def terraform_generate_handler(config, init=False, check_tf=True, check_creds=True):
"""Generate all Terraform plans for the configured clusters.
Keyword Args:
config (dict): The loaded config from the 'conf/' directory
init (bool): Indicates if main.tf.json is generated for `init`
Returns:
bool: Result of cluster generating
"""
# Check for valid credentials
if check_creds and not check_credentials():
return False
# Verify terraform is installed
if check_tf and not terraform_check():
return False
cleanup_old_tf_files(config)
# Setup the main.tf.json file
LOGGER.debug('Generating cluster file: main.tf.json')
with open('terraform/main.tf.json', 'w') as tf_file:
json.dump(
generate_main(config, init=init),
tf_file,
indent=2,
sort_keys=True
)
# Return early during the init process, clusters are not needed yet
if init:
return True
# Setup cluster files
for cluster in config.clusters():
if cluster in RESTRICTED_CLUSTER_NAMES:
raise InvalidClusterName(
'Rename cluster "main" or "athena" to something else!')
LOGGER.debug('Generating cluster file: %s.tf.json', cluster)
cluster_dict = generate_cluster(config=config, cluster_name=cluster)
if not cluster_dict:
LOGGER.error(
'An error was generated while creating the %s cluster', cluster)
return False
with open('terraform/{}.tf.json'.format(cluster), 'w') as tf_file:
json.dump(
cluster_dict,
tf_file,
indent=2,
sort_keys=True
)
metric_filters = generate_aggregate_cloudwatch_metric_filters(config)
if metric_filters:
with open('terraform/metric_filters.tf.json', 'w') as tf_file:
json.dump(metric_filters, tf_file, indent=2, sort_keys=True)
metric_alarms = generate_aggregate_cloudwatch_metric_alarms(config)
if metric_alarms:
with open('terraform/metric_alarms.tf.json', 'w') as tf_file:
json.dump(metric_alarms, tf_file, indent=2, sort_keys=True)
# Setup Athena
generate_global_lambda_settings(
config,
config_name='athena_partition_refresh_config',
generate_func=generate_athena,
tf_tmp_file='terraform/athena.tf.json',
message='Removing old Athena Terraform file'
)
# Setup Threat Intel Downloader Lambda function if it is enabled
generate_global_lambda_settings(
config,
config_name='threat_intel_downloader_config',
generate_func=generate_threat_intel_downloader,
tf_tmp_file='terraform/ti_downloader.tf.json',
message='Removing old Threat Intel Downloader Terraform file'
)
# Setup Rule Promotion if it is enabled
generate_global_lambda_settings(
config,
config_name='rule_promotion_config',
generate_func=generate_rule_promotion,
tf_tmp_file='terraform/rule_promotion.tf.json',
message='Removing old Rule Promotion Terraform file'
)
# Setup Rules Engine
generate_global_lambda_settings(
config,
config_name='rules_engine_config',
generate_func=generate_rules_engine,
tf_tmp_file='terraform/rules_engine.tf.json',
message='Removing old Rules Engine Terraform file'
)
# Setup Alert Processor
generate_global_lambda_settings(
config,
config_name='alert_processor_config',
generate_func=generate_alert_processor,
tf_tmp_file='terraform/alert_processor.tf.json',
message='Removing old Alert Processor Terraform file'
)
# Setup Alert Merger
generate_global_lambda_settings(
config,
config_name='alert_merger_config',
generate_func=generate_alert_merger,
tf_tmp_file='terraform/alert_merger.tf.json',
message='Removing old Alert Merger Terraform file'
)
return True
def terraform_generate(config, init=False):
"""Generate all Terraform plans for the configured clusters.
Keyword Args:
config (dict): The loaded config from the 'conf/' directory
init (bool): Indicates if main.tf.json is generated for `terraform init`
Returns:
bool: Result of cluster generating
"""
cleanup_old_tf_files(config)
# Setup the main.tf.json file
LOGGER_CLI.debug('Generating cluster file: main.tf.json')
with open('terraform/main.tf.json', 'w') as tf_file:
json.dump(generate_main(init=init, config=config),
tf_file,
indent=2,
sort_keys=True)
# Return early during the init process, clusters are not needed yet
if init:
return True
# Setup cluster files
for cluster in config.clusters():
if cluster in RESTRICTED_CLUSTER_NAMES:
raise InvalidClusterName(
'Rename cluster "main" or "athena" to something else!')
LOGGER_CLI.debug('Generating cluster file: %s.tf.json', cluster)
cluster_dict = generate_cluster(cluster_name=cluster, config=config)
if not cluster_dict:
LOGGER_CLI.error(
'An error was generated while creating the %s cluster',
cluster)
return False
with open('terraform/{}.tf.json'.format(cluster), 'w') as tf_file:
json.dump(cluster_dict, tf_file, indent=2, sort_keys=True)
# Setup Athena if it is enabled
generate_global_lambda_settings(
config,
config_name='athena_partition_refresh_config',
config_generate_func=generate_athena,
tf_tmp_file='terraform/athena.tf.json',
message='Removing old Athena Terraform file')
# Setup Threat Intel Downloader Lambda function if it is enabled
generate_global_lambda_settings(
config,
config_name='threat_intel_downloader_config',
config_generate_func=generate_threat_intel_downloader,
tf_tmp_file='terraform/ti_downloader.tf.json',
message='Removing old Threat Intel Downloader Terraform file')
# Setup Alert Processor
generate_global_lambda_settings(
config,
config_name='alert_processor_config',
config_generate_func=generate_alert_processor,
tf_tmp_file='terraform/alert_processor.tf.json',
message='Removing old Alert Processor Terraform file')
# Setup Alert Merger
generate_global_lambda_settings(
config,
config_name='alert_merger_config',
config_generate_func=generate_alert_merger,
tf_tmp_file='terraform/alert_merger.tf.json',
message='Removing old Alert Merger Terraform file')
return True
