RubyGems - tfctl - Versions diffs - 0.2.0 → 1.2.1 - Mend

tfctl 0.2.0 → 1.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

checksums.yaml +4 -4
data/.rubocop.yml +8 -4
data/.travis.yml +13 -12
data/CHANGELOG.adoc +22 -0
data/README.adoc +67 -31
data/bin/tfctl +11 -6
data/docs/configuration.adoc +59 -13
data/docs/control_tower.adoc +75 -37
data/docs/creating_a_profile.adoc +32 -10
data/docs/iam_permissions.adoc +23 -3
data/docs/project_layout.adoc +32 -6
data/examples/control_tower/{conf/example.yaml → tfctl.yaml} +31 -23
data/lib/tfctl.rb +4 -3
data/lib/tfctl/aws_org.rb +17 -15
data/lib/tfctl/config.rb +1 -2
data/lib/tfctl/error.rb +9 -0
data/lib/tfctl/executor.rb +9 -5
data/lib/tfctl/schema.rb +80 -0
data/lib/tfctl/version.rb +1 -1
data/tfctl.gemspec +7 -4
metadata +28 -14

data/lib/tfctl.rb CHANGED

@@ -1,9 +1,10 @@
 # frozen_string_literal: true
+require_relative 'tfctl/aws_org.rb'
 require_relative 'tfctl/config.rb'
-require_relative 'tfctl/generator.rb'
-require_relative 'tfctl/executor.rb'
 require_relative 'tfctl/error.rb'
+require_relative 'tfctl/executor.rb'
+require_relative 'tfctl/generator.rb'
 require_relative 'tfctl/logger.rb'
-require_relative 'tfctl/aws_org.rb'
+require_relative 'tfctl/schema.rb'
 require_relative 'tfctl/version.rb'

data/lib/tfctl/aws_org.rb CHANGED

@@ -71,23 +71,25 @@ module Tfctl
             @aws_org_client.list_children(
                 child_type: 'ORGANIZATIONAL_UNIT',
                 parent_id:  parent_id,
-            ).children.each do |child|
-                begin
-                    ou = @aws_org_client.describe_organizational_unit(
-                        organizational_unit_id: child.id,
-                    ).organizational_unit
-                rescue Aws::Organizations::Errors::TooManyRequestsException
-                    # FIXME: - use logger
-                    puts 'AWS Organizations: too many requests.  Retrying in 5 secs.'
-                    sleep 5
-                    retries += 1
-                    retry if retries < 10
-                end
+            ).each do |resp|
+                resp.children.each do |child|
+                    begin
+                        ou = @aws_org_client.describe_organizational_unit(
+                            organizational_unit_id: child.id,
+                        ).organizational_unit
+                    rescue Aws::Organizations::Errors::TooManyRequestsException
+                        # FIXME: - use logger
+                        puts 'AWS Organizations: too many requests.  Retrying in 5 secs.'
+                        sleep 5
+                        retries += 1
+                        retry if retries < 10
+                    end
-                ou_name = parent_name == :root ? ou.name.to_sym : "#{parent_name}/#{ou.name}".to_sym
+                    ou_name = parent_name == :root ? ou.name.to_sym : "#{parent_name}/#{ou.name}".to_sym
-                output[ou_name] = ou.id
+                    output[ou_name] = ou.id
+                end
             end
             output
         end

data/lib/tfctl/config.rb CHANGED

@@ -48,7 +48,7 @@ module Tfctl
             @config.to_json
         end
-        # Filters accounts by account property
+        # Filters accounts by an account property
         def find_accounts(property_name, property_value)
             output =[]
             @config[:accounts].each do |account|
@@ -88,7 +88,6 @@ module Tfctl
         # Retrieves AWS Organizations data and merges it with data from yaml config.
         def load_config(config_name, yaml_config, aws_org_config)
             # AWS Organizations data
             config = aws_org_config
             # Merge organization sections from yaml file

data/lib/tfctl/error.rb CHANGED

@@ -3,4 +3,13 @@
 module Tfctl
     class Error < StandardError
     end
+    class ValidationError < StandardError
+        attr_reader :issues
+        def initialize(message, issues = [])
+            super(message)
+            @issues = issues
+        end
+    end
 end

data/lib/tfctl/executor.rb CHANGED

@@ -41,18 +41,22 @@ module Tfctl
             # Create the command
             exec = [cmd] + [subcmd] + args
-            # Set environment variables for Terraform
-            env = {
-                'TF_INPUT'           => '0',
+            # Copy TF_* variables from process environment, but
+            # override those based on the following hash:
+            enforced_terraform_environment = {
                 'CHECKPOINT_DISABLE' => '1',
+                'TF_INPUT'           => '0',
                 'TF_IN_AUTOMATION'   => 'true',
-                # 'TF_LOG'             => 'TRACE'
             }
+            terraform_env = ENV.keep_if do |variable_name|
+                variable_name.start_with?('TF_')
+            end.merge(enforced_terraform_environment)
             log.debug "#{account_name}: Executing: #{exec.shelljoin}"
             FileUtils.cd path
-            Open3.popen3(env, exec.shelljoin) do |stdin, stdout, stderr, wait_thr|
+            Open3.popen3(terraform_env, exec.shelljoin) do |stdin, stdout, stderr, wait_thr|
                 stdin.close_write
                 # capture stdout and stderr in separate threads to prevent deadlocks

data/lib/tfctl/schema.rb ADDED

@@ -0,0 +1,80 @@
+# frozen_string_literal: true
+require 'json_schemer'
+require_relative 'error.rb'
+# Config validator using JSON schema
+module Tfctl
+    module Schema
+        class << self
+            def validate(data)
+                schemer = JSONSchemer.schema(main_schema)
+                issues = []
+                schemer.validate(data).each do |issue|
+                    issues << {
+                        details:      issue['details'],
+                        data_pointer: issue['data_pointer'],
+                    }
+                end
+                return if issues.empty?
+                raise Tfctl::ValidationError.new('Config validation failed', issues)
+            end
+            private
+            def main_schema
+                iam_arn_pattern = 'arn:aws:iam:[a-z\-0-9]*:[0-9]{12}:[a-zA-Z\/+@=.,]*'
+                # rubocop:disable Layout/HashAlignment
+                {
+                    'type'       => 'object',
+                    'properties' => {
+                        'tf_state_bucket'         => { 'type' => 'string' },
+                        'tf_state_role_arn'       => {
+                            'type'    => 'string',
+                            'pattern' => iam_arn_pattern,
+                        },
+                        'tf_state_dynamodb_table' => { 'type' => 'string' },
+                        'tf_state_region'         => { 'type' => 'string' },
+                        'tf_required_version'     => { 'type' => 'string' },
+                        'aws_provider_version'    => { 'type' => 'string' },
+                        'tfctl_role_arn'          => {
+                            'type'    => 'string',
+                            'pattern' => iam_arn_pattern,
+                        },
+                        'data'                    => { 'type' => 'object' },
+                        'exclude_accounts'        => { 'type' => 'array' },
+                        'organization_root'       => org_schema,
+                        'organization_units'      => org_schema,
+                        'account_overrides'       => org_schema,
+                    },
+                    'required'   => %w[
+                        tf_state_bucket
+                        tf_state_role_arn
+                        tf_state_dynamodb_table
+                        tf_state_region
+                        tfctl_role_arn
+                    ],
+                    'additionalProperties' => false,
+                }
+                # rubocop:enable Layout/HashAlignment
+            end
+            def org_schema
+                {
+                    'type'       => 'object',
+                    'properties' => {
+                        'profiles'          => { 'type'=> 'array' },
+                        'data'              => { 'type'=> 'object' },
+                        'tf_execution_role' => { 'type'=> 'string' },
+                        'region'            => { 'type'=> 'string' },
+                    },
+                }
+            end
+        end
+    end
+end

data/lib/tfctl/version.rb CHANGED

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Tfctl
-    VERSION = '0.2.0'
+    VERSION = '1.2.1'
 end

data/tfctl.gemspec CHANGED

@@ -23,13 +23,16 @@ Gem::Specification.new do |spec|
     spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
     spec.require_paths = ['lib']
+    spec.required_ruby_version = '>= 2.5.0'
     # Think when adding new dependencies.  Is it really necessary?
     # "The things you own end up owning you" etc.
-    spec.add_dependency 'aws-sdk-organizations', '~> 1.13'
-    spec.add_dependency 'parallel',              '~> 1.17'
+    spec.add_dependency 'aws-sdk-organizations', '~> 1.40'
+    spec.add_dependency 'json_schemer',          '~> 0.2'
+    spec.add_dependency 'parallel',              '~> 1.19'
     spec.add_dependency 'terminal-table',        '~> 1.8'
     spec.add_development_dependency 'guard-rspec', '~> 4.7'
-    spec.add_development_dependency 'rspec',       '~> 3.8'
-    spec.add_development_dependency 'rubocop',     '~> 0.76'
+    spec.add_development_dependency 'rspec',       '~> 3.9'
+    spec.add_development_dependency 'rubocop',     '~> 0.84'
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tfctl
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 1.2.1
 platform: ruby
 authors:
 - Andrew Wasilczuk
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-11-10 00:00:00.000000000 Z
+date: 2020-08-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-organizations
@@ -16,28 +16,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.13'
+        version: '1.40'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.13'
+        version: '1.40'
+- !ruby/object:Gem::Dependency
+  name: json_schemer
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
 - !ruby/object:Gem::Dependency
   name: parallel
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.17'
+        version: '1.19'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.17'
+        version: '1.19'
 - !ruby/object:Gem::Dependency
   name: terminal-table
   requirement: !ruby/object:Gem::Requirement
@@ -72,28 +86,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.8'
+        version: '3.9'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.8'
+        version: '3.9'
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.76'
+        version: '0.84'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.76'
+        version: '0.84'
 description:
 email:
 - akw@scalefactory.com
@@ -121,12 +135,12 @@ files:
 - examples/bootstrap/terraform-exec-role.template
 - examples/bootstrap/terraform-state.template
 - examples/bootstrap/tfctl-org-access.template
-- examples/control_tower/conf/example.yaml
 - examples/control_tower/modules/s3-bucket/main.tf
 - examples/control_tower/modules/s3-bucket/variables.tf
 - examples/control_tower/profiles/example-profile/data.tf
 - examples/control_tower/profiles/example-profile/main.tf
 - examples/control_tower/profiles/example-profile/variables.tf
+- examples/control_tower/tfctl.yaml
 - lib/hash.rb
 - lib/tfctl.rb
 - lib/tfctl/aws_org.rb
@@ -135,6 +149,7 @@ files:
 - lib/tfctl/executor.rb
 - lib/tfctl/generator.rb
 - lib/tfctl/logger.rb
+- lib/tfctl/schema.rb
 - lib/tfctl/version.rb
 - tfctl.gemspec
 homepage: https://github.com/scalefactory/tfctl
@@ -149,15 +164,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.5.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.7.7
+rubygems_version: 3.0.8
 signing_key:
 specification_version: 4
 summary: Terraform wrapper for managing multi-account AWS infrastructures