Documentation
¶
Overview ¶
Package pkg contains logic for executing Terraform actions
Index ¶
- Constants
- func MaskSensitiveStateValues(src string) string
- func RemoveUndeclaredWarnings(src string) string
- func Run(...) error
- func WriteTemplate[T TfVars | vaultutil.VaultKvData | TfCreds | StateVars](inputs T, body string, out string) error
- type Executor
- type Input
- type Repo
- type StateVars
- type TfCreds
- type TfVariables
- type TfVars
Constants ¶
const ( AwsAccessKeyID = "aws_access_key_id" AwsSecretAccessKey = "aws_secret_access_key" AwsRegion = "region" AwsBucket = "bucket" )
standardized AppSRE terraform secret keys
const ( AWSVarsFile = "aws.auto.tfvars" InputVarsFile = "input.auto.tfvars" BackendFile = "s3.tfbackend" )
terraform specific filenames the "auto" vars files will automatically be loaded by the tf binary
const FolderPerm = 0770
FolderPerm is 0770 in chmod
Variables ¶
This section is empty.
Functions ¶
func MaskSensitiveStateValues ¶
MaskSensitiveStateValues redacts any Vault secrets in a Terraform human-readable state file more specifically, any Terraform datasource beginning with `vault_` will be redacted from the output
func RemoveUndeclaredWarnings ¶
RemoveUndeclaredWarnings takes in Terraform plan outputs and removes any warnings about undeclared variables which happen due to partial backend initialization tf doesn't give you an option to remove these warnings https://github.com/hashicorp/terraform/issues/22004 and we cannot use compact warnings due to limitations in the tfexec library so this is the next best option
func Run ¶
func Run(cfgPath, workdir, vaultAddr, roleID, secretID, gitlabLogRepo, gitlabUsername, gitlabToken, gitEmail string) error
Run is responsible for the full lifecycle of creating/updating/deleting a Terraform repo. Including loading config, secrets from vault, creation and cleanup of temp directories and the actual Terraform operations
func WriteTemplate ¶
func WriteTemplate[T TfVars | vaultutil.VaultKvData | TfCreds | StateVars](inputs T, body string, out string) error
WriteTemplate is responsible for templating a file and writing it to the location specified at out note that this is not a struct method as generics are incompatible with methods
Types ¶
type Executor ¶
type Executor struct {
// contains filtered or unexported fields
}
Executor includes required secrets and variables to perform a tf repo executor run
type Input ¶
type Input struct {
DryRun bool `yaml:"dry_run" json:"dry_run"`
Repos []Repo `yaml:"repos" json:"repos"`
}
Input holds YAML/JSON loaded from CONFIG_FILE and is passed from Qontract Reconcile
type Repo ¶
type Repo struct {
Name string `yaml:"name" json:"name"`
URL string `yaml:"repository" json:"repository"`
Path string `yaml:"project_path" json:"project_path"`
Ref string `yaml:"ref" json:"ref"`
Delete bool `yaml:"delete" json:"delete"`
AWSCreds vaultutil.VaultSecret `yaml:"aws_creds" json:"aws_creds"`
Bucket string `yaml:"bucket,omitempty" json:"bucket,omitempty"`
Region string `yaml:"region,omitempty" json:"region,omitempty"`
BucketPath string `yaml:"bucket_path,omitempty" json:"bucket_path,omitempty"`
RequireFips bool `yaml:"require_fips" json:"require_fips"`
TfVersion string `yaml:"tf_version" json:"tf_version"`
TfVariables TfVariables `yaml:"variables,omitempty" json:"variables,omitempty"`
}
Repo represents an individual Terraform Repo
type TfCreds ¶
type TfCreds struct {
AccessKey string
SecretKey string
Region string
Key string // set when initializing backend
Bucket string
}
TfCreds is made up of AWS credentials and configuration for using an S3 backend with Terraform
type TfVariables ¶
type TfVariables struct {
Inputs vaultutil.VaultSecret `yaml:"inputs" json:"inputs"`
Outputs vaultutil.VaultSecret `yaml:"outputs" json:"outputs"`
}
TfVariables are references to Vault paths used for reading/writing inputs and outputs
Source Files
Directories