraform file in `provider/aws/production/production.tf` you will be able to `make dry-run provider=aws env=production` | +| `env` | - | `String` | Name of the environment you want to use | With a terraform file in `provider/google/production/production.tf` you will be able to `make dry-run provider=google env=production` | +| `args` | - | `String` | Add terraform understandable arguments | `make dry-run args='-no-color'` | From 1a57282c3f813f2db3472e20fc933718a6f43963 Mon Sep 17 00:00:00 2001 From: Paul B Date: Sun, 10 Sep 2017 14:21:29 +0200 Subject: [PATCH 3/4] Update version number everywhere and add CI checking --- .travis.yml | 1 + Makefile | 3 ++- README.md | 2 ++ VERSION | 1 + terraform.sh | 2 +- test.sh | 11 +++++++++++ 6 files changed, 18 insertions(+), 2 deletions(-) create mode 100644 VERSION create mode 100755 test.sh diff --git a/.travis.yml b/.travis.yml index e7a0455..1c97b9c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,3 +11,4 @@ install: script: # Basic run - make + - ./test.sh diff --git a/Makefile b/Makefile index 1ab83b8..50d4027 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ # ------------------ # TERRAFORM-MAKEFILE -# v0.1.0 +# v0.10.4 # ------------------ # # This Makefile is maintained on Github.com. @@ -77,6 +77,7 @@ destroy: ## make destroy # Destroy resources @bash terraform.sh destroy $(opts) help: + @printf "\033[32mTerraform-makefile v$(version)\033[0m\n" @grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' .DEFAULT_GOAL := help diff --git a/README.md b/README.md index 99cc602..77a4c6a 100644 --- a/README.md +++ b/README.md @@ -50,12 +50,14 @@ List of commands made available ~~~bash > make +Terraform-makefile v0.10.4 destroy make destroy # Destroy resources dry-run make dry-run # Dry run resources changes install make install # Install terraform and dependencies lint make lint # Rewrites config to canonical format list make list # List infra resources run make run # Execute resources changes +validate make validate # Basic syntax check ~~~ ## Variables diff --git a/VERSION b/VERSION new file mode 100644 index 0000000..9b40aa6 --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +0.10.4 diff --git a/terraform.sh b/terraform.sh index ecbbcd7..e643dd5 100755 --- a/terraform.sh +++ b/terraform.sh @@ -1,6 +1,6 @@ # ------------------ # TERRAFORM-MAKEFILE -# v0.1.0 +# v0.10.4 # ------------------ # # This Makefile is maintained on Github.com. diff --git a/test.sh b/test.sh new file mode 100755 index 0000000..8702e04 --- /dev/null +++ b/test.sh @@ -0,0 +1,11 @@ +#!/bin/bash -e + +echo "Checking difference between README.md and make help output..." +readme_help="$(awk '/> make/{f=1;next} /~~~/{f=0} f' README.md)" +make_help="$(make | sed 's,\x1B\[[0-9;]*[a-zA-Z],,g')" +diff <(echo "$readme_help") <(echo "$make_help") || (printf "\033[31mFAILED!\033[0m\n" && exit 1) +printf "\033[32mOK\033[0m\n" + +echo "Checking version..." +[ "$(git grep $(cat VERSION) | wc -l)" -eq 6 ] || (printf "\033[31mFAILED!\033[0m\n" && exit 1) +printf "\033[32mOK\033[0m\n" From a0374df267df7b802506cd2b0246293883e55f47 Mon Sep 17 00:00:00 2001 From: Paul B Date: Sun, 10 Sep 2017 14:21:49 +0200 Subject: [PATCH 4/4] Adding a dockerfile --- Dockerfile | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..36f0b36 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,9 @@ +FROM hashicorp/terraform:0.10.4 + +RUN apk add --update make bash + +WORKDIR /opt/terraform +COPY . . + +VOLUME [ /opt/terraform/providers ] +VOLUME [ /opt/terraform/modules ]