def setup(dry_run, print_only, thread_pool_size, internal,
use_jump_host, account_name, extra_labels):
gqlapi = gql.get_api()
accounts = queries.get_aws_accounts()
if account_name:
accounts = [n for n in accounts
if n['name'] == account_name]
if not accounts:
raise ValueError(f"aws account {account_name} is not found")
extra_labels['shard_key'] = account_name
settings = queries.get_app_interface_settings()
namespaces = gqlapi.query(TF_NAMESPACES_QUERY)['namespaces']
tf_namespaces = filter_tf_namespaces(namespaces, account_name)
ri, oc_map = fetch_current_state(dry_run, tf_namespaces, thread_pool_size,
internal, use_jump_host, account_name)
ts, working_dirs = init_working_dirs(accounts, thread_pool_size,
oc_map=oc_map,
settings=settings)
tf = Terraform(QONTRACT_INTEGRATION,
QONTRACT_INTEGRATION_VERSION,
QONTRACT_TF_PREFIX,
accounts,
working_dirs,
thread_pool_size)
existing_secrets = tf.get_terraform_output_secrets()
clusters = [c for c in queries.get_clusters()
if c.get('ocm') is not None]
ocm_map = OCMMap(clusters=clusters, integration=QONTRACT_INTEGRATION,
settings=settings)
ts.populate_resources(tf_namespaces, existing_secrets, account_name,
ocm_map=ocm_map)
ts.dump(print_only, existing_dirs=working_dirs)
return ri, oc_map, tf, tf_namespaces
def setup(dry_run, print_only, thread_pool_size, internal, use_jump_host,
account_name):
gqlapi = gql.get_api()
accounts = queries.get_aws_accounts()
if account_name:
accounts = [n for n in accounts if n['name'] == account_name]
if not accounts:
raise ValueError(f"aws account {account_name} is not found")
settings = queries.get_app_interface_settings()
namespaces = gqlapi.query(TF_NAMESPACES_QUERY)['namespaces']
tf_namespaces = [
namespace_info for namespace_info in namespaces
if namespace_info.get('managedTerraformResources')
]
ri, oc_map = fetch_current_state(dry_run, tf_namespaces, thread_pool_size,
internal, use_jump_host)
ts, working_dirs = init_working_dirs(accounts,
thread_pool_size,
oc_map=oc_map,
settings=settings)
tf = Terraform(QONTRACT_INTEGRATION, QONTRACT_INTEGRATION_VERSION,
QONTRACT_TF_PREFIX, accounts, working_dirs,
thread_pool_size)
existing_secrets = tf.get_terraform_output_secrets()
ts.populate_resources(tf_namespaces, existing_secrets, account_name)
ts.dump(print_only, existing_dirs=working_dirs)
return ri, oc_map, tf, tf_namespaces
def terraform_users_credentials(ctx):
accounts, working_dirs = tfu.setup(False, 1)
tf = Terraform(tfu.QONTRACT_INTEGRATION,
tfu.QONTRACT_INTEGRATION_VERSION,
tfu.QONTRACT_TF_PREFIX,
accounts,
working_dirs,
10,
init_users=True)
credentials = []
for account, output in tf.outputs.items():
user_passwords = tf.format_output(
output, tf.OUTPUT_TYPE_PASSWORDS)
console_urls = tf.format_output(
output, tf.OUTPUT_TYPE_CONSOLEURLS)
for user_name, enc_password in user_passwords.items():
item = {
'account': account,
'console_url': console_urls[account],
'user_name': user_name,
'encrypted_password': enc_password
}
credentials.append(item)
columns = ['account', 'console_url', 'user_name', 'encrypted_password']
print_output(ctx.obj['output'], credentials, columns)
def run(dry_run,
print_to_file=None,
enable_deletion=False,
io_dir='throughput/',
thread_pool_size=10,
send_mails=True):
# setup errors should skip resources that will lead
# to terraform errors. we should still do our best
# to reconcile all valid resources for all accounts.
accounts, working_dirs, setup_err, aws_api = setup(print_to_file,
thread_pool_size)
if print_to_file:
cleanup_and_exit()
if not working_dirs:
err = True
cleanup_and_exit(status=err)
tf = Terraform(QONTRACT_INTEGRATION,
QONTRACT_INTEGRATION_VERSION,
QONTRACT_TF_PREFIX,
accounts,
working_dirs,
thread_pool_size,
aws_api,
init_users=True)
if tf is None:
err = True
cleanup_and_exit(tf, err)
disabled_deletions_detected, err = tf.plan(enable_deletion)
if err:
cleanup_and_exit(tf, err)
tf.dump_deleted_users(io_dir)
if disabled_deletions_detected:
cleanup_and_exit(tf, disabled_deletions_detected)
if dry_run:
cleanup_and_exit(tf, setup_err)
err = tf.apply()
if err:
cleanup_and_exit(tf, err)
if send_mails:
new_users = tf.get_new_users()
settings = queries.get_app_interface_settings()
send_email_invites(new_users, settings)
cleanup_and_exit(tf, setup_err)
def run(dry_run=False,
print_only=False,
enable_deletion=False,
thread_pool_size=10,
defer=None):
settings = queries.get_app_interface_settings()
zones = queries.get_dns_zones()
participating_account_names = [z['account']['name'] for z in zones]
participating_accounts = [
a for a in queries.get_aws_accounts()
if a['name'] in participating_account_names
]
ts = Terrascript(QONTRACT_INTEGRATION,
"",
thread_pool_size,
participating_accounts,
settings=settings)
desired_state = build_desired_state(zones)
error = ts.populate_route53(desired_state)
if error:
sys.exit(ExitCodes.ERROR)
working_dirs = ts.dump(print_only=print_only)
if print_only:
sys.exit(ExitCodes.SUCCESS)
tf = Terraform(QONTRACT_INTEGRATION, QONTRACT_INTEGRATION_VERSION, "",
working_dirs, thread_pool_size)
if tf is None:
sys.exit(ExitCodes.ERROR)
defer(lambda: tf.cleanup())
_, err = tf.plan(enable_deletion)
if err:
sys.exit(ExitCodes.ERROR)
if dry_run:
return
err = tf.apply()
if err:
sys.exit(ExitCodes.ERROR)
def run(dry_run,
print_to_file=None,
enable_deletion=False,
io_dir='throughput/',
thread_pool_size=10,
send_mails=True):
accounts, working_dirs = setup(print_to_file, thread_pool_size)
if print_to_file:
cleanup_and_exit()
if working_dirs is None:
err = True
cleanup_and_exit(status=err)
tf = Terraform(QONTRACT_INTEGRATION,
QONTRACT_INTEGRATION_VERSION,
QONTRACT_TF_PREFIX,
accounts,
working_dirs,
thread_pool_size,
init_users=True)
if tf is None:
err = True
cleanup_and_exit(tf, err)
disabled_deletions_detected, err = tf.plan(enable_deletion)
if err:
cleanup_and_exit(tf, err)
tf.dump_deleted_users(io_dir)
if disabled_deletions_detected:
cleanup_and_exit(tf, disabled_deletions_detected)
if dry_run:
cleanup_and_exit(tf)
err = tf.apply()
if err:
cleanup_and_exit(tf, err)
if send_mails:
new_users = tf.get_new_users()
settings = queries.get_app_interface_settings()
send_email_invites(new_users, settings)
cleanup_and_exit(tf)
def run(dry_run,
print_to_file=None,
enable_deletion=False,
thread_pool_size=10,
defer=None):
settings = queries.get_app_interface_settings()
clusters = [
c for c in queries.get_clusters() if c.get("peering") is not None
]
with_ocm = any(c.get("ocm") for c in clusters)
if with_ocm:
ocm_map = OCMMap(clusters=clusters,
integration=QONTRACT_INTEGRATION,
settings=settings)
else:
# this is a case for an OCP cluster which is not provisioned
# through OCM. it is expected that an 'assume_role' is provided
# on the tgw defition in the cluster file.
ocm_map = {}
accounts = queries.get_aws_accounts()
awsapi = AWSApi(1, accounts, settings=settings, init_users=False)
# Fetch desired state for cluster-to-vpc(account) VPCs
desired_state, err = build_desired_state_tgw_attachments(
clusters, ocm_map, awsapi)
if err:
sys.exit(1)
# check there are no repeated vpc connection names
connection_names = [c["connection_name"] for c in desired_state]
if len(set(connection_names)) != len(connection_names):
logging.error("duplicate vpc connection names found")
sys.exit(1)
participating_accounts = [
item["requester"]["account"] for item in desired_state
]
participating_accounts += [
item["accepter"]["account"] for item in desired_state
]
participating_account_names = [a["name"] for a in participating_accounts]
accounts = [
a for a in queries.get_aws_accounts()
if a["name"] in participating_account_names
]
ts = Terrascript(QONTRACT_INTEGRATION,
"",
thread_pool_size,
accounts,
settings=settings)
ts.populate_additional_providers(participating_accounts)
ts.populate_tgw_attachments(desired_state)
working_dirs = ts.dump(print_to_file=print_to_file)
aws_api = AWSApi(1, accounts, settings=settings, init_users=False)
if print_to_file:
sys.exit()
tf = Terraform(
QONTRACT_INTEGRATION,
QONTRACT_INTEGRATION_VERSION,
"",
accounts,
working_dirs,
thread_pool_size,
aws_api,
)
if tf is None:
sys.exit(1)
defer(tf.cleanup)
disabled_deletions_detected, err = tf.plan(enable_deletion)
if err:
sys.exit(1)
if disabled_deletions_detected:
sys.exit(1)
if dry_run:
return
err = tf.apply()
if err:
sys.exit(1)
def run(dry_run,
print_only=False,
enable_deletion=False,
thread_pool_size=10,
defer=None):
settings = queries.get_app_interface_settings()
clusters = [
c for c in queries.get_clusters() if c.get('peering') is not None
]
ocm_map = OCMMap(clusters=clusters,
integration=QONTRACT_INTEGRATION,
settings=settings)
# Fetch desired state for cluster-to-vpc(account) VPCs
desired_state, err = \
build_desired_state_tgw_attachments(clusters, ocm_map, settings)
if err:
sys.exit(1)
# check there are no repeated vpc connection names
connection_names = [c['connection_name'] for c in desired_state]
if len(set(connection_names)) != len(connection_names):
logging.error("duplicate vpc connection names found")
sys.exit(1)
participating_accounts = \
[item['requester']['account'] for item in desired_state]
participating_accounts += \
[item['accepter']['account'] for item in desired_state]
participating_account_names = \
[a['name'] for a in participating_accounts]
accounts = [
a for a in queries.get_aws_accounts()
if a['name'] in participating_account_names
]
ts = Terrascript(QONTRACT_INTEGRATION,
"",
thread_pool_size,
accounts,
settings=settings)
ts.populate_additional_providers(participating_accounts)
ts.populate_tgw_attachments(desired_state)
working_dirs = ts.dump(print_only=print_only)
if print_only:
sys.exit()
tf = Terraform(QONTRACT_INTEGRATION, QONTRACT_INTEGRATION_VERSION, "",
accounts, working_dirs, thread_pool_size)
if tf is None:
sys.exit(1)
defer(lambda: tf.cleanup())
disabled_deletions_detected, err = tf.plan(enable_deletion)
if err:
sys.exit(1)
if disabled_deletions_detected:
sys.exit(1)
if dry_run:
return
err = tf.apply()
if err:
sys.exit(1)
def run(
dry_run=False,
print_to_file=None,
enable_deletion=True,
thread_pool_size=10,
defer=None,
):
settings = queries.get_app_interface_settings()
zones = queries.get_dns_zones()
all_accounts = queries.get_aws_accounts()
participating_account_names = [z["account"]["name"] for z in zones]
participating_accounts = [
a for a in all_accounts if a["name"] in participating_account_names
]
ts = Terrascript(
QONTRACT_INTEGRATION,
"",
thread_pool_size,
participating_accounts,
settings=settings,
)
desired_state = build_desired_state(zones, all_accounts, settings)
ts.populate_route53(desired_state)
working_dirs = ts.dump(print_to_file=print_to_file)
aws_api = AWSApi(1,
participating_accounts,
settings=settings,
init_users=False)
if print_to_file:
sys.exit(ExitCodes.SUCCESS)
tf = Terraform(
QONTRACT_INTEGRATION,
QONTRACT_INTEGRATION_VERSION,
"",
participating_accounts,
working_dirs,
thread_pool_size,
aws_api,
)
if tf is None:
sys.exit(ExitCodes.ERROR)
defer(tf.cleanup)
_, err = tf.plan(enable_deletion)
if err:
sys.exit(ExitCodes.ERROR)
if dry_run:
return
err = tf.apply()
if err:
sys.exit(ExitCodes.ERROR)
