Browse Source

Fixes for TF0.14

* Moves the `required_providers` block into a separate `generate` clause so that it can be overwritten by individual modules. NOTE: These modules must rewrite the entire file.
* Adds a step to automatically generate hashes for all environments on a run of `terragrunt-local`, to reduce chance of human error.
* Adds a script `terragrunt-providers` because remembering all the providers is a pain.
* Updates the 004-iam-okta modules to rewrite the required_providers.
Fred Damstra [afs macbook] 4 years ago
parent
commit
2c51c727fd

+ 14 - 0
bin/terragrunt-local

@@ -53,6 +53,20 @@ fi
 NEWPATH="$LOCALPATH//$GITSOURCE_PATHINREPO"
 echo Substituting \'$GITSOURCE\' with \'$NEWPATH\'
 
+if [ ! -f .terraform.lock.hcl ]; then
+  echo "No providers lock (.terraform.lock.hcl) found  in this directory. Creating..."
+  terragrunt providers lock -platform=darwin_amd64 -platform=linux_amd64 -platform=windows_amd64 -platform=linux_arm64 --terragrunt-source $NEWPATH
+  RC=$?
+  if [[ $RC != 0 ]]; then
+    read -p "ERROR: Failed to generate providers file. Apply anyway? [yN] " -n 1 -r
+    echo ""
+    if [[ ! $REPLY =~ ^[Yy]$ ]]
+    then
+      echo Exiting...
+      exit 4
+    fi
+  fi
+fi
 
 # Test locally
 # the double // is intentional! Terragrunt uses this to determine the root of the modules repository.

+ 4 - 0
bin/terragrunt-providers

@@ -0,0 +1,4 @@
+#! /bin/bash
+
+mv .terraform.lock.hcl .terraform.lock.hcl.bak
+terragrunt providers lock -platform=darwin_amd64 -platform=linux_amd64 -platform=windows_amd64 -platform=linux_arm64

+ 1 - 1
common/aws-us-gov/afs-mdr-common-services-gov/004-iam-okta/okta_saml.tf

@@ -1,5 +1,5 @@
 module "common_services_roles" {
-  source        = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//submodules/iam/common_services_roles?ref=v0.8.4"
+  source        = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//submodules/iam/common_services_roles?ref=v0.8.4"
   account_alias = "afs-mdr-common-services-gov"
   okta_app      = "AWS - GovCloud"
 }

+ 0 - 8
common/aws-us-gov/afs-mdr-common-services-gov/004-iam-okta/provider-okta.tf

@@ -1,11 +1,3 @@
-terraform {
-  required_providers {
-    okta = {
-      source  = "oktadeveloper/okta"
-    }
-  }
-}
-
 provider "okta" {
   org_name = "mdr-multipass"
   base_url = "okta.com"

+ 21 - 0
common/aws-us-gov/afs-mdr-common-services-gov/004-iam-okta/required_provider.tf

@@ -0,0 +1,21 @@
+# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa
+terraform {
+  required_providers {
+    aws = {
+      source = "hashicorp/aws"
+      version = "= 3.37.0" # 2021-04-29: upgrade from 2.66
+    }
+    template = {
+      source = "hashicorp/template"
+      version = "= 2.2.0" # 2021-04-29: ugprade from 2.1.0
+    }
+    vault = {
+      source = "hashicorp/vault"
+      version = "= 2.19.1" # 2021-04-29: upgrade from 2.18.0
+    }
+    sensu = {
+      source = "jtopjian/sensu"
+      version = "= 0.10.5"
+    }
+  }
+}

+ 0 - 8
common/aws/mdr-common-services/004-iam-okta/provider-okta.tf

@@ -1,11 +1,3 @@
-terraform {
-  required_providers {
-    okta = {
-      source  = "oktadeveloper/okta"
-    }
-  }
-}
-
 provider "okta" {
   org_name = "mdr-multipass"
   base_url = "okta.com"

+ 24 - 0
common/aws/mdr-common-services/004-iam-okta/required_provider.tf

@@ -0,0 +1,24 @@
+# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa
+terraform {
+  required_providers {
+    aws = {
+      source = "hashicorp/aws"
+      version = "= 3.37.0" # 2021-04-29: upgrade from 2.66
+    }
+    template = {
+      source = "hashicorp/template"
+      version = "= 2.2.0" # 2021-04-29: ugprade from 2.1.0
+    }
+    vault = {
+      source = "hashicorp/vault"
+      version = "= 2.19.1" # 2021-04-29: upgrade from 2.18.0
+    }
+    sensu = {
+      source = "jtopjian/sensu"
+      version = "= 0.10.5"
+    }
+    okta = {
+      source  = "oktadeveloper/okta"
+    }
+  }
+}

+ 34 - 0
common/aws/mdr-common-services/004-iam-okta/terragrunt.hcl

@@ -1,3 +1,37 @@
 include {
   path = find_in_parent_folders()
 }
+
+# ---------------------------------------------------------------------------------------------------------------------
+# Generate a required providers block
+# This module needs to override the root to add okta
+# ---------------------------------------------------------------------------------------------------------------------
+generate "required_providers" {
+  path      = "required_provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
+terraform {
+  required_providers {
+    aws = {
+      source = "hashicorp/aws"
+      version = "= 3.37.0" # 2021-04-29: upgrade from 2.66
+    }
+    template = {
+      source = "hashicorp/template"
+      version = "= 2.2.0" # 2021-04-29: ugprade from 2.1.0
+    }
+    vault = {
+      source = "hashicorp/vault"
+      version = "= 2.19.1" # 2021-04-29: upgrade from 2.18.0
+    }
+    sensu = {
+      source = "jtopjian/sensu"
+      version = "= 0.10.5"
+    }
+    okta = {
+      source  = "oktadeveloper/okta"
+    }
+  }
+}
+EOF
+}

+ 0 - 34
prod/aws/mdr-prod-ca-c19/005-iam/.terraform.lock.hcl

@@ -1,34 +0,0 @@
-# This file is maintained automatically by "terraform init".
-# Manual edits may be lost in future updates.
-
-provider "registry.terraform.io/hashicorp/aws" {
-  version     = "3.37.0"
-  constraints = "3.37.0"
-  hashes = [
-    "h1:RvLGIfRZfbzY58wUja9B6CvGdgVVINy7zLVBdLqIelA=",
-  ]
-}
-
-provider "registry.terraform.io/hashicorp/template" {
-  version     = "2.2.0"
-  constraints = "2.2.0"
-  hashes = [
-    "h1:0wlehNaxBX7GJQnPfQwTNvvAf38Jm0Nv7ssKGMaG6Og=",
-  ]
-}
-
-provider "registry.terraform.io/hashicorp/vault" {
-  version     = "2.19.1"
-  constraints = "2.19.1"
-  hashes = [
-    "h1:yz5QWTvycJvjR3Z5EaCLF6UC8hugPAz2eIy9NzymPoI=",
-  ]
-}
-
-provider "registry.terraform.io/jtopjian/sensu" {
-  version     = "0.10.5"
-  constraints = "0.10.5"
-  hashes = [
-    "h1:/i+iYOhp7+nC7rZHJcQ4TWf4POHGhbwShPuvyko+/0s=",
-  ]
-}

+ 13 - 3
terragrunt.hcl

@@ -58,10 +58,11 @@ locals {
 }
 
 # ---------------------------------------------------------------------------------------------------------------------
-# Generate an AWS provider block
+# Generate a required providers block
+# -- Allows override on a per-module basis
 # ---------------------------------------------------------------------------------------------------------------------
-generate "provider" {
-  path      = "provider.tf"
+generate "required_providers" {
+  path      = "required_provider.tf"
   if_exists = "overwrite_terragrunt"
   contents  = <<EOF
 terraform {
@@ -84,7 +85,16 @@ terraform {
     }
   }
 }
+EOF
+}
 
+# ---------------------------------------------------------------------------------------------------------------------
+# Generate an AWS provider block
+# ---------------------------------------------------------------------------------------------------------------------
+generate "provider" {
+  path      = "provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
 provider "template" {
 }