@salte-common/terraflow 0.1.0-alpha.1

package/dist/commands/config.js

@@ -0,0 +1,354 @@
+"use strict";
+/**
+ * Config command handler
+ * Manages Terraflow configuration
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ConfigCommand = void 0;
+const fs_1 = require("fs");
+const path_1 = require("path");
+const js_yaml_1 = __importDefault(require("js-yaml"));
+const config_1 = require("../core/config");
+const logger_1 = require("../utils/logger");
+/**
+ * Fields that should always be masked
+ * These are exact field names that contain sensitive data
+ */
+const ALWAYS_MASKED_FIELDS = [
+    'client_secret',
+    'secret_access_key',
+    'session_token',
+    'access_key_id',
+    'access_key',
+    'api_key',
+    'password',
+    'secret',
+    'key', // Only mask if it's clearly a credential key, not a generic key field
+    'token',
+];
+/**
+ * Sensitive field patterns that should be masked
+ */
+const SENSITIVE_PATTERNS = [
+    /password$/i,
+    /secret$/i,
+    /.*_secret$/i,
+    /.*_key$/i, // But not role_arn, kms_key_id, etc.
+    /token$/i,
+    /credential$/i,
+    /access.*key$/i,
+    /session.*token$/i,
+    /client.*secret$/i,
+];
+/**
+ * Fields that should NOT be masked (even if they match patterns)
+ */
+const EXCLUDED_FIELDS = ['role_arn', 'kms_key_id', 'key', 'key_file', 'key_id'];
+/**
+ * Check if a field name indicates sensitive data
+ */
+function isSensitiveField(fieldName) {
+    // Check if field is explicitly excluded
+    if (EXCLUDED_FIELDS.includes(fieldName)) {
+        return false;
+    }
+    const lowerName = fieldName.toLowerCase();
+    // Check exact matches first (these are always sensitive)
+    if (ALWAYS_MASKED_FIELDS.includes(lowerName)) {
+        return true;
+    }
+    // For 'key', only mask if it's clearly a credential (not key_file, key_id, etc.)
+    if (lowerName === 'key') {
+        // Don't mask generic 'key' fields - too many false positives
+        return false;
+    }
+    // Check patterns (e.g., client_secret, access_key, session_token)
+    return SENSITIVE_PATTERNS.some((pattern) => pattern.test(fieldName));
+}
+/**
+ * Mask sensitive values in an object recursively
+ */
+function maskSensitiveValues(obj, path = '') {
+    if (obj === null || obj === undefined) {
+        return obj;
+    }
+    if (Array.isArray(obj)) {
+        return obj.map((item, index) => maskSensitiveValues(item, `${path}[${index}]`));
+    }
+    if (typeof obj === 'object') {
+        const masked = {};
+        for (const key in obj) {
+            if (Object.prototype.hasOwnProperty.call(obj, key)) {
+                const fullPath = path ? `${path}.${key}` : key;
+                const value = obj[key];
+                if (isSensitiveField(key) || isSensitiveField(fullPath)) {
+                    // Mask the value
+                    if (typeof value === 'string' && value.length > 0) {
+                        masked[key] = '***MASKED***';
+                    }
+                    else {
+                        masked[key] = value;
+                    }
+                }
+                else {
+                    // Recursively mask nested objects
+                    masked[key] = maskSensitiveValues(value, fullPath);
+                }
+            }
+        }
+        return masked;
+    }
+    return obj;
+}
+/**
+ * Config command handler class
+ */
+class ConfigCommand {
+    /**
+     * Show resolved configuration
+     * Displays merged configuration with source tracking and masked sensitive values
+     */
+    static async show(cliOptions = {}) {
+        try {
+            // Load configuration
+            const config = await config_1.ConfigManager.load(cliOptions);
+            // Mask sensitive values
+            const maskedConfig = maskSensitiveValues(config);
+            // Format as YAML
+            const yamlOutput = js_yaml_1.default.dump(maskedConfig, {
+                indent: 2,
+                lineWidth: 120,
+                quotingType: '"',
+                forceQuotes: false,
+            });
+            logger_1.Logger.info('Resolved configuration:');
+            logger_1.Logger.info('');
+            logger_1.Logger.info(yamlOutput);
+            // Show configuration sources
+            logger_1.Logger.info('');
+            logger_1.Logger.info('Configuration sources:');
+            logger_1.Logger.info('  CLI: Command-line arguments (highest priority)');
+            logger_1.Logger.info('  ENV: Environment variables');
+            logger_1.Logger.info('  FILE: Configuration file (.tfwconfig.yml)');
+            logger_1.Logger.info('  DEFAULT: Hard-coded defaults (lowest priority)');
+            logger_1.Logger.info('');
+            logger_1.Logger.info('Note: Sensitive values are masked with ***MASKED***');
+        }
+        catch (error) {
+            logger_1.Logger.error(`Failed to show configuration: ${error instanceof Error ? error.message : String(error)}`);
+            throw error;
+        }
+    }
+    /**
+     * Generate skeleton configuration file
+     * Creates a .tfwconfig.yml with commented examples
+     */
+    static async init(outputPath, workingDir = process.cwd()) {
+        try {
+            const configPath = outputPath || (0, path_1.join)(workingDir, '.tfwconfig.yml');
+            // Check if file already exists
+            if ((0, fs_1.existsSync)(configPath)) {
+                logger_1.Logger.warn(`Configuration file already exists at ${configPath}`);
+                logger_1.Logger.warn('Use --output flag to specify a different filename');
+                throw new Error('Configuration file already exists');
+            }
+            // Generate skeleton
+            const skeleton = ConfigCommand.generateConfigSkeleton();
+            // Ensure directory exists
+            const dir = (0, path_1.dirname)(configPath);
+            if (!(0, fs_1.existsSync)(dir)) {
+                (0, fs_1.mkdirSync)(dir, { recursive: true });
+            }
+            // Write file
+            (0, fs_1.writeFileSync)(configPath, skeleton, 'utf8');
+            logger_1.Logger.success(`✅ Configuration skeleton created at ${configPath}`);
+        }
+        catch (error) {
+            logger_1.Logger.error(`Failed to create config file: ${error instanceof Error ? error.message : String(error)}`);
+            throw error;
+        }
+    }
+    /**
+     * Generate skeleton configuration file content
+     */
+    static generateConfigSkeleton() {
+        return `# Terraflow Configuration File
+# This file defines your Terraflow configuration
+# See https://github.com/salte-common/terraflow/blob/main/docs/configuration.md for full documentation
+
+# Global Settings
+# ===============
+
+# Workspace name (optional - will be derived if not specified)
+# Priority: CLI > ENV > Tag > Branch > Hostname
+workspace: development
+
+# Terraform working directory (default: ./terraform)
+# This is where your Terraform files (.tf) should be located
+working-dir: ./terraform
+
+# Skip git commit check for destructive operations
+# Set to true to skip validation that requires a clean git working directory
+skip-commit-check: false
+
+# Backend Configuration
+# ====================
+# Terraform backend for state storage
+# Options: local | s3 | azurerm | gcs
+
+backend:
+  # Backend type
+  type: local
+
+  # Backend-specific configuration
+  config:
+    # Local backend (no additional config needed)
+    # State is stored in terraform.tfstate in the working directory
+
+    # S3 Backend Example:
+    # type: s3
+    # config:
+    #   bucket: my-terraform-state-bucket
+    #   key: terraform.tfstate
+    #   region: us-east-1
+    #   encrypt: true  # Always recommended
+    #   dynamodb_table: terraform-statelock  # For state locking
+    #   kms_key_id: arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012  # Optional: KMS encryption
+
+    # Azure RM Backend Example:
+    # type: azurerm
+    # config:
+    #   resource_group_name: terraform-state-rg
+    #   storage_account_name: terraformstate
+    #   container_name: terraform-state
+    #   key: terraform.tfstate
+
+    # GCS Backend Example:
+    # type: gcs
+    # config:
+    #   bucket: terraform-state-bucket
+    #   prefix: terraform/state
+    #   credentials: /path/to/service-account-key.json  # Optional: path to service account key
+
+# Secrets Management
+# ==================
+# Secrets provider for retrieving Terraform variables
+# Options: env | aws-secrets | azure-keyvault | gcp-secret-manager
+
+# secrets:
+#   # Secrets provider type
+#   provider: env
+#
+#   # Provider-specific configuration
+#   config:
+#     # Environment secrets (no additional config needed)
+#     # Secrets are loaded from .env file or existing environment variables
+#     # Use TF_VAR_* prefix in .env file for Terraform variables
+#
+#     # AWS Secrets Manager Example:
+#     # provider: aws-secrets
+#     # config:
+#     #   secret_name: myapp/terraform-vars
+#     #   region: us-east-1  # Optional: uses AWS_REGION if not specified
+#
+#     # Azure Key Vault Example:
+#     # provider: azure-keyvault
+#     # config:
+#     #   vault_name: my-keyvault
+#     #   secret_name: terraform-vars
+#
+#     # GCP Secret Manager Example:
+#     # provider: gcp-secret-manager
+#     # config:
+#     #   project_id: my-gcp-project
+#     #   secret_id: terraform-vars
+
+# Authentication
+# ==============
+# Cloud provider authentication configuration
+# Used to assume roles or authenticate with cloud providers
+
+# auth:
+#   # AWS Assume Role Example:
+#   # assume_role:
+#   #   role_arn: arn:aws:iam::123456789012:role/terraform-role
+#   #   session_name: terraflow-session  # Optional: default is "terraflow-session"
+#   #   duration: 3600  # Optional: session duration in seconds (default: 3600)
+#
+#   # Azure Service Principal Example:
+#   # service_principal:
+#   #   client_id: your-client-id
+#   #   tenant_id: your-tenant-id
+#   #   client_secret: your-client-secret  # Optional: can use Azure CLI or managed identity
+#
+#   # GCP Service Account Example:
+#   # service_account:
+#   #   key_file: /path/to/service-account-key.json
+
+# Terraform Variables
+# ===================
+# Variables passed to Terraform as TF_VAR_* environment variables
+# These are converted automatically - no TF_VAR_ prefix needed in config
+
+# variables:
+#   environment: development
+#   region: us-east-1
+#   instance_count: 3
+
+# Workspace Derivation Strategy
+# =============================
+# Order of precedence for workspace name resolution
+# Default: [cli, env, tag, branch, hostname]
+
+# workspace_strategy:
+#   - cli      # Command-line --workspace flag
+#   - env      # TERRAFLOW_WORKSPACE environment variable
+#   - tag      # Git tag (if on a tag)
+#   - branch   # Git branch (if not ephemeral)
+#   - hostname # System hostname (fallback)
+
+# Validation Configuration
+# ========================
+# Validation rules for Terraform operations
+
+# validations:
+#   # Require git commit before apply/destroy
+#   require_git_commit: true
+#
+#   # List of allowed workspace names (empty = allow all)
+#   allowed_workspaces:
+#     - development
+#     - staging
+#     - production
+
+# Logging Configuration
+# =====================
+# Control logging behavior
+
+# logging:
+#   # Log level: error | warn | info | debug
+#   level: info
+#
+#   # Enable Terraform log output
+#   terraform_log: false
+#
+#   # Terraform log level: TRACE | DEBUG | INFO | WARN | ERROR
+#   terraform_log_level: TRACE
+
+# Template Variables
+# ==================
+# Configuration values support template variables using \${VAR} syntax
+# Available variables:
+#   - Environment variables (e.g., \${AWS_REGION})
+#   - Cloud provider info (e.g., \${AWS_ACCOUNT_ID}, \${AZURE_SUBSCRIPTION_ID}, \${GCP_PROJECT_ID})
+#   - VCS info (e.g., \${GITHUB_REPOSITORY}, \${GIT_BRANCH}, \${GIT_COMMIT_SHA})
+# Example:
+#   bucket: \${AWS_REGION}-\${AWS_ACCOUNT_ID}-terraform-state
+`;
+    }
+}
+exports.ConfigCommand = ConfigCommand;
+//# sourceMappingURL=config.js.map

package/dist/commands/destroy.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Destroy command handler
+ * Executes terraform destroy with Terraflow enhancements
+ */
+export declare class DestroyCommand {
+}
+//# sourceMappingURL=destroy.d.ts.map

package/dist/commands/destroy.js

@@ -0,0 +1,12 @@
+"use strict";
+/**
+ * Destroy command handler
+ * Executes terraform destroy with Terraflow enhancements
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DestroyCommand = void 0;
+// TODO: Implement destroy command
+class DestroyCommand {
+}
+exports.DestroyCommand = DestroyCommand;
+//# sourceMappingURL=destroy.js.map

package/dist/commands/init.d.ts

@@ -0,0 +1,68 @@
+/**
+ * Init command handler
+ * Scaffolds a new infrastructure project with opinionated defaults
+ */
+/**
+ * Init command options
+ */
+export interface InitOptions {
+    provider?: string;
+    language?: string;
+    workingDir?: string;
+    force?: boolean;
+}
+/**
+ * Init command handler for project scaffolding
+ *
+ * @example
+ * ```typescript
+ * // Create AWS project with JavaScript
+ * await InitCommand.execute('my-project', {
+ *   provider: 'aws',
+ *   language: 'javascript'
+ * });
+ *
+ * // Create Azure project with TypeScript
+ * await InitCommand.execute('my-project', {
+ *   provider: 'azure',
+ *   language: 'typescript'
+ * });
+ * ```
+ */
+export declare class InitCommand {
+    /**
+     * Execute the init command to scaffold a new infrastructure project
+     *
+     * Creates a complete project structure with:
+     * - Terraform configuration files for the specified cloud provider
+     * - Application code templates in the specified language
+     * - Pre-configured `.tfwconfig.yml` with backend settings
+     * - Example `.env.example` file
+     * - Complete `.gitignore` and `README.md`
+     *
+     * @param projectName - Name of the project to create (optional, defaults to current directory)
+     * @param options - Init command options
+     * @param options.provider - Cloud provider: 'aws', 'azure', or 'gcp' (default: 'aws')
+     * @param options.language - Application language: 'javascript', 'typescript', 'python', or 'go' (default: 'javascript')
+     * @param options.workingDir - Directory where to create the project (default: current directory)
+     * @param options.force - Overwrite existing files if present (default: false)
+     * @throws {ConfigError} If validation fails (invalid project name, provider, language, or non-empty directory)
+     *
+     * @example
+     * ```typescript
+     * // Create project in current directory
+     * await InitCommand.execute(undefined, { provider: 'aws' });
+     *
+     * // Create named project
+     * await InitCommand.execute('my-infrastructure', {
+     *   provider: 'gcp',
+     *   language: 'python'
+     * });
+     *
+     * // Force overwrite existing files
+     * await InitCommand.execute('my-project', { force: true });
+     * ```
+     */
+    static execute(projectName: string | undefined, options?: InitOptions): Promise<void>;
+}
+//# sourceMappingURL=init.d.ts.map

package/dist/commands/init.js

@@ -0,0 +1,131 @@
+"use strict";
+/**
+ * Init command handler
+ * Scaffolds a new infrastructure project with opinionated defaults
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InitCommand = void 0;
+const path_1 = require("path");
+const logger_1 = require("../utils/logger");
+const errors_1 = require("../core/errors");
+const scaffolding_1 = require("../utils/scaffolding");
+/**
+ * Init command handler for project scaffolding
+ *
+ * @example
+ * ```typescript
+ * // Create AWS project with JavaScript
+ * await InitCommand.execute('my-project', {
+ *   provider: 'aws',
+ *   language: 'javascript'
+ * });
+ *
+ * // Create Azure project with TypeScript
+ * await InitCommand.execute('my-project', {
+ *   provider: 'azure',
+ *   language: 'typescript'
+ * });
+ * ```
+ */
+class InitCommand {
+    /**
+     * Execute the init command to scaffold a new infrastructure project
+     *
+     * Creates a complete project structure with:
+     * - Terraform configuration files for the specified cloud provider
+     * - Application code templates in the specified language
+     * - Pre-configured `.tfwconfig.yml` with backend settings
+     * - Example `.env.example` file
+     * - Complete `.gitignore` and `README.md`
+     *
+     * @param projectName - Name of the project to create (optional, defaults to current directory)
+     * @param options - Init command options
+     * @param options.provider - Cloud provider: 'aws', 'azure', or 'gcp' (default: 'aws')
+     * @param options.language - Application language: 'javascript', 'typescript', 'python', or 'go' (default: 'javascript')
+     * @param options.workingDir - Directory where to create the project (default: current directory)
+     * @param options.force - Overwrite existing files if present (default: false)
+     * @throws {ConfigError} If validation fails (invalid project name, provider, language, or non-empty directory)
+     *
+     * @example
+     * ```typescript
+     * // Create project in current directory
+     * await InitCommand.execute(undefined, { provider: 'aws' });
+     *
+     * // Create named project
+     * await InitCommand.execute('my-infrastructure', {
+     *   provider: 'gcp',
+     *   language: 'python'
+     * });
+     *
+     * // Force overwrite existing files
+     * await InitCommand.execute('my-project', { force: true });
+     * ```
+     */
+    static async execute(projectName, options = {}) {
+        const provider = options.provider || 'aws';
+        const language = options.language || 'javascript';
+        const workingDir = options.workingDir || process.cwd();
+        const force = options.force || false;
+        // Validate provider
+        if (!(0, scaffolding_1.validateProvider)(provider)) {
+            throw new errors_1.ConfigError(`Invalid provider "${provider}". Must be one of: aws, azure, gcp.\n` +
+                `Example: terraflow init my-project --provider aws`);
+        }
+        // Validate language
+        if (!(0, scaffolding_1.validateLanguage)(language)) {
+            throw new errors_1.ConfigError(`Invalid language "${language}". Must be one of: javascript, typescript, python, go.\n` +
+                `Example: terraflow init my-project --language typescript`);
+        }
+        // Determine project directory
+        const projectDir = projectName ? (0, path_1.resolve)(workingDir, projectName) : (0, path_1.resolve)(workingDir);
+        // Validate project name if provided
+        if (projectName && !(0, scaffolding_1.validateProjectName)(projectName)) {
+            throw new errors_1.ConfigError(`Invalid project name "${projectName}". Project name must contain only alphanumeric characters, hyphens, and underscores.\n` +
+                `Valid examples: "my-project", "my_project", "project123"\n` +
+                `Invalid examples: "my project" (spaces), "my.project" (dots), "my/project" (slashes)`);
+        }
+        // Check if directory exists and is not empty
+        const isEmpty = await (0, scaffolding_1.isDirectoryEmpty)(projectDir);
+        if (!isEmpty && !force) {
+            throw new errors_1.ConfigError(`Directory "${projectDir}" is not empty. Use --force to overwrite existing files.\n` +
+                `Warning: Using --force will overwrite existing files in the target directory.\n` +
+                `Example: terraflow init ${projectName || 'my-project'} --force`);
+        }
+        logger_1.Logger.info(`🚀 Initializing project "${projectName || 'current directory'}"...`);
+        logger_1.Logger.info(`   Provider: ${provider}`);
+        logger_1.Logger.info(`   Language: ${language}`);
+        // Create project structure
+        await (0, scaffolding_1.createProjectStructure)(projectDir);
+        // Generate files
+        const finalProjectName = projectName || 'project';
+        await (0, scaffolding_1.generateTerraformFiles)(projectDir, provider, finalProjectName);
+        await (0, scaffolding_1.generateApplicationFiles)(projectDir, language, finalProjectName);
+        await (0, scaffolding_1.generateConfigFiles)(projectDir, provider, language, finalProjectName);
+        logger_1.Logger.info(`✅ Project "${projectName || 'current directory'}" initialized successfully!`);
+        logger_1.Logger.info('');
+        logger_1.Logger.info('Next steps:');
+        if (projectName) {
+            logger_1.Logger.info(`  1. cd ${projectName}`);
+            logger_1.Logger.info('  2. cp .env.example .env');
+        }
+        else {
+            logger_1.Logger.info('  1. cp .env.example .env');
+            logger_1.Logger.info('  2. Edit .env with your credentials');
+        }
+        if (projectName) {
+            logger_1.Logger.info('  3. Edit .env with your credentials');
+            logger_1.Logger.info('  4. Review and update .tfwconfig.yml');
+            logger_1.Logger.info('  5. terraflow init');
+            logger_1.Logger.info('  6. terraflow plan');
+        }
+        else {
+            logger_1.Logger.info('  3. Review and update .tfwconfig.yml');
+            logger_1.Logger.info('  4. terraflow init');
+            logger_1.Logger.info('  5. terraflow plan');
+        }
+        logger_1.Logger.info('');
+        logger_1.Logger.info('Documentation: ./README.md');
+    }
+}
+exports.InitCommand = InitCommand;
+//# sourceMappingURL=init.js.map

package/dist/commands/plan.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Plan command handler
+ * Executes terraform plan with Terraflow enhancements
+ */
+export declare class PlanCommand {
+}
+//# sourceMappingURL=plan.d.ts.map

package/dist/commands/plan.js

@@ -0,0 +1,12 @@
+"use strict";
+/**
+ * Plan command handler
+ * Executes terraform plan with Terraflow enhancements
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PlanCommand = void 0;
+// TODO: Implement plan command
+class PlanCommand {
+}
+exports.PlanCommand = PlanCommand;
+//# sourceMappingURL=plan.js.map

package/dist/core/backend-state.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Backend state management
+ * Stores previous backend configuration to detect migrations
+ */
+import type { BackendConfig } from '../types/config';
+/**
+ * Load previous backend state
+ * @param workingDir - Working directory
+ * @returns Previous backend configuration or null
+ */
+export declare function loadBackendState(workingDir: string): BackendConfig | null;
+/**
+ * Save backend state
+ * @param workingDir - Working directory
+ * @param backend - Backend configuration to save
+ */
+export declare function saveBackendState(workingDir: string, backend: BackendConfig): void;
+/**
+ * Detect if backend has changed
+ * @param workingDir - Working directory
+ * @param currentBackend - Current backend configuration
+ * @returns Previous backend type if changed, null otherwise
+ */
+export declare function detectBackendMigration(workingDir: string, currentBackend: BackendConfig): string | null;
+//# sourceMappingURL=backend-state.d.ts.map