From df8aa9dce71064327a131b7a070a69c5ad01f8d7 Mon Sep 17 00:00:00 2001 From: Arnaud Lheureux Date: Thu, 22 Jul 2021 10:20:55 +0800 Subject: [PATCH 01/11] Component version updates --- .env | 12 ++++++------ .env.terraform | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.env b/.env index b33a9488..b49f2d7e 100644 --- a/.env +++ b/.env @@ -1,14 +1,14 @@ -versionAzureCli=2.25.0 +versionAzureCli=2.26.0 versionKubectl=1.21.2 versionGit=1:2.30.2-1ubuntu1 -versionTflint=0.29.1 -versionTflintazrs=0.10.1 +versionTflint=0.30.0 +versionTflintazrs=0.11.0 versionVault=1.7.3 versionJq=1.6-2.1ubuntu1 -versionDockerCompose=1.27.4 -versionTfsec=0.40.6 +versionDockerCompose=1.29.2 +versionTfsec=0.50.7 versionTerraformDocs=0.14.1 versionAnsible=2.10.7-1 versionPacker=1.7.3 -versionCheckov=2.0.228 +versionCheckov=2.0.292 versionMssqlTools=17.7.1.1 diff --git a/.env.terraform b/.env.terraform index 144eb59f..0a97fbb2 100644 --- a/.env.terraform +++ b/.env.terraform @@ -1,5 +1,5 @@ +1.0.3 1.0.1 -1.0.0 0.15.5 0.14.11 0.14.10 From adf70e2fd1204b2241968faa3adc5db8be2603d4 Mon Sep 17 00:00:00 2001 From: Tanner Watson Date: Tue, 10 Aug 2021 15:29:41 +0000 Subject: [PATCH 02/11] Added bsdmainutils for column usage --- .pre-commit-config.yaml | 2 +- Dockerfile | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 17a3cfdd..6ad117a3 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -2,7 +2,7 @@ # See http://pre-commit.com/hooks.html for more hooks repos: - repo: git://github.com/IamTheFij/docker-pre-commit - rev: v2.0.0 + rev: v2.0.1 hooks: - id: docker-compose-check - repo: git://github.com/pre-commit/pre-commit-hooks diff --git a/Dockerfile b/Dockerfile index 5a020b7f..560f8c02 100644 --- a/Dockerfile +++ b/Dockerfile @@ -68,7 +68,8 @@ RUN apt-get update && \ vim \ gpg \ apt-utils \ - gpg-agent && \ + gpg-agent \ + bsdmainutils && \ # # Create USERNAME # From 2102b59d09eeded7c6ff8a6bdd4ca71adfead90b Mon Sep 17 00:00:00 2001 From: Arnaud Lheureux Date: Wed, 11 Aug 2021 09:27:03 +0800 Subject: [PATCH 03/11] Update tools --- .env | 14 +++++++------- .env.terraform | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.env b/.env index b49f2d7e..682247a7 100644 --- a/.env +++ b/.env @@ -1,14 +1,14 @@ -versionAzureCli=2.26.0 +versionAzureCli=2.27.0 versionKubectl=1.21.2 versionGit=1:2.30.2-1ubuntu1 -versionTflint=0.30.0 -versionTflintazrs=0.11.0 -versionVault=1.7.3 +versionTflint=0.31.0 +versionTflintazrs=0.12.0 +versionVault=1.8.1 versionJq=1.6-2.1ubuntu1 versionDockerCompose=1.29.2 -versionTfsec=0.50.7 +versionTfsec=0.57.1 versionTerraformDocs=0.14.1 versionAnsible=2.10.7-1 -versionPacker=1.7.3 -versionCheckov=2.0.292 +versionPacker=1.7.4 +versionCheckov=2.0.344 versionMssqlTools=17.7.1.1 diff --git a/.env.terraform b/.env.terraform index 0a97fbb2..b5346460 100644 --- a/.env.terraform +++ b/.env.terraform @@ -1,5 +1,5 @@ +1.0.4 1.0.3 -1.0.1 0.15.5 0.14.11 0.14.10 From 3033e573a528a934464151b704a1681bd5742f00 Mon Sep 17 00:00:00 2001 From: Arnaud Lheureux Date: Wed, 11 Aug 2021 09:30:59 +0800 Subject: [PATCH 04/11] Removing OLD Terraform versions --- .env.terraform | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.env.terraform b/.env.terraform index b5346460..d5a58b59 100644 --- a/.env.terraform +++ b/.env.terraform @@ -1,7 +1,4 @@ 1.0.4 1.0.3 0.15.5 -0.14.11 -0.14.10 -0.13.7 -0.13.6 +0.14.11 \ No newline at end of file From 34f39d8e7c7b70086ed462af13eedd78f3eec9bd Mon Sep 17 00:00:00 2001 From: lolorol Date: Fri, 13 Aug 2021 03:57:10 +0000 Subject: [PATCH 05/11] Update pre-commit --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 17a3cfdd..6ad117a3 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -2,7 +2,7 @@ # See http://pre-commit.com/hooks.html for more hooks repos: - repo: git://github.com/IamTheFij/docker-pre-commit - rev: v2.0.0 + rev: v2.0.1 hooks: - id: docker-compose-check - repo: git://github.com/pre-commit/pre-commit-hooks From 4438626dc663776fac496c06e0091e37516a20bc Mon Sep 17 00:00:00 2001 From: lolorol Date: Fri, 13 Aug 2021 03:58:21 +0000 Subject: [PATCH 06/11] Add rover on ssh host --- .vscode/settings.json | 11 +++++++++++ rover_on_ssh_host.yml | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+) create mode 100644 .vscode/settings.json create mode 100644 rover_on_ssh_host.yml diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 00000000..116eaf4a --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,11 @@ +{ + "files.eol": "\n", + "editor.tabSize": 2, + "terminal.integrated.scrollback": 32000, + "terminal.integrated.profiles.linux": { + "caf (rover)": { + "path": "docker-compose", + "args": ["-f", "rover_on_ssh_host.yml", "run", "-e", "ROVER_RUNNER=true", "--rm", "-w", "/tf/caf" ,"rover", "/bin/bash"], + "overrideName": true + } +} \ No newline at end of file diff --git a/rover_on_ssh_host.yml b/rover_on_ssh_host.yml new file mode 100644 index 00000000..295a4a9d --- /dev/null +++ b/rover_on_ssh_host.yml @@ -0,0 +1,37 @@ +--- +#------------------------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information. +#------------------------------------------------------------------------------------------------------------- + +# +# Docker compose to open the rover in remote ssh shells +# + +version: '3.7' +services: + rover: + image: aztfmod/rover-preview:1.0.1-2107.200307 + + user: vscode + + labels: + - "caf=Azure CAF" + + volumes: + # This is where VS Code should expect to find your project's source code + # and the value of "workspaceFolder" in .devcontainer/devcontainer.json + - .:/tf/caf + - volume-caf-vscode:/home/vscode + - volume-caf-vscode-bashhistory:/commandhistory + - ~/.ssh:/tmp/.ssh-localhost:ro + - /var/run/docker.sock:/var/run/docker.sock + + # Overrides default command so things don't shut down after the process ends. + command: /bin/sh -c "while sleep 1000; do :; done" + +volumes: + volume-caf-vscode: + labels: + - "caf=Azure CAF" + volume-caf-vscode-bashhistory: From 4d1f998d8dc5e184d441adc7dacdc210f6bb809b Mon Sep 17 00:00:00 2001 From: lolorol Date: Fri, 13 Aug 2021 03:59:37 +0000 Subject: [PATCH 07/11] Add rover untaint --- scripts/functions.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/scripts/functions.sh b/scripts/functions.sh index 87eee3b4..8ce5728c 100644 --- a/scripts/functions.sh +++ b/scripts/functions.sh @@ -64,7 +64,7 @@ function parameter_value { fi echo ${2} -} +} function process_actions { echo "@calling process_actions" @@ -128,7 +128,7 @@ function display_login_instructions { function display_instructions { echo "" echo "You can deploy a landingzone with the rover by running:" - echo " rover -lz [landingzone_folder_name] -a [plan|apply|destroy|validate|refresh|graph|import|output|taint|'state list'|'state rm'|'state show']" + echo " rover -lz [landingzone_folder_name] -a [plan|apply|destroy|validate|refresh|graph|import|output|taint|untaint|'state list'|'state rm'|'state show']" echo "" } @@ -248,7 +248,7 @@ function login_as_sp_from_keyvault_secrets { export ARM_CLIENT_ID=$(az keyvault secret show --id ${sp_keyvault_url}/secrets/sp-client-id --query 'value' -o tsv) export ARM_CLIENT_SECRET=$(az keyvault secret show --id ${sp_keyvault_url}/secrets/sp-client-secret --query 'value' -o tsv) - + information "Loging with service principal" az login --service-principal -u ${ARM_CLIENT_ID} -p ${ARM_CLIENT_SECRET} -t ${ARM_TENANT_ID} @@ -677,7 +677,7 @@ function deploy { return else echo "6" - exit + exit fi fi else @@ -709,7 +709,7 @@ function deploy { "destroy") destroy_from_remote_state ;; - "plan"|"apply"|"validate"|"refresh"|"graph"|"import"|"output"|"taint"|"state list"|"state rm"|"state show") + "plan"|"apply"|"validate"|"refresh"|"graph"|"import"|"output"|"taint"|"untaint"|"state list"|"state rm"|"state show") deploy_from_remote_state ;; *) From cbdc2a96a94c350ec86e3f2f50e8e0669fb2839b Mon Sep 17 00:00:00 2001 From: lolorol Date: Fri, 13 Aug 2021 04:00:06 +0000 Subject: [PATCH 08/11] Set default log_severity level to ERROR --- scripts/rover.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/scripts/rover.sh b/scripts/rover.sh index 60bd3577..e94faded 100755 --- a/scripts/rover.sh +++ b/scripts/rover.sh @@ -42,7 +42,7 @@ current_path=$(pwd) mkdir -p ${TF_PLUGIN_CACHE_DIR} __log_init__ -set_log_severity INFO # Default Log Severity. This can be overriden via -log-severity or -d (shortcut for -log-severity DEBUG) +set_log_severity ERROR # Default Log Severity. This can be overriden via -log-severity or -d (shortcut for -log-severity DEBUG) while (( "$#" )); do case "${1}" in @@ -76,8 +76,8 @@ while (( "$#" )); do ;; -log-severity) set_log_severity $2 - shift 2 - ;; + shift 2 + ;; -stack) export stack_name=${2} shift 2 @@ -115,20 +115,20 @@ while (( "$#" )); do export cd_action=${2} export TF_VAR_level="all" export caf_command="cd" - export devops="true" + export devops="true" len=$# if [ "$len" == "1" ]; then shift 1 else shift 2 fi - - ;; + + ;; test) shift 1 export caf_command="test" export devops="true" - ;; + ;; -sc|--symphony-config) export symphony_yaml_file=$(parameter_value --symphony-config ${2}) shift 2 From df230d24e53bdc8ae6353154c9be557df0bf4bfa Mon Sep 17 00:00:00 2001 From: lolorol Date: Fri, 13 Aug 2021 04:00:55 +0000 Subject: [PATCH 09/11] Update postCreateCommand --- .devcontainer/devcontainer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 3db102f5..bd8caba4 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -25,7 +25,7 @@ // "shutdownAction": "none", // Uncomment the next line to run commands after the container is created. //"postCreateCommand": "cp -R /tmp/.ssh-localhost/* ~/.ssh && sudo chmod 600 ~/.ssh/* && sudo chown -R $(whoami) /tf/caf && git config --global core.editor vim && pre-commit install && pre-commit autoupdate", - "postCreateCommand": "sudo cp -R /tmp/.ssh-localhost/* ~/.ssh && sudo chown -R $(whoami):$(whoami) /tf/caf && sudo chmod 400 ~/.ssh/* && git config --global core.editor vi && pre-commit install && pre-commit autoupdate", + "postCreateCommand": "sudo cp -R /tmp/.ssh-localhost/* ~/.ssh && sudo chown -R $(whoami):$(whoami) /tf/caf ~/.ssh && sudo chmod 400 ~/.ssh/* && git config --global core.editor vi && pre-commit install && pre-commit autoupdate", "postStartCommand": "sudo cp -f /tf/rover/version.txt /tf/caf/scripts/version.txt && sudo rm -rf /tf/rover && sudo ln -s /tf/caf/scripts /tf/rover", // Add the IDs of extensions you want installed when the container is created in the array below. "extensions": [ From 9d2476a5eded667d0b1f8e3083f0b61b8dc506e2 Mon Sep 17 00:00:00 2001 From: lolorol Date: Fri, 13 Aug 2021 12:04:48 +0800 Subject: [PATCH 10/11] Update .env.terraform --- .env.terraform | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.env.terraform b/.env.terraform index d5a58b59..e88e17ed 100644 --- a/.env.terraform +++ b/.env.terraform @@ -1,4 +1,5 @@ 1.0.4 1.0.3 0.15.5 -0.14.11 \ No newline at end of file +0.14.11 +0.13.7 From 1b06f23428d5a92186230b047855a442e075b489 Mon Sep 17 00:00:00 2001 From: lolorol Date: Fri, 13 Aug 2021 04:53:48 +0000 Subject: [PATCH 11/11] Allow rover to run from vscode when using sp --- scripts/functions.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/scripts/functions.sh b/scripts/functions.sh index 8ce5728c..0d07af8f 100644 --- a/scripts/functions.sh +++ b/scripts/functions.sh @@ -633,9 +633,17 @@ function get_logged_user_object_id { export ARM_TENANT_ID=$(az identity show --ids $msiResource | jq -r .tenantId) ;; *) + # Service Principal + # Set the security context for Azure Terraform providers + session=$(az account show --sdk-auth -o json 2> /dev/null) + export ARM_CLIENT_ID=$(echo $session | jq -r .clientId) + export ARM_CLIENT_SECRET=$(echo $session | jq -r .clientSecret) + export ARM_TENANT_ID=$(echo $session | jq -r .tenantId) + export ARM_SUBSCRIPTION_ID=$(echo $session | jq -r .subscriptionId) + # When connected with a service account the name contains the objectId export TF_VAR_logged_aad_app_objectId=$(az ad sp show --id ${clientId} --query objectId -o tsv) && echo " Logged in rover app object_id: ${TF_VAR_logged_aad_app_objectId}" - export TF_VAR_logged_user_objectId=$(az ad sp show --id ${clientId} --query objectId -o tsv) && echo " Logged in rover app object_id: ${TF_VAR_logged_aad_app_objectId}" + export TF_VAR_logged_user_objectId=${TF_VAR_logged_aad_app_objectId} echo " - logged in Azure AD application: $(az ad sp show --id ${clientId} --query displayName -o tsv)" ;; esac