-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathterraform.py
143 lines (107 loc) · 4.17 KB
/
terraform.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
import logging
logger = logging.getLogger(__name__)
from .common import (
TerraformBlock,
TerraformBlockTypes,
TerraformData,
TerraformLocal,
TerraformModule,
TerraformProvider,
TerraformResource,
TerraformStore,
kgenlib,
)
@kgenlib.register_generator(path="terraform.gen_backend")
class Backend(TerraformBlock):
type: TerraformBlockTypes = TerraformBlockTypes.BACKEND
def body(self):
config = self.config
self.resource.bucket = config.get("bucket")
self.resource.prefix = config.get("prefix")
self.resource.impersonate_service_account = config.get(
"impersonate_service_account"
)
self.filename = "terraform.tf"
@kgenlib.register_generator(path="terraform.gen_required_providers")
class RequiredProvider(TerraformBlock):
type: TerraformBlockTypes = TerraformBlockTypes.REQUIRED_PROVIDERS
def body(self):
config = self.config
self.set(config)
self.filename = "terraform.tf"
@kgenlib.register_generator(path="terraform.gen_provider")
class Provider(TerraformStore):
def body(self):
config = dict(self.config)
id = config.pop("id", self.id)
provider = TerraformProvider(id=id, config=config)
provider.set(config)
if config.get("alias"):
provider.filename = f"provider-{config.get('alias')}.tf"
self.add(provider)
@kgenlib.register_generator(path="terraform.gen_locals")
class Local(TerraformStore):
def body(self):
id = self.id
config = self.config
logger.debug(f"Adding local {id} with config {config}")
value = config.get("value")
# Handle support for Kapitan gkms secrets
if value.startswith("?{gkms:"):
local = TerraformLocal(id=id)
reference = f"{id}_reference"
local.set_local(name=reference, value=value)
data = f"{id}_data"
# Split the reference on the : and take the second element (the base64 encoded data)
local.set_local(
name=data,
value=f'${{yamldecode(base64decode(element(split(":", local.{reference}), 1)))}}',
)
# Create the google_kms_secret data source
gkms = TerraformData(id=id, type="google_kms_secret")
gkms.add("ciphertext", f"${{local.{data}.data}}")
gkms.add("crypto_key", f"${{local.{data}.key}}")
self.add(gkms)
# Create the local conditional on the data being base64 encoded or not
local.set_local(
name=id,
value=f'${{local.{data}.data == "base64" ? base64decode(data.google_kms_secret.{id}.plaintext) : data.google_kms_secret.{id}.plaintext}}',
)
self.add(local)
else:
local = TerraformLocal(id=id, config=config)
self.add(local)
@kgenlib.register_generator(path="terraform.data_sources")
class TerraformDataSource(TerraformStore):
def body(self):
data_source_type = self.name
data_sources_sets = self.config
for data_source_id, data_source_config in data_sources_sets.items():
data_block = TerraformData(
id=data_source_id,
type=data_source_type,
config=data_source_config,
defaults=self.defaults,
)
data_block.set(data_source_config)
self.add(data_block)
@kgenlib.register_generator(path="terraform.module")
class Module(TerraformStore):
def body(self):
module = TerraformModule(id=self.name, config=self.config)
self.add(module)
self.filename = "modules.tf"
@kgenlib.register_generator(path="terraform.resources.generic")
class TerraformGenericResource(TerraformStore):
def body(self):
resource_type = self.name
resource_sets = self.config
for resource_id, resource_config in resource_sets.items():
resource = TerraformResource(
id=resource_id,
type=resource_type,
config=resource_config,
defaults=self.defaults,
)
resource.set()
self.add(resource)