tfctl 1.2.2 → 1.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.bundle/config +3 -0
- data/.github/dependabot.yml +7 -0
- data/.gitignore +0 -1
- data/.rubocop.yml +1 -0
- data/CHANGELOG.adoc +8 -1
- data/Makefile +4 -3
- data/README.adoc +19 -2
- data/RELEASING.adoc +13 -0
- data/bin/tfctl +3 -3
- data/examples/control_tower/profiles/example-profile/main.tf +1 -1
- data/examples/control_tower/profiles/example-profile/variables.tf +1 -1
- data/examples/control_tower/tfctl.yaml +2 -2
- data/lib/hash.rb +2 -1
- data/lib/tfctl.rb +8 -8
- data/lib/tfctl/aws_org.rb +1 -1
- data/lib/tfctl/config.rb +4 -2
- data/lib/tfctl/executor.rb +1 -1
- data/lib/tfctl/generator.rb +12 -10
- data/lib/tfctl/logger.rb +1 -1
- data/lib/tfctl/schema.rb +1 -1
- data/lib/tfctl/version.rb +1 -1
- data/tfctl.gemspec +5 -4
- metadata +29 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5fe79c7d1c05d536eabd439037d74996bf35af1b72e359e34a0f52f32067fecf
|
4
|
+
data.tar.gz: 67c20fd6e27f58ce119e9c050923c80499b0054991716515f41dbbd2c4156336
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 693f29d4f7ddea34dfe9dbb747cf976452bdc8ff423bf63d41bc2f77f2ae05fb58ddb8b6d9a2d4c1f151749899a325b7326384e5e4128eda076d51c7c54bd8ca
|
7
|
+
data.tar.gz: a71acfa057e8a80923b7ec9c48ab2654af1fd6d73e4fa0259949d3bded769773dd3127590475266586fe48e3f5549a7f8725c111429a6ceb850389bb7fc63c01
|
data/.bundle/config
ADDED
data/.gitignore
CHANGED
data/.rubocop.yml
CHANGED
data/CHANGELOG.adoc
CHANGED
@@ -1,6 +1,13 @@
|
|
1
1
|
= Changelog
|
2
2
|
|
3
|
-
==
|
3
|
+
== 1.3.0
|
4
|
+
|
5
|
+
* feat: support new Terraform provider syntax
|
6
|
+
|
7
|
+
BREAKING CHANGE: The minimum supported Terraform version has been bumped to
|
8
|
+
0.12.29. If you are running an older version of Terraform you will need to
|
9
|
+
update to the latest Terraform in 0.12.x series before updating tfctl. Once
|
10
|
+
tfctl is updated you can upgrade Terraform to further versions.
|
4
11
|
|
5
12
|
== 1.2.2
|
6
13
|
* chore: reverted PR #11 - not necessary and introduced regression. See PR #13 for details.
|
data/Makefile
CHANGED
@@ -2,7 +2,8 @@
|
|
2
2
|
|
3
3
|
vendor:
|
4
4
|
$(info => Installing Ruby dependencies)
|
5
|
-
@bundle install
|
5
|
+
@bundle install
|
6
|
+
@bundle binstubs --all --path vendor/bin
|
6
7
|
|
7
8
|
test: vendor rubocop spec
|
8
9
|
|
@@ -10,11 +11,11 @@ guard: vendor
|
|
10
11
|
$(info => Starting guard)
|
11
12
|
@bundle exec guard
|
12
13
|
|
13
|
-
rubocop:
|
14
|
+
rubocop: vendor
|
14
15
|
$(info => Running rubocop)
|
15
16
|
@vendor/bin/rubocop
|
16
17
|
|
17
|
-
spec:
|
18
|
+
spec: vendor
|
18
19
|
$(info => Running spec tests)
|
19
20
|
@vendor/bin/rspec
|
20
21
|
|
data/README.adoc
CHANGED
@@ -42,6 +42,23 @@ https://aws.amazon.com/solutions/aws-landing-zone/[AWS Landing Zone] and
|
|
42
42
|
https://aws.amazon.com/controltower/[Control Tower] but should work with most
|
43
43
|
other ways of managing accounts in AWS Organizations.
|
44
44
|
|
45
|
+
== Project status
|
46
|
+
|
47
|
+
`tfctl` is an open source project published by The Scale Factory.
|
48
|
+
|
49
|
+
We currently consider this project to be maintained but we don't actively
|
50
|
+
develop new features. We keep it security patched and ready for use in
|
51
|
+
production environments.
|
52
|
+
|
53
|
+
We’ll take a look at any issues or PRs you open and get back to you as soon as
|
54
|
+
we can. We don’t offer any formal SLA, but we’ll be checking on this project
|
55
|
+
periodically.
|
56
|
+
|
57
|
+
If your issue is urgent, you can flag it as such, and we’ll attempt to triage
|
58
|
+
appropriately, but we have paying customers who also have demands on our time.
|
59
|
+
If your business depends on this project and you have an urgent problem, then
|
60
|
+
you can talk to our sales team about paying us to support you.
|
61
|
+
|
45
62
|
== Features
|
46
63
|
|
47
64
|
* Discovers AWS accounts automatically.
|
@@ -57,8 +74,8 @@ other ways of managing accounts in AWS Organizations.
|
|
57
74
|
|
58
75
|
== Requirements
|
59
76
|
|
60
|
-
* Terraform >= 0.12
|
61
|
-
* Ruby >= 2.
|
77
|
+
* Terraform >= 0.12.29
|
78
|
+
* Ruby >= 2.5
|
62
79
|
* Accounts managed in AWS Organizations (by Landing Zone, Control Tower, some
|
63
80
|
other means)
|
64
81
|
|
data/RELEASING.adoc
ADDED
@@ -0,0 +1,13 @@
|
|
1
|
+
= Releasing
|
2
|
+
|
3
|
+
This document is aimed at `tfctl` maintainers and describes the process of
|
4
|
+
releasing a new gem version.
|
5
|
+
|
6
|
+
== Process
|
7
|
+
|
8
|
+
* Smoke test in SF test accounts: https://github.com/scalefactory/tfctl-test
|
9
|
+
* Bump version in `lib/tfctl/version.rb`
|
10
|
+
* Update `CHANGELOG.adoc`
|
11
|
+
* Commit
|
12
|
+
* Create a new GitHub release and version tag using format: vX.X.X
|
13
|
+
* TravisCI will build and release the gem automatically: https://travis-ci.org/github/scalefactory/tfctl
|
data/bin/tfctl
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
-
if File.directory?(File.dirname(__FILE__)
|
4
|
+
if File.directory?("#{File.dirname(__FILE__)}/../vendor")
|
5
5
|
require 'bundler/setup'
|
6
6
|
end
|
7
7
|
require 'optparse'
|
@@ -81,8 +81,8 @@ begin
|
|
81
81
|
targetting_opts = %i[account ou all]
|
82
82
|
targets_set = []
|
83
83
|
options.each do |k, v|
|
84
|
-
if targetting_opts.include?(k)
|
85
|
-
targets_set << k.to_s
|
84
|
+
if targetting_opts.include?(k) and !v.nil?
|
85
|
+
targets_set << k.to_s
|
86
86
|
end
|
87
87
|
end
|
88
88
|
if targets_set.length > 1
|
@@ -7,6 +7,6 @@ variable "config" {
|
|
7
7
|
locals {
|
8
8
|
config = jsondecode(var.config)
|
9
9
|
account_id = "${data.aws_caller_identity.current.account_id}"
|
10
|
-
# get
|
10
|
+
# get account configuration from tfctl config
|
11
11
|
account = [ for account in local.config["accounts"]: account if account["id"] == local.account_id ][0]
|
12
12
|
}
|
@@ -5,7 +5,7 @@
|
|
5
5
|
# create final configuration used by tfctl. You can view the merged
|
6
6
|
# configuration by running:
|
7
7
|
#
|
8
|
-
# tfctl -c conf/
|
8
|
+
# tfctl -c conf/tfctl.yaml -s
|
9
9
|
#
|
10
10
|
|
11
11
|
#
|
@@ -17,7 +17,7 @@ tf_state_dynamodb_table: 'terraform-lock'
|
|
17
17
|
tf_state_region: 'eu-west-1'
|
18
18
|
# Role for accessing state resources
|
19
19
|
tf_state_role_arn: 'arn:aws:iam::SHARED_SERVICES_ACCOUNT_ID:role/TerraformStateRole'
|
20
|
-
tf_required_version: '>= 0.12.
|
20
|
+
tf_required_version: '>= 0.12.29'
|
21
21
|
aws_provider_version: '>= 2.14'
|
22
22
|
# Role used by tfctl to retrieve data from AWS Organizations
|
23
23
|
# Has to be set up in the primary org account
|
data/lib/hash.rb
CHANGED
@@ -18,13 +18,14 @@ class Hash
|
|
18
18
|
merge(second.to_h, &merger)
|
19
19
|
end
|
20
20
|
|
21
|
-
# Copied from ruby 2.6 Psych for 2.3 compatibility.
|
22
21
|
def symbolize_names!(result = self)
|
23
22
|
case result
|
24
23
|
when Hash
|
24
|
+
# rubocop:disable Style/HashEachMethods
|
25
25
|
result.keys.each do |key|
|
26
26
|
result[key.to_sym] = symbolize_names!(result.delete(key))
|
27
27
|
end
|
28
|
+
# rubocop:enable Style/HashEachMethods
|
28
29
|
when Array
|
29
30
|
result.map! { |r| symbolize_names!(r) }
|
30
31
|
end
|
data/lib/tfctl.rb
CHANGED
@@ -1,10 +1,10 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require_relative 'tfctl/aws_org
|
4
|
-
require_relative 'tfctl/config
|
5
|
-
require_relative 'tfctl/error
|
6
|
-
require_relative 'tfctl/executor
|
7
|
-
require_relative 'tfctl/generator
|
8
|
-
require_relative 'tfctl/logger
|
9
|
-
require_relative 'tfctl/schema
|
10
|
-
require_relative 'tfctl/version
|
3
|
+
require_relative 'tfctl/aws_org'
|
4
|
+
require_relative 'tfctl/config'
|
5
|
+
require_relative 'tfctl/error'
|
6
|
+
require_relative 'tfctl/executor'
|
7
|
+
require_relative 'tfctl/generator'
|
8
|
+
require_relative 'tfctl/logger'
|
9
|
+
require_relative 'tfctl/schema'
|
10
|
+
require_relative 'tfctl/version'
|
data/lib/tfctl/aws_org.rb
CHANGED
data/lib/tfctl/config.rb
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require_relative '../hash
|
4
|
-
require_relative 'error
|
3
|
+
require_relative '../hash'
|
4
|
+
require_relative 'error'
|
5
5
|
require 'yaml'
|
6
6
|
require 'json'
|
7
7
|
|
@@ -121,7 +121,9 @@ module Tfctl
|
|
121
121
|
return config unless config.key?(:exclude_accounts)
|
122
122
|
|
123
123
|
config[:accounts].each_with_index do |account, idx|
|
124
|
+
# rubocop:disable Style/IfWithBooleanLiteralBranches
|
124
125
|
config[:accounts][idx][:excluded] = config[:exclude_accounts].include?(account[:name]) ? true : false
|
126
|
+
# rubocop:enable Style/IfWithBooleanLiteralBranches
|
125
127
|
end
|
126
128
|
|
127
129
|
config
|
data/lib/tfctl/executor.rb
CHANGED
data/lib/tfctl/generator.rb
CHANGED
@@ -10,21 +10,27 @@ module Tfctl
|
|
10
10
|
|
11
11
|
def write_json_block(path, block)
|
12
12
|
File.open(path, 'w') do |f|
|
13
|
-
f.write(JSON.pretty_generate(block)
|
13
|
+
f.write("#{JSON.pretty_generate(block)}\n")
|
14
14
|
end
|
15
15
|
end
|
16
16
|
|
17
17
|
def make(account:, config:)
|
18
18
|
target_dir = "#{PROJECT_ROOT}/.tfctl/#{config[:config_name]}/#{account[:name]}"
|
19
|
-
tf_version = config.fetch(:tf_required_version, '>= 0.12.
|
19
|
+
tf_version = config.fetch(:tf_required_version, '>= 0.12.29')
|
20
20
|
aws_provider_version = config.fetch(:aws_provider_version, '>= 2.14')
|
21
21
|
|
22
22
|
FileUtils.mkdir_p target_dir
|
23
23
|
|
24
24
|
terraform_block = {
|
25
25
|
'terraform' => {
|
26
|
-
'required_version'
|
27
|
-
'
|
26
|
+
'required_version' => tf_version,
|
27
|
+
'required_providers' => {
|
28
|
+
'aws' => {
|
29
|
+
'source' => 'hashicorp/aws',
|
30
|
+
'version' => aws_provider_version,
|
31
|
+
},
|
32
|
+
},
|
33
|
+
'backend' => {
|
28
34
|
's3' => {
|
29
35
|
'bucket' => config[:tf_state_bucket],
|
30
36
|
'key' => "#{account[:name]}/tfstate",
|
@@ -41,7 +47,6 @@ module Tfctl
|
|
41
47
|
provider_block = {
|
42
48
|
'provider' => {
|
43
49
|
'aws' => {
|
44
|
-
'version' => aws_provider_version,
|
45
50
|
'region' => account[:region],
|
46
51
|
'assume_role' => {
|
47
52
|
'role_arn' => "arn:aws:iam::#{account[:id]}:role/#{account[:tf_execution_role]}",
|
@@ -71,11 +76,8 @@ module Tfctl
|
|
71
76
|
profile_block = {
|
72
77
|
'module' => {
|
73
78
|
profile => {
|
74
|
-
'source'
|
75
|
-
'config'
|
76
|
-
'providers' => {
|
77
|
-
'aws' => 'aws',
|
78
|
-
},
|
79
|
+
'source' => "../../../profiles/#{profile}",
|
80
|
+
'config' => '${var.config}',
|
79
81
|
},
|
80
82
|
},
|
81
83
|
}
|
data/lib/tfctl/logger.rb
CHANGED
data/lib/tfctl/schema.rb
CHANGED
data/lib/tfctl/version.rb
CHANGED
data/tfctl.gemspec
CHANGED
@@ -30,9 +30,10 @@ Gem::Specification.new do |spec|
|
|
30
30
|
spec.add_dependency 'aws-sdk-organizations', '~> 1.40'
|
31
31
|
spec.add_dependency 'json_schemer', '~> 0.2'
|
32
32
|
spec.add_dependency 'parallel', '~> 1.19'
|
33
|
-
spec.add_dependency 'terminal-table', '
|
33
|
+
spec.add_dependency 'terminal-table', '>= 1.8', '< 4.0'
|
34
34
|
|
35
|
-
spec.add_development_dependency 'guard-rspec',
|
36
|
-
spec.add_development_dependency 'rspec',
|
37
|
-
spec.add_development_dependency 'rubocop',
|
35
|
+
spec.add_development_dependency 'guard-rspec', '~> 4.7'
|
36
|
+
spec.add_development_dependency 'rspec', '~> 3.9'
|
37
|
+
spec.add_development_dependency 'rubocop', '~> 1.3'
|
38
|
+
spec.add_development_dependency 'rubocop-rspec', '~> 2.2'
|
38
39
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: tfctl
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Andrew Wasilczuk
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-05-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-organizations
|
@@ -56,16 +56,22 @@ dependencies:
|
|
56
56
|
name: terminal-table
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
58
58
|
requirements:
|
59
|
-
- - "
|
59
|
+
- - ">="
|
60
60
|
- !ruby/object:Gem::Version
|
61
61
|
version: '1.8'
|
62
|
+
- - "<"
|
63
|
+
- !ruby/object:Gem::Version
|
64
|
+
version: '4.0'
|
62
65
|
type: :runtime
|
63
66
|
prerelease: false
|
64
67
|
version_requirements: !ruby/object:Gem::Requirement
|
65
68
|
requirements:
|
66
|
-
- - "
|
69
|
+
- - ">="
|
67
70
|
- !ruby/object:Gem::Version
|
68
71
|
version: '1.8'
|
72
|
+
- - "<"
|
73
|
+
- !ruby/object:Gem::Version
|
74
|
+
version: '4.0'
|
69
75
|
- !ruby/object:Gem::Dependency
|
70
76
|
name: guard-rspec
|
71
77
|
requirement: !ruby/object:Gem::Requirement
|
@@ -100,14 +106,28 @@ dependencies:
|
|
100
106
|
requirements:
|
101
107
|
- - "~>"
|
102
108
|
- !ruby/object:Gem::Version
|
103
|
-
version: '
|
109
|
+
version: '1.3'
|
110
|
+
type: :development
|
111
|
+
prerelease: false
|
112
|
+
version_requirements: !ruby/object:Gem::Requirement
|
113
|
+
requirements:
|
114
|
+
- - "~>"
|
115
|
+
- !ruby/object:Gem::Version
|
116
|
+
version: '1.3'
|
117
|
+
- !ruby/object:Gem::Dependency
|
118
|
+
name: rubocop-rspec
|
119
|
+
requirement: !ruby/object:Gem::Requirement
|
120
|
+
requirements:
|
121
|
+
- - "~>"
|
122
|
+
- !ruby/object:Gem::Version
|
123
|
+
version: '2.2'
|
104
124
|
type: :development
|
105
125
|
prerelease: false
|
106
126
|
version_requirements: !ruby/object:Gem::Requirement
|
107
127
|
requirements:
|
108
128
|
- - "~>"
|
109
129
|
- !ruby/object:Gem::Version
|
110
|
-
version: '
|
130
|
+
version: '2.2'
|
111
131
|
description:
|
112
132
|
email:
|
113
133
|
- akw@scalefactory.com
|
@@ -116,6 +136,8 @@ executables:
|
|
116
136
|
extensions: []
|
117
137
|
extra_rdoc_files: []
|
118
138
|
files:
|
139
|
+
- ".bundle/config"
|
140
|
+
- ".github/dependabot.yml"
|
119
141
|
- ".gitignore"
|
120
142
|
- ".rspec"
|
121
143
|
- ".rubocop.yml"
|
@@ -126,6 +148,7 @@ files:
|
|
126
148
|
- LICENSE
|
127
149
|
- Makefile
|
128
150
|
- README.adoc
|
151
|
+
- RELEASING.adoc
|
129
152
|
- bin/tfctl
|
130
153
|
- docs/configuration.adoc
|
131
154
|
- docs/control_tower.adoc
|