generate terragrunt manifest from terraform module.
Project description
terragrunt-generator
terragrunt-generator provide a way to generate a terragrunt.hcl file with documented inputs who's coming from variables exposed by terraform module.
The result is easily configurable with a yaml file.
Requirements
- python3.6+
Instalation
$ pip install terragrunt-generator
Usages
Exec
$ terragrunt-generator --help
usage: terragrunt-gernerator [-h] [-V] -u URL [-v VERSION] [-p PATH] [--include | --no-include] [-l LOOKUP]
generate terragrunt.hcl confirugation from terraform module
options:
-h, --help show this help message and exit
-V show program's version number and exit
-u URL, --url URL the module repository url
-v VERSION, --version VERSION
the module version to use
-p PATH, --path PATH define the module path if needed
--include, --no-include
do no rendering the include block
-l LOOKUP, --lookup LOOKUP
define the lookup path
Example
$ terragrunt-generator \
-u https://github.com/terraform-google-modules/terraform-google-project-factory.git \
-v v14.2.1 \
-l 'project'
Results
# terraform-google-project-factory v14.2.1
# https://github.com/terraform-google-modules/terraform-google-project-factory/tree/v14.2.1/
#
# yaml config
# ```
# project:
# enabled: true
# # org_id - The organization ID.
# org_id:
# # name - The name for the project
# name:
# # billing_account - The ID of the billing account to associate this project with
# billing_account:
# # random_project_id - Adds a suffix of 4 random characters to the `project_id`.
# random_project_id:
# # domain - The domain name (optional).
# domain:
# # project_id - The ID to give the project. If not provided, the `name` will be used.
# project_id:
# # svpc_host_project_id - The ID of the host project which hosts the shared VPC
# svpc_host_project_id:
# # enable_shared_vpc_host_project - If this project is a shared VPC host project. If true, you must *not* set svpc_host_project_id variable. Default is false.
# enable_shared_vpc_host_project:
# # folder_id - The ID of a folder to host this project
# folder_id:
# # group_name - A group to control the project by being assigned group_role (defaults to project editor)
# group_name:
# # group_role - The role to give the controlling group (group_name) over the project (defaults to project editor)
# group_role: "roles/editor"
# # create_project_sa - Whether the default service account for the project shall be created
# create_project_sa: true
# # project_sa_name - Default service account name for the project.
# project_sa_name: "project-service-account"
# # sa_role - A role to give the default Service Account for the project (defaults to none)
# sa_role:
# # activate_apis - The list of apis to activate within the project
# activate_apis: ["compute.googleapis.com"]
# # activate_api_identities - The list of service identities (Google Managed service account for the API) to force-create for the project (e.g. in order to grant additional roles).
# # APIs in this list will automatically be appended to `activate_apis`.
# # Not including the API in this list will follow the default behaviour for identity creation (which is usually when the first resource using the API is created).
# # Any roles (e.g. service agent role) must be explicitly listed. See https://cloud.google.com/iam/docs/understanding-roles#service-agent-roles-roles for a list of related roles.
# activate_api_identities:
# # usage_bucket_name - Name of a GCS bucket to store GCE usage reports in (optional)
# usage_bucket_name:
# # usage_bucket_prefix - Prefix in the GCS bucket to store GCE usage reports in (optional)
# usage_bucket_prefix:
# # shared_vpc_subnets - List of subnets fully qualified subnet IDs (ie. projects/$project_id/regions/$region/subnetworks/$subnet_id)
# shared_vpc_subnets:
# # labels - Map of labels for project
# labels:
# # bucket_project - A project to create a GCS bucket (bucket_name) in, useful for Terraform state (optional)
# bucket_project:
# # bucket_name - A name for a GCS bucket to create (in the bucket_project project), useful for Terraform state (optional)
# bucket_name:
# # bucket_location - The location for a GCS bucket to create (optional)
# bucket_location: "US"
# # bucket_versioning - Enable versioning for a GCS bucket to create (optional)
# bucket_versioning:
# # bucket_labels - A map of key/value label pairs to assign to the bucket (optional)
# bucket_labels:
# # bucket_force_destroy - Force the deletion of all objects within the GCS bucket when deleting the bucket (optional)
# bucket_force_destroy:
# # bucket_ula - Enable Uniform Bucket Level Access
# bucket_ula: true
# # bucket_pap - Enable Public Access Prevention. Possible values are "enforced" or "inherited".
# bucket_pap: "inherited"
# # auto_create_network - Create the default network
# auto_create_network:
# # lien - Add a lien on the project to prevent accidental deletion
# lien:
# # disable_services_on_destroy - Whether project services will be disabled when the resources are destroyed
# disable_services_on_destroy: true
# # default_service_account - Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`.
# default_service_account: "disable"
# # disable_dependent_services - Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed.
# disable_dependent_services: true
# # budget_monitoring_notification_channels - A list of monitoring notification channels in the form `[projects/{project_id}/notificationChannels/{channel_id}]`. A maximum of 5 channels are allowed.
# budget_monitoring_notification_channels:
# # budget_alert_spent_percents - A list of percentages of the budget to alert on when threshold is exceeded
# budget_alert_spent_percents: [0.5, 0.7, 1.0]
# # budget_alert_spend_basis - The type of basis used to determine if spend has passed the threshold
# budget_alert_spend_basis: "CURRENT_SPEND"
# # budget_labels - A single label and value pair specifying that usage from only this set of labeled resources should be included in the budget.
# budget_labels:
# # vpc_service_control_attach_enabled - Whether the project will be attached to a VPC Service Control Perimeter
# vpc_service_control_attach_enabled:
# # vpc_service_control_sleep_duration - The duration to sleep in seconds before adding the project to a shared VPC after the project is added to the VPC Service Control Perimeter. VPC-SC is eventually consistent.
# vpc_service_control_sleep_duration: "5s"
# # grant_services_security_admin_role - Whether or not to grant Kubernetes Engine Service Agent the Security Admin role on the host project so it can manage firewall rules
# grant_services_security_admin_role:
# # grant_network_role - Whether or not to grant networkUser role on the host project/subnets
# grant_network_role: true
# # consumer_quotas - The quotas configuration you want to override for the project.
# consumer_quotas:
# # default_network_tier - Default Network Service Tier for resources created in this project. If unset, the value will not be modified. See https://cloud.google.com/network-tiers/docs/using-network-service-tiers and https://cloud.google.com/network-tiers.
# default_network_tier:
# # essential_contacts - A mapping of users or groups to be assigned as Essential Contacts to the project, specifying a notification category
# essential_contacts:
# # language_tag - Language code to be used for essential contacts notifications
# language_tag: "en-US"
# # random_project_id_length - Sets the length of `random_project_id` to the provided length, and uses a `random_string` for a larger collusion domain. Recommended for use with CI.
# # random_project_id_length:
# # budget_amount - The amount to use for a budget alert
# # budget_amount:
# # budget_display_name - The display name of the budget. If not set defaults to `Budget For <projects[0]|All Projects>`
# # budget_display_name:
# # budget_alert_pubsub_topic - The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`
# # budget_alert_pubsub_topic:
# # budget_calendar_period - Specifies the calendar period for the budget. Possible values are MONTH, QUARTER, YEAR, CALENDAR_PERIOD_UNSPECIFIED, CUSTOM. custom_period_start_date and custom_period_end_date must be set if CUSTOM
# # budget_calendar_period:
# # budget_custom_period_start_date - Specifies the start date (DD-MM-YYYY) for the calendar_period CUSTOM
# # budget_custom_period_start_date:
# # budget_custom_period_end_date - Specifies the end date (DD-MM-YYYY) for the calendar_period CUSTOM
# # budget_custom_period_end_date:
# # vpc_service_control_perimeter_name - The name of a VPC Service Control Perimeter to add the created project to
# # vpc_service_control_perimeter_name:
# ```
#
include {
path = find_in_parent_folders()
}
locals {
module = {
repository = "github.com/terraform-google-modules/terraform-google-project-factory.git"
path = null
version = "v14.2.1"
source = "${local.module.repository}${local.module.path != null ? local.module.path : ''}?ref=${local.module.version}"
}
environment = get_env("CONFIG", "test")
all = merge(
yamldecode(file(find_in_parent_folders(format("config.%s.yaml", local.environment)))),
)
}
terraform {
source = lookup(local.all.project, "enabled", true) == true ? local.module.source : null
}
inputs = merge({
# billing_account - The ID of the billing account to associate this project with - required
billing_account = lookup(local.all.project, "billing_account", "")
# name - The name for the project - required
name = lookup(local.all.project, "name", "")
# org_id - The organization ID. - required
org_id = lookup(local.all.project, "org_id", "")
# activate_api_identities - The list of service identities (Google Managed service account for the API) to force-create for the project (e.g. in order to grant additional roles).
# APIs in this list will automatically be appended to `activate_apis`.
# Not including the API in this list will follow the default behaviour for identity creation (which is usually when the first resource using the API is created).
# Any roles (e.g. service agent role) must be explicitly listed. See https://cloud.google.com/iam/docs/understanding-roles#service-agent-roles-roles for a list of related roles.
activate_api_identities = lookup(local.all.project, "activate_api_identities", [])
# activate_apis - The list of apis to activate within the project
activate_apis = lookup(local.all.project, "activate_apis", ["compute.googleapis.com"])
# auto_create_network - Create the default network
auto_create_network = lookup(local.all.project, "auto_create_network", false)
# bucket_force_destroy - Force the deletion of all objects within the GCS bucket when deleting the bucket (optional)
bucket_force_destroy = lookup(local.all.project, "bucket_force_destroy", false)
# bucket_labels - A map of key/value label pairs to assign to the bucket (optional)
bucket_labels = lookup(local.all.project, "bucket_labels", {})
# bucket_location - The location for a GCS bucket to create (optional)
bucket_location = lookup(local.all.project, "bucket_location", "US")
# bucket_name - A name for a GCS bucket to create (in the bucket_project project), useful for Terraform state (optional)
bucket_name = lookup(local.all.project, "bucket_name", "")
# bucket_pap - Enable Public Access Prevention. Possible values are "enforced" or "inherited".
bucket_pap = lookup(local.all.project, "bucket_pap", "inherited")
# bucket_project - A project to create a GCS bucket (bucket_name) in, useful for Terraform state (optional)
bucket_project = lookup(local.all.project, "bucket_project", "")
# bucket_ula - Enable Uniform Bucket Level Access
bucket_ula = lookup(local.all.project, "bucket_ula", true)
# bucket_versioning - Enable versioning for a GCS bucket to create (optional)
bucket_versioning = lookup(local.all.project, "bucket_versioning", false)
# budget_alert_spend_basis - The type of basis used to determine if spend has passed the threshold
budget_alert_spend_basis = lookup(local.all.project, "budget_alert_spend_basis", "CURRENT_SPEND")
# budget_alert_spent_percents - A list of percentages of the budget to alert on when threshold is exceeded
budget_alert_spent_percents = lookup(local.all.project, "budget_alert_spent_percents", [0.5, 0.7, 1.0])
# budget_labels - A single label and value pair specifying that usage from only this set of labeled resources should be included in the budget.
budget_labels = lookup(local.all.project, "budget_labels", {})
# budget_monitoring_notification_channels - A list of monitoring notification channels in the form `[projects/{project_id}/notificationChannels/{channel_id}]`. A maximum of 5 channels are allowed.
budget_monitoring_notification_channels = lookup(local.all.project, "budget_monitoring_notification_channels", [])
# consumer_quotas - The quotas configuration you want to override for the project.
consumer_quotas = lookup(local.all.project, "consumer_quotas", [])
# create_project_sa - Whether the default service account for the project shall be created
create_project_sa = lookup(local.all.project, "create_project_sa", true)
# default_network_tier - Default Network Service Tier for resources created in this project. If unset, the value will not be modified. See https://cloud.google.com/network-tiers/docs/using-network-service-tiers and https://cloud.google.com/network-tiers.
default_network_tier = lookup(local.all.project, "default_network_tier", "")
# default_service_account - Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`.
default_service_account = lookup(local.all.project, "default_service_account", "disable")
# disable_dependent_services - Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed.
disable_dependent_services = lookup(local.all.project, "disable_dependent_services", true)
# disable_services_on_destroy - Whether project services will be disabled when the resources are destroyed
disable_services_on_destroy = lookup(local.all.project, "disable_services_on_destroy", true)
# domain - The domain name (optional).
domain = lookup(local.all.project, "domain", "")
# enable_shared_vpc_host_project - If this project is a shared VPC host project. If true, you must *not* set svpc_host_project_id variable. Default is false.
enable_shared_vpc_host_project = lookup(local.all.project, "enable_shared_vpc_host_project", false)
# essential_contacts - A mapping of users or groups to be assigned as Essential Contacts to the project, specifying a notification category
essential_contacts = lookup(local.all.project, "essential_contacts", {})
# folder_id - The ID of a folder to host this project
folder_id = lookup(local.all.project, "folder_id", "")
# grant_network_role - Whether or not to grant networkUser role on the host project/subnets
grant_network_role = lookup(local.all.project, "grant_network_role", true)
# grant_services_security_admin_role - Whether or not to grant Kubernetes Engine Service Agent the Security Admin role on the host project so it can manage firewall rules
grant_services_security_admin_role = lookup(local.all.project, "grant_services_security_admin_role", false)
# group_name - A group to control the project by being assigned group_role (defaults to project editor)
group_name = lookup(local.all.project, "group_name", "")
# group_role - The role to give the controlling group (group_name) over the project (defaults to project editor)
group_role = lookup(local.all.project, "group_role", "roles/editor")
# labels - Map of labels for project
labels = lookup(local.all.project, "labels", {})
# language_tag - Language code to be used for essential contacts notifications
language_tag = lookup(local.all.project, "language_tag", "en-US")
# lien - Add a lien on the project to prevent accidental deletion
lien = lookup(local.all.project, "lien", false)
# project_id - The ID to give the project. If not provided, the `name` will be used.
project_id = lookup(local.all.project, "project_id", "")
# project_sa_name - Default service account name for the project.
project_sa_name = lookup(local.all.project, "project_sa_name", "project-service-account")
# random_project_id - Adds a suffix of 4 random characters to the `project_id`.
random_project_id = lookup(local.all.project, "random_project_id", false)
# sa_role - A role to give the default Service Account for the project (defaults to none)
sa_role = lookup(local.all.project, "sa_role", "")
# shared_vpc_subnets - List of subnets fully qualified subnet IDs (ie. projects/$project_id/regions/$region/subnetworks/$subnet_id)
shared_vpc_subnets = lookup(local.all.project, "shared_vpc_subnets", [])
# svpc_host_project_id - The ID of the host project which hosts the shared VPC
svpc_host_project_id = lookup(local.all.project, "svpc_host_project_id", "")
# usage_bucket_name - Name of a GCS bucket to store GCE usage reports in (optional)
usage_bucket_name = lookup(local.all.project, "usage_bucket_name", "")
# usage_bucket_prefix - Prefix in the GCS bucket to store GCE usage reports in (optional)
usage_bucket_prefix = lookup(local.all.project, "usage_bucket_prefix", "")
# vpc_service_control_attach_enabled - Whether the project will be attached to a VPC Service Control Perimeter
vpc_service_control_attach_enabled = lookup(local.all.project, "vpc_service_control_attach_enabled", false)
# vpc_service_control_sleep_duration - The duration to sleep in seconds before adding the project to a shared VPC after the project is added to the VPC Service Control Perimeter. VPC-SC is eventually consistent.
vpc_service_control_sleep_duration = lookup(local.all.project, "vpc_service_control_sleep_duration", "5s")
},
# budget_alert_pubsub_topic - The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`
(lookup(project, "budget_alert_pubsub_topic", null) == null ? {} : { budget_alert_pubsub_topic = lookup(project, "budget_alert_pubsub_topic") }),
# budget_amount - The amount to use for a budget alert
(lookup(project, "budget_amount", null) == null ? {} : { budget_amount = lookup(project, "budget_amount") }),
# budget_calendar_period - Specifies the calendar period for the budget. Possible values are MONTH, QUARTER, YEAR, CALENDAR_PERIOD_UNSPECIFIED, CUSTOM. custom_period_start_date and custom_period_end_date must be set if CUSTOM
(lookup(project, "budget_calendar_period", null) == null ? {} : { budget_calendar_period = lookup(project, "budget_calendar_period") }),
# budget_custom_period_end_date - Specifies the end date (DD-MM-YYYY) for the calendar_period CUSTOM
(lookup(project, "budget_custom_period_end_date", null) == null ? {} : { budget_custom_period_end_date = lookup(project, "budget_custom_period_end_date") }),
# budget_custom_period_start_date - Specifies the start date (DD-MM-YYYY) for the calendar_period CUSTOM
(lookup(project, "budget_custom_period_start_date", null) == null ? {} : { budget_custom_period_start_date = lookup(project, "budget_custom_period_start_date") }),
# budget_display_name - The display name of the budget. If not set defaults to `Budget For <projects[0]|All Projects>`
(lookup(project, "budget_display_name", null) == null ? {} : { budget_display_name = lookup(project, "budget_display_name") }),
# random_project_id_length - Sets the length of `random_project_id` to the provided length, and uses a `random_string` for a larger collusion domain. Recommended for use with CI.
(lookup(project, "random_project_id_length", null) == null ? {} : { random_project_id_length = lookup(project, "random_project_id_length") }),
# vpc_service_control_perimeter_name - The name of a VPC Service Control Perimeter to add the created project to
(lookup(project, "vpc_service_control_perimeter_name", null) == null ? {} : { vpc_service_control_perimeter_name = lookup(project, "vpc_service_control_perimeter_name") })
)
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file terragrunt-generator-0.6.4.tar.gz.
File metadata
- Download URL: terragrunt-generator-0.6.4.tar.gz
- Upload date:
- Size: 26.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 6ca8057659f22dad54b4751235f9d1fa71aa0d30002afd64ca47c6b80cc9c528 |
|
| MD5 | 29d6306e8ea062877b07eeba373e6482 |
|
| BLAKE2b-256 | f2cd787090f87314a21aea6c07ab6c57af6a7bbb0fb640fff9c102d5c6da20ff |
File details
Details for the file terragrunt_generator-0.6.4-py3-none-any.whl.
File metadata
- Download URL: terragrunt_generator-0.6.4-py3-none-any.whl
- Upload date:
- Size: 24.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 7f3a453d2b2cd5e481460509f7ce8fabb2a726403a8c313ae9bd348f77d7fff4 |
|
| MD5 | c60f62b3f3868a9bd70fc3e0b9e517d3 |
|
| BLAKE2b-256 | 638cd927dbf199c162e6d24707cbaed40eed7a5058aab5b679564940e670a5a9 |
