def init_working_dirs(accounts, thread_pool_size, oc_map=None, settings=None):
ts = Terrascript(QONTRACT_INTEGRATION,
QONTRACT_TF_PREFIX,
thread_pool_size,
accounts,
oc_map,
settings=settings)
working_dirs = ts.dump()
return ts, working_dirs
def get_accounts_names():
accounts = queries.get_aws_accounts()
settings = queries.get_app_interface_settings()
# using Terrascript to filter out disabled accounts
ts = Terrascript(tfr.QONTRACT_INTEGRATION,
tfr.QONTRACT_INTEGRATION_VERSION,
1,
accounts,
settings=settings)
return ts.uids.keys()
def init_working_dirs(
accounts: list[dict[str, Any]],
thread_pool_size: int,
oc_map: Optional[OCMMap] = None,
settings: Optional[Mapping[str, Any]] = None
) -> tuple[Terrascript, dict[str, str]]:
ts = Terrascript(QONTRACT_INTEGRATION,
QONTRACT_TF_PREFIX,
thread_pool_size,
accounts,
settings=settings)
working_dirs = ts.dump()
return ts, working_dirs
def run(dry_run=False,
print_only=False,
enable_deletion=False,
thread_pool_size=10,
defer=None):
settings = queries.get_app_interface_settings()
zones = queries.get_dns_zones()
participating_account_names = [z['account']['name'] for z in zones]
participating_accounts = [
a for a in queries.get_aws_accounts()
if a['name'] in participating_account_names
]
ts = Terrascript(QONTRACT_INTEGRATION,
"",
thread_pool_size,
participating_accounts,
settings=settings)
desired_state = build_desired_state(zones)
error = ts.populate_route53(desired_state)
if error:
sys.exit(ExitCodes.ERROR)
working_dirs = ts.dump(print_only=print_only)
if print_only:
sys.exit(ExitCodes.SUCCESS)
tf = Terraform(QONTRACT_INTEGRATION, QONTRACT_INTEGRATION_VERSION, "",
working_dirs, thread_pool_size)
if tf is None:
sys.exit(ExitCodes.ERROR)
defer(lambda: tf.cleanup())
_, err = tf.plan(enable_deletion)
if err:
sys.exit(ExitCodes.ERROR)
if dry_run:
return
err = tf.apply()
if err:
sys.exit(ExitCodes.ERROR)
def init_tf_working_dirs(accounts, thread_pool_size, settings):
# copied here to avoid circular dependency
QONTRACT_INTEGRATION = 'terraform_resources'
QONTRACT_TF_PREFIX = 'qrtf'
# if the terraform-resources integration is disabled
# for an account, it means that Terrascript will not
# initiate that account's config and will not create
# a working directory for it. this means that we are
# not able to recycle access keys belonging to users
# created by terraform-resources, but it is disabled
# tl;dr - we are good. how cool is this alignment...
ts = Terrascript(QONTRACT_INTEGRATION,
QONTRACT_TF_PREFIX,
thread_pool_size,
accounts,
settings=settings)
return ts.dump()
def setup(print_to_file, thread_pool_size: int) \
-> tuple[list[dict[str, Any]], dict[str, str], bool, AWSApi]:
gqlapi = gql.get_api()
accounts = queries.get_aws_accounts()
settings = queries.get_app_interface_settings()
roles = expiration.filter(gqlapi.query(TF_QUERY)['roles'])
tf_roles = [
r for r in roles
if r['aws_groups'] is not None or r['user_policies'] is not None
]
ts = Terrascript(QONTRACT_INTEGRATION,
QONTRACT_TF_PREFIX,
thread_pool_size,
accounts,
settings=settings)
err = ts.populate_users(tf_roles)
working_dirs = ts.dump(print_to_file)
aws_api = AWSApi(1, accounts, settings=settings, init_users=False)
return accounts, working_dirs, err, aws_api
def setup(print_only, thread_pool_size):
gqlapi = gql.get_api()
accounts = queries.get_aws_accounts()
settings = queries.get_app_interface_settings()
roles = gqlapi.query(TF_QUERY)['roles']
tf_roles = [r for r in roles
if r['aws_groups'] is not None
or r['user_policies'] is not None]
ts = Terrascript(QONTRACT_INTEGRATION,
QONTRACT_TF_PREFIX,
thread_pool_size,
accounts,
settings=settings)
err = ts.populate_users(tf_roles)
if err:
return None
working_dirs = ts.dump(print_only)
return working_dirs
def run(dry_run,
print_to_file=None,
enable_deletion=False,
thread_pool_size=10,
defer=None):
settings = queries.get_app_interface_settings()
clusters = [
c for c in queries.get_clusters() if c.get("peering") is not None
]
with_ocm = any(c.get("ocm") for c in clusters)
if with_ocm:
ocm_map = OCMMap(clusters=clusters,
integration=QONTRACT_INTEGRATION,
settings=settings)
else:
# this is a case for an OCP cluster which is not provisioned
# through OCM. it is expected that an 'assume_role' is provided
# on the tgw defition in the cluster file.
ocm_map = {}
accounts = queries.get_aws_accounts()
awsapi = AWSApi(1, accounts, settings=settings, init_users=False)
# Fetch desired state for cluster-to-vpc(account) VPCs
desired_state, err = build_desired_state_tgw_attachments(
clusters, ocm_map, awsapi)
if err:
sys.exit(1)
# check there are no repeated vpc connection names
connection_names = [c["connection_name"] for c in desired_state]
if len(set(connection_names)) != len(connection_names):
logging.error("duplicate vpc connection names found")
sys.exit(1)
participating_accounts = [
item["requester"]["account"] for item in desired_state
]
participating_accounts += [
item["accepter"]["account"] for item in desired_state
]
participating_account_names = [a["name"] for a in participating_accounts]
accounts = [
a for a in queries.get_aws_accounts()
if a["name"] in participating_account_names
]
ts = Terrascript(QONTRACT_INTEGRATION,
"",
thread_pool_size,
accounts,
settings=settings)
ts.populate_additional_providers(participating_accounts)
ts.populate_tgw_attachments(desired_state)
working_dirs = ts.dump(print_to_file=print_to_file)
aws_api = AWSApi(1, accounts, settings=settings, init_users=False)
if print_to_file:
sys.exit()
tf = Terraform(
QONTRACT_INTEGRATION,
QONTRACT_INTEGRATION_VERSION,
"",
accounts,
working_dirs,
thread_pool_size,
aws_api,
)
if tf is None:
sys.exit(1)
defer(tf.cleanup)
disabled_deletions_detected, err = tf.plan(enable_deletion)
if err:
sys.exit(1)
if disabled_deletions_detected:
sys.exit(1)
if dry_run:
return
err = tf.apply()
if err:
sys.exit(1)
def run(dry_run,
print_only=False,
enable_deletion=False,
thread_pool_size=10,
defer=None):
settings = queries.get_app_interface_settings()
clusters = [
c for c in queries.get_clusters() if c.get('peering') is not None
]
ocm_map = OCMMap(clusters=clusters,
integration=QONTRACT_INTEGRATION,
settings=settings)
# Fetch desired state for cluster-to-vpc(account) VPCs
desired_state, err = \
build_desired_state_tgw_attachments(clusters, ocm_map, settings)
if err:
sys.exit(1)
# check there are no repeated vpc connection names
connection_names = [c['connection_name'] for c in desired_state]
if len(set(connection_names)) != len(connection_names):
logging.error("duplicate vpc connection names found")
sys.exit(1)
participating_accounts = \
[item['requester']['account'] for item in desired_state]
participating_accounts += \
[item['accepter']['account'] for item in desired_state]
participating_account_names = \
[a['name'] for a in participating_accounts]
accounts = [
a for a in queries.get_aws_accounts()
if a['name'] in participating_account_names
]
ts = Terrascript(QONTRACT_INTEGRATION,
"",
thread_pool_size,
accounts,
settings=settings)
ts.populate_additional_providers(participating_accounts)
ts.populate_tgw_attachments(desired_state)
working_dirs = ts.dump(print_only=print_only)
if print_only:
sys.exit()
tf = Terraform(QONTRACT_INTEGRATION, QONTRACT_INTEGRATION_VERSION, "",
accounts, working_dirs, thread_pool_size)
if tf is None:
sys.exit(1)
defer(lambda: tf.cleanup())
disabled_deletions_detected, err = tf.plan(enable_deletion)
if err:
sys.exit(1)
if disabled_deletions_detected:
sys.exit(1)
if dry_run:
return
err = tf.apply()
if err:
sys.exit(1)
def run(
dry_run=False,
print_to_file=None,
enable_deletion=True,
thread_pool_size=10,
defer=None,
):
settings = queries.get_app_interface_settings()
zones = queries.get_dns_zones()
all_accounts = queries.get_aws_accounts()
participating_account_names = [z["account"]["name"] for z in zones]
participating_accounts = [
a for a in all_accounts if a["name"] in participating_account_names
]
ts = Terrascript(
QONTRACT_INTEGRATION,
"",
thread_pool_size,
participating_accounts,
settings=settings,
)
desired_state = build_desired_state(zones, all_accounts, settings)
ts.populate_route53(desired_state)
working_dirs = ts.dump(print_to_file=print_to_file)
aws_api = AWSApi(1,
participating_accounts,
settings=settings,
init_users=False)
if print_to_file:
sys.exit(ExitCodes.SUCCESS)
tf = Terraform(
QONTRACT_INTEGRATION,
QONTRACT_INTEGRATION_VERSION,
"",
participating_accounts,
working_dirs,
thread_pool_size,
aws_api,
)
if tf is None:
sys.exit(ExitCodes.ERROR)
defer(tf.cleanup)
_, err = tf.plan(enable_deletion)
if err:
sys.exit(ExitCodes.ERROR)
if dry_run:
return
err = tf.apply()
if err:
sys.exit(ExitCodes.ERROR)