From 50bdc8a0829a3309b5a0ff747c0872054e87f8b1 Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Mon, 11 Jul 2022 15:56:31 +0530 Subject: [PATCH 01/34] Add atlantis config file in the repo Signed-off-by: Hemanth Gokavarapu --- atlantis.yaml | 9 +++++++++ terraform-gcp/kubernetes.tf | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 atlantis.yaml diff --git a/atlantis.yaml b/atlantis.yaml new file mode 100644 index 0000000..eeb32c5 --- /dev/null +++ b/atlantis.yaml @@ -0,0 +1,9 @@ +--- +version: 3 +workflows: + testing: + plan: + steps: + - init + - plan + - run: "checkov -f $PLANFILE" diff --git a/terraform-gcp/kubernetes.tf b/terraform-gcp/kubernetes.tf index f014f19..7148f3f 100644 --- a/terraform-gcp/kubernetes.tf +++ b/terraform-gcp/kubernetes.tf @@ -15,7 +15,7 @@ resource "google_container_cluster" "primary" { username = var.username password = var.password } - + monitoring_service = none node_config { # tfsec:ignore:AVD-GCP-0050 oauth_scopes = [ From 7c2e6a0628e82d5f3cda293229da08914ceaef32 Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Mon, 11 Jul 2022 16:02:50 +0530 Subject: [PATCH 02/34] Sample terraform infra Signed-off-by: Hemanth Gokavarapu --- kubernetes.tf | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ provider.tf | 3 +++ variables.tf | 24 ++++++++++++++++++++++++ 3 files changed, 75 insertions(+) create mode 100644 kubernetes.tf create mode 100644 provider.tf create mode 100644 variables.tf diff --git a/kubernetes.tf b/kubernetes.tf new file mode 100644 index 0000000..f014f19 --- /dev/null +++ b/kubernetes.tf @@ -0,0 +1,48 @@ +# tfsec:ignore:GCP009: test comment +resource "google_container_cluster" "primary" { + name = var.cluster_name + location = data.google_compute_zones.available.names[0] + initial_node_count = 3 + + min_master_version = var.kubernetes_version + node_version = var.kubernetes_version + + node_locations = [ + data.google_compute_zones.available.names[1], + ] + + master_auth { + username = var.username + password = var.password + } + + node_config { + # tfsec:ignore:AVD-GCP-0050 + oauth_scopes = [ + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/logging.write", + + ] + } +} + +output "cluster_name" { + value = google_container_cluster.primary.name +} + +output "primary_zone" { + value = google_container_cluster.primary.zone +} + +output "additional_zones" { + value = google_container_cluster.primary.additional_zones +} + +output "endpoint" { + value = google_container_cluster.primary.endpoint +} + +output "node_version" { + value = google_container_cluster.primary.node_version +} diff --git a/provider.tf b/provider.tf new file mode 100644 index 0000000..df5d667 --- /dev/null +++ b/provider.tf @@ -0,0 +1,3 @@ +provider "google" { + region = var.region +} diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..59d0de1 --- /dev/null +++ b/variables.tf @@ -0,0 +1,24 @@ +variable "region" { + type = string + default = "us-west-2" +} + +variable "kubernetes_version" { + default = "1.16.8" +} + +variable "username" { + type = string + default = "ubuntu" +} + +variable "password" { + type = string + #tfsec:ignore:GEN001 + default = "ubuntu" +} + +variable "cluster_name" { + type = string + default = "soluble-gcp-example-cluster" +} From 2c2051371be05f5818fe031b100be634250cf73f Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Mon, 11 Jul 2022 16:03:43 +0530 Subject: [PATCH 03/34] Add null resource Signed-off-by: Hemanth Gokavarapu --- main.tf | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 main.tf diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..278796f --- /dev/null +++ b/main.tf @@ -0,0 +1,3 @@ +resource "null_resource" "example" { + +} From 191c826f1ce01ab4123837c3c1c354303364b82e Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Mon, 11 Jul 2022 16:07:26 +0530 Subject: [PATCH 04/34] add terraform lock file Signed-off-by: Hemanth Gokavarapu --- .terraform.lock.hcl | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 .terraform.lock.hcl diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl new file mode 100644 index 0000000..e3c258e --- /dev/null +++ b/.terraform.lock.hcl @@ -0,0 +1,40 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "4.27.0" + hashes = [ + "h1:ht3rMVVE/AHBadDIPoMGS5jcbgnRMcgPKvqKrRQ33CU=", + "zh:0ec41ae6810de7e1dbf8c8926523fb2cb6947f62932152c82c2c52ca2d9880be", + "zh:28349b499a631e15a02eb9603c659ec894cd50149be6b90c3b35b11980a234a2", + "zh:2fcbb1c4d3e6512a18330eb8141b2518acac2358fb7c05c374d32a6dcc435916", + "zh:4535e448bd794743fe14e8f9d1e640b28a0689b44341ea8fd5d9b229038693c8", + "zh:545ac27a491cb054ca4b7fbd83999a0b48e445036c06cb470c78afb9dcb5fb6f", + "zh:60df2a43c3791e1c919cdf9f1388dcf73cd4c9de4e266539b2c489eb8be9ec09", + "zh:756ea83635bc607e935cd0b9adaa3fc0f9528038766e1dba1f79d74c42556ffb", + "zh:7bf6c65359cc5fef8757787abe5f5f8ca786ce4de3045872226b54a7b51a5e29", + "zh:bbb0f05e4f080aae755752e68ca8b03240602d7af254a86af1e392c0dd5776b5", + "zh:c663bc5b18bc5015ccf763f6f6baea26319459e1e757af34a250b27cf689b80a", + "zh:da23872670199d3ce5448c1a75bf4ac9fbeafb92bad84a3e977de6c0a9dced08", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/null" { + version = "3.1.1" + hashes = [ + "h1:Pctug/s/2Hg5FJqjYcTM0kPyx3AoYK1MpRWO0T9V2ns=", + "zh:063466f41f1d9fd0dd93722840c1314f046d8760b1812fa67c34de0afcba5597", + "zh:08c058e367de6debdad35fc24d97131c7cf75103baec8279aba3506a08b53faf", + "zh:73ce6dff935150d6ddc6ac4a10071e02647d10175c173cfe5dca81f3d13d8afe", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:8fdd792a626413502e68c195f2097352bdc6a0df694f7df350ed784741eb587e", + "zh:976bbaf268cb497400fd5b3c774d218f3933271864345f18deebe4dcbfcd6afa", + "zh:b21b78ca581f98f4cdb7a366b03ae9db23a73dfa7df12c533d7c19b68e9e72e5", + "zh:b7fc0c1615dbdb1d6fd4abb9c7dc7da286631f7ca2299fb9cd4664258ccfbff4", + "zh:d1efc942b2c44345e0c29bc976594cb7278c38cfb8897b344669eafbc3cddf46", + "zh:e356c245b3cd9d4789bab010893566acace682d7db877e52d40fc4ca34a50924", + "zh:ea98802ba92fcfa8cf12cbce2e9e7ebe999afbf8ed47fa45fc847a098d89468b", + "zh:eff8872458806499889f6927b5d954560f3d74bf20b6043409edf94d26cd906f", + ] +} From 3124b8a8a7f591fa51e0fcb6fbf9bd3a18ab20d4 Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Mon, 11 Jul 2022 16:15:19 +0530 Subject: [PATCH 05/34] fix the customize atlantis Signed-off-by: Hemanth Gokavarapu --- atlantis.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/atlantis.yaml b/atlantis.yaml index eeb32c5..a536bb3 100644 --- a/atlantis.yaml +++ b/atlantis.yaml @@ -5,5 +5,6 @@ workflows: plan: steps: - init - - plan + - run: "terraform plan -input=false -refresh -out $PLANFILE" - run: "checkov -f $PLANFILE" + - run: "printf 'print me'" From a29ff4bd6f7cb177667a191ba41442f747d9df85 Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Mon, 11 Jul 2022 16:26:05 +0530 Subject: [PATCH 06/34] Add monitoring service Signed-off-by: Hemanth Gokavarapu --- kubernetes.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/kubernetes.tf b/kubernetes.tf index f014f19..91964de 100644 --- a/kubernetes.tf +++ b/kubernetes.tf @@ -10,7 +10,8 @@ resource "google_container_cluster" "primary" { node_locations = [ data.google_compute_zones.available.names[1], ] - + monitoring_service = "monitoring.googleapis.com/kubernetes" + master_auth { username = var.username password = var.password @@ -23,8 +24,7 @@ resource "google_container_cluster" "primary" { "https://www.googleapis.com/auth/devstorage.read_only", "https://www.googleapis.com/auth/logging.write", - ] - } + ]} } output "cluster_name" { From 95e942f3dfd67bf0748ef1972a77ebdbcbb8af3f Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Mon, 11 Jul 2022 16:31:52 +0530 Subject: [PATCH 07/34] Add projects information Signed-off-by: Hemanth Gokavarapu --- atlantis.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/atlantis.yaml b/atlantis.yaml index a536bb3..9e06097 100644 --- a/atlantis.yaml +++ b/atlantis.yaml @@ -1,5 +1,8 @@ --- version: 3 +projects: + - dir: . + workflow: testing workflows: testing: plan: From af45b59f1667e17c6aeff0095ee691be610b21e5 Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Mon, 11 Jul 2022 16:34:20 +0530 Subject: [PATCH 08/34] Add projects information Signed-off-by: Hemanth Gokavarapu --- atlantis.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/atlantis.yaml b/atlantis.yaml index 9e06097..2016aa1 100644 --- a/atlantis.yaml +++ b/atlantis.yaml @@ -10,4 +10,4 @@ workflows: - init - run: "terraform plan -input=false -refresh -out $PLANFILE" - run: "checkov -f $PLANFILE" - - run: "printf 'print me'" + - run: "printf 'print meeee'" From 7dd3f50e47376b068e7364c04e98e05895cc8880 Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Mon, 11 Jul 2022 16:37:19 +0530 Subject: [PATCH 09/34] Add newline after config Signed-off-by: Hemanth Gokavarapu --- kubernetes.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes.tf b/kubernetes.tf index 91964de..1408145 100644 --- a/kubernetes.tf +++ b/kubernetes.tf @@ -23,8 +23,8 @@ resource "google_container_cluster" "primary" { "https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/devstorage.read_only", "https://www.googleapis.com/auth/logging.write", - ]} + } output "cluster_name" { From 78483f0d9ed040f9921b02f0b9042eda0d5ef7a6 Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Mon, 11 Jul 2022 16:39:49 +0530 Subject: [PATCH 10/34] Add newline after config Signed-off-by: Hemanth Gokavarapu --- kubernetes.tf | 6 ++++-- terraform-gcp/kubernetes.tf | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/kubernetes.tf b/kubernetes.tf index 1408145..790f4b1 100644 --- a/kubernetes.tf +++ b/kubernetes.tf @@ -11,7 +11,7 @@ resource "google_container_cluster" "primary" { data.google_compute_zones.available.names[1], ] monitoring_service = "monitoring.googleapis.com/kubernetes" - + master_auth { username = var.username password = var.password @@ -23,7 +23,9 @@ resource "google_container_cluster" "primary" { "https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/devstorage.read_only", "https://www.googleapis.com/auth/logging.write", - ]} + ] + + } } diff --git a/terraform-gcp/kubernetes.tf b/terraform-gcp/kubernetes.tf index 7148f3f..70d3791 100644 --- a/terraform-gcp/kubernetes.tf +++ b/terraform-gcp/kubernetes.tf @@ -22,7 +22,7 @@ resource "google_container_cluster" "primary" { "https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/devstorage.read_only", "https://www.googleapis.com/auth/logging.write", - + ] } } From a246c8018dedaede095490692c1d05373706d8d9 Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Mon, 11 Jul 2022 16:46:19 +0530 Subject: [PATCH 11/34] Add newline after config Signed-off-by: Hemanth Gokavarapu --- atlantis.yaml | 9 +++++---- kubernetes.tf | 7 +++++-- terraform-gcp/kubernetes.tf | 5 ++++- 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/atlantis.yaml b/atlantis.yaml index 2016aa1..e6eeaaf 100644 --- a/atlantis.yaml +++ b/atlantis.yaml @@ -3,10 +3,11 @@ version: 3 projects: - dir: . workflow: testing -workflows: - testing: - plan: - steps: +workflows: + testing: + plan: + steps: + - run: "printf 'print getting started'" - init - run: "terraform plan -input=false -refresh -out $PLANFILE" - run: "checkov -f $PLANFILE" diff --git a/kubernetes.tf b/kubernetes.tf index 790f4b1..d5c25e6 100644 --- a/kubernetes.tf +++ b/kubernetes.tf @@ -1,6 +1,9 @@ +data "google_compute_zones" "available" { +} + # tfsec:ignore:GCP009: test comment resource "google_container_cluster" "primary" { - name = var.cluster_name + name = var.cluster_name location = data.google_compute_zones.available.names[0] initial_node_count = 3 @@ -24,7 +27,7 @@ resource "google_container_cluster" "primary" { "https://www.googleapis.com/auth/devstorage.read_only", "https://www.googleapis.com/auth/logging.write", ] - + } } diff --git a/terraform-gcp/kubernetes.tf b/terraform-gcp/kubernetes.tf index 70d3791..e4a2e2c 100644 --- a/terraform-gcp/kubernetes.tf +++ b/terraform-gcp/kubernetes.tf @@ -1,3 +1,6 @@ +data "google_compute_zones" "available" { +} + # tfsec:ignore:GCP009: test comment resource "google_container_cluster" "primary" { name = var.cluster_name @@ -22,7 +25,7 @@ resource "google_container_cluster" "primary" { "https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/devstorage.read_only", "https://www.googleapis.com/auth/logging.write", - + ] } } From 589f4a0eb9e2aceebd98211f5bde5192a13967bd Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Mon, 11 Jul 2022 16:49:09 +0530 Subject: [PATCH 12/34] Add newline after config Signed-off-by: Hemanth Gokavarapu --- terraform-gcp/kubernetes.tf | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/terraform-gcp/kubernetes.tf b/terraform-gcp/kubernetes.tf index e4a2e2c..4790604 100644 --- a/terraform-gcp/kubernetes.tf +++ b/terraform-gcp/kubernetes.tf @@ -15,10 +15,11 @@ resource "google_container_cluster" "primary" { ] master_auth { - username = var.username - password = var.password + client_certificate_config { + issue_client_certificate = false + } } - monitoring_service = none + node_config { # tfsec:ignore:AVD-GCP-0050 oauth_scopes = [ From a4b86430b8677d497e692427e93610a5062a1b28 Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Mon, 11 Jul 2022 16:50:56 +0530 Subject: [PATCH 13/34] kubernetes file with master password issue Signed-off-by: Hemanth Gokavarapu --- kubernetes.tf | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/kubernetes.tf b/kubernetes.tf index d5c25e6..cee7af9 100644 --- a/kubernetes.tf +++ b/kubernetes.tf @@ -16,8 +16,9 @@ resource "google_container_cluster" "primary" { monitoring_service = "monitoring.googleapis.com/kubernetes" master_auth { - username = var.username - password = var.password + client_certificate_config { + issue_client_certificate = false + } } node_config { From 53294600e1bb3a59582456f2d0d4765d2a209162 Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Mon, 11 Jul 2022 16:53:13 +0530 Subject: [PATCH 14/34] fix terraform output Signed-off-by: Hemanth Gokavarapu --- kubernetes.tf | 8 -------- 1 file changed, 8 deletions(-) diff --git a/kubernetes.tf b/kubernetes.tf index cee7af9..0f6aac9 100644 --- a/kubernetes.tf +++ b/kubernetes.tf @@ -37,14 +37,6 @@ output "cluster_name" { value = google_container_cluster.primary.name } -output "primary_zone" { - value = google_container_cluster.primary.zone -} - -output "additional_zones" { - value = google_container_cluster.primary.additional_zones -} - output "endpoint" { value = google_container_cluster.primary.endpoint } From 2f97fcf7eb880e8b035700a2dc1b466ea482ea84 Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Mon, 11 Jul 2022 16:57:29 +0530 Subject: [PATCH 15/34] Set the project field Signed-off-by: Hemanth Gokavarapu --- provider.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/provider.tf b/provider.tf index df5d667..87a293a 100644 --- a/provider.tf +++ b/provider.tf @@ -1,3 +1,4 @@ provider "google" { - region = var.region + project = "soluble-ci" + region = var.region } From 55493f06e0fec41ff213e78875e6dfc19f69e5cd Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Mon, 11 Jul 2022 17:01:33 +0530 Subject: [PATCH 16/34] specify the hardcoded location Signed-off-by: Hemanth Gokavarapu --- kubernetes.tf | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/kubernetes.tf b/kubernetes.tf index 0f6aac9..0bbe6b7 100644 --- a/kubernetes.tf +++ b/kubernetes.tf @@ -4,15 +4,12 @@ data "google_compute_zones" "available" { # tfsec:ignore:GCP009: test comment resource "google_container_cluster" "primary" { name = var.cluster_name - location = data.google_compute_zones.available.names[0] - initial_node_count = 3 + location = "us-central1" + initial_node_count = 1 min_master_version = var.kubernetes_version node_version = var.kubernetes_version - node_locations = [ - data.google_compute_zones.available.names[1], - ] monitoring_service = "monitoring.googleapis.com/kubernetes" master_auth { From b8a3c4d76a5e9acbd37858567bccb61c04d21952 Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Mon, 11 Jul 2022 17:08:17 +0530 Subject: [PATCH 17/34] generate json file Signed-off-by: Hemanth Gokavarapu --- atlantis.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/atlantis.yaml b/atlantis.yaml index e6eeaaf..db9f2d6 100644 --- a/atlantis.yaml +++ b/atlantis.yaml @@ -10,5 +10,6 @@ workflows: - run: "printf 'print getting started'" - init - run: "terraform plan -input=false -refresh -out $PLANFILE" - - run: "checkov -f $PLANFILE" + - run: "terragrunt show -json $PLANFILE > $SHOWFILE" + - run: "checkov -f $SHOWFILE" - run: "printf 'print meeee'" From 6dbf4ccbe8ac4d74d0fdb9bd95cc2f141a5cb5e7 Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Mon, 11 Jul 2022 17:09:55 +0530 Subject: [PATCH 18/34] fix command Signed-off-by: Hemanth Gokavarapu --- atlantis.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/atlantis.yaml b/atlantis.yaml index db9f2d6..6bd579c 100644 --- a/atlantis.yaml +++ b/atlantis.yaml @@ -10,6 +10,6 @@ workflows: - run: "printf 'print getting started'" - init - run: "terraform plan -input=false -refresh -out $PLANFILE" - - run: "terragrunt show -json $PLANFILE > $SHOWFILE" + - run: "terraform show -json $PLANFILE > $SHOWFILE" - run: "checkov -f $SHOWFILE" - run: "printf 'print meeee'" From 989b82825bc402fc2fed2cc490e83a0d51b3cacf Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Tue, 12 Jul 2022 10:52:10 +0530 Subject: [PATCH 19/34] use soluble command instead of the checkov Signed-off-by: Hemanth Gokavarapu --- atlantis.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/atlantis.yaml b/atlantis.yaml index 6bd579c..22d9727 100644 --- a/atlantis.yaml +++ b/atlantis.yaml @@ -11,5 +11,5 @@ workflows: - init - run: "terraform plan -input=false -refresh -out $PLANFILE" - run: "terraform show -json $PLANFILE > $SHOWFILE" - - run: "checkov -f $SHOWFILE" + - run: "soluble ea terraform-plan-scan --plan $SHOWFILE" - run: "printf 'print meeee'" From 72b44a633ae9f5f5d7dafdd7d4316e1517f51d83 Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Tue, 12 Jul 2022 11:39:35 +0530 Subject: [PATCH 20/34] Test environment variables Signed-off-by: Hemanth Gokavarapu --- atlantis.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/atlantis.yaml b/atlantis.yaml index 22d9727..b2a155c 100644 --- a/atlantis.yaml +++ b/atlantis.yaml @@ -7,7 +7,7 @@ workflows: testing: plan: steps: - - run: "printf 'print getting started'" + - run: "printf 'print getting started: $HEAD_COMMIT $HEAD_BRANCH_NAME'" - init - run: "terraform plan -input=false -refresh -out $PLANFILE" - run: "terraform show -json $PLANFILE > $SHOWFILE" From 88121ad4b188eecd9b765df2e0b14cbfb01e7d4a Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Tue, 12 Jul 2022 11:41:06 +0530 Subject: [PATCH 21/34] Test environment variables Signed-off-by: Hemanth Gokavarapu --- atlantis.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/atlantis.yaml b/atlantis.yaml index b2a155c..71a8db1 100644 --- a/atlantis.yaml +++ b/atlantis.yaml @@ -7,7 +7,7 @@ workflows: testing: plan: steps: - - run: "printf 'print getting started: $HEAD_COMMIT $HEAD_BRANCH_NAME'" + - run: "printf 'print getting started:' $HEAD_COMMIT $HEAD_BRANCH_NAME" - init - run: "terraform plan -input=false -refresh -out $PLANFILE" - run: "terraform show -json $PLANFILE > $SHOWFILE" From e8c39b19af5688d2408e43c8be0843a6983f1bb9 Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Tue, 12 Jul 2022 11:46:31 +0530 Subject: [PATCH 22/34] Test environment variables Signed-off-by: Hemanth Gokavarapu --- atlantis.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/atlantis.yaml b/atlantis.yaml index 71a8db1..72afc60 100644 --- a/atlantis.yaml +++ b/atlantis.yaml @@ -7,7 +7,7 @@ workflows: testing: plan: steps: - - run: "printf 'print getting started:' $HEAD_COMMIT $HEAD_BRANCH_NAME" + - run: "printf 'print getting started: $HEAD_COMMIT $HEAD_BRANCH_NAME $PULL_NUM $PROJECT_NAME $HEAD_REPO_OWNER $HEAD_BRANCH_NAME $ATLANTIS_TERRAFORM_VERSION'" - init - run: "terraform plan -input=false -refresh -out $PLANFILE" - run: "terraform show -json $PLANFILE > $SHOWFILE" From 210602063295bc77864cd59f5079c84e161709c3 Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Tue, 12 Jul 2022 12:20:45 +0530 Subject: [PATCH 23/34] Test environment variables Signed-off-by: Hemanth Gokavarapu --- atlantis.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/atlantis.yaml b/atlantis.yaml index 72afc60..50c3586 100644 --- a/atlantis.yaml +++ b/atlantis.yaml @@ -7,7 +7,7 @@ workflows: testing: plan: steps: - - run: "printf 'print getting started: $HEAD_COMMIT $HEAD_BRANCH_NAME $PULL_NUM $PROJECT_NAME $HEAD_REPO_OWNER $HEAD_BRANCH_NAME $ATLANTIS_TERRAFORM_VERSION'" + - run: "printf 'print getting started: $PLANFILE $WORKSPACE $DIR $HEAD_COMMIT $HEAD_BRANCH_NAME $PULL_NUM $PROJECT_NAME $HEAD_REPO_OWNER $HEAD_BRANCH_NAME $ATLANTIS_TERRAFORM_VERSION'" - init - run: "terraform plan -input=false -refresh -out $PLANFILE" - run: "terraform show -json $PLANFILE > $SHOWFILE" From 4d48be75eff297932eea225a3e9b9806f411e8e1 Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Tue, 12 Jul 2022 12:52:13 +0530 Subject: [PATCH 24/34] Test suppression Signed-off-by: Hemanth Gokavarapu --- .lacework/config.yaml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 .lacework/config.yaml diff --git a/.lacework/config.yaml b/.lacework/config.yaml new file mode 100644 index 0000000..610deee --- /dev/null +++ b/.lacework/config.yaml @@ -0,0 +1,2 @@ +suppress: + - "ckv-aws-61" From 21f9e13b6576292942db49ab7b6aea73e3f5e929 Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Tue, 12 Jul 2022 12:52:58 +0530 Subject: [PATCH 25/34] Test suppression Signed-off-by: Hemanth Gokavarapu --- .lacework/config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.lacework/config.yaml b/.lacework/config.yaml index 610deee..40564a3 100644 --- a/.lacework/config.yaml +++ b/.lacework/config.yaml @@ -1,2 +1,2 @@ suppress: - - "ckv-aws-61" + - "ckv-aws-50" From df63a66fdbebc207d88e3c71b083ded384bb5a38 Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Tue, 12 Jul 2022 12:57:25 +0530 Subject: [PATCH 26/34] Test suppression Signed-off-by: Hemanth Gokavarapu --- .lacework/config.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.lacework/config.yaml b/.lacework/config.yaml index 40564a3..c1b0892 100644 --- a/.lacework/config.yaml +++ b/.lacework/config.yaml @@ -1,2 +1,3 @@ suppress: - "ckv-aws-50" + - "ckv-aws-50 From f0d9ed9f00b7bf35ea608915c1c6c6863ad09883 Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Tue, 12 Jul 2022 12:58:44 +0530 Subject: [PATCH 27/34] Test suppression Signed-off-by: Hemanth Gokavarapu --- .lacework/config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.lacework/config.yaml b/.lacework/config.yaml index c1b0892..ffd12da 100644 --- a/.lacework/config.yaml +++ b/.lacework/config.yaml @@ -1,3 +1,3 @@ suppress: - "ckv-aws-50" - - "ckv-aws-50 + - "ckv-gcp-20" From 77675bf5f3ee65dbf613a2162c1e353fbf681840 Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Tue, 12 Jul 2022 13:03:00 +0530 Subject: [PATCH 28/34] test with sub directory Signed-off-by: Hemanth Gokavarapu --- atlantis.yaml | 2 +- terraform-gcp/kubernetes.tf | 21 ++++++--------------- 2 files changed, 7 insertions(+), 16 deletions(-) diff --git a/atlantis.yaml b/atlantis.yaml index 50c3586..4ad37c7 100644 --- a/atlantis.yaml +++ b/atlantis.yaml @@ -1,7 +1,7 @@ --- version: 3 projects: - - dir: . + - dir: terraform-gcp workflow: testing workflows: testing: diff --git a/terraform-gcp/kubernetes.tf b/terraform-gcp/kubernetes.tf index 4790604..0bbe6b7 100644 --- a/terraform-gcp/kubernetes.tf +++ b/terraform-gcp/kubernetes.tf @@ -3,16 +3,14 @@ data "google_compute_zones" "available" { # tfsec:ignore:GCP009: test comment resource "google_container_cluster" "primary" { - name = var.cluster_name - location = data.google_compute_zones.available.names[0] - initial_node_count = 3 + name = var.cluster_name + location = "us-central1" + initial_node_count = 1 min_master_version = var.kubernetes_version node_version = var.kubernetes_version - node_locations = [ - data.google_compute_zones.available.names[1], - ] + monitoring_service = "monitoring.googleapis.com/kubernetes" master_auth { client_certificate_config { @@ -26,23 +24,16 @@ resource "google_container_cluster" "primary" { "https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/devstorage.read_only", "https://www.googleapis.com/auth/logging.write", - ] + } + } output "cluster_name" { value = google_container_cluster.primary.name } -output "primary_zone" { - value = google_container_cluster.primary.zone -} - -output "additional_zones" { - value = google_container_cluster.primary.additional_zones -} - output "endpoint" { value = google_container_cluster.primary.endpoint } From b34f2d7cf4c913b2441d2823258a029476ad99e2 Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Tue, 12 Jul 2022 13:05:07 +0530 Subject: [PATCH 29/34] Add provider Signed-off-by: Hemanth Gokavarapu --- terraform-gcp/provider.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/terraform-gcp/provider.tf b/terraform-gcp/provider.tf index df5d667..6e7035c 100644 --- a/terraform-gcp/provider.tf +++ b/terraform-gcp/provider.tf @@ -1,3 +1,4 @@ provider "google" { + project = "soluble-ci" region = var.region } From efcb2c89886ceb293c1c6b2decd656b320c19e60 Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Tue, 12 Jul 2022 13:08:30 +0530 Subject: [PATCH 30/34] echo env Signed-off-by: Hemanth Gokavarapu --- atlantis.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/atlantis.yaml b/atlantis.yaml index 4ad37c7..015ebe3 100644 --- a/atlantis.yaml +++ b/atlantis.yaml @@ -8,6 +8,7 @@ workflows: plan: steps: - run: "printf 'print getting started: $PLANFILE $WORKSPACE $DIR $HEAD_COMMIT $HEAD_BRANCH_NAME $PULL_NUM $PROJECT_NAME $HEAD_REPO_OWNER $HEAD_BRANCH_NAME $ATLANTIS_TERRAFORM_VERSION'" + - run: "echo $DIR" - init - run: "terraform plan -input=false -refresh -out $PLANFILE" - run: "terraform show -json $PLANFILE > $SHOWFILE" From 94df04d105dd2989a21237e6fc76137b89a9bd65 Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Tue, 12 Jul 2022 13:10:44 +0530 Subject: [PATCH 31/34] Print other env variables too Signed-off-by: Hemanth Gokavarapu --- atlantis.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/atlantis.yaml b/atlantis.yaml index 015ebe3..a51cc46 100644 --- a/atlantis.yaml +++ b/atlantis.yaml @@ -8,7 +8,7 @@ workflows: plan: steps: - run: "printf 'print getting started: $PLANFILE $WORKSPACE $DIR $HEAD_COMMIT $HEAD_BRANCH_NAME $PULL_NUM $PROJECT_NAME $HEAD_REPO_OWNER $HEAD_BRANCH_NAME $ATLANTIS_TERRAFORM_VERSION'" - - run: "echo $DIR" + - run: "echo $DIR, $WORKSPACE, $HEAD_COMMIT, $PULL_NUM, $PROJECT_NAME, $HEAD_BRANCH_NAME"" - init - run: "terraform plan -input=false -refresh -out $PLANFILE" - run: "terraform show -json $PLANFILE > $SHOWFILE" From afa04f7c23f9a7573ca58bd4b91b672b054af389 Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Tue, 12 Jul 2022 13:12:21 +0530 Subject: [PATCH 32/34] Print other env variables too Signed-off-by: Hemanth Gokavarapu --- atlantis.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/atlantis.yaml b/atlantis.yaml index a51cc46..29fb043 100644 --- a/atlantis.yaml +++ b/atlantis.yaml @@ -8,7 +8,7 @@ workflows: plan: steps: - run: "printf 'print getting started: $PLANFILE $WORKSPACE $DIR $HEAD_COMMIT $HEAD_BRANCH_NAME $PULL_NUM $PROJECT_NAME $HEAD_REPO_OWNER $HEAD_BRANCH_NAME $ATLANTIS_TERRAFORM_VERSION'" - - run: "echo $DIR, $WORKSPACE, $HEAD_COMMIT, $PULL_NUM, $PROJECT_NAME, $HEAD_BRANCH_NAME"" + - run: "echo $DIR, $WORKSPACE, $HEAD_COMMIT, $PULL_NUM, $PROJECT_NAME, $HEAD_BRANCH_NAME" - init - run: "terraform plan -input=false -refresh -out $PLANFILE" - run: "terraform show -json $PLANFILE > $SHOWFILE" From 913e5b4552fecbbd9ff009ab810c9255e167388e Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Tue, 12 Jul 2022 13:17:31 +0530 Subject: [PATCH 33/34] check if gitRepo information is available Signed-off-by: Hemanth Gokavarapu --- atlantis.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/atlantis.yaml b/atlantis.yaml index 29fb043..b288cab 100644 --- a/atlantis.yaml +++ b/atlantis.yaml @@ -8,7 +8,7 @@ workflows: plan: steps: - run: "printf 'print getting started: $PLANFILE $WORKSPACE $DIR $HEAD_COMMIT $HEAD_BRANCH_NAME $PULL_NUM $PROJECT_NAME $HEAD_REPO_OWNER $HEAD_BRANCH_NAME $ATLANTIS_TERRAFORM_VERSION'" - - run: "echo $DIR, $WORKSPACE, $HEAD_COMMIT, $PULL_NUM, $PROJECT_NAME, $HEAD_BRANCH_NAME" + - run: "echo $DIR, $WORKSPACE, $HEAD_COMMIT, $PULL_NUM, $PROJECT_NAME, $HEAD_BRANCH_NAME, $HEAD_REPO_NAME, $BASE_REPO_NAME" - init - run: "terraform plan -input=false -refresh -out $PLANFILE" - run: "terraform show -json $PLANFILE > $SHOWFILE" From cfea50b61820d2f954037ec5e8c7a9edd465f606 Mon Sep 17 00:00:00 2001 From: Hemanth Gokavarapu Date: Tue, 12 Jul 2022 13:20:29 +0530 Subject: [PATCH 34/34] check if gitRepo owner information is available Signed-off-by: Hemanth Gokavarapu --- atlantis.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/atlantis.yaml b/atlantis.yaml index b288cab..a0751be 100644 --- a/atlantis.yaml +++ b/atlantis.yaml @@ -8,7 +8,7 @@ workflows: plan: steps: - run: "printf 'print getting started: $PLANFILE $WORKSPACE $DIR $HEAD_COMMIT $HEAD_BRANCH_NAME $PULL_NUM $PROJECT_NAME $HEAD_REPO_OWNER $HEAD_BRANCH_NAME $ATLANTIS_TERRAFORM_VERSION'" - - run: "echo $DIR, $WORKSPACE, $HEAD_COMMIT, $PULL_NUM, $PROJECT_NAME, $HEAD_BRANCH_NAME, $HEAD_REPO_NAME, $BASE_REPO_NAME" + - run: "echo $DIR, $WORKSPACE, $HEAD_COMMIT, $PULL_NUM, $PROJECT_NAME, $HEAD_BRANCH_NAME, $HEAD_REPO_NAME, $BASE_REPO_NAME, $HEAD_REPO_OWNER" - init - run: "terraform plan -input=false -refresh -out $PLANFILE" - run: "terraform show -json $PLANFILE > $SHOWFILE"