fix-taskfile-and-others

Author: maclarensg

boiler/Taskfile.yml

@@ -15,12 +15,13 @@ tasks:
   debug:
     desc: "Print out viarables set before exexuting tasks"
     cmds:
-      - echo "TIER:{{.TIER}}"
-      - echo "TF_VERSION:{{.TF_VERSION}}"
-      - echo "DOMAIN:{{.DOMAIN}}"
-      - echo "CMD:{{.CMD}}"
-      - echo "IMAGE:{{.IMAGE}}"
-      - echo "PLATFORM:{{.PLATFORM}}"
+      - |
+        echo "TIER:{{.TIER}}"
+        echo "TF_VERSION:{{.TF_VERSION}}"
+        echo "DOMAIN:{{.DOMAIN}}"
+        echo "CMD:{{.CMD}}"
+        echo "IMAGE:{{.IMAGE}}"
+        echo "PLATFORM:{{.PLATFORM}}"
 
   shell:
     desc: "Run a shell in the container"
@@ -29,17 +30,18 @@ tasks:
       region: '{{default "ap-southeast-1" .region}}'
       group: '{{default "" .group}}'
       WS_PATH: '$(case ${TIER} in 1) echo "{{.account}}" ;; 2) echo "{{.account}}/{{.region}}" ;; 3) echo "{{.account}}/{{.region}}/{{.region}}" ;; *) echo "Unsupported tier" && exit 1 ;; esac)'
-      COMMAND: '{{.CMD}} run --platform {{.PLATFORM}} --rm -it -e AWS_PROFILE=devops -v {{.HOME}}/.aws:/root/.aws -v {{.PWD}}/.gitconfig:/root/.gitconfig -v {{.PWD}}:/tf -v {{.PWD}}/local_modules:/tf/workspaces/{{.WS_PATH}}/local_modules -w /tf/workspaces/{{.WS_PATH}} --entrypoint \"\" {{.IMAGE}}'
+      COMMAND: '{{.CMD}} run --platform {{.PLATFORM}} --rm -it -e USER=$(id -u) -e GROUP=$(id -g) -e AWS_PROFILE={{.account}} -v {{.HOME}}/.aws:/root/.aws -v {{.HOME}}/.gitconfig:/root/.gitconfig -v {{.PWD}}:/tf -v {{.PWD}}/local_modules:/tf/workspaces/{{.WS_PATH}}/local_modules -w /tf/workspaces/{{.WS_PATH}} --entrypoint \"\" {{.IMAGE}}'
     cmds:
       - |
-        [ "{{.account}}" ] || ( echo "ACCOUNT is required."; exit 1 )
+        [ "{{.account}}" ] || { echo "account is required."; exit 1; }
         [ "{{.TIER}}" -ge 2 ] && [ -z "{{.region}}" ] && echo "REGION is required." && exit 1 || true
         [ "{{.TIER}}" -eq 3 ] && [ -z "{{.region}}" ] && echo "GROUP is required." && exit 1 || true
-      - echo "{{.account}}"
-      - echo "{{.region}}"
-      - echo "{{.WS_PATH}}"
-      # - echo "{{.COMMAND}}" /bin/sh
-      - eval "{{.COMMAND}}" /bin/sh
+        echo "{{.account}}"
+        echo "{{.region}}"
+        echo "{{.WS_PATH}}"
+        echo "{{.COMMAND}}"
+        eval "{{.COMMAND}}" /bin/sh
+        eval "{{.COMMAND}}" chown -R $(id -u):$(id -g) .
 
   scaffold:
     desc: "Scaffold a workspace"
@@ -51,21 +53,19 @@ tasks:
       WS_PATH: '$(case ${TIER} in 1) echo "{{.account}}" ;; 2) echo "{{.account}}/{{.region}}" ;; 3) echo "{{.account}}/{{.region}}/{{.region}}" ;; *) echo "Unsupported tier" && exit 1 ;; esac)'
       KEY_PATH: '$(case ${TIER} in 1) echo "{{.account}}/{{.PROJECT}}" ;; 2) echo "{{.account}}/{{.PROJECT}}/{{.region}}" ;; 3) echo "{{.account}}/{{.PROJECT}}/{{.region}}/{{.region}}" ;; *) echo "Unsupported tier" && exit 1 ;; esac)'
       RELATIVE_WS_PATH: '$(case "${TIER}" in 1) echo "../..";; 2) echo "../../..";; 3) echo "../../../../";; esac)'
-      RENDER: '{{.CMD}} run --platform {{ .PLATFORM }}  --rm -it -v {{.PWD}}:/tf -w /tf {{.TEMPLATER}}'
+      RENDER: '{{.CMD}} run --platform {{ .PLATFORM }} --user $(id -u):$(id -g) --rm -it -v {{.PWD}}:/tf -w /tf {{.TEMPLATER}}'
     cmds:
       - |
-        [ "{{.account}}" ]    || ( echo "ACCOUNT is required."; exit 1 )
-        [ "{{.account_id}}" ] || ( echo "ACCOUNT_ID is required."; exit 1 )
-        [ "{{.TIER}}" -ge 2 ] && [ -z "{{.region}}" ] && echo "REGION is required." && exit 1 || true
-        [ "{{.TIER}}" -eq 3 ] && [ -z "{{.region}}" ] && echo "GROUP is required." && exit 1 || true
-      - | 
+        [ "{{.account}}" ]    || { echo "account is required."; exit 1; }
+        [ "{{.account_id}}" ] || { echo "account_id is required."; exit 1; }
+        [ "{{.TIER}}" -ge 2 ] && [ -z "{{.region}}" ] && echo "region is required." && exit 1 || true
+        [ "{{.TIER}}" -eq 3 ] && [ -z "{{.region}}" ] && [ -z "{{.group}}" ] && echo "group is required." && exit 1 || true
         [ -d "workspaces/{{.WS_PATH}}" ] && echo "Workspace already exists." && exit 1 || mkdir -p workspaces/{{.WS_PATH}}
         [ -d "workspaces/{{.WS_PATH}}/local_modules" ]  || ( cd workspaces/{{.WS_PATH}}; ln -s {{.RELATIVE_WS_PATH}}/local_modules . )
         [ -f "workspaces/{{.WS_PATH}}/auto.tf" ]   	   || ( cd workspaces/{{.WS_PATH}}; ln -s {{.RELATIVE_WS_PATH}}/base/auto.tf . )
         [ -f "workspaces/{{.WS_PATH}}/main.tf" ]   	   || ( touch ./workspaces/{{.WS_PATH}}/main.tf )
         [ -f "workspaces/{{.WS_PATH}}/vars.tf" ]   	   || ( cp ./base/vars.tf ./workspaces/{{.WS_PATH}}/ ) 
         [ -d "workspaces/{{.WS_PATH}}/resources" ] 	   || ( mkdir -p ./workspaces/{{.WS_PATH}}/resources ; cp -r ./base/skeleton/* ./workspaces/{{.WS_PATH}}/resources ) 
-      - |
         echo "ACCOUNT: {{.account}}" > tmp/config.yaml
         echo "ACCOUNT_ID: \"{{.account_id}}\"" >> tmp/config.yaml
         [ "{{.TIER}}" -ge 2 ] && echo "REGION: {{.region}}" >> tmp/config.yaml
@@ -75,7 +75,8 @@ tasks:
         echo "TIER: {{.TIER}}" >> tmp/config.yaml
         echo "KEY_PATH: {{.KEY_PATH}}" >> tmp/config.yaml
         {{.RENDER}} -c .=/tf/tmp/config.yaml -f /tf/base/provider.tf.tmpl -o /tf/workspaces/{{.WS_PATH}}/provider.tf     
-        {{.RENDER}} -c .=/tf/tmp/config.yaml -f /tf/base/terraform.auto.tfvars.tmpl -o /tf/workspaces/{{.WS_PATH}}/terraform.auto.tfvars
+        [ "{{.TIER}}" -ge 2 ] && {{.RENDER}} -c .=/tf/tmp/config.yaml -f /tf/base/terraform.auto.tfvars.tmpl -o /tf/workspaces/{{.WS_PATH}}/terraform.auto.tfvars  || true
+        echo "Scaffold complete."
 
   unscaffold:
     desc: "Unscaffold a workspace"
@@ -89,7 +90,6 @@ tasks:
         [ "{{.account}}" ] || ( echo "ACCOUNT is required."; exit 1 )
         [ "{{.TIER}}" -ge 2 ] && [ -z "{{.region}}" ] && echo "REGION is required." && exit 1 || true
         [ "{{.TIER}}" -eq 3 ] && [ -z "{{.region}}" ] && echo "GROUP is required." && exit 1 || true
-      - |
         echo "{{.WS_PATH}}"
         [ -d "workspaces/{{.WS_PATH}}" ] || ( echo "Workspace does not exist."; exit 1 )
         rm -rf workspaces/{{.WS_PATH}}

boiler/base/auto.tf

@@ -1,105 +1,3 @@
 # Automation goes here
 
-locals {
-  # Read bucket definitions
-  definitions          = merge([for f in fileset(path.module, "./resources/*.yaml") : yamldecode(file("${path.module}/${f}"))]...)
-  buckets              = { for key, bucket in local.definitions : key => bucket if(try(bucket.disable_s3, false) == false) }
-  notification_buckets = { for key, bucket in local.definitions : key => bucket if(try(length(bucket.notifications) > 0, false)) }
 
-  # Read bucket policies
-  policies = merge([for f in fileset(path.module, "./resources/policies/*.json") : { "${f}" : file("${path.module}/${f}") }]...)
-
-  # Read transfer definitions
-  transfer_families = { for key, configs in local.definitions : key => configs.transfer if(try(length(configs.transfer) > 0, false)) }
-}
-
-
-
-module "s3-bucket" {
-  source  = "terraform-aws-modules/s3-bucket/aws"
-  version = "4.1.2"
-
-  for_each = local.buckets
-
-  bucket = can(each.value.bucket_prefix) ? null : each.key
-
-  acceleration_status                         = try(each.value.acceleration_status, null)
-  acl                                         = try(each.value.acl, null)
-  analytics_configuration                     = try(each.value.analytics_configuration, {})
-  attach_deny_insecure_transport_policy       = try(each.value.attach_deny_insecure_transport_policy, false)
-  attach_deny_unencrypted_object_uploads      = try(each.value.attach_deny_unencrypted_object_uploads, false)
-  attach_elb_log_delivery_policy              = try(each.value.attach_elb_log_delivery_policy, false)
-  attach_inventory_destination_policy         = try(each.value.attach_inventory_destination_policy, false)
-  attach_lb_log_delivery_policy               = try(each.value.attach_lb_log_delivery_policy, false)
-  attach_policy                               = try(each.value.attach_policy, false)
-  attach_public_policy                        = try(each.value.attach_public_policy, true)
-  attach_require_latest_tls_policy            = try(each.value.attach_require_latest_tls_policy, false)
-  block_public_acls                           = try(each.value.block_public_acls, false)
-  block_public_policy                         = try(each.value.block_public_policy, false)
-  bucket_prefix                               = try(each.value.bucket_prefix, null)
-  control_object_ownership                    = try(each.value.control_object_ownership, false)
-  cors_rule                                   = try(each.value.cors_rule, [])
-  create_bucket                               = try(each.value.create_bucket, true)
-  expected_bucket_owner                       = try(each.value.expected_bucket_owner, null)
-  force_destroy                               = try(each.value.force_destroy, false)
-  grant                                       = try(each.value.grant, [])
-  ignore_public_acls                          = try(each.value.ignore_public_acls, false)
-  intelligent_tiering                         = try(each.value.intelligent_tiering, {})
-  inventory_configuration                     = try(each.value.inventory_configuration, {})
-  lifecycle_rule                              = try(each.value.lifecycle_rule, [])
-  logging                                     = try(each.value.logging, {})
-  metric_configuration                        = try(each.value.metric_configuration, [])
-  object_lock_configuration                   = try(each.value.object_lock_configuration, {})
-  object_lock_enabled                         = try(each.value.object_lock_enabled, false)
-  object_ownership                            = try(each.value.object_ownership, "ObjectWriter")
-  policy                                      = try(local.policies["resources/policies/${each.key}.json"], null)
-  replication_configuration                   = try(each.value.replication_configuration, {})
-  request_payer                               = try(each.value.request_payer, null)
-  restrict_public_buckets                     = try(each.value.restrict_public_buckets, false)
-  server_side_encryption_configuration        = try(each.value.server_side_encryption_configuration, {})
-  tags                                        = merge(var.default_tags, try(each.value.tags, {}))
-  versioning                                  = try(each.value.versioning, {})
-  website                                     = try(each.value.website, {})
-}
-
-
-module "s3_notification" {
-  source  = "terraform-aws-modules/s3-bucket/aws//modules/notification"
-  version = "4.1.2"
-
-  for_each = local.notification_buckets
-
-  bucket     = each.key
-  create     = try(each.value.notifications.create, false)
-  bucket_arn = can(try(each.value.notifications.attach_s3_arn, true)) ? module.s3-bucket[each.key].s3_bucket_arn : null
-
-  # SNS
-  create_sns_policy = try(each.value.notifications.sns.attach_policy, false)
-  sns_notifications = try(each.value.notifications.sns.definitions, {})
-
-  # SQS
-  create_sqs_policy = try(each.value.notifications.sqs.attach_policy, false)
-  sqs_notifications = try(each.value.notifications.sqs.definitions, {})
-
-  # EventBridge
-  eventbridge = try(each.value.notifications.eventbridge, false)
-
-  # Lambda
-  lambda_notifications = try(each.value.notifications.lambda, {})
-}
-
-module "transfer_family" {
-  source = "./local_modules/transfer-family"
-
-  for_each = local.transfer_families
-  name     = each.key
-  vpc_name = each.value.vpc_name
-  config   = try(each.value, {})
-
-  region       = var.region
-  default_tags = var.default_tags
-
-  providers = {
-    aws = aws
-  }
-}

boiler/base/provider.tf.tmpl

@@ -1,6 +1,6 @@
 terraform {
   backend "s3" {
-    bucket = "sandbox-iac-opentofu"
+    bucket = "<Replace With Your Bucket>"
     key    = "{{ .KEY_PATH }}/state.tfstate"
     region = "ap-southeast-1"
     #dynamodb_table = ""
@@ -13,4 +13,4 @@ provider "aws" {
 
 variable "region" {
   default = "ap-southeast-1"
-}
+}