pkg

package
v0.0.0-...-a2cc28f Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 30, 2024 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Overview

Package pkg contains logic for executing Terraform actions

Index

Constants

View Source 
const (
	AwsAccessKeyID     = "aws_access_key_id"
	AwsSecretAccessKey = "aws_secret_access_key"
	AwsRegion          = "region"
	AwsBucket          = "bucket"
)

standardized AppSRE terraform secret keys

View Source 
const (
	AWSVarsFile   = "aws.auto.tfvars"
	InputVarsFile = "input.auto.tfvars"
	BackendFile   = "s3.tfbackend"
)

terraform specific filenames the "auto" vars files will automatically be loaded by the tf binary

Variables

This section is empty.

Functions

func Run 

func Run(cfgPath,
	workdir,
	vaultAddr,
	roleID,
	secretID,
	kvVersion string) error

Run is responsible for the full lifecycle of creating/updating/deleting a Terraform repo. Including loading config, secrets from vault, creation and cleanup of temp directories and the actual Terraform operations

func WriteTemplate 

func WriteTemplate[T TfVars | vaultutil.VaultKvData | TfCreds](inputs T, body string, filename string, workdir string, repo Repo) error

WriteTemplate is responsible for templating a file and writing it to disk note that this is not a struct method as generics are incompatible with methods

Types

type Executor 

type Executor struct {
	// contains filtered or unexported fields
}

Executor includes required secrets and variables to perform a tf repo executor run

type Input 

type Input struct {
	DryRun bool   `yaml:"dry_run" json:"dry_run"`
	Repos  []Repo `yaml:"repos" json:"repos"`
}

Input holds YAML/JSON loaded from CONFIG_FILE and is passed from Qontract Reconcile

type Repo 

type Repo struct {
	Name        string                `yaml:"name" json:"name"`
	URL         string                `yaml:"repository" json:"repository"`
	Path        string                `yaml:"project_path" json:"project_path"`
	Ref         string                `yaml:"ref" json:"ref"`
	Delete      bool                  `yaml:"delete" json:"delete"`
	AWSCreds    vaultutil.VaultSecret `yaml:"aws_creds" json:"aws_creds"`
	Bucket      string                `yaml:"bucket,omitempty" json:"bucket,omitempty"`
	Region      string                `yaml:"region,omitempty" json:"region,omitempty"`
	BucketPath  string                `yaml:"bucket_path,omitempty" json:"bucket_path,omitempty"`
	RequireFips bool                  `yaml:"require_fips" json:"require_fips"`
	TfVersion   string                `yaml:"tf_version" json:"tf_version"`
	TfVariables TfVariables           `yaml:"variables,omitempty" json:"variables,omitempty"`
}

Repo represents an individual Terraform Repo

type TfCreds 

type TfCreds struct {
	AccessKey string
	SecretKey string
	Region    string
	Key       string // set when initializing backend
	Bucket    string
}

TfCreds is made up of AWS credentials and configuration for using an S3 backend with Terraform

type TfVariables 

type TfVariables struct {
	Inputs  vaultutil.VaultSecret `yaml:"inputs" json:"inputs"`
	Outputs vaultutil.VaultSecret `yaml:"outputs" json:"outputs"`
}

TfVariables are references to Vault paths used for reading/writing inputs and outputs

type TfVars 

type TfVars struct {
	AccessKey     string
	SecretKey     string
	Region        string
	VaultAddress  string
	VaultRoleID   string
	VaultSecretID string
}

TfVars are secrets and IDs required for setting up a Terraform S3 backend

Source Files

View all Source files

Directories

Path Synopsis
Package vaultutil includes helper functions for communicating with Vault
 Package vaultutil includes helper functions for communicating with Vault

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.