def init_working_dirs(accounts, thread_pool_size,
print_only=False, oc_map=None, settings=None):
ts = Terrascript(QONTRACT_INTEGRATION,
QONTRACT_TF_PREFIX,
thread_pool_size,
accounts,
oc_map,
settings=settings)
working_dirs = ts.dump(print_only)
return ts, working_dirs
def setup(print_only, thread_pool_size):
tf_query = get_tf_query()
ts = Terrascript(QONTRACT_INTEGRATION, QONTRACT_TF_PREFIX,
thread_pool_size)
err = ts.populate_users(tf_query)
if err:
return None, err
working_dirs, error = ts.dump(print_only)
return working_dirs, error
def init_tf_working_dirs(accounts, thread_pool_size, settings):
# copied here to avoid circular dependency
QONTRACT_INTEGRATION = 'terraform_resources'
QONTRACT_TF_PREFIX = 'qrtf'
# if the terraform-resources integration is disabled
# for an account, it means that Terrascript will not
# initiate that account's config and will not create
# a working directory for it. this means that we are
# not able to recycle access keys belonging to users
# created by terraform-resources, but it is disabled
# tl;dr - we are good. how cool is this alignment...
ts = Terrascript(QONTRACT_INTEGRATION,
QONTRACT_TF_PREFIX,
thread_pool_size,
accounts,
settings=settings)
return ts.dump()
def setup(print_only, thread_pool_size):
gqlapi = gql.get_api()
accounts = queries.get_aws_accounts()
settings = queries.get_app_interface_settings()
roles = gqlapi.query(TF_QUERY)['roles']
tf_roles = [
r for r in roles
if r['aws_groups'] is not None or r['user_policies'] is not None
]
ts = Terrascript(QONTRACT_INTEGRATION,
QONTRACT_TF_PREFIX,
thread_pool_size,
accounts,
settings=settings)
err = ts.populate_users(tf_roles)
if err:
return None
working_dirs = ts.dump(print_only)
return working_dirs
def run(dry_run=False,
print_only=False,
enable_deletion=False,
thread_pool_size=10,
defer=None):
settings = queries.get_app_interface_settings()
desired_state = fetch_desired_state(settings)
# check there are no repeated vpc connection names
connection_names = [c['connection_name'] for c in desired_state]
if len(set(connection_names)) != len(connection_names):
logging.error("duplicated vpc connection names found")
sys.exit(1)
participating_accounts = \
[item['account'] for item in desired_state]
participating_account_names = \
[a['name'] for a in participating_accounts]
accounts = [
a for a in queries.get_aws_accounts()
if a['name'] in participating_account_names
]
ts = Terrascript(QONTRACT_INTEGRATION,
"",
thread_pool_size,
accounts,
settings=settings)
ts.populate_additional_providers(participating_accounts)
ts.populate_vpc_peerings(desired_state)
working_dirs = ts.dump(print_only=print_only)
if print_only:
sys.exit()
tf = Terraform(QONTRACT_INTEGRATION, QONTRACT_INTEGRATION_VERSION, "",
working_dirs, thread_pool_size)
if tf is None:
sys.exit(1)
defer(lambda: tf.cleanup())
deletions_detected, err = tf.plan(enable_deletion)
if err:
sys.exit(1)
if deletions_detected and not enable_deletion:
sys.exit(1)
if dry_run:
return
err = tf.apply()
if err:
sys.exit(1)
def run(dry_run,
print_only=False,
enable_deletion=False,
thread_pool_size=10,
defer=None):
settings = queries.get_app_interface_settings()
clusters = [
c for c in queries.get_clusters() if c.get('peering') is not None
]
ocm_map = OCMMap(clusters=clusters,
integration=QONTRACT_INTEGRATION,
settings=settings)
# Fetch desired state for cluster-to-vpc(account) VPCs
desired_state_vpc, err = \
build_desired_state_vpc(clusters, ocm_map, settings)
if err:
sys.exit(1)
# Fetch desired state for cluster-to-cluster VPCs
desired_state_cluster, err = \
build_desired_state_cluster(clusters, ocm_map, settings)
if err:
sys.exit(1)
desired_state = desired_state_vpc + desired_state_cluster
# check there are no repeated vpc connection names
connection_names = [c['connection_name'] for c in desired_state]
if len(set(connection_names)) != len(connection_names):
logging.error("duplicate vpc connection names found")
sys.exit(1)
participating_accounts = \
[item['requester']['account'] for item in desired_state]
participating_accounts += \
[item['accepter']['account'] for item in desired_state]
participating_account_names = \
[a['name'] for a in participating_accounts]
accounts = [
a for a in queries.get_aws_accounts()
if a['name'] in participating_account_names
]
ts = Terrascript(QONTRACT_INTEGRATION,
"",
thread_pool_size,
accounts,
settings=settings)
ts.populate_additional_providers(participating_accounts)
ts.populate_vpc_peerings(desired_state)
working_dirs = ts.dump(print_only=print_only)
if print_only:
sys.exit()
tf = Terraform(QONTRACT_INTEGRATION, QONTRACT_INTEGRATION_VERSION, "",
working_dirs, thread_pool_size)
if tf is None:
sys.exit(1)
defer(lambda: tf.cleanup())
deletions_detected, err = tf.plan(enable_deletion)
if err:
sys.exit(1)
if deletions_detected and not enable_deletion:
sys.exit(1)
if dry_run:
return
err = tf.apply()
if err:
sys.exit(1)