Kyler Middleton KyMidd
KyMidd
/ ebs_exerpt.tf
Created
May 2, 2021 18:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ebs_block_device = { | |
| "/dev/sdl" = { | |
| volume_type = "standard" | |
| volume_size = 50 | |
| encrypted = true | |
| kms_key_id = var.kms_key_arn | |
| }, | |
| "xvdf" = { | |
| volume_type = "gp2" | |
| volume_size = 200 |
KyMidd
/ tf_approval_bash_all_safe.sh
Created
March 28, 2021 03:25
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # If all lines evaluated, and we still haven't decided to require approval, then all | |
| # resources have been checked and none triggered approval flow | |
| if [[ $approvalRequired == "no" ]]; then | |
| echo "****************************************" | |
| echo "##[section]Approval will not be required" | |
| echo "****************************************" | |
| echo "##vso[task.setvariable variable=approvalRequired;isOutput=true]false" | |
| echo "" | |
| echo "" | |
| fi |
KyMidd
/ tf_approval_bash_do_action.sh
Created
March 28, 2021 03:18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # If approval required, exit immediately and export values | |
| if [[ $approvalRequired == "yes" ]]; then | |
| echo "****************************************" | |
| echo "##[section]Approval will be required" | |
| echo "****************************************" | |
| echo "" | |
| echo "##vso[task.setvariable variable=approvalRequired;isOutput=true]true" | |
| echo "" | |
| echo "" | |
| break |
KyMidd
/ tf_approval_bash_create_logic.sh
Created
March 28, 2021 03:15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if [[ $line == *"will be created"* ]]; then | |
| echo "##[section]Approval not required for" $resource_path | |
| approvalRequired="no" | |
| fi |
KyMidd
/ tf_approval_bash_destroy_logic.sh
Last active
March 28, 2021 03:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if [[ $line == *"will be destroyed"* ]]; then | |
| # If destroyed resource is always unsafe, trigger approval | |
| if [[ ${ResourceTypesAlwaysUnsafe[@]} =~ ${resource_type} ]]; then | |
| # Mark this path unsafe, require approval | |
| echo "This resource is planned to be deleted, and is always unsafe to destroy without approval:" $resource_path | |
| approvalRequired="yes" | |
| # If destroyed resource is always safe, then don't trigger approval | |
| elif [[ ${ResourceTypesAlwaysSafe[@]} =~ ${resource_type} ]]; then |
KyMidd
/ tf_approval_bash_while_loop.sh
Created
March 28, 2021 03:01
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| while IFS= read -r line; do | |
| # Set approvalRequired | |
| approvalRequired="notSure" | |
| # Prepare resource path, e.g.: module.networking.aws_security_group_rule.Inbound_192Slash16_PermitAll | |
| resource_path=$(echo $line | cut -d " " -f 2) | |
| # Prepare resource type, e.g.: aws_security_group_rule | |
| resource_type=$(echo $resource_path | rev | cut -d "." -f 2 | rev) |
KyMidd
/ tf_approval_bash_no_changes.sh
Created
March 28, 2021 02:59
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if terraform show plan.out | grep -q " 0 to add, 0 to change, 0 to destroy"; then | |
| echo "##[section]No changes detected, terraform apply will not run"; | |
| # There are no changes | |
| exit 0 | |
| fi |
KyMidd
/ tf_approval_bash_resource_types.sh
Created
March 28, 2021 02:56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| declare -a ResourceTypesAlwaysUnsafe=( | |
| "aws_instance" | |
| "foobar" | |
| ) | |
| declare -a ResourceTypesAlwaysSafe=( | |
| "aws_security_group_rule" | |
| "foobar" | |
| ) |
KyMidd
/ tf_approval_bash_read_plan.sh
Created
March 28, 2021 02:52
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Plan.out is binary file populated with "terraform plan -out plan.out" | |
| # Use terraform show to read plan.out as text, and filter for resource change lines, output to file | |
| terraform show -no-color plan.out | grep "will be" > plan_decoded.out | |
| terraform show -no-color plan.out | grep "must be" >> plan_decoded.out | |
| input="plan_decoded.out" |
KyMidd
/ tf_approval_bash_in_shared_location.yml
Created
March 28, 2021 02:45