Created
          April 6, 2018 03:44 
        
      - 
      
- 
        Save garyellis/cbcd782887f8131f1ef8706a68e93fd8 to your computer and use it in GitHub Desktop. 
    POC of basic python terraform wrapper scripting
  
        
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | #!/usr/bin/env python | |
| import sh | |
| from sh import terraform, Command | |
| go_getter = Command("go-getter") | |
| from sh import ErrorReturnCode | |
| import yaml | |
| import logging | |
| import re | |
| import os | |
| import sys | |
| TF_OUTPUT_OFFSET = 16 | |
| CWD = os.getcwd() | |
| CONFIG_FILES = [ | |
| 'aws/us-west-2/spoke1-vpc/terraform.yml', | |
| # 'aws/us-east-1/spoke2-vpc/terraform.yml' | |
| ] | |
| log = logging.getLogger() | |
| log.handlers = [] | |
| handler = logging.StreamHandler(sys.stdout) | |
| formatter = logging.Formatter( | |
| '%(asctime)4s %(name)4s [%(filename)s:%(lineno)s - %(funcName)s()] %(levelname)4s %(message)4s') | |
| handler.setFormatter(formatter) | |
| log.addHandler(handler) | |
| log.setLevel(logging.INFO) | |
| def format_tf_output(output): | |
| return re.sub(r'(?m)^', ' ' * TF_OUTPUT_OFFSET, str(output)) | |
| def get_module_config(f): | |
| with open(f, 'r') as s: | |
| log.info('opening config {}'.format(f)) | |
| return yaml.load(s) | |
| def load_module_configs(config_files): | |
| config = [] | |
| for c in config_files: | |
| config.append({'name': c, 'properties': get_module_config(c)}) | |
| return config | |
| def get_module_secrets(config): | |
| """ | |
| utilize hashicorp go-getter cli https://github.com/hashicorp/go-getter | |
| """ | |
| tf_module = os.path.dirname(config['name']) | |
| secrets = config['properties']['secrets'] | |
| with sh.pushd(tf_module): | |
| for secret in secrets: | |
| try: | |
| log.info('fetching secrets: {}'.format(secret)) | |
| go_getter(secret, '.secrets') | |
| except ErrorReturnCode as err: | |
| log.error(err.stderr) | |
| def terraform_plan(config): | |
| tf_module = os.path.dirname(config['name']) | |
| log.info('terraform plan on module: {}'.format(tf_module)) | |
| with sh.pushd(tf_module): | |
| try: | |
| tf_init = terraform.init() | |
| log.info(format_tf_output(tf_init)) | |
| tf_plan = terraform.plan() | |
| log.info(format_tf_output(tf_plan)) | |
| except ErrorReturnCode as err: | |
| log.error(err.stderr) | |
| def terraform_apply(config): | |
| tf_module = os.path.dirname(config['name']) | |
| log.info('terraform apply on module: {}'.format(tf_module)) | |
| with sh.pushd(tf_module): | |
| try: | |
| tf_apply = terraform.apply('-input=true', '-auto-approve') | |
| log.info(format_tf_output(tf_apply)) | |
| except ErrorReturnCode as err: | |
| log.error(err.stdout) | |
| def terraform_destroy(config): | |
| tf_module = os.path.dirname(config['name']) | |
| log.info('terraform destroy on module: {}'.format(tf_module)) | |
| with sh.pushd(tf_module): | |
| try: | |
| tf_destroy = terraform.destroy('-force') | |
| log.info(format_tf_output(tf_destroy)) | |
| except ErrorReturnCode as err: | |
| log.error(err.stderr) | |
| if __name__ == '__main__': | |
| # load the config files | |
| config = load_module_configs(CONFIG_FILES) | |
| # process the modules | |
| for c in config: | |
| get_module_secrets(c) | |
| terraform_plan(c) | |
| terraform_apply(c) | |
| terraform_destroy(c) | 
  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment