This repository has been archived by the owner on Dec 13, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added in --leaveFirewallExceptions and --quick arguments for apply pl…
…us generator to add firewall exceptions
- Loading branch information
1 parent
b2f8a98
commit c0dd855
Showing
13 changed files
with
185 additions
and
56 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
--- | ||
'@arkahna/nx-terraform': minor | ||
--- | ||
|
||
Introduce --quick mode for terraform apply |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
--- | ||
'@arkahna/nx-terraform': minor | ||
--- | ||
|
||
Added add-firewall-exceptions generator |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,11 @@ | ||
{ | ||
"editor.formatOnSave": true, | ||
"eslint.validate": ["json"] | ||
"typescript.preferences.importModuleSpecifier": "project-relative", | ||
"editor.defaultFormatter": "esbenp.prettier-vscode", | ||
"editor.codeActionsOnSave": { | ||
"source.organizeImports": true | ||
}, | ||
"eslint.validate": [ | ||
"json" | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
export function isDryRun(): boolean { | ||
return process.argv.some((x) => x === '--dry-run') | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
51 changes: 51 additions & 0 deletions
51
libs/nx-terraform/src/generators/add-firewall-exceptions/generator.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
import { Tree } from '@nrwl/devkit' | ||
import publicIp from 'public-ip' | ||
import { addFirewallRules } from '../../common/addFirewallRules' | ||
import { isDryRun } from '../../common/isDryRun' | ||
import { readRepoSettings } from '../../common/read-repo-settings' | ||
import { readConfigFromEnvFile } from '../../common/readConfigFromEnvFile' | ||
import { NxTerraformAddFirewallExceptionsSchema } from './schema' | ||
|
||
export default async function (tree: Tree, options: NxTerraformAddFirewallExceptionsSchema) { | ||
const repoSettings = readRepoSettings() | ||
|
||
if (isDryRun()) { | ||
console.log( | ||
`Firewall exceptions will be added to the environment ${options.environmentName}`, | ||
) | ||
} | ||
|
||
return async () => { | ||
const publicIpv4 = await publicIp.v4() | ||
const config = await readConfigFromEnvFile( | ||
repoSettings.terraformStateType, | ||
options.environmentName, | ||
) | ||
if (!config) { | ||
console.warn('Skipped apply, no terragrunt file for environment') | ||
return { | ||
success: true, | ||
} | ||
} | ||
const { resourceGroupName, terraformStorageAccount, keyVaultName, terragruntConfigFile } = | ||
config | ||
|
||
const kvOptions = options.addIpToKeyVaults || [] | ||
const storageOptions = options.addIpToStorage || [] | ||
await addFirewallRules({ | ||
resourceGroupName, | ||
addIpToKeyVaults: options.addIpToDefaultKeyVault | ||
? [keyVaultName, ...kvOptions] | ||
: kvOptions, | ||
addIpToStorageAccounts: | ||
options.addIpToDefaultStorage && terraformStorageAccount | ||
? [terraformStorageAccount, ...storageOptions] | ||
: storageOptions, | ||
publicIpv4, | ||
terragruntConfigFile, | ||
// This generator isn't tied to a project, so it doesn't support looking up tf resources | ||
projectRoot: process.cwd(), | ||
}) | ||
console.log('🎉 Success 🎉') | ||
} | ||
} |
7 changes: 7 additions & 0 deletions
7
libs/nx-terraform/src/generators/add-firewall-exceptions/schema.d.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
export interface NxTerraformAddFirewallExceptionsSchema { | ||
environmentName: string | ||
addIpToDefaultKeyVault: boolean | ||
addIpToDefaultStorage: boolean | ||
addIpToKeyVaults?: string[] | ||
addIpToStorage?: string[] | ||
} |
43 changes: 43 additions & 0 deletions
43
libs/nx-terraform/src/generators/add-firewall-exceptions/schema.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
{ | ||
"$schema": "http://json-schema.org/schema", | ||
"cli": "nx", | ||
"$id": "AddProjectEnvironment", | ||
"title": "", | ||
"type": "object", | ||
"properties": { | ||
"environmentName": { | ||
"type": "string", | ||
"description": "The name of the environment to add firewall exceptions.", | ||
"alias": "e", | ||
"x-prompt": "What is the name of the environment you want to add firewall exceptions for?" | ||
}, | ||
"addIpToDefaultKeyVault": { | ||
"type": "boolean", | ||
"description": "Adds a firewall exception for the current ip to the environment keyvault", | ||
"default": true | ||
}, | ||
"addIpToDefaultStorage": { | ||
"type": "boolean", | ||
"description": "Adds a firewall exception for the current ip to the environment keyvault", | ||
"default": true | ||
}, | ||
"addIpToKeyVaults": { | ||
"type": "array", | ||
"items": { | ||
"type": "string" | ||
}, | ||
"description": "Adds a firewall exception for the current ip to specified keyvaults. Specify as a semicolon-delimited list of resource names, e.g. 'ark-dev-akv-system1;ark-dev-akv-system2'." | ||
}, | ||
"addIpToStorage": { | ||
"type": "array", | ||
"items": { | ||
"type": "string" | ||
}, | ||
"description": "Adds a firewall exception for the current ip to specified storage accounts. Specify as a semicolon-delimited list of resource names, e.g. 'arkdevsta001;arkdevsta001'." | ||
} | ||
}, | ||
"required": [ | ||
"projectName", | ||
"environmentName" | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters