Skip to content

Commit

Permalink
add codebuild tg/tf version constraint table and implement terragrunt…
Browse files Browse the repository at this point in the history
… latest into version constraint testing
  • Loading branch information
marshall7m committed Jun 19, 2022
1 parent c24f32d commit 9e9a3c2
Show file tree
Hide file tree
Showing 6 changed files with 40 additions and 20 deletions.
14 changes: 4 additions & 10 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -338,6 +338,7 @@ Given EventBridge rules and event deliveries are free, the Step Function executi
∙ 1 x aws_ses_identity_policy
∙ 1 x aws_ses_template
```

## CLI Requirements

Requirements below are needed in order to run `terraform apply` within this module. This module contains null resources that run bash scripts to install pip packages, zip directories, and query the RDS database.
Expand Down Expand Up @@ -492,8 +493,8 @@ Requirements below are needed in order to run `terraform apply` within this modu
| <a name="input_step_function_name"></a> [step\_function\_name](#input\_step\_function\_name) | Name of AWS Step Function machine | `string` | `"deployment-flow"` | no |
| <a name="input_terra_run_env_vars"></a> [terra\_run\_env\_vars](#input\_terra\_run\_env\_vars) | Environment variables that will be provided for tf plan/apply builds | <pre>list(object({<br> name = string<br> value = string<br> type = optional(string)<br> }))</pre> | `[]` | no |
| <a name="input_terra_run_vpc_config"></a> [terra\_run\_vpc\_config](#input\_terra\_run\_vpc\_config) | AWS VPC configurations associated with terra\_run CodeBuild project. <br>Ensure that the configuration allows for outgoing HTTPS traffic. | <pre>object({<br> vpc_id = string<br> subnets = list(string)<br> security_group_ids = list(string)<br> })</pre> | `null` | no |
| <a name="input_terraform_version"></a> [terraform\_version](#input\_terraform\_version) | Terraform version used for create\_deploy\_stack and terra\_run builds. If repo contains a variety of version constraints, implementing a dynamic version manager (e.g. tfenv) is recommended | `string` | `""` | no |
| <a name="input_terragrunt_version"></a> [terragrunt\_version](#input\_terragrunt\_version) | Terragrunt version used for create\_deploy\_stack and terra\_run builds | `string` | `""` | no |
| <a name="input_terraform_version"></a> [terraform\_version](#input\_terraform\_version) | Terraform version used for create\_deploy\_stack and terra\_run builds.<br>Version must be >= `0.13.0`.<br>If repo contains a variety of version constraints, implementing a <br>version manager is recommended (e.g. tfenv). | `string` | `""` | no |
| <a name="input_terragrunt_version"></a> [terragrunt\_version](#input\_terragrunt\_version) | Terragrunt version used for create\_deploy\_stack and terra\_run builds.<br>Version must be >= `0.31.0`.<br>If repo contains a variety of version constraints, implementing a <br>version manager is recommended (e.g. tgswitch). | `string` | `""` | no |
| <a name="input_tf_state_read_access_policy"></a> [tf\_state\_read\_access\_policy](#input\_tf\_state\_read\_access\_policy) | AWS IAM policy ARN that allows create\_deploy\_stack Codebuild project to read from Terraform remote state resource | `string` | n/a | yes |

## Outputs
Expand Down Expand Up @@ -613,11 +614,4 @@ NOTE: All Terraform resources will automatically be deleted during the PyTest se
### Improvements:

- [ ] create aesthetically pleasing approval request HTML template
- [ ] Allow GRAPH_SCAN to be toggled on a PR-level without having to change via Terraform module/CodeBuild console


TODO before release:

- make sure all heredocs and documentation is added
- update gh workflow to use ghcr.io/marshall7m/terrace:v0.1.7
- implement pre-commit hook changes
- [ ] Allow GRAPH_SCAN to be toggled on a PR-level without having to change via Terraform module/CodeBuild console
2 changes: 2 additions & 0 deletions buildspecs/create_deploy_stack/create_deploy_stack.py
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,7 @@ def create_stack(self, path: str, role_arn: str) -> List[map]:
# if set, use graph-dependencies map to determine target execution directories
log.debug(f'$GRAPH_SCAN: {os.environ.get("GRAPH_SCAN", "")}')
if os.environ.get("GRAPH_SCAN", False):
log.info("Running Graph Scan")
target_diff_paths = []
# collects directories that contain new, modified and deleted .hcl/.tf files
parent = repo.commit(os.environ["CODEBUILD_RESOLVED_SOURCE_VERSION"] + "^")
Expand Down Expand Up @@ -120,6 +121,7 @@ def create_stack(self, path: str, role_arn: str) -> List[map]:

diff_paths = list(set(diff_paths))
else:
log.info("Running Plan Scan")
# use the terraform exitcode for each directory found in the terragrunt run-all plan output to determine target execution directories
# set check=False to prevent error raise since the -detailed-exitcode flags causes a return code of 2 if diff in tf plan
run = subprocess_run(
Expand Down
13 changes: 13 additions & 0 deletions tests/unit/buildspecs/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
# Version Constraints

| Build | Binary | Version | Reason |
|-------|--------|---------|--------|
| create_deploy_stack | terraform | >= 0.13.0 | With < 0.13.0, create_stack() return results include `\n` between attributes (fixable) |
| create_deploy_stack | terragrunt | >= 0.31.0 | With < 0.31.0, create_stack() returns nothing from parsing run-all plan. With < 0.23.7, `terragrunt graph-dependencies` cli arg is not available |
| terra_run | terraform | >= 0.13.0 | Within older versions, get_new_provider_resources() would need different parsing of the provider attribute from the tfstate file |
| terra_run | terragrunt | >= 0.31.0 | create_deploy_stack requires `terragrunt run-all` |


## Important Terragrunt releases:
- 0.28.1 introduced `terragrunt run-all`
- 0.23.7 introduced `terragrunt graph-dependencies`
12 changes: 5 additions & 7 deletions tests/unit/buildspecs/conftest.py
Original file line number Diff line number Diff line change
Expand Up @@ -83,16 +83,12 @@ def repo_changes(request, git_repo):

tf_versions = [
pytest.param("latest"),
pytest.param("1.0.0", marks=pytest.mark.skip()),
pytest.param("0.15.0", marks=pytest.mark.skip()),
pytest.param("0.14.0", marks=pytest.mark.skip()),
pytest.param("0.13.0"),
]

tg_versions = [
pytest.param("0.36.7"),
pytest.param("0.36.0", marks=pytest.mark.skip()),
pytest.param("0.35.0", marks=pytest.mark.skip()),
pytest.param("0.34.0", marks=pytest.mark.skip()),
pytest.param("latest"),
pytest.param("0.31.0"),
]


Expand All @@ -104,6 +100,7 @@ def pytest_generate_tests(metafunc):
tf_versions,
scope="function",
ids=[f"tf_{v.values[0]}" for v in tf_versions],
indirect=True,
)

if "terragrunt_version" in metafunc.fixturenames:
Expand All @@ -112,4 +109,5 @@ def pytest_generate_tests(metafunc):
tg_versions,
scope="function",
ids=[f"tg_{v.values[0]}" for v in tg_versions],
indirect=True,
)
5 changes: 4 additions & 1 deletion tests/unit/buildspecs/test_create_deploy_stack.py
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,16 @@ def scan_type_idfn(val):


@pytest.fixture(
params=[pytest.param(True), pytest.param(False, marks=pytest.mark.skip())],
params=[pytest.param(True), pytest.param(False)],
ids=scan_type_idfn,
)
def scan_type(request):
"""Determiens if Terragrun graph depedencies or run-all plan command is used to detect directories with differences"""
if request.param:
os.environ["GRAPH_SCAN"] = "true"
else:
if "GRAPH_SCAN" in os.environ:
del os.environ["GRAPH_SCAN"]
yield None

if "GRAPH_SCAN" in os.environ:
Expand Down
14 changes: 12 additions & 2 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -103,13 +103,23 @@ variable "tf_state_read_access_policy" {
}

variable "terraform_version" {
description = "Terraform version used for create_deploy_stack and terra_run builds. If repo contains a variety of version constraints, implementing a dynamic version manager (e.g. tfenv) is recommended"
description = <<EOF
Terraform version used for create_deploy_stack and terra_run builds.
Version must be >= `0.13.0`.
If repo contains a variety of version constraints, implementing a
version manager is recommended (e.g. tfenv).
EOF
type = string
default = ""
}

variable "terragrunt_version" {
description = "Terragrunt version used for create_deploy_stack and terra_run builds"
description = <<EOF
Terragrunt version used for create_deploy_stack and terra_run builds.
Version must be >= `0.31.0`.
If repo contains a variety of version constraints, implementing a
version manager is recommended (e.g. tgswitch).
EOF
type = string
default = ""
}
Expand Down

0 comments on commit 9e9a3c2

Please sign in to comment.