-
Notifications
You must be signed in to change notification settings - Fork 0
/
Makefile.terraform_workspace_azure
executable file
·170 lines (134 loc) · 7.08 KB
/
Makefile.terraform_workspace_azure
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
#FOLLOWING VARS NEED TO BE SET IN CALLING MAKEFILE:
#BACKEND_STORAGE_SUBSCRIPTION = ""
#BACKEND_STORAGE_ACCOUNT_NAME = ""
#BACKEND_STORAGE_CONTAINER_NAME = ""
#FOLLOWING VARS SHOULD BE SET AS LOCAL INPUT VAR:
#BACKEND_ACCESS_KEY=""
#AZURE_SUBSCRIPTION=""
##TODO: if subscriptions/backendconfig exists, use sed to extract values from there
##TODO: if subscriptions/backendconfig doesnt exist, check if vars arre set, otherwise fail with error msg
ifeq ($(AZURE_BACKENDCONFIG),)
AZURE_BACKENDCONFIG = ./subscriptions/backendconfig
endif
# terraform executable. set as env variable to overwrite.
ifeq ($(TERRAFORM),)
TERRAFORM = terraform
endif
# give callers a chance to specify a custom path to the configuration file
ifeq ($(VAR_FILE),)
VAR_FILE = subscriptions/$(AZURE_SUBSCRIPTION).tfvars
endif
# give callers a chance to specify a custom path to the plan file
ifeq ($(PLAN_FILE),)
PLAN_FILE = $(AZURE_SUBSCRIPTION).plan
endif
ifeq ($(WORKSPACE_NAME),)
WORKSPACE_NAME = $(AZURE_SUBSCRIPTION)
endif
ifeq ($(WORKSPACE_NAME),default)
BACKEND_STATE_ENV_SUFFIX =
else
BACKEND_STATE_ENV_SUFFIX = env:$(WORKSPACE_NAME)
endif
# state file location cannot be overwritten
STATE_FILE = $(AZURE_SUBSCRIPTION).tfstate
# clean terraform working dir
clean:
@rm -Rf .terraform
# clean modules. need to call make init or make update modules after this
clean-modules:
@rm -Rf .terraform/modules
# clean plugins. need to call make init after this
clean-plugins:
@rm -Rf .terraform/plugins
# force update the modules
update-modules: clean-modules
@$(TERRAFORM) get -update
# format terraform files recursively
fmt:
@$(TERRAFORM) fmt -recursive
# check the format
validate: validate-code
@echo "==> Checking that code complies with terraform fmt requirements..."
@$(TERRAFORM) fmt -check -recursive || (echo; echo "Please correct the files above"; echo; exit 1)
@echo "==> Ok."
# validate code
validate-code: init
@$(TERRAFORM) validate
# clean plugins and modules before init
force-init: clean init
# update modules before init
force-update: update-modules init
.ONESHELL:
create-state-snapshot: BACKEND_TENANT_ID:= $(shell cat $(AZURE_BACKENDCONFIG) | grep tenant_id | sed -e 's/tenant_id\s=\s"\(.*\)"/\1/')
create-state-snapshot: BACKEND_SUBSCRIPTION_ID:= $(shell cat $(AZURE_BACKENDCONFIG) | grep subscription_id | sed -e 's/subscription_id\s=\s"\(.*\)"/\1/')
create-state-snapshot: BACKEND_RESOURCE_GROUP_NAME:= $(shell cat $(AZURE_BACKENDCONFIG) | grep resource_group_name | sed -e 's/resource_group_name\s=\s"\(.*\)"/\1/')
create-state-snapshot: BACKEND_STORAGE_ACCOUNT_NAME:= $(shell cat $(AZURE_BACKENDCONFIG) | grep storage_account_name | sed -e 's/storage_account_name\s=\s"\(.*\)"/\1/')
create-state-snapshot: BACKEND_STORAGE_CONTAINER_NAME:= $(shell cat $(AZURE_BACKENDCONFIG) | grep container_name | sed -e 's/container_name\s=\s"\(.*\)"/\1/')
create-state-snapshot: BACKEND_ACCESS_KEY:= $(shell cat $(AZURE_BACKENDCONFIG) | grep access_key | sed -e 's/access_key\s=\s"\(.*\)"/\1/')
create-state-snapshot: BACKEND_STATE_FILE:= $(shell cat $(AZURE_BACKENDCONFIG) | grep 'key' | grep -v 'access_key' | sed -e 's/key\s=\s"\(.*\)"/\1/')
create-state-snapshot:
@echo "Creating state snapshot"
@az storage blob snapshot --subscription $(BACKEND_SUBSCRIPTION_ID) --container-name $(BACKEND_STORAGE_CONTAINER_NAME) --account-name $(BACKEND_STORAGE_ACCOUNT_NAME) --account-key $(BACKEND_ACCESS_KEY) --name $(BACKEND_STATE_FILE)$(BACKEND_STATE_ENV_SUFFIX) &> /dev/null
# init backend config and modules if necessary
# if you get 'Plugin reinitialization required.' errors, call make force-init
# if you get 'Module not installed' errors, make update-modules should be sufficient
.ONESHELL:
init: BACKEND_TENANT_ID:= $(shell cat $(AZURE_BACKENDCONFIG) | grep tenant_id | sed -e 's/tenant_id\s=\s"\(.*\)"/\1/')
init: BACKEND_SUBSCRIPTION_ID:= $(shell cat $(AZURE_BACKENDCONFIG) | grep subscription_id | sed -e 's/subscription_id\s=\s"\(.*\)"/\1/')
init: BACKEND_RESOURCE_GROUP_NAME:= $(shell cat $(AZURE_BACKENDCONFIG) | grep resource_group_name | sed -e 's/resource_group_name\s=\s"\(.*\)"/\1/')
init: BACKEND_STORAGE_ACCOUNT_NAME:= $(shell cat $(AZURE_BACKENDCONFIG) | grep storage_account_name | sed -e 's/storage_account_name\s=\s"\(.*\)"/\1/')
init: BACKEND_STORAGE_CONTAINER_NAME:= $(shell cat $(AZURE_BACKENDCONFIG) | grep container_name | sed -e 's/container_name\s=\s"\(.*\)"/\1/')
init: BACKEND_ACCESS_KEY:= $(shell cat $(AZURE_BACKENDCONFIG) | grep access_key | sed -e 's/access_key\s=\s"\(.*\)"/\1/')
init: BACKEND_STATE_FILE:= $(shell cat $(AZURE_BACKENDCONFIG) | grep 'key' | grep -v 'access_key' | sed -e 's/key\s=\s"\(.*\)"/\1/')
init:
@if [ ! -f "$(STATE_FILE)" ]; then $(TERRAFORM) init -backend-config="tenant_id=$(BACKEND_TENANT_ID)" -backend-config="subscription_id=$(BACKEND_SUBSCRIPTION_ID)" -backend-config="storage_account_name=$(BACKEND_STORAGE_ACCOUNT_NAME)" -backend-config="container_name=$(BACKEND_STORAGE_CONTAINER_NAME)" -backend-config="access_key=$(BACKEND_ACCESS_KEY)" -backend-config="key=$(BACKEND_STATE_FILE)"; fi
# ensure we are logged in and can fetch a token
ensure-azure-token:
@az account get-access-token > /dev/null
# ensure that a subscription is set
ensure-subscription: ensure-azure-token
@if [ -z "$(AZURE_SUBSCRIPTION)" ]; then echo "Please define an AZURE_SUBSCRIPTION"; exit 1; fi
@az account set --subscription "$(AZURE_SUBSCRIPTION)"
# ensure the backend is initialized and the correct workspace is selected
ensure-workspace: ensure-subscription init
@if [ "$(shell $(TERRAFORM) workspace show)" != "$(WORKSPACE_NAME)" ]; then $(TERRAFORM) workspace select "$(WORKSPACE_NAME)"; fi
# ensure that the config file exists
ensure-config:
@if [ ! -f "$(VAR_FILE)" ]; then echo "Cannot find config file $(VAR_FILE)"; exit 1; fi
# ensure that the plan is missing
check-plan-missing:
@if [ -f "$(PLAN_FILE)" ]; then echo "Current plan exists. Please dismiss first."; exit 1; fi
# ensure that the plan is exists
check-plan-exists:
@if [ ! -f "$(PLAN_FILE)" ]; then echo "Plan is missing. Please create one first."; exit 1; fi
# remove a plan
dismiss-plan:
@rm -f "$(PLAN_FILE)"
# create a plan file
plan: ensure-config check-plan-missing validate ensure-workspace
$(TERRAFORM) plan -var-file $(VAR_FILE) -out $(PLAN_FILE)
# remove the plan before creating a new one
force-plan: dismiss-plan plan
# create a destroy plan
plan-destroy: ensure-config check-plan-missing validate ensure-workspace
$(TERRAFORM) plan -var-file $(VAR_FILE) -out $(PLAN_FILE) -destroy
# apply a previously created plan
apply: check-plan-exists ensure-workspace create-state-snapshot
$(TERRAFORM) apply $(PLAN_FILE)
@rm $(PLAN_FILE)
# apply without creating a plan file
interactive-apply: ensure-config validate ensure-workspace create-state-snapshot
$(TERRAFORM) apply -var-file $(VAR_FILE)
# apply without showing the plan
force-apply: ensure-config validate ensure-workspace create-state-snapshot
$(TERRAFORM) apply -var-file $(VAR_FILE) -auto-approve
MESSAGE ?= Are you sure?
prompt:
@echo
@echo
@read -p "$(MESSAGE) : " deploy; \
if [ $$deploy != "yes" ]; then exit 1; fi
# format, validate the code and re-initialize
.DEFAULT_GOAL := default
default: fmt force-init validate