terraspace_plugin_azurerm 0.3.0 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +14 -0
- data/README.md +2 -0
- data/lib/templates/hcl/project/config/terraform/backend.tf +1 -1
- data/lib/terraspace_plugin_azurerm/clients/options.rb +1 -13
- data/lib/terraspace_plugin_azurerm/clients/storage.rb +4 -6
- data/lib/terraspace_plugin_azurerm/interfaces/backend/resource_group_creator.rb +1 -0
- data/lib/terraspace_plugin_azurerm/interfaces/backend/storage_account.rb +40 -2
- data/lib/terraspace_plugin_azurerm/interfaces/config.rb +22 -0
- data/lib/terraspace_plugin_azurerm/interfaces/helper/secret/fetcher.rb +38 -2
- data/lib/terraspace_plugin_azurerm/interfaces/helper/secret.rb +3 -3
- data/lib/terraspace_plugin_azurerm/interfaces/helper.rb +1 -1
- data/lib/terraspace_plugin_azurerm/version.rb +1 -1
- data/terraspace_plugin_azurerm.gemspec +1 -1
- metadata +7 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8c595d865e64d26fdc4fa827ef247aae21266701bdf2afcf5438c6458d50d96e
|
|
4
|
+
data.tar.gz: a3bdfe44206f463c945d5f416c81529d77c9507b676f27654b1071aa6da0c7fd
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 67fdfe608c63b99cea0b1dfa29cc131c68df2b8651428800fb9d085aba3747bd99d29757551b74828693d323f7378cd580bd38b5b195a43920f7c844d3409a70
|
|
7
|
+
data.tar.gz: b675685420ced87b9b21504b011d332987569a2cc94ff91de6cde41ca8e6a5dd72ec99e2551274de45bc1ed537c75e4a2c76e565e23018b8a86843cbd73c7416
|
data/CHANGELOG.md
CHANGED
|
@@ -3,6 +3,20 @@
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/).
|
|
5
5
|
|
|
6
|
+
## [0.4.0] - 2022-01-05
|
|
7
|
+
- [#11](https://github.com/boltops-tools/terraspace_plugin_azurerm/pull/11) fix tags config in README
|
|
8
|
+
- [#13](https://github.com/boltops-tools/terraspace_plugin_azurerm/pull/13) data management and security features
|
|
9
|
+
- [#8](https://github.com/boltops-tools/terraspace_plugin_azurerm/pull/8) Add config.tags
|
|
10
|
+
|
|
11
|
+
## [0.3.3] - 2022-01-04
|
|
12
|
+
- [#10](https://github.com/boltops-tools/terraspace_plugin_azurerm/pull/10) azure_secret support expansion automatically
|
|
13
|
+
|
|
14
|
+
## [0.3.2] - 2021-11-29
|
|
15
|
+
- [#9](https://github.com/boltops-tools/terraspace_plugin_azurerm/pull/9) change starter resource_group_name to have env
|
|
16
|
+
|
|
17
|
+
## [0.3.1] - 2021-04-15
|
|
18
|
+
- update azure_info dependency
|
|
19
|
+
|
|
6
20
|
## [0.3.0] - 2020-11-15
|
|
7
21
|
- [#5](https://github.com/boltops-tools/terraspace_plugin_azurerm/pull/5) helper and secrets support
|
|
8
22
|
- azure_secret helper
|
data/README.md
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
# This is useful because azure storage account names are not allowed special characters and are limited to 24 chars.
|
|
3
3
|
terraform {
|
|
4
4
|
backend "azurerm" {
|
|
5
|
-
resource_group_name = "<%= expansion('
|
|
5
|
+
resource_group_name = "<%= expansion(':ENV-:LOCATION') %>"
|
|
6
6
|
storage_account_name = "<%= expansion('ts:SUBSCRIPTION_HASH:LOCATION:ENV') %>"
|
|
7
7
|
container_name = "terraform-state"
|
|
8
8
|
key = "<%= expansion(':LOCATION/:ENV/:BUILD_DIR/terraform.tfstate') %>"
|
|
@@ -3,18 +3,6 @@ module TerraspacePluginAzurerm::Clients
|
|
|
3
3
|
extend Memoist
|
|
4
4
|
|
|
5
5
|
def client_options
|
|
6
|
-
o = base_client_options
|
|
7
|
-
o[:credentials] = credentials
|
|
8
|
-
o
|
|
9
|
-
end
|
|
10
|
-
|
|
11
|
-
def credentials
|
|
12
|
-
o = base_client_options
|
|
13
|
-
provider = MsRestAzure::ApplicationTokenProvider.new(o[:tenant_id], o[:client_id], o[:client_secret])
|
|
14
|
-
MsRest::TokenCredentials.new(provider)
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
def base_client_options
|
|
18
6
|
# AZURE_* is used by ruby generally.
|
|
19
7
|
# ARM_* is used by Terraform azurerm provider: https://www.terraform.io/docs/providers/azurerm/index.html
|
|
20
8
|
# Favor ARM_ because this plugin is designed for Terraspace.
|
|
@@ -32,7 +20,7 @@ module TerraspacePluginAzurerm::Clients
|
|
|
32
20
|
validate_base_options!(o)
|
|
33
21
|
o
|
|
34
22
|
end
|
|
35
|
-
memoize :
|
|
23
|
+
memoize :client_options
|
|
36
24
|
|
|
37
25
|
def validate_base_options!(options)
|
|
38
26
|
vars = []
|
|
@@ -6,12 +6,10 @@ module TerraspacePluginAzurerm::Clients
|
|
|
6
6
|
extend Memoist
|
|
7
7
|
|
|
8
8
|
# Include SDK modules to ease access to Storage classes.
|
|
9
|
-
include Azure::Storage::Mgmt
|
|
10
|
-
include Azure::Storage::Mgmt::
|
|
9
|
+
include Azure::Storage::Profiles::Latest::Mgmt
|
|
10
|
+
include Azure::Storage::Profiles::Latest::Mgmt::Models
|
|
11
11
|
|
|
12
|
-
|
|
13
|
-
mgmt.storage_accounts
|
|
14
|
-
end
|
|
12
|
+
delegate :storage_accounts, :blob_services, :blob_containers, to: :mgmt
|
|
15
13
|
|
|
16
14
|
def blob_containers
|
|
17
15
|
BlobContainers.new(mgmt)
|
|
@@ -19,7 +17,7 @@ module TerraspacePluginAzurerm::Clients
|
|
|
19
17
|
memoize :blob_containers
|
|
20
18
|
|
|
21
19
|
def mgmt
|
|
22
|
-
client =
|
|
20
|
+
client = Client.new(client_options)
|
|
23
21
|
client.subscription_id = client_options[:subscription_id]
|
|
24
22
|
client
|
|
25
23
|
end
|
|
@@ -20,6 +20,7 @@ class TerraspacePluginAzurerm::Interfaces::Backend
|
|
|
20
20
|
resource_group = ResourceGroup.new
|
|
21
21
|
resource_group.name = @resource_group_name
|
|
22
22
|
resource_group.location = config.location || AzureInfo.location
|
|
23
|
+
resource_group.tags = config.tags
|
|
23
24
|
resource_groups.create_or_update(@resource_group_name, resource_group)
|
|
24
25
|
end
|
|
25
26
|
|
|
@@ -6,8 +6,11 @@ class TerraspacePluginAzurerm::Interfaces::Backend
|
|
|
6
6
|
def create
|
|
7
7
|
if exist?
|
|
8
8
|
logger.debug "Storage Account #{@storage_account_name} already exists"
|
|
9
|
+
update_storage_account if config.storage_account.update_existing
|
|
10
|
+
set_blob_service_properties if config.storage_account.configure_data_protection_for_existing
|
|
9
11
|
else
|
|
10
12
|
create_storage_account
|
|
13
|
+
set_blob_service_properties
|
|
11
14
|
end
|
|
12
15
|
end
|
|
13
16
|
|
|
@@ -32,16 +35,29 @@ class TerraspacePluginAzurerm::Interfaces::Backend
|
|
|
32
35
|
end
|
|
33
36
|
end
|
|
34
37
|
|
|
38
|
+
def update_storage_account
|
|
39
|
+
logger.debug "Updating Storage Account #{@storage_account_name}..."
|
|
40
|
+
storage_accounts.update(@resource_group_name, @storage_account_name, storage_account_update_params)
|
|
41
|
+
end
|
|
42
|
+
|
|
35
43
|
def create_storage_account
|
|
36
44
|
logger.info "Creating Storage Account #{@storage_account_name}..."
|
|
37
|
-
storage_accounts.create(@resource_group_name, @storage_account_name,
|
|
45
|
+
storage_accounts.create(@resource_group_name, @storage_account_name, storage_account_create_params)
|
|
38
46
|
end
|
|
39
47
|
|
|
40
|
-
def
|
|
48
|
+
def storage_account_create_params
|
|
41
49
|
params = StorageAccountCreateParameters.new
|
|
42
50
|
params.location = config.location || azure_info.location # IE: eastus
|
|
43
51
|
params.sku = sku
|
|
52
|
+
params.allow_blob_public_access = config.storage_account.allow_blob_public_access
|
|
44
53
|
params.kind = Kind::StorageV2
|
|
54
|
+
params.tags = config.tags
|
|
55
|
+
params
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
def storage_account_update_params
|
|
59
|
+
params = StorageAccountUpdateParameters.new
|
|
60
|
+
params.allow_blob_public_access = config.storage_account.allow_blob_public_access
|
|
45
61
|
params
|
|
46
62
|
end
|
|
47
63
|
|
|
@@ -51,5 +67,27 @@ class TerraspacePluginAzurerm::Interfaces::Backend
|
|
|
51
67
|
sku.tier = config.storage_account.sku.tier
|
|
52
68
|
sku
|
|
53
69
|
end
|
|
70
|
+
|
|
71
|
+
def set_blob_service_properties
|
|
72
|
+
blob_services.set_service_properties(@resource_group_name, @storage_account_name, blob_service_properties)
|
|
73
|
+
end
|
|
74
|
+
|
|
75
|
+
def blob_service_properties
|
|
76
|
+
props = BlobServiceProperties.new
|
|
77
|
+
|
|
78
|
+
sa = config.storage_account
|
|
79
|
+
policy = DeleteRetentionPolicy.new
|
|
80
|
+
policy.days = sa.container_delete_retention_policy.days || sa.delete_retention_policy.days
|
|
81
|
+
policy.enabled = sa.container_delete_retention_policy.enabled || sa.delete_retention_policy.enabled
|
|
82
|
+
props.container_delete_retention_policy = policy # containers
|
|
83
|
+
|
|
84
|
+
policy = DeleteRetentionPolicy.new
|
|
85
|
+
policy.days = sa.blob_delete_retention_policy.days || sa.delete_retention_policy.days
|
|
86
|
+
policy.enabled = sa.blob_delete_retention_policy.enabled || sa.delete_retention_policy.enabled
|
|
87
|
+
props.delete_retention_policy = policy # blobs
|
|
88
|
+
|
|
89
|
+
props.is_versioning_enabled = sa.is_versioning_enabled
|
|
90
|
+
props
|
|
91
|
+
end
|
|
54
92
|
end
|
|
55
93
|
end
|
|
@@ -13,14 +13,36 @@ module TerraspacePluginAzurerm::Interfaces
|
|
|
13
13
|
# must return an ActiveSupport::OrderedOptions
|
|
14
14
|
def defaults
|
|
15
15
|
c = ActiveSupport::OrderedOptions.new
|
|
16
|
+
|
|
16
17
|
c.auto_create = true
|
|
17
18
|
c.location = nil # AzureInfo.location not assigned here so it can be lazily inferred
|
|
19
|
+
|
|
18
20
|
c.secrets = ActiveSupport::OrderedOptions.new
|
|
19
21
|
c.secrets.vault = nil
|
|
22
|
+
|
|
20
23
|
c.storage_account = ActiveSupport::OrderedOptions.new
|
|
24
|
+
c.storage_account.update_existing = false
|
|
21
25
|
c.storage_account.sku = ActiveSupport::OrderedOptions.new
|
|
22
26
|
c.storage_account.sku.name = "Standard_LRS"
|
|
23
27
|
c.storage_account.sku.tier = "Standard"
|
|
28
|
+
c.storage_account.allow_blob_public_access = false # Azure default is true
|
|
29
|
+
|
|
30
|
+
# data protection management
|
|
31
|
+
c.storage_account.configure_data_protection_for_existing = false
|
|
32
|
+
c.storage_account.delete_retention_policy = ActiveSupport::OrderedOptions.new
|
|
33
|
+
c.storage_account.delete_retention_policy.days = 365
|
|
34
|
+
c.storage_account.delete_retention_policy.enabled = true
|
|
35
|
+
# overrides the setting above
|
|
36
|
+
c.storage_account.blob_delete_retention_policy = ActiveSupport::OrderedOptions.new
|
|
37
|
+
c.storage_account.blob_delete_retention_policy.days = nil
|
|
38
|
+
c.storage_account.blob_delete_retention_policy.enabled = nil
|
|
39
|
+
c.storage_account.container_delete_retention_policy = ActiveSupport::OrderedOptions.new
|
|
40
|
+
c.storage_account.container_delete_retention_policy.days = nil
|
|
41
|
+
c.storage_account.container_delete_retention_policy.enabled = nil
|
|
42
|
+
c.storage_account.is_versioning_enabled = true
|
|
43
|
+
|
|
44
|
+
c.tags = {}
|
|
45
|
+
|
|
24
46
|
c
|
|
25
47
|
end
|
|
26
48
|
end
|
|
@@ -4,11 +4,14 @@ class TerraspacePluginAzurerm::Interfaces::Helper::Secret
|
|
|
4
4
|
class Fetcher
|
|
5
5
|
class Error < StandardError; end
|
|
6
6
|
class VaultNotFoundError < Error; end
|
|
7
|
+
class VaultNotConfiguredError < Error; end
|
|
7
8
|
|
|
8
9
|
include TerraspacePluginAzurerm::Logging
|
|
9
10
|
include TerraspacePluginAzurerm::Clients::Options
|
|
11
|
+
extend Memoist
|
|
10
12
|
|
|
11
|
-
def initialize
|
|
13
|
+
def initialize(mod, options={})
|
|
14
|
+
@mod, @options = mod, options
|
|
12
15
|
o = base_client_options
|
|
13
16
|
@client_id = o[:client_id]
|
|
14
17
|
@client_secret = o[:client_secret]
|
|
@@ -20,16 +23,21 @@ class TerraspacePluginAzurerm::Interfaces::Helper::Secret
|
|
|
20
23
|
get_secret(name, opts)
|
|
21
24
|
end
|
|
22
25
|
|
|
23
|
-
def get_secret(name,
|
|
26
|
+
def get_secret(name, options={})
|
|
27
|
+
vault = options[:vault]
|
|
28
|
+
version = options[:version]
|
|
24
29
|
unless token
|
|
25
30
|
return "ERROR: Unable to authorize and get the temporary token. Double check your ARM_ env variables."
|
|
26
31
|
end
|
|
27
32
|
|
|
28
33
|
version = "/#{version}" if version
|
|
34
|
+
check_vault_configured!(vault)
|
|
29
35
|
vault_subdomain = vault.downcase
|
|
30
36
|
# Using Azure REST API since the old gem doesnt support secrets https://github.com/Azure/azure-sdk-for-ruby
|
|
31
37
|
# https://docs.microsoft.com/en-us/rest/api/keyvault/getsecret/getsecret
|
|
38
|
+
name = expansion(name) if expand?
|
|
32
39
|
url = "https://#{vault_subdomain}.vault.azure.net/secrets/#{name}#{version}?api-version=7.1"
|
|
40
|
+
logger.debug "Azure vault url #{url}"
|
|
33
41
|
uri = URI(url)
|
|
34
42
|
req = Net::HTTP::Get.new(uri)
|
|
35
43
|
req["Authorization"] = token
|
|
@@ -55,6 +63,23 @@ class TerraspacePluginAzurerm::Interfaces::Helper::Secret
|
|
|
55
63
|
end
|
|
56
64
|
end
|
|
57
65
|
|
|
66
|
+
def check_vault_configured!(vault)
|
|
67
|
+
return if vault
|
|
68
|
+
logger.error "ERROR: Vault has not been configured or vault option not passed in the azure_secret helper method.".color(:red)
|
|
69
|
+
logger.error <<~EOL
|
|
70
|
+
Please configure the Azure KeyVault you want to use. Example:
|
|
71
|
+
|
|
72
|
+
config/plugins/azurerm.rb
|
|
73
|
+
|
|
74
|
+
TerraspacePluginAzurerm.configure do |config|
|
|
75
|
+
config.secrets.vault = "REPLACE_WITH_YOUR_VAULT_NAME"
|
|
76
|
+
end
|
|
77
|
+
|
|
78
|
+
Docs: https://terraspace.cloud/docs/helpers/azure/secrets/
|
|
79
|
+
EOL
|
|
80
|
+
raise VaultNotConfiguredError.new
|
|
81
|
+
end
|
|
82
|
+
|
|
58
83
|
def send_request(uri, req)
|
|
59
84
|
http = Net::HTTP.new(uri.host, uri.port)
|
|
60
85
|
http.open_timeout = http.read_timeout = 30
|
|
@@ -108,5 +133,16 @@ class TerraspacePluginAzurerm::Interfaces::Helper::Secret
|
|
|
108
133
|
@@token = false
|
|
109
134
|
end
|
|
110
135
|
end
|
|
136
|
+
|
|
137
|
+
private
|
|
138
|
+
delegate :expansion, to: :expander
|
|
139
|
+
def expander
|
|
140
|
+
TerraspacePluginAzurerm::Interfaces::Expander.new(@mod)
|
|
141
|
+
end
|
|
142
|
+
memoize :expander
|
|
143
|
+
|
|
144
|
+
def expand?
|
|
145
|
+
!(@options[:expansion] == false || @options[:expand] == false)
|
|
146
|
+
end
|
|
111
147
|
end
|
|
112
148
|
end
|
|
@@ -6,8 +6,8 @@ module TerraspacePluginAzurerm::Interfaces::Helper
|
|
|
6
6
|
include TerraspacePluginAzurerm::Logging
|
|
7
7
|
include TerraspacePluginAzurerm::Clients::Options
|
|
8
8
|
|
|
9
|
-
def initialize(options={})
|
|
10
|
-
@options = options
|
|
9
|
+
def initialize(mod, options={})
|
|
10
|
+
@mod, @options = mod, options
|
|
11
11
|
@base64 = options[:base64]
|
|
12
12
|
end
|
|
13
13
|
|
|
@@ -19,7 +19,7 @@ module TerraspacePluginAzurerm::Interfaces::Helper
|
|
|
19
19
|
end
|
|
20
20
|
|
|
21
21
|
def fetcher
|
|
22
|
-
Fetcher.new
|
|
22
|
+
Fetcher.new(@mod, @options)
|
|
23
23
|
end
|
|
24
24
|
memoize :fetcher
|
|
25
25
|
end
|
|
@@ -23,7 +23,7 @@ Gem::Specification.new do |spec|
|
|
|
23
23
|
spec.require_paths = ["lib"]
|
|
24
24
|
|
|
25
25
|
spec.add_dependency "azure-storage-blob"
|
|
26
|
-
spec.add_dependency "azure_info"
|
|
26
|
+
spec.add_dependency "azure_info", "~> 0.1.2"
|
|
27
27
|
spec.add_dependency "azure_mgmt_resources"
|
|
28
28
|
spec.add_dependency "azure_mgmt_storage"
|
|
29
29
|
spec.add_dependency "memoist"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: terraspace_plugin_azurerm
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tung Nguyen
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-01-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: azure-storage-blob
|
|
@@ -28,16 +28,16 @@ dependencies:
|
|
|
28
28
|
name: azure_info
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
|
-
- - "
|
|
31
|
+
- - "~>"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version:
|
|
33
|
+
version: 0.1.2
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
|
-
- - "
|
|
38
|
+
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version:
|
|
40
|
+
version: 0.1.2
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: azure_mgmt_resources
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -179,7 +179,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
179
179
|
- !ruby/object:Gem::Version
|
|
180
180
|
version: '0'
|
|
181
181
|
requirements: []
|
|
182
|
-
rubygems_version: 3.
|
|
182
|
+
rubygems_version: 3.2.32
|
|
183
183
|
signing_key:
|
|
184
184
|
specification_version: 4
|
|
185
185
|
summary: Terraspace Azurerm Cloud Plugin
|