def load(config_filename=ENV_CONFIG_FILE):
""" Load all .env files with the given name in the current directory an all of its parents up to
the repository root directory and store them in a dictionary.
Files are traversed from parent to child as to allow values in deeper directories to override possible
previously existing values.
Terminates if not ran within a git repository.
Args:
config_filename (str, optional): .env filenames to load. All must bear the same name. Defaults to "build.env".
Raises:
NotARepositoryError: Whenever the function is ran outside a git repository.
Returns:
dict: All variables defined in the loaded .env files.
"""
root_path = Path(get_root_path())
cur_path = Path(get_working_path())
config_files_paths = []
# TODO: Return an Env object instead of a dictionary, to be able to leverage its type casting utilities
config_dict = {}
while True:
env_file = list(cur_path.glob(config_filename))
if env_file:
env_file = env_file[0].as_posix()
logger.debug(f"Found config file {env_file}")
config_files_paths.append(env_file)
if cur_path == root_path:
break
cur_path = cur_path.parent
# Traverse config files from parent to child
for config_file_path in reversed(config_files_paths):
config_file = Env(config_file_path)
for key, val in config_file:
config_dict[key] = val
return config_dict
docker_cmd.append("--tty")
else:
# Otherwise, by default, we assume the CLI is being run on a terminal
docker_cmd.append("-it")
# Set docker volumes -- MFA uses additional volumes
docker_volumes = [
"--volume=%s:%s:rw" % (path.get_working_path(), docker_workdir),
"--volume=%s:/config" % path.get_account_config_path(),
"--volume=%s:/common-config" % path.get_global_config_path(),
"--volume=%s/.ssh:/root/.ssh" % path.get_home_path(),
"--volume=%s/.gitconfig:/etc/gitconfig" % path.get_home_path(),
]
if mfa_enabled:
docker_volumes.append("--volume=%s/@bin/scripts:/root/scripts" %
(path.get_root_path()))
docker_volumes.append("--volume=%s/.aws/%s:/root/tmp/%s" %
(path.get_home_path(), project, project))
else:
docker_volumes.append("--volume=%s/.aws/%s:/root/.aws/%s" %
(path.get_home_path(), project, project))
# Set docker environment variables -- MFA uses additional environment variables
docker_envs = [
"--env=AWS_SHARED_CREDENTIALS_FILE=/root/.aws/%s/credentials" % (project),
"--env=AWS_CONFIG_FILE=/root/.aws/%s/config" % (project),
]
if mfa_enabled:
docker_envs.append("--env=BACKEND_CONFIG_FILE=/config/backend.config")
docker_envs.append("--env=COMMON_CONFIG_FILE=/common-config/common.config")
docker_envs.append("--env=SRC_AWS_CONFIG_FILE=/root/tmp/%s/config" %
PROJECT_SHORT = r"[a-z]{2}"
USERNAME = r"[a-zA-Z0-9\+,=\.@\-_]{1,64}" # https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html#id_users_create_console
# https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateUser.html#API_CreateUser_RequestParameters
KEY_ID = r"[A-Z0-9]{20}"
SECRET_KEY = r"[a-zA-Z0-9/\+]{40}"
REGION = (
r"[a-z]{2}-[gov-]?"
r"(?:central|north|south|east|west|northeast|northwest|southeast|southwest|secret|topsecret)-[1-3]"
)
ACCOUNT_ID = r"[0-9]{12}"
MFA_SERIAL = fr"arn:aws:iam::{ACCOUNT_ID}:mfa/{USERNAME}"
# TODO: Remove these and get them into the global app state
try:
PROJECT_COMMON_TFVARS = Path(get_global_config_path())
PROJECT_ENV = Path(get_root_path())
except NotARepositoryError:
PROJECT_COMMON_TFVARS = PROJECT_ENV = Path.cwd()
PROJECT_COMMON_TFVARS = PROJECT_COMMON_TFVARS / "common.tfvars"
PROJECT_ENV_CONFIG = PROJECT_ENV / ENV_CONFIG_FILE
AWSCLI_CONFIG_DIR = Path.home() / ".aws"
PROFILES = {
"bootstrap": {
"choice_title": "Bootstrap credentials (temporary)",
"profile_role": "oaar",
"role": "OrganizationAccountAccessRole",
"mfa": False
},
"management": {
from leverage.modules.terraform import run as tfrun
# Leverage related base definitions
LEVERAGE_DIR = Path.home() / ".leverage"
TEMPLATES_REPO_DIR = LEVERAGE_DIR / "templates"
TEMPLATE_DIR = TEMPLATES_REPO_DIR / "template"
PROJECT_CONFIG_FILE = "project.yaml"
TEMPLATE_PATTERN = "*.template"
CONFIG_FILE_TEMPLATE = TEMPLATES_REPO_DIR / "le-resources" / PROJECT_CONFIG_FILE
LEVERAGE_TEMPLATE_REPO = "https://github.com/binbashar/le-tf-infra-aws-template.git"
IGNORE_PATTERNS = ignore_patterns(TEMPLATE_PATTERN, ".gitkeep")
# Useful project related definitions
try:
PROJECT_ROOT = Path(get_root_path())
except NotARepositoryError:
PROJECT_ROOT = Path.cwd()
PROJECT_CONFIG = PROJECT_ROOT / PROJECT_CONFIG_FILE
CONFIG_DIRECTORY = "config"
# TODO: Keep this structure in the project's directory
PROJECT_STRUCTURE = {
"management": {
"global": ["base-identities", "organizations"],
"primary_region": ["base-tf-backend", "security-base"]
},
"security": {
"global": ["base-identities"],
"primary_region": ["base-tf-backend", "security-base"]
from leverage.path import get_account_path
from leverage.path import get_global_config_path
from leverage.path import get_account_config_path
from leverage.path import NotARepositoryError
# Terraform image definitions
TERRAFORM_IMAGE = "binbash/terraform-awscli-slim"
DEFAULT_IMAGE_TAG = "1.0.9"
TERRAFORM_BINARY = "/bin/terraform"
TERRAFORM_MFA_ENTRYPOINT = "/root/scripts/aws-mfa/aws-mfa-entrypoint.sh"
WORKING_DIR = "/go/src/project"
CWD = get_working_path()
HOME = get_home_path()
try:
ROOT = get_root_path()
CONFIG = get_global_config_path()
ACCOUNT = get_account_path()
ACCOUNT_CONFIG = get_account_config_path()
except NotARepositoryError:
ROOT = CONFIG = ACCOUNT = ACCOUNT_CONFIG = None
BACKEND_TFVARS = "/config/backend.tfvars"
COMMON_TFVARS = "/common-config/common.tfvars"
ACCOUNT_TFVARS = "/config/account.tfvars"
TF_DEFAULT_ARGS = [
f"-var-file={var}"
for var in [BACKEND_TFVARS, COMMON_TFVARS, ACCOUNT_TFVARS]
]