Skip to content

Instantly share code, notes, and snippets.

@btower-labz

btower-labz/cloud-build-aws-credentials.yaml

Last active July 30, 2020 14:59
Show Gist options
  • Save btower-labz/94e86f6ecfb5e92805cd9aabcd13c39e to your computer and use it in GitHub Desktop.
Save btower-labz/94e86f6ecfb5e92805cd9aabcd13c39e to your computer and use it in GitHub Desktop.
Download ZIP
terraform-public-modules #cloudbuild #teraform #aws
Raw
cloud-build-aws-credentials.yaml
timeout: 300s
substitutions:
_BERGLAS_VERSION: latest
_AWS_CLI_VERSION: latest
_GCP_CREDENTIALS_SECRET: terraform-public-modules/aws-terratest-credentials
options:
env:
# AWS environment
- AWS_CONFIG_FILE=/aws/config
- AWS_SHARED_CREDENTIALS_FILE=/aws/credentials
volumes:
# AWS Volume
- name: aws
path: /aws
steps:
- id: aws-credentials
name: europe-docker.pkg.dev/berglas/berglas/berglas:${_BERGLAS_VERSION}
entrypoint: '/bin/sh'
args: [ '-c', 'berglas access sm://${_GCP_CREDENTIALS_SECRET}>/aws/credentials.json' ]
waitFor: [ '-' ]
timeout: 60s
- id: aws-configure
name: amazon/aws-cli:${_AWS_CLI_VERSION}
args: [ 'configure', 'set', 'region', 'us-east-1' ]
waitFor: [ '-' ]
timeout: 60s
- id: aws-process
name: amazon/aws-cli:${_AWS_CLI_VERSION}
args: [ 'configure', 'set', 'credential_process', '/bin/cat /aws/credentials.json' ]
waitFor: [ 'aws-configure' ]
timeout: 60s
- id: aws-who
name: amazon/aws-cli:${_AWS_CLI_VERSION}
args: [ 'sts', 'get-caller-identity' ]
waitFor: [ 'aws-process', 'aws-credentials' ]
timeout: 60s
Raw
cloud-build-conftest-module.yaml
timeout: 300s
substitutions:
_TERRAFORM_VERSION: 0.12.28
_CONFTEST_VERSION: latest
options:
env:
# AWS Environment
- AWS_REGION=us-east-1
# Terraform environment
- TF_VAR_region=us-east-1
steps:
- id: teraform-version
name: hashicorp/terraform:${_TERRAFORM_VERSION}
args: [ 'version' ]
timeout: 60s
- id: terraform-init
name: hashicorp/terraform:${_TERRAFORM_VERSION}
args: ['init', '-backend=false' ]
waitFor: ['-']
timeout: 60s
- id: terraform-validate
name: hashicorp/terraform:${_TERRAFORM_VERSION}
args: [ 'validate', '-json', '-no-color' ]
waitFor: [ 'terraform-init' ]
timeout: 60s
- id: terraform-format
name: hashicorp/terraform:${_TERRAFORM_VERSION}
args: [ 'fmt', '-check' ]
waitFor: [ 'terraform-init' ]
timeout: 60s
- id: policy-parse
name: instrumenta/conftest:${_CONFTEST_VERSION}
entrypoint: '/bin/sh'
args: [ '-c', "conftest parse *.tf --combine --no-color >| .conftest/module.json" ]
waitFor: [ 'terraform-validate' ]
timeout: 60s
- id: policy-test
name: instrumenta/conftest:${_CONFTEST_VERSION}
entrypoint: '/bin/sh'
args: [ '-c', "conftest test --no-color --combine --output=stdout --policy .conftest/module.rego *.tf" ]
waitFor: [ 'policy-parse' ]
timeout: 60s
Raw
cloud-build-conftest-plan.yaml
timeout: 300s
substitutions:
_TERRAFORM_VERSION: 0.12.28
_BERGLAS_VERSION: latest
_CONFTEST_VERSION: latest
_AWS_CLI_VERSION: latest
_GCP_CREDENTIALS_SECRET: terraform-public-modules/aws-terratest-credentials
_TERRAFORM_PLAN_REGION: us-east-1
options:
env:
# AWS Environment
- AWS_CONFIG_FILE=/aws/config
- AWS_SHARED_CREDENTIALS_FILE=/aws/credentials
- AWS_SDK_LOAD_CONFIG=1
# Terraform environment
# - TF_LOG=INFO
- TF_LOG_PATH=/.terraform/terraform.log
- TF_INPUT=0
- TF_DATA_DIR=/.terraform
- TF_IN_AUTOMATION=1
volumes:
# AWS Volume
- name: aws
path: /aws
# Terraform volume
- name: terraform
path: /.terraform
steps:
- name: bash
env:
- AWS_REGION=${_TERRAFORM_PLAN_REGION}
- TF_VAR_region=${_TERRAFORM_PLAN_REGION}
args: [ 'env' ]
- id: aws-credentials
name: europe-docker.pkg.dev/berglas/berglas/berglas:${_BERGLAS_VERSION}
env:
- AWS_REGION=${_TERRAFORM_PLAN_REGION}
- TF_VAR_region=${_TERRAFORM_PLAN_REGION}
entrypoint: '/bin/sh'
args: [ '-c', 'berglas access sm://${_GCP_CREDENTIALS_SECRET}>/aws/credentials.json' ]
waitFor: [ '-' ]
timeout: 60s
- id: aws-configure
name: amazon/aws-cli:${_AWS_CLI_VERSION}
env:
- AWS_REGION=${_TERRAFORM_PLAN_REGION}
- TF_VAR_region=${_TERRAFORM_PLAN_REGION}
args: [ 'configure', 'set', 'region', '${_TERRAFORM_PLAN_REGION}' ]
waitFor: [ '-' ]
timeout: 60s
- id: aws-process
name: amazon/aws-cli:${_AWS_CLI_VERSION}
env:
- AWS_REGION=${_TERRAFORM_PLAN_REGION}
- TF_VAR_region=${_TERRAFORM_PLAN_REGION}
args: [ 'configure', 'set', 'credential_process', '/bin/cat /aws/credentials.json' ]
waitFor: [ 'aws-configure' ]
timeout: 60s
- id: aws-who
name: amazon/aws-cli:${_AWS_CLI_VERSION}
env:
- AWS_REGION=${_TERRAFORM_PLAN_REGION}
- TF_VAR_region=${_TERRAFORM_PLAN_REGION}
args: [ 'sts', 'get-caller-identity' ]
waitFor: [ 'aws-process', 'aws-credentials' ]
timeout: 60s
- id: teraform-version
name: hashicorp/terraform:${_TERRAFORM_VERSION}
env:
- AWS_REGION=${_TERRAFORM_PLAN_REGION}
- TF_VAR_region=${_TERRAFORM_PLAN_REGION}
args: [ 'version' ]
waitFor: [ '-' ]
timeout: 60s
- id: terraform-init
name: hashicorp/terraform:${_TERRAFORM_VERSION}
env:
- AWS_REGION=${_TERRAFORM_PLAN_REGION}
- TF_VAR_region=${_TERRAFORM_PLAN_REGION}
dir: .infratest
args: ['init' ]
waitFor: ['aws-who']
timeout: 60s
- id: terraform-format
name: hashicorp/terraform:${_TERRAFORM_VERSION}
env:
- AWS_REGION=${_TERRAFORM_PLAN_REGION}
- TF_VAR_region=${_TERRAFORM_PLAN_REGION}
dir: .infratest
args: [ 'fmt', '-check' ]
waitFor: [ 'terraform-init' ]
timeout: 60s
- id: terraform-validate
name: hashicorp/terraform:${_TERRAFORM_VERSION}
env:
- AWS_REGION=${_TERRAFORM_PLAN_REGION}
- TF_VAR_region=${_TERRAFORM_PLAN_REGION}
dir: .infratest
args: [ 'validate', '-json', '-no-color' ]
waitFor: [ 'terraform-format' ]
timeout: 60s
- id: terraform-plan-bin
name: hashicorp/terraform:${_TERRAFORM_VERSION}
env:
- AWS_REGION=${_TERRAFORM_PLAN_REGION}
- TF_VAR_region=${_TERRAFORM_PLAN_REGION}
dir: .infratest
args: [ 'plan', '-compact-warnings', '-input=false', '-no-color', '-out=/.terraform/module.tfplan' ]
waitFor: [ 'terraform-validate' ]
timeout: 60s
- id: terraform-plan-json
name: hashicorp/terraform:${_TERRAFORM_VERSION}
env:
- AWS_REGION=${_TERRAFORM_PLAN_REGION}
- TF_VAR_region=${_TERRAFORM_PLAN_REGION}
dir: /.terraform
entrypoint: /bin/sh
args: [ '-c', 'terraform show -no-color -json module.tfplan >| tfplan.json' ]
waitFor: [ 'terraform-validate', 'terraform-plan-bin' ]
timeout: 60s
- id: conftest-plan-parse
name: instrumenta/conftest:${_CONFTEST_VERSION}
dir: /.terraform
entrypoint: '/bin/sh'
args: [ '-c', "conftest parse --input json tfplan.json" ]
waitFor: [ 'terraform-plan-json' ]
timeout: 60s
- id: conftest-plan-test
name: instrumenta/conftest:${_CONFTEST_VERSION}
entrypoint: '/bin/sh'
dir: .conftest
args: [ '-c', "conftest test --output=stdout --no-color --input json --policy plan.rego /.terraform/tfplan.json" ]
waitFor: [ 'conftest-plan-parse' ]
timeout: 60s
Raw
cloud-build-terraform-plan.yaml
timeout: 300s
substitutions:
_TERRAFORM_VERSION: 0.12.28
_BERGLAS_VERSION: latest
_AWS_CLI_VERSION: latest
_GCP_CREDENTIALS_SECRET: terraform-public-modules/aws-terratest-credentials
_TERRAFORM_PLAN_REGION: us-east-1
options:
env:
# AWS Environment
- AWS_CONFIG_FILE=/aws/config
- AWS_SHARED_CREDENTIALS_FILE=/aws/credentials
- AWS_SDK_LOAD_CONFIG=1
# Terraform environment
# - TF_LOG=INFO
- TF_LOG_PATH=/.terraform/terraform.log
- TF_INPUT=0
- TF_DATA_DIR=/.terraform
- TF_IN_AUTOMATION=1
volumes:
# AWS Volume
- name: aws
path: /aws
# Terraform volume
- name: terraform
path: /.terraform
steps:
- name: bash
env:
- AWS_REGION=${_TERRAFORM_PLAN_REGION}
- TF_VAR_region=${_TERRAFORM_PLAN_REGION}
args: [ 'env' ]
- id: aws-credentials
name: europe-docker.pkg.dev/berglas/berglas/berglas:${_BERGLAS_VERSION}
env:
- AWS_REGION=${_TERRAFORM_PLAN_REGION}
- TF_VAR_region=${_TERRAFORM_PLAN_REGION}
entrypoint: '/bin/sh'
args: [ '-c', 'berglas access sm://${_GCP_CREDENTIALS_SECRET}>/aws/credentials.json' ]
waitFor: [ '-' ]
timeout: 60s
- id: aws-configure
name: amazon/aws-cli:${_AWS_CLI_VERSION}
env:
- AWS_REGION=${_TERRAFORM_PLAN_REGION}
- TF_VAR_region=${_TERRAFORM_PLAN_REGION}
args: [ 'configure', 'set', 'region', '${_TERRAFORM_PLAN_REGION}' ]
waitFor: [ '-' ]
timeout: 60s
- id: aws-process
name: amazon/aws-cli:${_AWS_CLI_VERSION}
env:
- AWS_REGION=${_TERRAFORM_PLAN_REGION}
- TF_VAR_region=${_TERRAFORM_PLAN_REGION}
args: [ 'configure', 'set', 'credential_process', '/bin/cat /aws/credentials.json' ]
waitFor: [ 'aws-configure' ]
timeout: 60s
- id: aws-who
name: amazon/aws-cli:${_AWS_CLI_VERSION}
env:
- AWS_REGION=${_TERRAFORM_PLAN_REGION}
- TF_VAR_region=${_TERRAFORM_PLAN_REGION}
args: [ 'sts', 'get-caller-identity' ]
waitFor: [ 'aws-process', 'aws-credentials' ]
timeout: 60s
- id: teraform-version
name: hashicorp/terraform:${_TERRAFORM_VERSION}
env:
- AWS_REGION=${_TERRAFORM_PLAN_REGION}
- TF_VAR_region=${_TERRAFORM_PLAN_REGION}
args: [ 'version' ]
waitFor: [ '-' ]
timeout: 60s
- id: terraform-init
name: hashicorp/terraform:${_TERRAFORM_VERSION}
env:
- AWS_REGION=${_TERRAFORM_PLAN_REGION}
- TF_VAR_region=${_TERRAFORM_PLAN_REGION}
dir: .infratest
args: ['init' ]
waitFor: ['aws-who']
timeout: 60s
- id: terraform-format
name: hashicorp/terraform:${_TERRAFORM_VERSION}
env:
- AWS_REGION=${_TERRAFORM_PLAN_REGION}
- TF_VAR_region=${_TERRAFORM_PLAN_REGION}
dir: .infratest
args: [ 'fmt', '-check' ]
waitFor: [ 'terraform-init' ]
timeout: 60s
- id: terraform-validate
name: hashicorp/terraform:${_TERRAFORM_VERSION}
env:
- AWS_REGION=${_TERRAFORM_PLAN_REGION}
- TF_VAR_region=${_TERRAFORM_PLAN_REGION}
dir: .infratest
args: [ 'validate', '-json', '-no-color' ]
waitFor: [ 'terraform-format' ]
timeout: 60s
- id: terraform-plan-bin
name: hashicorp/terraform:${_TERRAFORM_VERSION}
env:
- AWS_REGION=${_TERRAFORM_PLAN_REGION}
- TF_VAR_region=${_TERRAFORM_PLAN_REGION}
dir: .infratest
args: [ 'plan', '-compact-warnings', '-input=false', '-no-color', '-out=/.terraform/module.tfplan' ]
waitFor: [ 'terraform-validate' ]
timeout: 60s
- id: terraform-plan-json
name: hashicorp/terraform:${_TERRAFORM_VERSION}
env:
- AWS_REGION=${_TERRAFORM_PLAN_REGION}
- TF_VAR_region=${_TERRAFORM_PLAN_REGION}
dir: /.terraform
entrypoint: /bin/sh
args: [ '-c', 'terraform show -no-color -json module.tfplan >| tfplan.json' ]
waitFor: [ 'terraform-validate', 'terraform-plan-bin' ]
timeout: 60s
- id: terraform-plan-test
name: stedolan/jq
dir: /.terraform
args: [ '.', 'tfplan.json' ]
waitFor: [ 'terraform-plan-json' ]
timeout: 60s
Raw
cloud-build-terraform-validate.yaml
timeout: 300s
substitutions:
_TERRAFORM_VERSION: 0.12.28
options:
env:
# AWS Environment
- AWS_REGION=us-east-1
# Terraform environment
- TF_LOG=INFO
- TF_LOG_PATH=/.terraform/terraform.log
- TF_INPUT=0
- TF_DATA_DIR=/.terraform
- TF_IN_AUTOMATION=ON
- TF_VAR_region=us-east-1
volumes:
# Terraform volume
- name: terraform
path: /.terraform
steps:
- id: teraform-version
name: hashicorp/terraform:${_TERRAFORM_VERSION}
args: [ 'version' ]
timeout: 60s
- id: terraform-init
name: hashicorp/terraform:${_TERRAFORM_VERSION}
args: ['init', '-backend=false' ]
waitFor: ['-']
timeout: 60s
- id: terraform-validate
name: hashicorp/terraform:${_TERRAFORM_VERSION}
args: [ 'validate', '-json', '-no-color' ]
waitFor: [ 'terraform-init' ]
timeout: 60s
- id: terraform-format
name: hashicorp/terraform:${_TERRAFORM_VERSION}
args: [ 'fmt', '-check' ]
waitFor: [ 'terraform-init' ]
timeout: 60s
Raw
cloud-build-terratest-module.yaml
timeout: 900s
substitutions:
_TERRAFORM_VERSION: 0.12.28
_BERGLAS_VERSION: latest
_AWS_CLI_VERSION: latest
_GCP_CREDENTIALS_SECRET: terraform-public-modules/aws-terratest-credentials
_TERRAFORM_PLAN_REGION: us-east-1
#_GOLANG_VERSION: 1.14.4-stretch
options:
env:
# AWS Environment
- AWS_CONFIG_FILE=/aws/config
- AWS_SHARED_CREDENTIALS_FILE=/aws/credentials
- AWS_SDK_LOAD_CONFIG=1
# Terraform environment
# - TF_LOG=INFO
- TF_LOG_PATH=/.terraform/terraform.log
- TF_INPUT=0
- TF_DATA_DIR=/.terraform
- TF_IN_AUTOMATION=1
volumes:
# AWS Volume
- name: aws
path: /aws
# Terraform volume
- name: terraform
path: /.terraform
# Terratest volume
- name: terratest
path: /.terratest
steps:
- name: bash
env:
- AWS_REGION=${_TERRAFORM_PLAN_REGION}
- TF_VAR_region=${_TERRAFORM_PLAN_REGION}
args: [ 'env' ]
- id: aws-credentials
name: europe-docker.pkg.dev/berglas/berglas/berglas:${_BERGLAS_VERSION}
env:
- AWS_REGION=${_TERRAFORM_PLAN_REGION}
- TF_VAR_region=${_TERRAFORM_PLAN_REGION}
entrypoint: '/bin/sh'
args: [ '-c', 'berglas access sm://${_GCP_CREDENTIALS_SECRET}>/aws/credentials.json' ]
waitFor: [ '-' ]
timeout: 60s
- id: aws-configure
name: amazon/aws-cli:${_AWS_CLI_VERSION}
env:
- AWS_REGION=${_TERRAFORM_PLAN_REGION}
- TF_VAR_region=${_TERRAFORM_PLAN_REGION}
args: [ 'configure', 'set', 'region', '${_TERRAFORM_PLAN_REGION}' ]
waitFor: [ '-' ]
timeout: 60s
- id: aws-process
name: amazon/aws-cli:${_AWS_CLI_VERSION}
env:
- AWS_REGION=${_TERRAFORM_PLAN_REGION}
- TF_VAR_region=${_TERRAFORM_PLAN_REGION}
args: [ 'configure', 'set', 'credential_process', '/bin/cat /aws/credentials.json' ]
waitFor: [ 'aws-configure' ]
timeout: 60s
- id: aws-who
name: amazon/aws-cli:${_AWS_CLI_VERSION}
env:
- AWS_REGION=${_TERRAFORM_PLAN_REGION}
- TF_VAR_region=${_TERRAFORM_PLAN_REGION}
args: [ 'sts', 'get-caller-identity' ]
waitFor: [ 'aws-process', 'aws-credentials' ]
timeout: 60s
- id: teraform-version
name: hashicorp/terraform:${_TERRAFORM_VERSION}
env:
- AWS_REGION=${_TERRAFORM_PLAN_REGION}
- TF_VAR_region=${_TERRAFORM_PLAN_REGION}
args: [ 'version' ]
waitFor: [ '-' ]
timeout: 60s
- id: terraform-init
name: hashicorp/terraform:${_TERRAFORM_VERSION}
env:
- AWS_REGION=${_TERRAFORM_PLAN_REGION}
- TF_VAR_region=${_TERRAFORM_PLAN_REGION}
dir: .infratest
args: ['init' ]
waitFor: ['aws-who']
timeout: 60s
- id: terraform-format
name: hashicorp/terraform:${_TERRAFORM_VERSION}
env:
- AWS_REGION=${_TERRAFORM_PLAN_REGION}
- TF_VAR_region=${_TERRAFORM_PLAN_REGION}
dir: .infratest
args: [ 'fmt', '-check' ]
waitFor: [ 'terraform-init' ]
timeout: 60s
- id: terraform-validate
name: hashicorp/terraform:${_TERRAFORM_VERSION}
env:
- AWS_REGION=${_TERRAFORM_PLAN_REGION}
- TF_VAR_region=${_TERRAFORM_PLAN_REGION}
dir: .infratest
args: [ 'validate', '-json', '-no-color' ]
waitFor: [ 'terraform-init' ]
timeout: 60s
# Test region: us-east-1
- id: terratest-go-test-us-east-1
name: btowerlabz/docker-cloudbuild-terratest:latest
env:
- GOMAXPROCS=1
- GO111MODULE=on
- TERRATEST_REGION=us-east-1
dir: .terratest
entrypoint: /bin/bash
args: [ '-e', '-o','pipefail', '-c', 'go test -v -timeout 30m -count=1 2>&1 | tee /.terratest/test-report-us-east-1.log' ]
waitFor: [ 'terraform-validate' ]
timeout: 600s
- id: terratest-log-parser-process-us-east-1
name: btowerlabz/docker-cloudbuild-terratest:latest
entrypoint: /bin/bash
args: [ '-e', '-c', 'terratest_log_parser -testlog /.terratest/test-report-us-east-1.log -outputdir /.terratest/us-east-1' ]
waitFor: [ 'terratest-go-test-us-east-1' ]
timeout: 120s
- id: terratest-log-parser-test-us-east-1
name: btowerlabz/docker-cloudbuild-terratest:latest
entrypoint: /bin/bash
args: [ '-e', '-o', 'pipefail', '-c', 'ls -la /.terratest || cat /.terratest/us-east-1/summary.log']
waitFor: [ 'terratest-log-parser-process-us-east-1' ]
timeout: 60s
# Test region: eu-west-2
- id: terratest-go-test-eu-west-2
name: btowerlabz/docker-cloudbuild-terratest:latest
env:
- GOMAXPROCS=1
- GO111MODULE=on
- TERRATEST_REGION=eu-west-2
dir: .terratest
entrypoint: /bin/bash
args: [ '-e', '-o','pipefail', '-c', 'go test -v -timeout 30m -count=1 2>&1 | tee /.terratest/test-report-eu-west-2.log' ]
waitFor: [ 'terraform-validate' ]
timeout: 600s
- id: terratest-log-parser-process-eu-west-2
name: btowerlabz/docker-cloudbuild-terratest:latest
entrypoint: /bin/bash
args: [ '-e', '-o','pipefail', '-c', 'terratest_log_parser -testlog /.terratest/test-report-eu-west-2.log -outputdir /.terratest/eu-west-2' ]
waitFor: [ 'terratest-go-test-eu-west-2' ]
timeout: 120s
- id: terratest-log-parser-test-eu-west-2
name: btowerlabz/docker-cloudbuild-terratest:latest
entrypoint: /bin/bash
args: [ '-e', '-o','pipefail', '-c', 'ls -la /.terratest || cat /.terratest/eu-west-2/summary.log']
waitFor: [ 'terratest-log-parser-process-eu-west-2' ]
timeout: 60s
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment