Documentation ¶
Overview ¶
Package pkg contains logic for executing Terraform actions
Index ¶
- Constants
- func Run(cfgPath, workdir, vaultAddr, roleID, secretID, kvVersion string) error
- func WriteTemplate[T TfVars | vaultutil.VaultKvData | TfCreds](inputs T, body string, filename string, workdir string, repo Repo) error
- type Executor
- type Input
- type Repo
- type TfCreds
- type TfVariables
- type TfVars
Constants ¶
const ( AwsAccessKeyID = "aws_access_key_id" AwsSecretAccessKey = "aws_secret_access_key" AwsRegion = "region" AwsBucket = "bucket" )
standardized AppSRE terraform secret keys
const ( AWSVarsFile = "aws.auto.tfvars" InputVarsFile = "input.auto.tfvars" BackendFile = "s3.tfbackend" )
terraform specific filenames the "auto" vars files will automatically be loaded by the tf binary
Variables ¶
This section is empty.
Functions ¶
func Run ¶
Run is responsible for the full lifecycle of creating/updating/deleting a Terraform repo. Including loading config, secrets from vault, creation and cleanup of temp directories and the actual Terraform operations
func WriteTemplate ¶
func WriteTemplate[T TfVars | vaultutil.VaultKvData | TfCreds](inputs T, body string, filename string, workdir string, repo Repo) error
WriteTemplate is responsible for templating a file and writing it to disk note that this is not a struct method as generics are incompatible with methods
Types ¶
type Executor ¶
type Executor struct {
// contains filtered or unexported fields
}
Executor includes required secrets and variables to perform a tf repo executor run
type Input ¶
type Input struct { DryRun bool `yaml:"dry_run" json:"dry_run"` Repos []Repo `yaml:"repos" json:"repos"` }
Input holds YAML/JSON loaded from CONFIG_FILE and is passed from Qontract Reconcile
type Repo ¶
type Repo struct { Name string `yaml:"name" json:"name"` URL string `yaml:"repository" json:"repository"` Path string `yaml:"project_path" json:"project_path"` Ref string `yaml:"ref" json:"ref"` Delete bool `yaml:"delete" json:"delete"` AWSCreds vaultutil.VaultSecret `yaml:"aws_creds" json:"aws_creds"` Bucket string `yaml:"bucket,omitempty" json:"bucket,omitempty"` Region string `yaml:"region,omitempty" json:"region,omitempty"` BucketPath string `yaml:"bucket_path,omitempty" json:"bucket_path,omitempty"` RequireFips bool `yaml:"require_fips" json:"require_fips"` TfVersion string `yaml:"tf_version" json:"tf_version"` TfVariables TfVariables `yaml:"variables,omitempty" json:"variables,omitempty"` }
Repo represents an individual Terraform Repo
type TfCreds ¶
type TfCreds struct { AccessKey string SecretKey string Region string Key string // set when initializing backend Bucket string }
TfCreds is made up of AWS credentials and configuration for using an S3 backend with Terraform
type TfVariables ¶
type TfVariables struct { Inputs vaultutil.VaultSecret `yaml:"inputs" json:"inputs"` Outputs vaultutil.VaultSecret `yaml:"outputs" json:"outputs"` }
TfVariables are references to Vault paths used for reading/writing inputs and outputs