def _check_security(accessKey, secretKey, region, resource, terraform): group_name = "pacbot" client = boto3.client('ec2', region_name=region, aws_access_key_id=accessKey, aws_secret_access_key=secretKey) security_groups = client.describe_security_groups( Filters=[{ 'Name': 'group-name', 'Values': [group_name] }]) if len(security_groups['SecurityGroups']) > 0: for security_group in security_groups['SecurityGroups']: if security_group['GroupName'] == group_name: group_id = security_group['GroupId'] jsonRead._write_json(resource, group_id) print( "-- Skipping security group creation as it already exists." ) return True ec2 = boto3.resource('ec2', region_name=region, aws_access_key_id=accessKey, aws_secret_access_key=secretKey) security_group = ec2.SecurityGroup(jsonRead._get_security_id()) return _check_in_terraform(security_group.id, terraform)
def _create_or_destroy(terraform, action, resource, approve): if action == "install": response = terraform.apply(**approve) print resource, " creation completed" _logs_display(response) try: response = terraform.output() value = response['pacman']['value'] if response is not None: jsonRead._write_json(resource, value) except TypeError as e: pass except KeyError as ke: pass elif action == "destroy": response = terraform.destroy(**approve) _logs_display(response) try: os.remove("./terraform/" + resource + "/terraform.tfstate") os.remove("./terraform/" + resource + "/terraform.tfstate.backup") except OSError as ose: pass
user_name = '' user_arn = '' policylist = [] assignedpolicieslist = [] client_accountid = '' accessKey = raw_input("Enter base Account Access Key=") secretKey = raw_input("Enter base Account Secret Key=") region = raw_input("Enter base Account AWS region=") # client_arn=raw_input("Enter service account role arn=") vpcid = jsonRead._get_vpcid() client_assumerole = '' # client_arn.split("/")[1] client_accountid = '' # client_arn.split("::")[1].split(":")[0] jsonRead._write_json("client_account_id", client_accountid) jsonRead._write_json("client_assume_role", client_assumerole) err_msg = "System is exiting" vpcid = network._check_vpc(region, accessKey, secretKey, jsonRead._get_vpcid(), err_msg) if vpcid is None: sys.exit() cidr_input = jsonRead._get_cidr() cidr_list = network._get_cidr_list() subnet_list = network._get_subnetid(vpcid, region, accessKey, secretKey) subnet_input = jsonRead._get_subnet() ''' if cidr_input not in cidr_list: print "Please add correct CIDR in resource.json"
def _create_aws_resources(aws_access_key, aws_secret_key, region): warnings.simplefilter("ignore") warnings.simplefilter("error") varsmap = {} threads = [] rc = 0 filecreator.flush_logfile() for count, resource in enumerate(varsdata._get_execution_order(), start=0): if resource == "build-ui": # For build ui just call the function and dont do anything else jsonRead._build_ui_apps(aws_access_key, aws_secret_key, region) continue varsmap = varsdata._get_terraform_map(resource, "") if varsmap is None: continue print "Creating ", resource varsmap.update({ 'aws_access_key': aws_access_key, 'aws_secret_key': aws_secret_key, 'region': region }) terraform = '' to_be_created = False try: terraform = Terraform(working_dir='./terraform/' + resource) terraform.init() except ValueError as ve: os.remove("./terraform/" + resource + "/terraform.tfstate") terraform = Terraform(working_dir='./terraform/' + resource) terraform.init() if resource in ("es", "rds", "redshift"): rc += 1 if count != 2 and checkresources._check_resource( aws_access_key, aws_secret_key, region, resource, terraform) is True: if resource in ("es", "rds", "redshift"): if len(threads) == 0: continue else: continue else: to_be_created = True if resource == "batch": network.create_KeyPair(region, aws_access_key, aws_secret_key, jsonRead._get_key_name(), jsonRead._get_file_name()) filecreator.file_replace(jsonRead._get_base_accountid()) container.handler._create_ecr_image_push( region, aws_access_key, aws_secret_key, './container', jsonRead._get_batch_repo(), pacman_installation) elif resource == "oss-api": filecreator._api_file_replace(jsonRead._get_base_accountid()) container.handler._create_ecr_image_push(region, aws_access_key, aws_secret_key, './container/api', jsonRead._get_api_repo(), pacman_installation) elif resource == "oss-ui": filecreator._ui_file_replace(jsonRead._get_base_accountid()) container.handler._create_ecr_image_push(region, aws_access_key, aws_secret_key, './container/ui', jsonRead._get_ui_repo(), pacman_installation) response = terraform.plan(refresh=False, capture_output=True, input=False, var=varsmap) if count == 2: varsmap.update({'check': 0}) approve = {"auto_approve": True, "var": varsmap} if resource in ("es", "rds", "redshift"): if to_be_created: threads.append( Thread(target=_create_or_destroy, args=( terraform, "install", resource, approve, ))) to_be_created = False if rc == 3: for thread in threads: thread.start() for thread in threads: thread.join() else: response = terraform.apply(**approve) _logs_display(response) print resource, " creation completed" response = terraform.output() try: value = response['pacman']['value'] if response is not None: jsonRead._write_json(resource, value) except TypeError as e: continue except KeyError as ke: continue append_ui_url_and_auth_details_to_log()