Documentation
¶
Overview ¶
Package pkg contains logic for executing Terraform actions
Index ¶
Constants ¶
const ( AwsAccessKeyID = "aws_access_key_id" AwsSecretAccessKey = "aws_secret_access_key" AwsRegion = "region" AwsBucket = "bucket" )
standardized AppSRE terraform secret keys
const ( AWSVarsFile = "aws.auto.tfvars" InputVarsFile = "input.auto.tfvars" BackendFile = "s3.tfbackend" )
terraform specific filenames the "auto" vars files will automatically be loaded by the tf binary
const FolderPerm = 0770
FolderPerm is 0770 in chmod
Variables ¶
This section is empty.
Functions ¶
func MaskSensitiveStateValues ¶
MaskSensitiveStateValues redacts any Vault secrets in a Terraform human-readable state file more specifically, any Terraform datasource beginning with `vault_` will be redacted from the output
func Run ¶
func Run(cfgPath, workdir, vaultAddr, roleID, secretID, gitlabLogRepo, gitlabUsername, gitlabToken, gitEmail string, tfParallelism int) error
Run is responsible for the full lifecycle of creating/updating/deleting a Terraform repo. Including loading config, secrets from vault, creation and cleanup of temp directories and the actual Terraform operations
func WriteTemplate ¶
func WriteTemplate[T TfVars | vaultutil.VaultKvData | TfCreds | StateVars](inputs T, body string, out string) error
WriteTemplate is responsible for templating a file and writing it to the location specified at out note that this is not a struct method as generics are incompatible with methods
Types ¶
type Executor ¶
type Executor struct {
// contains filtered or unexported fields
}
Executor includes required secrets and variables to perform a tf repo executor run
type Input ¶
type Input struct {
DryRun bool `yaml:"dry_run" json:"dry_run"`
Repos []Repo `yaml:"repos" json:"repos"`
}
Input holds YAML/JSON loaded from CONFIG_FILE and is passed from Qontract Reconcile
type Repo ¶
type Repo struct {
Name string `yaml:"name" json:"name"`
URL string `yaml:"repository" json:"repository"`
Path string `yaml:"project_path" json:"project_path"`
Ref string `yaml:"ref" json:"ref"`
Delete bool `yaml:"delete" json:"delete"`
AWSCreds vaultutil.VaultSecret `yaml:"aws_creds" json:"aws_creds"`
Bucket string `yaml:"bucket,omitempty" json:"bucket,omitempty"`
Region string `yaml:"region,omitempty" json:"region,omitempty"`
BucketPath string `yaml:"bucket_path,omitempty" json:"bucket_path,omitempty"`
RequireFips bool `yaml:"require_fips" json:"require_fips"`
TfVersion string `yaml:"tf_version" json:"tf_version"`
TfVariables TfVariables `yaml:"variables,omitempty" json:"variables,omitempty"`
}
Repo represents an individual Terraform Repo
type TfCreds ¶
type TfCreds struct {
AccessKey string
SecretKey string
Region string
Key string // set when initializing backend
Bucket string
}
TfCreds is made up of AWS credentials and configuration for using an S3 backend with Terraform
type TfVariables ¶
type TfVariables struct {
Inputs vaultutil.VaultSecret `yaml:"inputs" json:"inputs"`
Outputs vaultutil.VaultSecret `yaml:"outputs" json:"outputs"`
}
TfVariables are references to Vault paths used for reading/writing inputs and outputs
Source Files
Directories