-
Notifications
You must be signed in to change notification settings - Fork 3
/
main.tf
127 lines (113 loc) · 4.62 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
terraform {
required_version = ">= 0.12"
}
locals {
config_roots = [for conf_root in var.config_roots : abspath(conf_root)]
// find all template files for $stack_id
tmpl_fileset_glob_base = replace(var.tmpl_fileset_glob_base, "MODULE_ID", var.module_id)
root_tmpl_filesets_map = {
for conf_root in local.config_roots :
conf_root => fileset("${conf_root}/${var.tmpl_dir}", local.tmpl_fileset_glob_base)
}
root_tmpl_files = [
for conf_root, filesets in local.root_tmpl_filesets_map : [
for tf_name in filesets : {
source = "${conf_root}/${var.tmpl_dir}/${tf_name}"
dest = "${conf_root}/${local.tmpl_render_dest_prefix}${var.stack_id}/${tf_name}"
}
]
]
config_roots_no_tmpl_base = {
for conf_root, filesets in local.root_tmpl_filesets_map :
conf_root => ["${var.tmpl_dir}/${local.tmpl_fileset_glob_base}"]
if length(filesets) == 0
}
// find all template files for $module_id
override_tmpl_fileset_glob = format(
"${var.stack_id}/%s/%s",
var.namespace_id == null ? "**" : var.namespace_id,
replace(var.tmpl_fileset_glob_overrides, "MODULE_ID", var.module_id)
)
override_tmpl_filesets_map = {
for conf_root in local.config_roots :
conf_root => fileset("${conf_root}/${var.tmpl_dir}", local.override_tmpl_fileset_glob)
}
override_tmpl_files = [
for conf_root, filesets in local.override_tmpl_filesets_map : [
for tf_name in filesets : {
source = "${conf_root}/${var.tmpl_dir}/${tf_name}"
dest = "${conf_root}/${local.tmpl_render_dest_prefix}${tf_name}"
}
]
]
config_roots_no_tmpl_overrides = {
for conf_root, filesets in local.override_tmpl_filesets_map :
conf_root => ["${var.tmpl_dir}/${local.override_tmpl_fileset_glob}"]
if length(filesets) == 0
}
// combine the 2 sets into one big map:
all_tmpl_files = {
for tf in flatten([local.root_tmpl_files, local.override_tmpl_files]) :
tf.source => tf.dest
}
// capture those that have no templates found at all:
config_roots_no_tmpl = {
for config_root, glob in local.config_roots_no_tmpl_base :
config_root => concat(glob, lookup(local.config_roots_no_tmpl_overrides, config_root, []))
}
// if the var.tmpl_render_dest_folder does not end with a /, add it
tmpl_render_dest_prefix = (
trimsuffix(var.tmpl_render_dest_folder, "/") == var.tmpl_render_dest_folder ?
var.tmpl_render_dest_folder
: "${var.tmpl_render_dest_folder}/"
)
}
resource "local_file" "config_values" {
for_each = local.all_tmpl_files
filename = each.value
file_permission = "0644"
content = join("\n", [
"${var.comment_line} WARNING: AUTO-GENERATED by https://github.com/schollii/terraform-local-gen-files.git",
"${var.comment_line} source: ${each.key}",
"${var.comment_line} root module: ${abspath(path.root)}",
templatefile(each.key, var.tmpl_vars)
])
}
locals {
save_config_roots_no_tmpl_found = (
var.save_config_roots_no_tmpl_found && (
length(local.config_roots_no_tmpl) != 0
|| length(local.config_roots_no_tmpl_base) != 0
|| length(local.config_roots_no_tmpl_overrides) != 0
)
)
file_suffix = var.namespace_id == null ? "" : format(".%s", var.namespace_id)
filename = "${basename(path.module)}.${var.module_id}${local.file_suffix}.yaml"
}
resource "local_file" "config_roots_no_tmpl_found" {
count = local.save_config_roots_no_tmpl_found ? 1 : 0
filename = "${path.root}/config_roots_no_tmpl_found/${local.filename}"
file_permission = "0644"
content = yamlencode({
tmpl_fileset_glob_base = local.tmpl_fileset_glob_base
tmpl_fileset_glob_overrides = local.override_tmpl_fileset_glob
num_config_roots = length(local.config_roots)
num_config_roots_no_base = length(local.config_roots_no_tmpl_base)
num_config_roots_no_overrides = length(local.config_roots_no_tmpl_overrides)
num_config_roots_no_tmpl_found = length(local.config_roots_no_tmpl)
config_roots_no_tmpl = keys(local.config_roots_no_tmpl)
config_roots_no_tmpl_base = keys(local.config_roots_no_tmpl_base)
config_roots_no_override_tmpl = keys(local.config_roots_no_tmpl_overrides)
})
}
resource "null_resource" "sops_encrypt_secrets" {
for_each = {for k,v in local.all_tmpl_files: k => v if length(regexall(var.encrypt_fileset_re, v)) > 0}
depends_on = [local_file.config_values]
triggers = {
# Only re-encrypt if the content has changed since last
environment_infra_yaml_updated = local_file.config_values[each.key].id
}
provisioner "local-exec" {
command = "${var.encrypt_command} ${each.value}"
}
}