RubyGems - terraform-wrapper - Versions diffs - 0.0.2 → 0.1.0 - Mend

terraform-wrapper 0.0.2 → 0.1.0

Files changed (30) hide show

checksums.yaml +4 -4
data/lib/terraform-wrapper.rb +34 -16
data/lib/terraform-wrapper/common.rb +12 -23
data/lib/terraform-wrapper/shared.rb +7 -1
data/lib/terraform-wrapper/shared/auths.rb +9 -0
data/lib/terraform-wrapper/shared/auths/azure.rb +179 -0
data/lib/terraform-wrapper/shared/auths/common.rb +95 -0
data/lib/terraform-wrapper/shared/backends/aws.rb +34 -29
data/lib/terraform-wrapper/shared/backends/azure.rb +38 -39
data/lib/terraform-wrapper/shared/backends/common.rb +18 -14
data/lib/terraform-wrapper/shared/backends/local.rb +20 -18
data/lib/terraform-wrapper/shared/binary.rb +16 -5
data/lib/terraform-wrapper/shared/code.rb +15 -4
data/lib/terraform-wrapper/shared/config.rb +61 -31
data/lib/terraform-wrapper/shared/latest.rb +11 -7
data/lib/terraform-wrapper/shared/logger.rb +80 -0
data/lib/terraform-wrapper/shared/logging.rb +77 -0
data/lib/terraform-wrapper/shared/runner.rb +59 -22
data/lib/terraform-wrapper/shared/variables.rb +66 -0
data/lib/terraform-wrapper/tasks/apply.rb +16 -14
data/lib/terraform-wrapper/tasks/binary.rb +25 -21
data/lib/terraform-wrapper/tasks/clean.rb +15 -11
data/lib/terraform-wrapper/tasks/destroy.rb +16 -14
data/lib/terraform-wrapper/tasks/init.rb +16 -14
data/lib/terraform-wrapper/tasks/plan.rb +16 -14
data/lib/terraform-wrapper/tasks/plandestroy.rb +16 -14
data/lib/terraform-wrapper/tasks/validate.rb +7 -3
data/lib/terraform-wrapper/version.rb +1 -1
metadata +8 -3
data/lib/terraform-wrapper/shared/identifiers.rb +0 -70

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ada2b6b6e65d6daedfc646d9f983894ada4061b649902252468bccaae76b4fee
-  data.tar.gz: 4698b8bc21d9ab1ab2866a263645a2aa07955aeb03b2f10d15aed732da1d4553
+  metadata.gz: 8c1c8efca42bd473f3bbfa5c0e97f2782b8cc2652f96fa17b213c8fa87d4b0ae
+  data.tar.gz: df46cad597ad4101afc53b242a94e11452e9bd14b722a1e76eb91ad9a02909a3
 SHA512:
-  metadata.gz: '095bd5f00cda0d8fa2e6e636bfaf4bf31e6dea0a03cbc49b3149c85b15c75e4928e5754dd56b9a71d9d0b33f5b8a7e033739e45e7746fe2fd97d28bb0139f62e'
-  data.tar.gz: 36f56ccf800f33dba662e41f377688e753c409076417269a2b638a6a28b60980aea437736236ca1083602f2a1cf8d935c0cc7aaaa35b297ba11bde06e935efd2
+  metadata.gz: 97be709f764c69cd868834dfa6d6ffbe1917d40ede4ef0ceaf2a01fc26fdf84f9d5da0a45c8ac02f017f29eb42071cbf8ce50e3d8862123c2a96f4ce9adfcc04
+  data.tar.gz: e1f8420bc2165a6819bc08a85fbf5d3290d3e40154866d5d6e47ddabd51eb8124ad748668cae8dfb6fd4e7964b4d6cb68eec747d32aa92fc29991166713b7192

data/lib/terraform-wrapper.rb CHANGED Viewed

@@ -14,28 +14,46 @@ module TerraformWrapper
 ###############################################################################
-  def self.define_tasks(backend: "local",
-                        binaries: File.join(Dir.pwd, "vendor", "terraform"),
-                        component:,
-                        configs: File.join(Dir.pwd, "config"),
-                        overrides: Hash.new,
-                        service:,
-                        terraform: File.join(Dir.pwd, "terraform"),
-                        version: TerraformWrapper::Shared::Latest.instance.version)
+  @logger = Shared::Logging.logger_for("TerraformWrapper")
-    $logger.info("Building tasks for service: #{service}, component: #{component}...")
+###############################################################################
+  @logger.info("Terraform Wrapper for Ruby - version: #{TerraformWrapper::VERSION}")
+###############################################################################
+  def self.define_tasks(component:, options: Hash.new, service:)
+    @logger.info("Building tasks for service: #{service}, component: #{component}...")
+    @logger.fatal("Options must be specified as a hash!") unless options.kind_of?(Hash)
+    binary_options = Hash.new
+    binary_options["base"]    = options.key?("binary-base")    ? options["binary-base"]    : File.join(Dir.pwd, "vendor", "terraform")
+    binary_options["version"] = options.key?("binary-version") ? options["binary-version"] : Shared::Latest.instance.version
+    code_options = Hash.new
+    code_options["base"] = options.key?("code-base") ? options["code-base"] : File.join(Dir.pwd, "terraform")
+    code_options["name"] = component
+    config_options = Hash.new
+    config_options["auth-azure"]         = options.key?("config-auth-azure")         ? options["config-auth-azure"]         : false
+    config_options["auth-azure-options"] = options.key?("config-auth-azure-options") ? options["config-auth-azure-options"] : Hash.new
+    config_options["base"]               = options.key?("config-base")               ? options["config-base"]               : File.join(Dir.pwd, "config")
+    config_options["backend"]            = options.key?("config-backend")            ? options["config-backend"]            : "local"
+    config_options["backend-options"]    = options.key?("config-backend-options")    ? options["config-backend-options"]    : Hash.new
+    config_options["service"]            = service
-    binary = TerraformWrapper::Shared::Binary.new(base: binaries, version: version)
-    code   = TerraformWrapper::Shared::Code.new(base: terraform, name: component)
+    binary = TerraformWrapper::Shared::Binary.new(options: binary_options)
+    code   = TerraformWrapper::Shared::Code.new(options: code_options)
     tasks = Array.new
-    tasks << TerraformWrapper::Tasks::Apply.new(backend: backend, binary: binary, code: code, configs: configs, overrides: overrides, service: service)
+    tasks << TerraformWrapper::Tasks::Apply.new(binary: binary, code: code, options: config_options)
     tasks << TerraformWrapper::Tasks::Binary.new(binary: binary)
     tasks << TerraformWrapper::Tasks::Clean.new(code: code)
-    tasks << TerraformWrapper::Tasks::Destroy.new(backend: backend, binary: binary, code: code, configs: configs, overrides: overrides, service: service)
-    tasks << TerraformWrapper::Tasks::Init.new(backend: backend, binary: binary, code: code, configs: configs, overrides: overrides, service: service)
-    tasks << TerraformWrapper::Tasks::Plan.new(backend: backend, binary: binary, code: code, configs: configs, overrides: overrides, service: service)
-    tasks << TerraformWrapper::Tasks::PlanDestroy.new(backend: backend, binary: binary, code: code, configs: configs, overrides: overrides, service: service)
+    tasks << TerraformWrapper::Tasks::Destroy.new(binary: binary, code: code, options: config_options)
+    tasks << TerraformWrapper::Tasks::Init.new(binary: binary, code: code, options: config_options)
+    tasks << TerraformWrapper::Tasks::Plan.new(binary: binary, code: code, options: config_options)
+    tasks << TerraformWrapper::Tasks::PlanDestroy.new(binary: binary, code: code, options: config_options)
     tasks << TerraformWrapper::Tasks::Validate.new(binary: binary, code: code)
     return tasks
   end

data/lib/terraform-wrapper/common.rb CHANGED Viewed

@@ -1,38 +1,27 @@
 ###############################################################################
-require 'logger'
+module TerraformWrapper
 ###############################################################################
-$logger = Logger.new(STDOUT,
-                     level: "INFO",
-                     progname: "TerraformWrapper")
+  def self.create_directory(directory:, purpose: nil, exists: true)
+    return exists if File.directory?(directory)
-$logger.formatter = proc do |severity, datetime, progname, msg|
-  sevId = severity.chars.first.upcase
-  "#{progname} [#{sevId}] #{msg}\n"
-end
-###############################################################################
+    result = false
-$logger.info("Terraform Wrapper for Ruby - version: #{TerraformWrapper::VERSION}")
+    if not purpose.nil? and purpose.kind_of?(String) and not purpose.strip.empty? then
+      @logger.info("Creating directory for: #{purpose}, path: #{directory}")
+    else
+      @logger.info("Creating directory: #{directory}")
+    end
-###############################################################################
+    FileUtils.mkdir_p(directory)
-def create_directory(directory:, purpose: nil, exists: true)
-  return exists if File.directory?(directory)
-  result = false
-  if not purpose.nil? and purpose.kind_of?(String) and not purpose.strip.empty? then
-    $logger.info("Creating directory for: #{purpose}, path: #{directory}")
-  else
-    $logger.info("Creating directory: #{directory}")
+    result = File.directory?(directory)
   end
-  FileUtils.mkdir_p(directory)
+###############################################################################
-  result = File.directory?(directory)
 end
 ###############################################################################

data/lib/terraform-wrapper/shared.rb CHANGED Viewed

@@ -1,11 +1,17 @@
 ###############################################################################
+require_relative 'shared/logger'
+require_relative 'shared/logging'
+###############################################################################
+require_relative 'shared/auths'
 require_relative 'shared/backends'
 require_relative 'shared/binary'
 require_relative 'shared/code'
 require_relative 'shared/config'
-require_relative 'shared/identifiers'
 require_relative 'shared/latest'
 require_relative 'shared/runner'
+require_relative 'shared/variables'
 ###############################################################################

data/lib/terraform-wrapper/shared/auths.rb ADDED Viewed

@@ -0,0 +1,9 @@
+###############################################################################
+require_relative 'auths/common'
+###############################################################################
+require_relative 'auths/azure'
+###############################################################################

data/lib/terraform-wrapper/shared/auths/azure.rb ADDED Viewed

@@ -0,0 +1,179 @@
+###############################################################################
+module TerraformWrapper
+###############################################################################
+  module Shared
+###############################################################################
+    module Auths
+###############################################################################
+      class Azure < Common
+###############################################################################
+        include TerraformWrapper::Shared::Logging
+###############################################################################
+        @@az   = "az"
+        @@type = "azure"
+###############################################################################
+        @password = nil
+###############################################################################
+        attr_reader :subscription
+        attr_reader :tenant
+        attr_reader :username
+###############################################################################
+        def initialize(code:, config:, options:, service:, variables:)
+          construct(code: code, config: config, options: options, service: service, variables: variables)
+        end
+###############################################################################
+        def auth()
+          ENV["ARM_SUBSCRIPTION_ID"] = @subscription
+          ENV["ARM_TENANT_ID"]       = @tenant
+          ENV["ARM_CLIENT_ID"]       = @username unless @username.nil?
+          ENV["ARM_CLIENT_SECRET"]   = @password unless @password.nil?
+          logger.success("Azure authenticator environment variables set!")
+        end
+###############################################################################
+        def clear()
+          ENV.delete("ARM_SUBSCRIPTION_ID")
+          ENV.delete("ARM_TENANT_ID")
+          logger.info("Azure authenticator environment variables cleared!")
+        end
+###############################################################################
+        private
+###############################################################################
+        def cli()
+          output  = logger.colour ? "jsonc" : "json"
+          cmdline = "\"#{@@az}\" version --output \"#{output}\""
+          return(system(cmdline) || false)
+        end
+###############################################################################
+        def secret(vault:, name:)
+          logger.info("Getting secret: #{name}, from key vault: #{vault}...")
+          cmdline = "\"#{@@az}\" keyvault secret show --vault-name \"#{vault}\" --name \"#{name}\" --query \"value\" --output \"tsv\""
+          stdout  = `#{cmdline}`
+          code    = $?.exitstatus
+          logger.fatal("Failed to get secret: #{name} from key vault: #{vault}!") if (code != 0 and stdout.strip.empty?)
+          return(stdout.strip)
+        end
+###############################################################################
+        def subscription_details(subscription:)
+          logger.info("Looking up details for subscription: #{subscription}...")
+          cmdline = "\"#{@@az}\" account show --subscription \"#{subscription}\" --query \"{id:id,tenant:tenantId}\" --output \"yaml\""
+          stdout  = `#{cmdline}`
+          code    = $?.exitstatus
+          logger.fatal("Failed to get details for subscription: #{subscription}!") if code != 0
+          details = YAML.load(stdout.strip)
+          logger.fatal("Returned details did not include the subscription ID!") unless details.key?("id")
+          logger.fatal("Returned subscription ID is not a String!") unless details["id"].kind_of?(String)
+          logger.fatal("Returned subscription ID is empty!") if details["id"].strip.empty?
+          logger.fatal("Returned details did not include the tenant ID!") unless details.key?("tenant")
+          logger.fatal("Returned tenant ID is not a String!") unless details["tenant"].kind_of?(String)
+          logger.fatal("Returned tenant ID is empty!") if details["tenant"].strip.empty?
+          details.transform_values! { |value| value.strip }
+          logger.debug("Returned subscription ID: #{details["id"]}")
+          logger.debug("Returned tenant ID: #{details["tenant"]}")
+          return(details)
+        end
+###############################################################################
+        def specific()
+          keyvault = nil
+          logger.fatal("Azure CLI must be installed and accessible to use the Azure authenticator.") unless cli
+          logger.fatal("Azure authenticator mandatory option 'subscription' has not been set!") unless @options.key?("subscription")
+          subscription = @options["subscription"]
+          logger.fatal("Azure authenticator subscription must be a String!") unless subscription.kind_of?(String)
+          logger.fatal("Azure authenticator subscription must not be blank!") if subscription.strip.empty?
+          if @options.key?("keyvault") then
+            keyvault = @options["keyvault"]
+            logger.fatal("Azure authenticator keyvault name must be a String if specified!") unless keyvault.kind_of?(String)
+            logger.fatal("Azure authenticator keyvault name must not be blank if specified!") if keyvault.strip.empty?
+            username = @options.key?("username-secret") ? @options["username-secret"] : "terraform-username"
+            logger.fatal("Azure authenticator keyvault secret for username must be a String if keyvault name is specified!") unless username.kind_of?(String)
+            logger.fatal("Azure authenticator keyvault secret for username must not be blank if keyvault name is specified!") if username.strip.empty?
+            password = @options.key?("username-password") ? @options["username-password"] : "terraform-password"
+            logger.fatal("Azure authenticator keyvault secret for password must be a String if keyvault name is specified!") unless password.kind_of?(String)
+            logger.fatal("Azure authenticator keyvault secret for password must not be blank if keyvault name is specified!") if password.strip.empty?
+          end
+          begin
+            subscription = subscription % @variables
+            keyvault     = keyvault     % @variables unless keyvault.nil?
+            username     = username     % @variables unless keyvault.nil?
+            password     = password     % @variables unless keyvault.nil?
+          rescue
+            logger.fatal("Azure authenticator options contain variables that are not included in the configuration file!")
+          end
+          details = subscription_details(subscription: subscription)
+          @subscription = details["id"]
+          @tenant       = details["tenant"]
+          @username     = keyvault.nil? ? nil : secret(vault: keyvault, name: username)
+          @password     = keyvault.nil? ? nil : secret(vault: keyvault, name: password)
+        end
+###############################################################################
+      end
+###############################################################################
+    end
+###############################################################################
+  end
+###############################################################################
+end
+###############################################################################

data/lib/terraform-wrapper/shared/auths/common.rb ADDED Viewed

@@ -0,0 +1,95 @@
+###############################################################################
+module TerraformWrapper
+###############################################################################
+  module Shared
+###############################################################################
+    module Auths
+###############################################################################
+      class Common
+###############################################################################
+        include TerraformWrapper::Shared::Logging
+###############################################################################
+        @@type
+###############################################################################
+        @options
+        @variables
+###############################################################################
+        def initialize(code:, config:, options:, service:, variables:)
+          logger.fatal("This class should not be used directly! Please create an authenticator-specific class instead!")
+        end
+###############################################################################
+        def auth()
+          logger.fatal("The authenticator specific class should override the 'auth' method to complete the authentication process!")
+        end
+###############################################################################
+        def clear()
+          logger.fatal("The authenticator specific class should override the 'auth' method to clear any authentication details!")
+        end
+###############################################################################
+        def type()
+          logger.fatal("The authenticator specific class should set the 'type' class variable to a string!") unless @@type.kind_of?(String)
+          return @@type
+        end
+###############################################################################
+        private
+###############################################################################
+        def construct(code:, config:, options:, service:, variables:)
+          @options   = options
+          @variables = variables.values.merge({
+            component: code.name,
+            config: config,
+            service: service
+            })
+          specific
+        end
+###############################################################################
+        def specific()
+          logger.fatal("The authenticator specific class should override the 'specific' method to include authenticator specific validation and setup, or simply return 'true' if it is not required.")
+        end
+###############################################################################
+      end
+###############################################################################
+    end
+###############################################################################
+  end
+###############################################################################
+end
+###############################################################################

data/lib/terraform-wrapper/shared/backends/aws.rb CHANGED Viewed

@@ -14,6 +14,10 @@ module TerraformWrapper
       class AWS < Common
+###############################################################################
+        include TerraformWrapper::Shared::Logging
 ###############################################################################
         @@default_class = "terraform-state"
@@ -25,14 +29,13 @@ module TerraformWrapper
 ###############################################################################
         attr_reader :bucket
-        attr_reader :class
         attr_reader :key
         attr_reader :region
 ###############################################################################
-        def initialize(service:, code:, identifiers:, overrides: Hash.new)
-          construct(service: service, code: code, identifiers: identifiers, overrides: overrides)
+        def initialize(code:, config:, options:, service:, variables:)
+          construct(code: code, config: config, options: options, service: service, variables: variables)
         end
 ###############################################################################
@@ -52,39 +55,41 @@ module TerraformWrapper
 ###############################################################################
         def specific()
-          if @overrides.key?("class") and @overrides["class"].kind_of?(String) and not @overrides["class"].strip.empty? then
-            @class = @overrides["class"]
-          else
-            @class = @@default_class
-          end
+          logger.fatal("AWS backend mandatory option 'bucket' has not been set!") unless @options.key?("bucket")
+          logger.fatal("AWS backend mandatory option 'region' has not been set!") unless @options.key?("region")
-          if @overrides.key?("region") and @overrides["region"].kind_of?(String) and not @overrides["region"].strip.empty? then
-            @region = @overrides["region"]
-          else
-            raise "Mandatory identifier 'region' or override 'region' must be set in provided configuration to backend of type: #{@@type}" unless @identifier.key?("region")
-            raise "Mandatory identifier 'region' is not a string in provided configuration to backend of type: #{@@type}" unless @identifier["region"].kind_of?(String)
-            raise "Mandatory identifier 'region' is empty in provided configuration to backend of type: #{@@type}" if @identifier["region"].strip.empty?
+          bucket = @options["bucket"]
-            @region = @identifiers["account"].strip.downcase
-          end
+          logger.fatal("AWS backend S3 bucket name must be a String!") unless bucket.kind_of?(String)
+          logger.fatal("AWS backend S3 bucket name must not be blank!") if bucket.strip.empty?
-          if @overrides.key?("bucket") and @overrides["bucket"].kind_of?(String) and not @overrides["bucket"].strip.empty? then
-            @bucket = @overrides["bucket"]
-          else
-            raise "Mandatory identifier 'account' or override 'bucket' must be set in provided configuration to backend of type: #{@@type}" unless @identifier.key?("account")
-            raise "Mandatory identifier 'account' is not a string in provided configuration to backend of type: #{@@type}" unless @identifier["account"].kind_of?(String)
-            raise "Mandatory identifier 'account' is empty in provided configuration to backend of type: #{@@type}" if @identifier["account"].strip.empty?
+          region = @options["region"]
-            @bucket = @class + "-" + @region + "-" + @identifiers["account"].strip.downcase
-          end
+          logger.fatal("AWS backend S3 bucket region must be a String!") unless region.kind_of?(String)
+          logger.fatal("AWS backend S3 bucket region must not be blank!") if region.strip.empty?
+          key = @options.key?("key") ? @options["key"] : File.join("%{service}", "%{config}", "%{component}" + @@ext)
+          logger.fatal("AWS backend S3 bucket key must be a String!") unless key.kind_of?(String)
+          logger.fatal("AWS backend S3 bucket key must not be blank!") if key.strip.empty?
-          key = File.join(@identifiers.path, @service, @component + @@ext)
+          logger.fatal("AWS backend S3 bucket name or key must include %{service}.") unless (bucket.include?("%{service}") or key.include?("%{service}"))
+          logger.fatal("AWS backend S3 bucket name or key must include %{config}.") unless (bucket.include?("%{config}") or key.include?("%{config}"))
+          logger.fatal("AWS backend S3 bucket name or key must include %{component}.") unless  (bucket.include?("%{component}") or key.include?("%{component}"))
-          if key.length > 1024 then
-            raise "Key: #{key} is too long for backend of type: #{@@type}"
-          else
-            @key = key
+          begin
+            bucket = bucket % @variables
+            region = region % @variables
+            key    = key    % @variables
+          rescue
+            logger.fatal("AWS backend options contain variables that are not included in the configuration file!")
           end
+          logger.fatal("Key: #{key} is too long for backend of type: #{@@type}") if key.length > 1024
+          @bucket = bucket
+          @region = region
+          @key    = key
         end
 ###############################################################################