-
Notifications
You must be signed in to change notification settings - Fork 1
/
Makefile.terraform
130 lines (105 loc) · 4.93 KB
/
Makefile.terraform
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# This makefile is intended to enable Terraform repositories.
# We've had some success with using it manually and with Jenkins.
#
## Recommended .gitignore additions:
# .env
# .terraform
## Override any of the below ?= variables in .config.mk
-include .config.mk
## If you have any local to your repository modifications or extensions
## for this makefile load them into local.mk
## A good usecase would be creating another .check-env:: that looks for
## specific TF_VAR environment variables
-include local.mk
DEFAULT_CLEAN_PATHS ?= *.zip *.backup $(TERRAFORM_DIR) $(CONTAINER_ENV) ## Default paths for the main clean target
CLEAN_PATHS ?= ## Overrideable extra paths for cleanup
CONTAINER_ENGINE ?= docker ## Commands will be executed via the container engine, expected to be docker cli compatible
CONTAINER_ENV ?= .env ## Collects the necessary environment variables for your docker runs
CONTAINER_WORK_DIR ?= /data
TERRAFORM_DIR ?= .terraform
TERRAFORM_IMAGE ?= docker.io/hashicorp/terraform
TERRAFORM_VERSION ?= 1.0.7 ## Terraform is very version specific, so know what you need
TERRAFORM_STATE_S3 ?= no ## If using S3 for shared state, override this with a 'yes'
USER_AWS_CONFIG ?= ${HOME}/.aws
# Helper switches for the BASE_COMMAND
ifeq ("$(USER_AWS_CONFIG)", "$(wildcard $(USER_AWS_CONFIG))")
BASE_ENV := -v $(USER_AWS_CONFIG):/.aws:Z
endif
BASE_ENV := $(BASE_ENV) --env-file=$(CONTAINER_ENV)
BASE_USER := -u $(shell id -u ${USER}):$(shell id -g ${USER})
BASE_WORKDIR := -w $(CONTAINER_WORK_DIR) -v "$(CURDIR)":$(CONTAINER_WORK_DIR):Z
# Container based commands to for use handling target steps
BASE_COMMAND := $(CONTAINER_ENGINE) run --rm -it $(BASE_USER) $(BASE_ENV) $(BASE_WORKDIR)
TERRAFORM_COMMAND := $(BASE_COMMAND) $(TERRAFORM_IMAGE):$(TERRAFORM_VERSION)
# Determine some runtime values
TERRAFORM_ENVIRONMENT := $(TERRAFORM_DIR)/environment
ifeq ("$(TERRAFORM_ENVIRONMENT)", "$(wildcard $(TERRAFORM_ENVIRONMENT))")
# If file exists on disk, get the workspace from it.
# Depending on your file and directory structure you may need to do some adjustments
# such as this sed that takes a region.tier workspace name and changes it to region/tier
# for the directory structure.
TERRAFORM_VAR_FILE := -var-file=$(shell cat $(TERRAFORM_ENVIRONMENT) | sed 's!\.!/!').tfvars
endif
all: help
# Exports the variables for shell use
export
# This helper function makes debuging much easier.
.PHONY: debug-%
.SILENT: debug-%
debug-%: ## Debug a variable by calling `make debug-VARIABLE`
echo $(*) = $($(*))
.PHONY: .check-env
.SILENT: .check-env
.check-env:: # This is ::'d so that you can add a custom version to local.mk for repo specific checks
ifeq ($(origin TERRAFORM_STATE_S3), "yes")
if [ "${AWS_PROFILE}" == "" ]; then \
if [ "${AWS_SECRET_ACCESS_KEY}" == "" ] || [ "${AWS_ACCESS_KEY_ID}" == "" ]; then \
echo "ERROR: AWS_PROFILE _or_ AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY must be profiled"; \
exit 1; \
fi; \
fi
endif
.PHONY: help
.SILENT: help
help: ## Show this help, includes list of all actions.
awk 'BEGIN {FS = ":.*?## "}; /^.+: .*?## / && !/awk/ {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' ${MAKEFILE_LIST}
.PHONY: clean
clean: ## Cleanup the local checkout
-rm -rf $(DEFAULT_CLEAN_PATHS) $(CLEAN_PATHS)
.SILENT: $(CONTAINER_ENV)
$(CONTAINER_ENV):
env | awk '!/TOKEN/ && /^(AWS|TF_VAR)/ { print }' | sort > $(@)
.SILENT: $(TERRAFORM_DIR)
$(TERRAFORM_DIR): $(CONTAINER_ENV)
if [ ! -d $(TERRAFORM_DIR) ]; then $(TERRAFORM_COMMAND) init; else $(TERRAFORM_COMMAND) get --update > /dev/null; fi
.PHONY: init
init: $(TERRAFORM_DIR) ## Initalize shared storage bucket for state and ensure modules are loaded
.PHONY: list-workspaces
list-workspaces: init ## Displays list of workspaces
$(TERRAFORM_COMMAND) workspace list
.PHONY: new-workspace-%
new-workspace-%: init ## Creates and selects a new workspace
$(TERRAFORM_COMMAND) workspace new $*
.PHONY: select-%
select-%: init ## Change to the provided workspace
$(TERRAFORM_COMMAND) workspace select $*
.PHONY: plan-%
plan-%: select-% plan ## Run terraform plan against the defined workspace
: # This is because make doesnt like wildcard targets to not have any actions
.PHONY: plan
plan: init ## Run terraform plan against the current workspace
$(TERRAFORM_COMMAND) plan $(TERRAFORM_VAR_FILE)
.PHONY: test
test: plan ## Standard entry point for running tests. Calls plan
.PHONY: apply-%
apply-%: select-% apply ## Run terraform apply against the defined workspace
: # This is because make doesnt like this target to not have any actions
.PHONY: apply
apply: init ## Run terraform apply against the current workspace
$(TERRAFORM_COMMAND) apply $(TERRAFORM_VAR_FILE)
.PHONY: show
show: init ## Run terraform show against the current workspace. ex: make show RESOURCE=something.or.other
$(TERRAFORM_COMMAND) show $(RESOURCE)
.PHONY: taint
taint: init ## Run terraform taint in current workspace against a resource. ex: make taint RESOURCE=something.or.other
$(TERRAFORM_COMMAND) taint $(RESOURCE)