atmos/atmos.py

#!/usr/bin/env python3

import argparse, subprocess, shlex, sys, os, glob

def main(argv):
    parser = argparse.ArgumentParser(description='Control Terraform Workspaces.')
    g = parser.add_mutually_exclusive_group()
    g.add_argument("command", help="Send commands to terraform with workspace variable context", nargs='?', default=False)
    parser.add_argument("-e", help="Gather shared-creds from environment variables (Dont use this flag if you dont want your ~/.aws/credentials replaced. This is for CI/CD", action='store_true', default=False)
    parser.add_argument("-m", help="Prevents workspace from changing with git branches automatically", action='store_true', default=False)
    parser.add_argument("-n", help="Atmos will not add -var-file or -var args to terraform", action='store_true', default=False)
    parser.add_argument("-p", "--project", help="Add a project prefix for env vars", nargs='?', default="")
    parser.add_argument("-v", "--verbose", help="Debug mode", action="store_true", default=False)
    args, params = parser.parse_known_args()
    if args.command:
        determine_actions(args, params)

def determine_actions(args, params):
    aws_creds_file = "$HOME/.aws/credentials"
    if (is_git_directory()) and not (args.m):
        if (args.e):
            aws_creds_file = aws_creds_file + "-atmos"
        workspace_manager()

    workspace = get_env()
    workspace_vars = workspace
    if (args.project):
        workspace = args.project + "_" + workspace

    env_actions = ["init", "plan", "apply", "destroy"] # Commands that require env context
    cmd = 'terraform {args}'.format(args=args.command)

    if (args.command in env_actions) and not (args.n): # Append with env context
        cmd = cmd + ' -var-file=vars/{env}.tfvars'.format(env=workspace_vars) 
        cmd = cmd + ' -var "workspace={env}"'.format(env=workspace)
        cmd = cmd + ' -var "shared_credentials_file={aws_creds_file}"'.format(aws_creds_file=aws_creds_file)

    for param in params: # Pass terraform params directly through
        cmd = cmd + ' ' + param

    if (args.e):
        generate_creds(args)

    if (args.verbose):
        print("Atmos will run: " + cmd)

    print('Terraform {args} using env vars in {env}'.format(args=args.command, env=workspace_vars))
    with subprocess.Popen(shlex.split(cmd)) as proc:
        exit # Start process but kill py program

def is_git_directory(path = '.'):
    return subprocess.call(['git', '-C', path, 'status'], stderr=subprocess.STDOUT, stdout = open(os.devnull, 'w')) == 0

def workspace_manager():
    branch = subprocess.getoutput("git rev-parse --abbrev-ref HEAD")
    if branch == "master":
        branch = "default"
    else:
        if branch not in get_valid_envs():
            branch = "qa"

    if get_env() != branch:
        print("[INFO]: Terraform workspace & git branch have diverged. Changing workspace to git branch...")
        subprocess.call(["terraform", "workspace", "new", branch], stderr=subprocess.STDOUT, stdout=open(os.devnull, 'w'))
        subprocess.call(["terraform", "workspace", "select", branch], stderr=subprocess.STDOUT, stdout=open(os.devnull, 'w'))

def generate_creds(args):
    current_workspace = get_env()
    workspaces = ['default']

    if current_workspace != 'default':
        workspaces.append(current_workspace)

    project_name = ""
    if (args.project):
        project_name = args.project.upper() + "_"

    contents = ""
    for workspace in workspaces:
        access_key_name = project_name + workspace.upper() + '_ACCESS_KEY_ID'
        secret_key_name = project_name + workspace.upper() + '_SECRET_ACCESS_KEY'

        if (args.verbose):
            print(access_key_name)
            print(secret_key_name)

        contents = contents + "[{workspace}]\n".format(workspace=workspace)
        try:
            contents = contents + "aws_access_key_id=" + os.environ.get(access_key_name) + "\n"
        except:
            print("[ERROR]: Env Variable " + access_key_name + " not found.")
            sys.exit(1)
        try:
            contents = contents + "aws_secret_access_key=" + os.environ.get(secret_key_name) + "\n"
        except:
            print("[ERROR]: Env Variable " + secret_key_name + " not found.")
            sys.exit(1)
    with open(os.path.expanduser('~/.aws/credentials-atmos'), 'w+') as f:
        f.write(contents)

def get_valid_envs():
    try:
        # Use var files when present, otherwise default to qa
        return [os.path.splitext(os.path.basename(x))[0] for x in glob.glob("vars/*.tfvars")]
    except FileNotFoundError:
        return False

def get_env():
    try:
        tf_env = open('.terraform/environment', 'r').read()
    except:
        return("default")
    if str(tf_env) in get_valid_envs():
        return(tf_env)
    else:
        return("qa")

if __name__ == "__main__":
    main(sys.argv)
Initial commit 2019-04-09 16:54:28 +02:00			`#!/usr/bin/env python3`

Work out valid envs from vars folder. Handle no workspace scenario 2019-04-10 13:47:03 +02:00			`import argparse, subprocess, shlex, sys, os, glob`
Initial commit 2019-04-09 16:54:28 +02:00
			`def main(argv):`
			`parser = argparse.ArgumentParser(description='Control Terraform Workspaces.')`
Atmos v.1 2019-04-10 12:00:01 +02:00			`g = parser.add_mutually_exclusive_group()`
			`g.add_argument("command", help="Send commands to terraform with workspace variable context", nargs='?', default=False)`
Add override to turn off automatically switching workspace 2019-04-17 11:44:14 +02:00			`parser.add_argument("-e", help="Gather shared-creds from environment variables (Dont use this flag if you dont want your ~/.aws/credentials replaced. This is for CI/CD", action='store_true', default=False)`
			`parser.add_argument("-m", help="Prevents workspace from changing with git branches automatically", action='store_true', default=False)`
Changed -p flag to be -n for neutralize for stoppping atmos from doing var appending 2019-07-17 09:34:14 +02:00			`parser.add_argument("-n", help="Atmos will not add -var-file or -var args to terraform", action='store_true', default=False)`
Add verbose mode and flag for project prefix in env vars 2019-07-17 10:15:21 +02:00			`parser.add_argument("-p", "--project", help="Add a project prefix for env vars", nargs='?', default="")`
			`parser.add_argument("-v", "--verbose", help="Debug mode", action="store_true", default=False)`
Atmos v.1 2019-04-10 12:00:01 +02:00			`args, params = parser.parse_known_args()`
			`if args.command:`
			`determine_actions(args, params)`

			`def determine_actions(args, params):`
Atmos will use its own credentials file 2019-07-16 17:12:34 +02:00			`aws_creds_file = "$HOME/.aws/credentials"`
Add override to turn off automatically switching workspace 2019-04-17 11:44:14 +02:00			`if (is_git_directory()) and not (args.m):`
Add verbose mode and flag for project prefix in env vars 2019-07-17 10:15:21 +02:00			`if (args.e):`
			`aws_creds_file = aws_creds_file + "-atmos"`
Add override to turn off automatically switching workspace 2019-04-17 11:44:14 +02:00			`workspace_manager()`

Add -t flag to use environment vars to generate credetials file. 2019-04-15 15:15:39 +02:00			`workspace = get_env()`
-p flag now works with creds file 2019-08-01 11:01:45 +02:00			`workspace_vars = workspace`
			`if (args.project):`
			`workspace = args.project + "_" + workspace`

			`env_actions = ["init", "plan", "apply", "destroy"] # Commands that require env context`
Atmos v.1 2019-04-10 12:00:01 +02:00			`cmd = 'terraform {args}'.format(args=args.command)`

Changed -p flag to be -n for neutralize for stoppping atmos from doing var appending 2019-07-17 09:34:14 +02:00			`if (args.command in env_actions) and not (args.n): # Append with env context`
-p flag now works with creds file 2019-08-01 11:01:45 +02:00			`cmd = cmd + ' -var-file=vars/{env}.tfvars'.format(env=workspace_vars)`
			`cmd = cmd + ' -var "workspace={env}"'.format(env=workspace)`
Add verbose mode and flag for project prefix in env vars 2019-07-17 10:15:21 +02:00			`cmd = cmd + ' -var "shared_credentials_file={aws_creds_file}"'.format(aws_creds_file=aws_creds_file)`
Flip the order of where tf commands happen. This appears to be more stable behaviour 2019-06-12 15:55:01 +02:00
Atmos v.1 2019-04-10 12:00:01 +02:00			`for param in params: # Pass terraform params directly through`
			`cmd = cmd + ' ' + param`

Change -t to -e 2019-04-17 10:59:30 +02:00			`if (args.e):`
Add verbose mode and flag for project prefix in env vars 2019-07-17 10:15:21 +02:00			`generate_creds(args)`

			`if (args.verbose):`
			`print("Atmos will run: " + cmd)`

-p flag now works with creds file 2019-08-01 11:01:45 +02:00			`print('Terraform {args} using env vars in {env}'.format(args=args.command, env=workspace_vars))`
Atmos v.1 2019-04-10 12:00:01 +02:00			`with subprocess.Popen(shlex.split(cmd)) as proc:`
			`exit # Start process but kill py program`

Add workspace manager to lock git branch with workspace 2019-04-17 10:53:05 +02:00			`def is_git_directory(path = '.'):`
Add override to turn off automatically switching workspace 2019-04-17 11:44:14 +02:00			`return subprocess.call(['git', '-C', path, 'status'], stderr=subprocess.STDOUT, stdout = open(os.devnull, 'w')) == 0`

			`def workspace_manager():`
			`branch = subprocess.getoutput("git rev-parse --abbrev-ref HEAD")`
			`if branch == "master":`
			`branch = "default"`
Add workspace manager to lock git branch with workspace 2019-04-17 10:53:05 +02:00			`else:`
Add override to turn off automatically switching workspace 2019-04-17 11:44:14 +02:00			`if branch not in get_valid_envs():`
			`branch = "qa"`

			`if get_env() != branch:`
			`print("[INFO]: Terraform workspace & git branch have diverged. Changing workspace to git branch...")`
			`subprocess.call(["terraform", "workspace", "new", branch], stderr=subprocess.STDOUT, stdout=open(os.devnull, 'w'))`
			`subprocess.call(["terraform", "workspace", "select", branch], stderr=subprocess.STDOUT, stdout=open(os.devnull, 'w'))`
Add workspace manager to lock git branch with workspace 2019-04-17 10:53:05 +02:00
Add verbose mode and flag for project prefix in env vars 2019-07-17 10:15:21 +02:00			`def generate_creds(args):`
Add -t flag to use environment vars to generate credetials file. 2019-04-15 15:15:39 +02:00			`current_workspace = get_env()`
			`workspaces = ['default']`

			`if current_workspace != 'default':`
			`workspaces.append(current_workspace)`
Add verbose mode and flag for project prefix in env vars 2019-07-17 10:15:21 +02:00
			`project_name = ""`
			`if (args.project):`
			`project_name = args.project.upper() + "_"`

Add -t flag to use environment vars to generate credetials file. 2019-04-15 15:15:39 +02:00			`contents = ""`
			`for workspace in workspaces:`
Add verbose mode and flag for project prefix in env vars 2019-07-17 10:15:21 +02:00			`access_key_name = project_name + workspace.upper() + '_ACCESS_KEY_ID'`
			`secret_key_name = project_name + workspace.upper() + '_SECRET_ACCESS_KEY'`

			`if (args.verbose):`
			`print(access_key_name)`
			`print(secret_key_name)`

Add -t flag to use environment vars to generate credetials file. 2019-04-15 15:15:39 +02:00			`contents = contents + "[{workspace}]\n".format(workspace=workspace)`
A little error handling 2019-07-29 15:01:15 +02:00			`try:`
			`contents = contents + "aws_access_key_id=" + os.environ.get(access_key_name) + "\n"`
			`except:`
			`print("[ERROR]: Env Variable " + access_key_name + " not found.")`
			`sys.exit(1)`
			`try:`
			`contents = contents + "aws_secret_access_key=" + os.environ.get(secret_key_name) + "\n"`
			`except:`
			`print("[ERROR]: Env Variable " + secret_key_name + " not found.")`
			`sys.exit(1)`
Atmos will use its own credentials file 2019-07-16 17:12:34 +02:00			`with open(os.path.expanduser('~/.aws/credentials-atmos'), 'w+') as f:`
Add -t flag to use environment vars to generate credetials file. 2019-04-15 15:15:39 +02:00			`f.write(contents)`

Atmos v.1 2019-04-10 12:00:01 +02:00			`def get_valid_envs():`
			`try:`
Work out valid envs from vars folder. Handle no workspace scenario 2019-04-10 13:47:03 +02:00			`# Use var files when present, otherwise default to qa`
			`return [os.path.splitext(os.path.basename(x))[0] for x in glob.glob("vars/*.tfvars")]`
Atmos v.1 2019-04-10 12:00:01 +02:00			`except FileNotFoundError:`
			`return False`
Initial commit 2019-04-09 16:54:28 +02:00
			`def get_env():`
Work out valid envs from vars folder. Handle no workspace scenario 2019-04-10 13:47:03 +02:00			`try:`
			`tf_env = open('.terraform/environment', 'r').read()`
			`except:`
Add -t flag to use environment vars to generate credetials file. 2019-04-15 15:15:39 +02:00			`return("default")`
Atmos v.1 2019-04-10 12:00:01 +02:00			`if str(tf_env) in get_valid_envs():`
Initial commit 2019-04-09 16:54:28 +02:00			`return(tf_env)`
			`else:`
			`return("qa")`

			`if __name__ == "__main__":`
			`main(sys.argv)`