Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge b8c31e2 into 7f95fbb
Browse files Browse the repository at this point in the history
LaurentLesle authored Jul 24, 2020

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
2 parents 7f95fbb + b8c31e2 commit 5fe2aba
Showing 15 changed files with 526 additions and 386 deletions.
9 changes: 6 additions & 3 deletions .devcontainer/devcontainer.json
Original file line number Diff line number Diff line change
@@ -15,8 +15,10 @@
// Use 'settings' to set *default* container specific settings.json values on container create.
// You can edit these settings after create using File > Preferences > Settings > Remote.
"settings": {
// If you are using an Alpine-based image, change this to /bin/ash
"terminal.integrated.shell.linux": "/bin/bash"
"files.eol": "\n",
"terminal.integrated.shell.linux": "/bin/bash",
"editor.tabSize": 2,
"terminal.integrated.scrollback": 2000,
},

// Uncomment the next line if you want start specific services in your Docker Compose config.
@@ -31,6 +33,7 @@
// Add the IDs of extensions you want installed when the container is created in the array below.
"extensions": [
"4ops.terraform",
"mutantdino.resourcemonitor"
"mutantdino.resourcemonitor",
"eamodio.gitlens"
]
}
4 changes: 2 additions & 2 deletions .devcontainer/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -6,8 +6,8 @@
version: '3.7'
services:
rover:
image: aztfmod/roverdev:vnext
image: aztfmod/rover:latest

labels:
- "caf=Azure CAF"

13 changes: 6 additions & 7 deletions .env
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@
versionTerraform=0.12.28
versionAzureCli=2.7.0
versionKubectl=v1.18.2
versionGit=2.25.0
versionTflint=v0.16.2
versionTerraform=0.12.29
versionAzureCli=2.9.1
versionKubectl=v1.18.6
versionGit=2.27.0
versionTflint=v0.18.0
versionJq=1.6
versionDockerCompose=1.25.5
versionLaunchpadOpensource=master
versionAzureCafTerraform=v.0.3.1
versionTfsec=v0.21.0
versionTfsec=v0.24.1
versionTerraformDocs=v0.9.1
4 changes: 2 additions & 2 deletions .github/workflows/vnext.yml
Original file line number Diff line number Diff line change
@@ -52,10 +52,10 @@ jobs:
- name: Build the rover (beta 0.13)
run: |
set -e
docker_tag=vnext-13-beta2
docker_tag=vnext-13-rc1
# Override .env variable
export versionTerraform="0.13.0-beta2"
export versionTerraform="0.13.0-rc1"
# Build the rover base image
docker-compose build --build-arg versionRover="aztfmod/roverdev:$docker_tag"
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -9,3 +9,4 @@
**/~*.*
**/*.log
version.txt
landingzones
53 changes: 21 additions & 32 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -50,18 +50,6 @@ FROM golang:1.13 as tfsec
# to force the docker cache to invalidate when there is a new version
RUN env GO111MODULE=on go get -u github.com/liamg/tfsec/cmd/tfsec

# ###########################################################
# # Getting latest version of Azure DevOps Terraform provider
# ###########################################################
# FROM golang:1.13 as devops

# # to force the docker cache to invalidate when there is a new version
# ADD https://api.github.com/repos/microsoft/terraform-provider-azuredevops/git/refs/heads/master version.json
# RUN cd /tmp && \
# git clone https://github.com/microsoft/terraform-provider-azuredevops.git && \
# cd terraform-provider-azuredevops && \
# ./scripts/build.sh

###########################################################
# Getting latest version of Azure CAF Terraform provider
###########################################################
@@ -104,21 +92,22 @@ ARG versionTflint
ARG versionGit
ARG versionJq
ARG versionDockerCompose
ARG versionLaunchpadOpensource
ARG versionTfsec

ARG USERNAME=vscode
ARG USER_UID=1000
ARG USER_GID=${USER_UID}
ARG SSH_PASSWD

ENV versionTerraform=${versionTerraform} \
ENV SSH_PASSWD=${SSH_PASSWD} \
USERNAME=${USERNAME} \
versionTerraform=${versionTerraform} \
versionAzureCli=${versionAzureCli} \
versionKubectl=${versionKubectl} \
versionTflint=${versionTflint} \
versionJq=${versionJq} \
versionGit=${versionGit} \
versionDockerCompose=${versionDockerCompose} \
versionLaunchpadOpensource=${versionLaunchpadOpensource} \
versionTfsec=${versionTfsec} \
TF_DATA_DIR="/home/${USERNAME}/.terraform.cache" \
TF_PLUGIN_CACHE_DIR="/home/${USERNAME}/.terraform.cache/plugin-cache"
@@ -146,6 +135,8 @@ RUN yum -y install \
#
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo && \
yum -y install docker-ce-cli && \
touch /var/run/docker.sock && \
chmod 666 /var/run/docker.sock && \
#
# Install Terraform
#
@@ -194,11 +185,6 @@ gpgkey=https://packages.microsoft.com/keys/microsoft.asc" > /etc/yum.repos.d/azu
echo "Installing pre-commit ..." && \
python3 -m pip install pre-commit && \
#
# Install graphviz
#
# echo "Installing graphviz ..." && \
# yum -y install graphviz && \
#
# Install tflint
#
echo "Installing tflint ..." && \
@@ -219,33 +205,36 @@ gpgkey=https://packages.microsoft.com/keys/microsoft.asc" > /etc/yum.repos.d/azu
echo ${USERNAME} ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/${USERNAME} && \
chmod 0440 /etc/sudoers.d/${USERNAME}

# ssh server for Azure ACI
RUN yum install -y openssh-server && \
rm -f /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_rsa_key /home/${USERNAME}/.ssh/ssh_host_ecdsa_key && \
ssh-keygen -q -N "" -t ecdsa -b 521 -f /home/${USERNAME}/.ssh/ssh_host_ecdsa_key && \
mkdir -p /home/${USERNAME}/.ssh

COPY ./scripts/sshd_config /home/${USERNAME}/.ssh/sshd_config

# to force the docker cache to invalidate when there is a new version
ADD https://api.github.com/repos/aztfmod/level0/git/refs/heads/${versionLaunchpadOpensource} version.json
RUN echo "cloning the launchpads version ${versionLaunchpadOpensource}" && \
mkdir -p /tf && \
git clone https://github.com/aztfmod/level0.git /tf --branch ${versionLaunchpadOpensource} && \
chown -R ${USERNAME}:1000 /tf/launchpads && \
chmod +x /tf/bootstrap/**/*.sh && \
chmod +x /tf/bootstrap/*.sh

# Add Community terraform providers
# COPY --from=devops /tmp/terraform-provider-azuredevops/bin /bin/
COPY --from=azurecaf /tmp/terraform-provider-azurecaf/terraform-provider-azurecaf /bin/
COPY --from=msgraph /tmp/terraform-provider-msgraph/terraform-provider-msgraph /bin/
COPY --from=tfsec /go/bin/tfsec /bin/
COPY --from=terraform-docs /go/bin/terraform-docs /bin/

WORKDIR /tf/rover
COPY ./scripts/rover.sh .
COPY ./scripts/launchpad.sh .
COPY ./scripts/functions.sh .
COPY ./scripts/banner.sh .
COPY ./scripts/clone.sh .
COPY ./scripts/sshd.sh .
COPY --from=rover_version version.txt /tf/rover/version.txt

RUN echo "alias rover=/tf/rover/rover.sh" >> /home/${USERNAME}/.bashrc && \
echo "alias launchpad=/tf/rover/launchpad.sh" >> /home/${USERNAME}/.bashrc && \
echo "alias t=/usr/bin/terraform" >> /home/${USERNAME}/.bashrc && \
chown -R ${USERNAME}:1000 /tf/rover
mkdir -p /tf/caf && \
chown -R ${USERNAME}:1000 /tf/rover /tf/caf /home/${USERNAME}/.ssh && \
chmod +x /tf/rover/sshd.sh

USER ${USERNAME}

EXPOSE 22
CMD ["/tf/rover/sshd.sh"]
33 changes: 32 additions & 1 deletion changelog.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,35 @@
## 2002.dev (Unrelease)
## 2007.dev (Unrelease)

NEW COMMANDS
* Launchpad commands moved into the rover with
```bash
rover /tf/caf/landingzones/launchpad apply -launchpad
```

* Clone the public launchpad folder
```bash
# Clone the public open source launchpad from master branch
rover --clone-launchpad

# Clone the public open source launchpad from vnext branch
rover --clone-launchpad --clone-branch vnext
```

* Clone the public landingzones folder (includes the launchpad)
```bash
# Clone the public open source landingzones from master branch
rover --clone-landingzones

# Clone the public open source landingzones from vnext branch
rover --clone-landingzones --clone-branch vnext
```

REMOVED COMMANDS
* launchpad.sh as now been replaced with
```
# Clone the launchpad with the new clone command
rover launchpad_path plan -launchpad
```

# v2002 refresh

1 change: 0 additions & 1 deletion docker-compose.yml
Original file line number Diff line number Diff line change
@@ -20,7 +20,6 @@ services:
- versionTflint
- versionJq
- versionDockerCompose
- versionLaunchpadOpensource
- versionAzureCafTerraform
- versionRover
- versionTfsec
153 changes: 153 additions & 0 deletions scripts/clone.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,153 @@
#!/bin/bash

export clone_destination=${clone_destination:="/tf/caf/landingzones"}
export clone_folder=${clone_folder:="/"}
export clone_folder_strip=${clone_folder_strip:=2}
export clone_project_name=${clone_project_name:="Azure/caf-terraform-landingzones"}
export landingzone_branch=${landingzone_branch:="master"}

current_path=$(pwd)


function display_clone_instructions {

while (( "$#" )); do
case "${1}" in
--intro)
echo
echo "Rover clone is used to bring the landing zones dependencies you need to deploy your landing zone"
echo
shift 1
;;
--clone)
display_clone_instructions --intro --examples --clone-branch --clone-destination --clone-folder --clone-folder-strip
echo "--clone specify a GitHub organization and project in the for org/project"
echo " The default setting if not set is azure/caf-terraform-landingzones"
echo
shift 1
;;
--clone-branch)
echo "--clone-branch set the branch to pull the package."
echo " By default is not set use the master branch."
echo
shift 1
;;
--clone-destination)
echo "--clone-destination change the destination local folder."
echo " By default clone the package into the /tf/caf/landingzones folder of the rover"
echo
shift 1
;;
--clone-folder)
echo "--clone-folder specify the folder to extract from the original project"
echo
echo " Example: --clone-folder /landingzones/landingzone_caf_foundations will only extract the caf foundations landing zone"
echo
shift 1
;;
--clone-folder-strip)
echo "--clone-folder-strip is used strip the base folder structure from the original folder"
echo
echo " In the GitHub package of azure/caf-terraform-landingzones, the data are packaged in the following structure"
echo " caf-terraform-landingzones-master/landingzones/launchpad/main.tf"
echo " [project]-[branch]/landgingzones/[landingzone]"
echo " To reproduce a nice folder structure in the rover it it possible to set the --clone-folder-strip to 2 to remove [project]-[branch]/landingzones and only retrieve the third level folder"
echo ""
echo " Default to 2 when using azure/caf-terraform-landingzones and 1 for all other git projects"
echo
shift 1
;;
--examples)
echo "By default the rover will clone the azure/caf-terraform-landingzones into the local rover folder /tf/caf/landinzones"
echo
echo "Examples:"
echo " - Clone the launchpad: rover --clone-folder /landingzones/launchpad"
echo " - Clone the launchpad in different folder: rover --clone-destination /tf/caf/landingzones/public --clone-folder /landingzones/launchpad"
echo " - Clone the launchpad (branch vnext): rover --clone-folder-strip 2 --clone-destination /tf/rover/landingzones --clone-folder /landingzones/launchpad --clone-branch vnext"
echo
echo " - Clone the CAF foundations landingzone: rover --clone-folder /landingzones/landingzone_caf_foundations"
echo " - Clone the AKS landingzone: rover --clone aztfmod/landingzone_aks --clone-destination /tf/caf/landingzones/landingzone_aks"
echo
echo
shift 1
;;
esac
done
}


function clone_repository {
echo "@calling clone_repository"

url="https://codeload.github.com/${clone_project_name}/tar.gz/${landingzone_branch}"

echo
echo "clone_project_name : ${clone_project_name}"
echo "landingzone_branch : ${landingzone_branch}"
echo "clone_folder : ${clone_folder}"
echo "clone_folder_strip : ${clone_folder_strip}"
echo "clone_destination : ${clone_destination}"
echo "clone_url : ${url}"
echo ""

rm -rf ${clone_destination}/$(basename ${clone_folder})
mkdir -p ${clone_destination}

curl https://codeload.github.com/${clone_project_name}/tar.gz/${landingzone_branch} --fail --silent --show-error | tar -zxv --strip=${clone_folder_strip} -C ${clone_destination} "$(basename ${clone_project_name})-${landingzone_branch}${clone_folder}"

echo
echo "Clone complete"
echo
}

function process_clone_parameter {
echo "@calling process_clone_parameter with $@"


case "${1}" in
--clone)
if [ $# -eq 1 ]; then
display_clone_instructions ${1}
exit 21
else
export caf_command="clone"
export landingzone_branch=${landingzone_branch:="master"}
export clone_project_name=${2}
export clone_folder_strip=1
fi
;;
--clone-branch)
echo $#
if [ $# -eq 1 ]; then
display_clone_instructions ${1}
exit 22
else
export landingzone_branch=${2}
fi
;;
--clone-destination)
if [ $# -eq 1 ]; then
display_clone_instructions ${1}
exit 23
else
export clone_destination=${2}
fi
;;
--clone-folder)
if [ $# -eq 1 ]; then
display_clone_instructions ${1}
exit 24
else
export clone_folder=${2}
fi
;;
--clone-folder-strip)
if [ $# -eq 1 ]; then
display_clone_instructions ${1}
exit 24
else
export clone_folder_strip=${2}
fi
;;
esac
}
285 changes: 187 additions & 98 deletions scripts/functions.sh

Large diffs are not rendered by default.

163 changes: 0 additions & 163 deletions scripts/launchpad.sh

This file was deleted.

146 changes: 80 additions & 66 deletions scripts/rover.sh
Original file line number Diff line number Diff line change
@@ -3,108 +3,122 @@

# Initialize the launchpad first with rover
# deploy a landingzone with
# rover [landingzone_folder_name] [plan | apply | destroy] [parameters]
# rover -lz [landingzone_folder_name] -a [plan | apply | destroy] [parameters]

current_path=$(pwd)
landingzone_name=$1
tf_action=$2
shift 2

cd ${landingzone_name}
source /tf/rover/clone.sh
source /tf/rover/functions.sh
source /tf/rover/banner.sh

# capture the current path
export TF_VAR_workspace=${TF_VAR_workspace:="sandpit"}
export TF_VAR_environment=${TF_VAR_environment:="sandpit"}
export TF_VAR_rover_version=$(echo $(cat /tf/rover/version.txt))
export TF_VAR_tf_name=${TF_VAR_tf_name:="$(basename $(pwd)).tfstate"}
export TF_VAR_tf_plan=${TF_VAR_tf_plan:="$(basename $(pwd)).tfplan"}
export TF_VAR_level=${TF_VAR_level:="level0"}
export caf_command="rover"
export TF_DATA_DIR=${TF_DATA_DIR:="/home/vscode"}
export LC_ALL=en_US.UTF-8

current_path=$(pwd)

while (( "$#" )); do
case "${1}" in
-o|--output)
tf_output_file=${2}
shift 2
;;
-w|--workspace)
export TF_VAR_workspace=${2}
case "${1}" in
--clone|--clone-branch|--clone-folder|--clone-destination|--clone-folder-strip)
export caf_command="clone"
process_clone_parameter $@
shift 2
;;
-lz|--landingzone)
export caf_command="landingzone"
export landingzone_name=${2}
export TF_VAR_tf_name=${TF_VAR_tf_name:="$(basename ${landingzone_name}).tfstate"}
shift 2
;;
-a|--action)
export tf_action=${2}
shift 2
;;
--clone-launchpad)
export caf_command="clone"
export landingzone_branch=${landingzone_branch:="master"}
export clone_launchpad="true"
export clone_landingzone="false"
echo "cloning launchpad"
shift 1
;;
workspace)
shift 1
export caf_command="workspace"
;;
landingzone)
shift 1
export caf_command="landingzone_mgmt"
;;
login)
shift 1
export caf_command="login"
;;
-t|--tenant)
export tenant=${2}
shift 2
;;
-s|--subscription)
export subscription=${2}
shift 2
;;
logout)
shift 1
export caf_command="logout"
;;
-tfstate)
export TF_VAR_tf_name=${2}
if [ ${TF_VAR_tf_name##*.} != "tfstate" ]; then
echo "tfstate name extension must be .tfstate"
exit 50
fi
export TF_VAR_tf_plan="${TF_VAR_tf_name%.*}.tfplan"
shift 2
echo "set workspace to ${TF_VAR_workspace}"
;;
-env|--environment)
export TF_VAR_environment=${2}
shift 2
;;
-tfstate)
export TF_VAR_tf_name="${2}.tfstate"
export TF_VAR_tf_plan="${2}.tfplan"
shift 2
;;
-level)
export TF_VAR_level=${2}
shift 2
;;
-launchpad)
export caf_command="launchpad"
export TF_VAR_workspace="level0"
shift 1
echo "set rover to mode ${caf_command}"
echo "set workspace to level0"
;;
-o|--output)
tf_output_file=${2}
shift 2
;;
-w|--workspace)
export TF_VAR_workspace=${2}
shift 2
;;
-l|-level)
export TF_VAR_level=${2}
shift 2
;;
*) # preserve positional arguments

PARAMS+="${1} "
shift
;;
esac
done


set -ETe
trap 'error ${LINENO}' ERR 1 2 3 6

source /tf/rover/functions.sh
source /tf/rover/banner.sh

tf_command=$(echo $PARAMS | sed -e 's/^[ \t]*//')

echo ""

echo "mode : '$(echo ${caf_command})'"
echo "terraform command output file : '$(echo ${tf_output_file})'"
echo "tf_action : '$(echo ${tf_action})'"
echo "tf_command : '$(echo ${tf_command})'"
echo "landingzone : '$(echo ${landingzone_name})'"
echo "terraform command output file : '$(echo ${tf_output_file})' "
echo "level : '$(echo ${TF_VAR_level})'"
echo "command and parameters : '$(echo ${tf_command})'"
echo "level (current) : '$(echo ${TF_VAR_level})'"
echo "environment : '$(echo ${TF_VAR_environment})'"
# echo "workspace : '$(echo ${TF_VAR_workspace})'"
echo "workspace : '$(echo ${TF_VAR_workspace})'"
echo "tfstate : '$(echo ${TF_VAR_tf_name})'"
echo ""

verify_azure_session
verify_parameters

# Trying to retrieve the terraform state storage account id
get_storage_id

case "${landingzone_name}" in
"landing_zone")
landing_zone
;;
"workspace")
workspace
;;
"")
if [ "${id}" == "null" ]; then
display_launchpad_instructions
exit 1000
else
# login_as_launchpad
# get_launchpad_coordinates
display_instructions
fi
;;
*)
deploy ${TF_VAR_workspace}
esac
process_actions
15 changes: 15 additions & 0 deletions scripts/sshd.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
#!/bin/bash
set -Eeo pipefail


echo "user ${USERNAME}"
echo "password ${SSH_PASSWD}"

# Generate unique ssh keys , if needed
if [ ! -f /home/vscode/.ssh/ssh_host_ecdsa_key ]; then
ssh-keygen -t ecdsa -b 521 -f /home/vscode/.ssh/ssh_host_ecdsa_key -N ''
fi

echo "${USERNAME}:${SSH_PASSWD}" | sudo chpasswd

sudo /usr/sbin/sshd -f /home/vscode/.ssh/sshd_config -D -e
21 changes: 21 additions & 0 deletions scripts/sshd_config
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
#
# /etc/ssh/sshd_config
#

Port 22
ListenAddress 0.0.0.0
LoginGraceTime 180
X11Forwarding yes
Ciphers aes256-ctr,aes128-ctr,aes192-ctr
KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256
StrictModes no
SyslogFacility DAEMON
PrintMotd no
IgnoreRhosts no
PasswordAuthentication yes
PermitEmptyPasswords no
PermitRootLogin no
UsePrivilegeSeparation no
#UsePam no
LogLevel VERBOSE
HostKey /home/vscode/.ssh/ssh_host_ecdsa_key
11 changes: 0 additions & 11 deletions workspace.code-workspace

This file was deleted.

0 comments on commit 5fe2aba

Please sign in to comment.