Last active
April 16, 2021 14:57
-
-
Save straubt1/42fb9e4201edd3993bec6a86396162a5 to your computer and use it in GitHub Desktop.
Disable all but an allow list of Terraform Versions on TFE
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# ----- Initialize Environment ----- | |
# export TFE_HOSTNAME="tfe.company.com" | |
# export TFE_TOKEN="zzz.atlasv1.zzz" | |
# Allowed values should be seperated by a space | |
allow_list=(0.12.24 0.12.20 0.11.14) | |
# ----- Validate Environment ----- | |
if ! hash jq 2>/dev/null; then | |
echo 'The jq package must be installed and must exist in $PATH. Exiting...' | |
exit 2 | |
fi | |
if [ -z "${TFE_HOSTNAME}" ]; then | |
echo "The Terraform Enterprise domain name must be defined. Exiting..." | |
exit 3 | |
fi | |
if [ -z "${TFE_TOKEN}" ]; then | |
echo "The Terraform Enterprise Site Admin's User token must be defined. Exiting..." | |
exit 3 | |
fi | |
if [ -z "${allow_list}" ]; then | |
echo "The allowed versions (allow_list) must be defined. Exiting..." | |
exit 3 | |
fi | |
# Call API using pagination to get every version | |
function get_terraform_versions () { | |
# Only echo response data | |
next_link="https://${TFE_HOSTNAME}/api/v2/admin/terraform-versions?page[number]=1&page[size]=100" | |
while [[ "$next_link" != "null" ]] | |
do | |
curl_response=$(curl -s "${next_link}" \ | |
--header "Authorization: Bearer ${TFE_TOKEN}" \ | |
--header "Content-Type: application/vnd.api+json") | |
parsed_data=$(echo "${curl_response}" | jq -crj '.data[] | [.id, .attributes.enabled, .attributes.version]') | |
echo $parsed_data | |
next_link=$(echo "${curl_response}" | jq -r '.links.next') | |
done | |
} | |
function disable_terraform_version () { | |
local id=$1 | |
local version=$2 | |
local enabled=$3 | |
if [[ "${enabled}" == "false" ]]; then | |
echo "Disable Terraform Version (${version}): Already disabled" | |
else | |
echo "Disable Terraform Version (${version}): Disabling..." | |
result=$(curl -s -X PATCH "https://${TFE_HOSTNAME}/api/v2/admin/terraform-versions/$id" \ | |
--header "Authorization: Bearer ${TFE_TOKEN}" \ | |
--header "Content-Type: application/vnd.api+json" \ | |
--data-binary @- <<EOF | |
{ | |
"data": { | |
"type": "terraform-versions", | |
"attributes": { | |
"enabled": false | |
} | |
} | |
} | |
EOF | |
) | |
echo "Disable Terraform Version (${version}): Disabled" | |
fi | |
} | |
function enable_terraform_version () { | |
local id=$1 | |
local version=$2 | |
local enabled=$3 | |
if [[ "${enabled}" == "true" ]]; then | |
echo "Enable Terraform Version (${version}): Already enabled" | |
else | |
echo "Enable Terraform Version (${version}): Enabling..." | |
result=$(curl -s -X PATCH "https://${TFE_HOSTNAME}/api/v2/admin/terraform-versions/$id" \ | |
--header "Authorization: Bearer ${TFE_TOKEN}" \ | |
--header "Content-Type: application/vnd.api+json" \ | |
--data-binary @- <<EOF | |
{ | |
"data": { | |
"type": "terraform-versions", | |
"attributes": { | |
"enabled": true | |
} | |
} | |
} | |
EOF | |
) | |
echo "Enable Terraform Version (${version}): Enabled" | |
fi | |
} | |
echo "Query TFE for versions to disable..." | |
all_versions=$(get_terraform_versions | jq -crs 'map([.[0], .[1], .[2]]) | .[] | @base64') | |
for row in $all_versions; do | |
decoded_row=$(echo "$row" | base64 --decode) | |
_id() { | |
echo "$decoded_row" | jq -r .[0] | |
} | |
_enabled() { | |
echo "$decoded_row" | jq -r .[1] | |
} | |
_version() { | |
echo "$decoded_row" | jq -r .[2] | |
} | |
if [[ " ${allow_list[@]} " =~ " $(_version) " ]]; then | |
enable_terraform_version $(_id) $(_version) $(_enabled) | |
else | |
disable_terraform_version $(_id) $(_version) $(_enabled) | |
fi | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment