Spengreb
GitHub
commit
edca76ac24
2 changed files with 37 additions and 12 deletions
|
|
@ -36,6 +36,7 @@ To get the most out of Terraform workspaces it is recommended that the AWS provi
|
||||||
provider "aws" {
|
provider "aws" {
|
||||||
region = "${var.region}"
|
region = "${var.region}"
|
||||||
profile = "${var.workspace}"
|
profile = "${var.workspace}"
|
||||||
|
shared_credentials_file = ${var.shared_credentials_file}
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
@ -51,7 +52,7 @@ This will make Terraform lookup AWS credentials from the `~/.aws/credentials` fi
|
||||||
|
|
||||||
## atmos -e
|
## atmos -e
|
||||||
|
|
||||||
Adding the `-e` flag to atmos will make it generate a new `~/.aws/credentials` file from environment variables. You must first include the `default` access key ID & secret access key like this:
|
Adding the `-e` flag to atmos will make it generate a new `~/.aws/credentials-atmos` file from environment variables. You must first include the `default` access key ID & secret access key like this:
|
||||||
|
|
||||||
```
|
```
|
||||||
DEFAULT_ACCESS_KEY_ID=id
|
DEFAULT_ACCESS_KEY_ID=id
|
||||||
|
|
@ -68,7 +69,7 @@ QA_ACCESS_KEY_ID=id
|
||||||
QA_SECRET_ACCESS_KEY=key
|
QA_SECRET_ACCESS_KEY=key
|
||||||
```
|
```
|
||||||
|
|
||||||
Note: Atmos will override your default credentials file as this functionality is for use in a docker container or in situations where you would rather use variables.
|
This requires a `shared_credentials_file` variable on the top level. To support standard Terraform workflows its recommened to default this to the default shared credentials file location `$HOME/.aws/credentials`. Atmos will then handle the overriding safely in the background
|
||||||
|
|
||||||
# atmos -m
|
# atmos -m
|
||||||
|
|
||||||
|
|
|
||||||
40
atmos.py
40
atmos.py
|
|
@ -8,26 +8,39 @@ def main(argv):
|
||||||
g.add_argument("command", help="Send commands to terraform with workspace variable context", nargs='?', default=False)
|
g.add_argument("command", help="Send commands to terraform with workspace variable context", nargs='?', default=False)
|
||||||
parser.add_argument("-e", help="Gather shared-creds from environment variables (Dont use this flag if you dont want your ~/.aws/credentials replaced. This is for CI/CD", action='store_true', default=False)
|
parser.add_argument("-e", help="Gather shared-creds from environment variables (Dont use this flag if you dont want your ~/.aws/credentials replaced. This is for CI/CD", action='store_true', default=False)
|
||||||
parser.add_argument("-m", help="Prevents workspace from changing with git branches automatically", action='store_true', default=False)
|
parser.add_argument("-m", help="Prevents workspace from changing with git branches automatically", action='store_true', default=False)
|
||||||
|
parser.add_argument("-n", help="Atmos will not add -var-file or -var args to terraform", action='store_true', default=False)
|
||||||
|
parser.add_argument("-p", "--project", help="Add a project prefix for env vars", nargs='?', default="")
|
||||||
|
parser.add_argument("-v", "--verbose", help="Debug mode", action="store_true", default=False)
|
||||||
args, params = parser.parse_known_args()
|
args, params = parser.parse_known_args()
|
||||||
if args.command:
|
if args.command:
|
||||||
determine_actions(args, params)
|
determine_actions(args, params)
|
||||||
|
|
||||||
def determine_actions(args, params):
|
def determine_actions(args, params):
|
||||||
|
aws_creds_file = "$HOME/.aws/credentials"
|
||||||
if (is_git_directory()) and not (args.m):
|
if (is_git_directory()) and not (args.m):
|
||||||
|
if (args.e):
|
||||||
|
aws_creds_file = aws_creds_file + "-atmos"
|
||||||
workspace_manager()
|
workspace_manager()
|
||||||
|
|
||||||
|
if (args.project) and (args.verbose):
|
||||||
|
print("Project: " + args.project)
|
||||||
|
|
||||||
workspace = get_env()
|
workspace = get_env()
|
||||||
env_actions = ["plan", "apply", "destroy"] # Commands that require env context
|
env_actions = ["plan", "apply", "destroy"] # Commands that require env context
|
||||||
cmd = 'terraform {args}'.format(args=args.command)
|
cmd = 'terraform {args}'.format(args=args.command)
|
||||||
|
|
||||||
|
if (args.command in env_actions) and not (args.n): # Append with env context
|
||||||
|
cmd = cmd + ' -var-file=vars/{env}.tfvars -var "workspace={env}"'.format(env=workspace)
|
||||||
|
cmd = cmd + ' -var "shared_credentials_file={aws_creds_file}"'.format(aws_creds_file=aws_creds_file)
|
||||||
|
|
||||||
for param in params: # Pass terraform params directly through
|
for param in params: # Pass terraform params directly through
|
||||||
cmd = cmd + ' ' + param
|
cmd = cmd + ' ' + param
|
||||||
|
|
||||||
if (args.command in env_actions): # Append with env context
|
|
||||||
cmd = cmd + ' -var-file=vars/{env}.tfvars -var "workspace={env}"'.format(env=workspace)
|
|
||||||
|
|
||||||
if (args.e):
|
if (args.e):
|
||||||
generate_creds()
|
generate_creds(args)
|
||||||
|
|
||||||
|
if (args.verbose):
|
||||||
|
print("Atmos will run: " + cmd)
|
||||||
|
|
||||||
print('Terraform {args} using env vars in {env}'.format(args=args.command, env=workspace))
|
print('Terraform {args} using env vars in {env}'.format(args=args.command, env=workspace))
|
||||||
with subprocess.Popen(shlex.split(cmd)) as proc:
|
with subprocess.Popen(shlex.split(cmd)) as proc:
|
||||||
|
|
@ -49,19 +62,30 @@ def workspace_manager():
|
||||||
subprocess.call(["terraform", "workspace", "new", branch], stderr=subprocess.STDOUT, stdout=open(os.devnull, 'w'))
|
subprocess.call(["terraform", "workspace", "new", branch], stderr=subprocess.STDOUT, stdout=open(os.devnull, 'w'))
|
||||||
subprocess.call(["terraform", "workspace", "select", branch], stderr=subprocess.STDOUT, stdout=open(os.devnull, 'w'))
|
subprocess.call(["terraform", "workspace", "select", branch], stderr=subprocess.STDOUT, stdout=open(os.devnull, 'w'))
|
||||||
|
|
||||||
def generate_creds():
|
def generate_creds(args):
|
||||||
current_workspace = get_env()
|
current_workspace = get_env()
|
||||||
workspaces = ['default']
|
workspaces = ['default']
|
||||||
|
|
||||||
if current_workspace != 'default':
|
if current_workspace != 'default':
|
||||||
workspaces.append(current_workspace)
|
workspaces.append(current_workspace)
|
||||||
|
|
||||||
|
project_name = ""
|
||||||
|
if (args.project):
|
||||||
|
project_name = args.project.upper() + "_"
|
||||||
|
|
||||||
contents = ""
|
contents = ""
|
||||||
for workspace in workspaces:
|
for workspace in workspaces:
|
||||||
|
access_key_name = project_name + workspace.upper() + '_ACCESS_KEY_ID'
|
||||||
|
secret_key_name = project_name + workspace.upper() + '_SECRET_ACCESS_KEY'
|
||||||
|
|
||||||
|
if (args.verbose):
|
||||||
|
print(access_key_name)
|
||||||
|
print(secret_key_name)
|
||||||
|
|
||||||
contents = contents + "[{workspace}]\n".format(workspace=workspace)
|
contents = contents + "[{workspace}]\n".format(workspace=workspace)
|
||||||
contents = contents + "aws_access_key_id=" + os.environ.get(workspace.upper() + '_ACCESS_KEY_ID') + "\n"
|
contents = contents + "aws_access_key_id=" + os.environ.get(access_key_name) + "\n"
|
||||||
contents = contents + "aws_secret_access_key=" + os.environ.get(workspace.upper() + '_SECRET_ACCESS_KEY') + "\n"
|
contents = contents + "aws_secret_access_key=" + os.environ.get(secret_key_name) + "\n"
|
||||||
with open(os.path.expanduser('~/.aws/credentials'), 'w+') as f:
|
with open(os.path.expanduser('~/.aws/credentials-atmos'), 'w+') as f:
|
||||||
f.write(contents)
|
f.write(contents)
|
||||||
|
|
||||||
def get_valid_envs():
|
def get_valid_envs():
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue