Python client tool for aws private terraform registry.

These details have not been verified by PyPI

Project links

Project description

aws-terraform-registry-cli

Versions following Semantic Versioning

Overview

This project create a python client which work with AWS Terraform Private Registry.

Features:

Show client configuration (for debug purpose)
Authentication:
- JWT Token generation
- .terraformrc generation to configure Devops workstation
Terraform module publication from external storage (like a githb module release)
Terraform module release (more detail on it below) to store every module inside default bucket of the AWS Terraform Private Registry..

See documentation.

The AWS Terraform Private Registry follow this Architectural design:

Architecture

Installation

Install this library directly into an activated virtual environment:

$ python3 -m pip install aws_terraform_registry

Configuration

We have to provide few informations to this client :

Name	Description
secret_key_name	AWS Secret manager name where JWT Secret is stored
repository_url	HTTPS endpoint of the registry
dynamodb_table_name	AWS dynamodb table name
bucket_name	bucket name
default_namespace	default namespace to publish terraform module ("devops" per default)

All this information can come from several way (choose the rigth for you):

from a yaml configuration file
from environment variable

Yaml configuration can be overriden with environment variable.

YAML configuration

The default file name is terraform_registry.yaml, you can override this with TFR_CONFIG_FILE environmentt variable.

To find thie configuratin file, directories will be lookup in this order:

user home directory
command line directory
/etc/tfr

Environment variable

Name	Enviromnent variable name
secret_key_name	TFR_SECRET_KEY_NAME
repository_url	TFR_REPOSITORY_URL
dynamodb_table_name	TFR_DYNAMODB_TABLE_NAME
bucket_name	TFR_BUCKET_NAME
default_namespace	TFR_DEFAULT_NAMESPACE

All environment variable can be set with .env file inside your command line directory.

Usage

> tfr
usage: tfr [-h] {config,generate-token,generate-terraformrc,publish,release} ...

Manage terraform registry

positional arguments:
  {config,generate-token,generate-terraformrc,release,unpublish,publish}
                        commands
    config              Show configuration parameters
    generate-token      Generate an access token
    generate-terraformrc
                        Generate terraformrc configuration file
    release             Release a terraform module from custom source.
    publish             Publish a terraform module from custom source.
    unpublish           Unpublish a terraform module (Keep archive on s3).

optional arguments:
  -h, --help            show this help message and exit

Configuration

You can print what the python client use as configuration with the command :

tfr config

Example with an empty configuration:

bucket_name: null
default_namespace: devops
dynamodb_table_name: null
repository_url: null
secret_key_name: null

Authentication

Obtain a JWT token

Command :

usage: tfr generate-token [-h] [-weeks WEEKS]

optional arguments:
  -h, --help            show this help message and exit
  -weeks WEEKS, --weeks WEEKS
                        #weeks of validity (52 per default)

Configure terraform with your private registry

Users must create .terraformrc file in their $HOME directory, with this content:

credentials "registry.my-domain.com" {
    token = "Mytoken"
}

Command :

usage: tfr generate-terraformrc [-h] -output-directory OUTPUT_DIRECTORY [-weeks WEEKS]

optional arguments:
  -h, --help            show this help message and exit
  -output-directory OUTPUT_DIRECTORY, --output-directory OUTPUT_DIRECTORY
                        output directory
  -weeks WEEKS, --weeks WEEKS
                        #weeks of validity (52 per default)

Terraform & Publication

You have two way to publish a module, using:

publish
release

What's the difference ?

publish: register the source module as is in the aws private terraform regstry. You could have access issue if this url is not public.

release:

store the source into the dedicated bucket of aws private terraform regstry. The access is managed within registry.

archive (targ.gz) if the source is a folder

download the source if it's an http url

As your module will be stored within registry bucket, terraform client will use s3 signed url

We use release from our ci/cd pipeline and publish only when we have to do something like 'quick and dirty' ... (It never happen, I swear !)

Release command

usage: tfr release [-h] [-namespace NAMESPACE] -name NAME -system SYSTEM -version VERSION -source SOURCE

optional arguments:
  -h, --help            show this help message and exit
  -namespace NAMESPACE, --namespace NAMESPACE
                        module namespace
  -name NAME, --name NAME
                        module name
  -system SYSTEM, --system SYSTEM
                        module system (aws, ...)
  -version VERSION, --version VERSION
                        module version
  -source SOURCE, --source SOURCE
                        module source

Unpublish command

usage: tfr unpublish [-h] [-namespace NAMESPACE] -name NAME -system SYSTEM -version VERSION -source SOURCE

optional arguments:
  -h, --help            show this help message and exit
  -namespace NAMESPACE, --namespace NAMESPACE
                        module namespace
  -name NAME, --name NAME
                        module name
  -system SYSTEM, --system SYSTEM
                        module system (aws, ...)
  -version VERSION, --version VERSION
                        module version

Publish command

usage: tfr publish [-h] [-namespace NAMESPACE] -name NAME -system SYSTEM -version VERSION -source SOURCE

optional arguments:
  -h, --help            show this help message and exit
  -namespace NAMESPACE, --namespace NAMESPACE
                        module namespace
  -name NAME, --name NAME
                        module name
  -system SYSTEM, --system SYSTEM
                        module system (aws, ...)
  -version VERSION, --version VERSION
                        module version
  -source SOURCE, --source SOURCE
                        module source

Project details

These details have not been verified by PyPI

Project links

Release history Release notifications | RSS feed

1.1.5

Sep 4, 2024

This version

1.1.4

Mar 20, 2024

1.1.3

Oct 16, 2023

1.1.2

Oct 13, 2023

1.1.1

Oct 7, 2023

1.1.0

Jun 26, 2023

1.0.0

Jun 23, 2023

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

aws_terraform_registry-1.1.4.tar.gz (14.9 kB view details)

Uploaded Mar 20, 2024 Source

Built Distribution

aws_terraform_registry-1.1.4-py3-none-any.whl (16.3 kB view details)

Uploaded Mar 20, 2024 Python 3

File details

Details for the file aws_terraform_registry-1.1.4.tar.gz.

File metadata

Download URL: aws_terraform_registry-1.1.4.tar.gz
Upload date: Mar 20, 2024
Size: 14.9 kB
Tags: Source
Uploaded using Trusted Publishing? No
Uploaded via: poetry/1.8.2 CPython/3.8.18 Linux/6.5.0-1016-azure

File hashes

Hashes for aws_terraform_registry-1.1.4.tar.gz
Algorithm	Hash digest
SHA256	`f7700317d025389f50b41b02b90e2f97006c14d7457413cb4a25f86e7cb5029e`
MD5	`cfcceb88444ab3970550e4b61f0cb6a2`
BLAKE2b-256	`746efef23d5d290f25e2a5130f264691f183702e9ed41188e33f85016ab3a6da`

See more details on using hashes here.

File details

Details for the file aws_terraform_registry-1.1.4-py3-none-any.whl.

File metadata

Download URL: aws_terraform_registry-1.1.4-py3-none-any.whl
Upload date: Mar 20, 2024
Size: 16.3 kB
Tags: Python 3
Uploaded using Trusted Publishing? No
Uploaded via: poetry/1.8.2 CPython/3.8.18 Linux/6.5.0-1016-azure

File hashes

Hashes for aws_terraform_registry-1.1.4-py3-none-any.whl
Algorithm	Hash digest
SHA256	`f302c93fd4b5242a12f802c45ec3c4bdb2c39a4377c39c95d86cdabdbf230702`
MD5	`03a8bde54b34fe1e307e4c4c62094793`
BLAKE2b-256	`e72955e7e2b916e991eaf2db892df03e571872a2ec5ad29fa0c3914dd14c2042`