def run(self, args, unknown_args):
environment = get_environment(args.env_name)
run_dir = environment.paths.get_env_file_path('.generated-terraform')
modules_dir = os.path.join(TERRAFORM_DIR, 'modules')
modules_dest = os.path.join(run_dir, 'modules')
if not os.path.isdir(run_dir):
os.mkdir(run_dir)
if not os.path.isdir(run_dir):
os.mkdir(run_dir)
if not (os.path.exists(modules_dest)
and os.readlink(modules_dest) == modules_dir):
os.symlink(modules_dir, modules_dest)
if args.username != get_default_username():
print_help_message_about_the_commcare_cloud_default_username_env_var(
args.username)
key_name = args.username
try:
generate_terraform_entrypoint(
environment,
key_name,
run_dir,
apply_immediately=args.apply_immediately)
except UnauthorizedUser as e:
allowed_users = environment.users_config.dev_users.present
puts(
color_error(
"Unauthorized user {}.\n\n"
"Use COMMCARE_CLOUD_DEFAULT_USERNAME or --username to pass in one of the allowed ssh users:{}"
.format(e.username, '\n - '.join([''] + allowed_users))))
return -1
if not args.skip_secrets and unknown_args and unknown_args[0] in (
'plan', 'apply'):
rds_password = (environment.get_vault_variables()['secrets']
['POSTGRES_USERS']['root']['password'] if
environment.terraform_config.rds_instances else '')
with open(os.path.join(run_dir, 'secrets.auto.tfvars'), 'w') as f:
print('rds_password = {}'.format(json.dumps(rds_password)),
file=f)
env_vars = {'AWS_PROFILE': aws_sign_in(environment)}
all_env_vars = os.environ.copy()
all_env_vars.update(env_vars)
cmd_parts = ['terraform'] + unknown_args
cmd = ' '.join(shlex_quote(arg) for arg in cmd_parts)
print_command('cd {}; {} {}; cd -'.format(
run_dir,
' '.join('{}={}'.format(key, value)
for key, value in env_vars.items()),
cmd,
))
return subprocess.call(cmd, shell=True, env=all_env_vars, cwd=run_dir)
def run(self, args, unknown_args):
environment = get_environment(args.env_name)
run_dir = environment.paths.get_env_file_path('.generated-terraform')
modules_dir = os.path.join(TERRAFORM_DIR, 'modules')
modules_dest = os.path.join(run_dir, 'modules')
if not os.path.isdir(run_dir):
os.mkdir(run_dir)
if not os.path.isdir(run_dir):
os.mkdir(run_dir)
if not (os.path.exists(modules_dest) and os.readlink(modules_dest) == modules_dir):
os.symlink(modules_dir, modules_dest)
if args.username != get_default_username():
print_help_message_about_the_commcare_cloud_default_username_env_var(args.username)
key_name = args.username
try:
generate_terraform_entrypoint(environment, key_name, run_dir,
apply_immediately=args.apply_immediately)
except UnauthorizedUser as e:
allowed_users = environment.users_config.dev_users.present
puts(colored.red(
"Unauthorized user {}.\n\n"
"Use COMMCARE_CLOUD_DEFAULT_USERNAME or --username to pass in one of the allowed ssh users:{}"
.format(e.username, '\n - '.join([''] + allowed_users))))
return -1
if not args.skip_secrets and unknown_args and unknown_args[0] in ('plan', 'apply'):
rds_password = (
environment.get_vault_variables()['secrets']['POSTGRES_USERS']['root']['password']
if environment.terraform_config.rds_instances
else ''
)
with open(os.path.join(run_dir, 'secrets.auto.tfvars'), 'w') as f:
print('rds_password = {}'.format(json.dumps(rds_password)), file=f)
env_vars = {'AWS_PROFILE': aws_sign_in(environment.terraform_config.aws_profile)}
all_env_vars = os.environ.copy()
all_env_vars.update(env_vars)
cmd_parts = ['terraform'] + unknown_args
cmd = ' '.join(shlex_quote(arg) for arg in cmd_parts)
print_command('cd {}; {} {}; cd -'.format(
run_dir,
' '.join('{}={}'.format(key, value) for key, value in env_vars.items()),
cmd,
))
return subprocess.call(cmd, shell=True, env=all_env_vars, cwd=run_dir)
def get_extra_ansible_env_vars(self):
from commcare_cloud.commands.terraform.aws import aws_sign_in
aws_profile = aws_sign_in(self.environment)
env_vars = {
'AWS_REGION': self.environment.terraform_config.region,
# generate one-time use encryption key
# for caching the secrets of this run to a file
'AWS_SECRETS_CACHE_KEY': Fernet.generate_key()
}
if aws_profile:
env_vars.update({'AWS_PROFILE': aws_profile})
if sys.platform == 'darwin':
# Needed to get the ansible aws_secrets lookup plugin to work on MacOS
# More on the underlying ansible issue: https://github.com/ansible/ansible/issues/49207
env_vars.update({'OBJC_DISABLE_INITIALIZE_FORK_SAFETY': 'YES'})
return env_vars
def s3_client(self):
return boto3.session.Session(profile_name=aws_sign_in(self.aws_profile)).client('s3')
def s3_client(self):
return boto3.session.Session(profile_name=aws_sign_in(
get_environment(self.environment))).client('s3')
def s3_client(self):
return boto3.session.Session(
profile_name=aws_sign_in(self.aws_profile)).client('s3')
def _secrets_client(self):
from commcare_cloud.commands.terraform.aws import aws_sign_in
return boto3.session.Session(
profile_name=aws_sign_in(self.environment)).client(
'secretsmanager',
region_name=self.environment.terraform_config.region)
def prompt_user_input(self):
from commcare_cloud.commands.terraform.aws import aws_sign_in
# make sure this happens upfront and not lazily
# Often there will be no prompt at all, but the first time you run it in a while
# it'll trigger the AWS SSO process to refresh the temporary credentials
aws_sign_in(self.environment)
