Last updated:
0 purchases
aws terraform registry 1.1.5
aws-terraform-registry-cli
Versions following Semantic Versioning
Overview
This project create a python client which work with AWS Terraform Private Registry.
Features:
Show client configuration (for debug purpose)
Authentication:
JWT Token generation
.terraformrc generation to configure Devops workstation
Terraform module publication from external storage (like a githb module release)
Terraform module release (more detail on it below) to store every module inside default bucket of the AWS Terraform Private Registry..
See documentation.
The AWS Terraform Private Registry follow this Architectural design:
Installation
Install this library directly into an activated virtual environment:
$ python3 -m pip install aws_terraform_registry
Configuration
We have to provide few informations to this client :
Name
Description
secret_key_name
AWS Secret manager name where JWT Secret is stored
repository_url
HTTPS endpoint of the registry
dynamodb_table_name
AWS dynamodb table name
bucket_name
bucket name
default_namespace
default namespace to publish terraform module ("devops" per default)
All this information can come from several way (choose the rigth for you):
from a yaml configuration file
from environment variable
Yaml configuration can be overriden with environment variable.
YAML configuration
The default file name is terraform_registry.yaml, you can override this with TFR_CONFIG_FILE environmentt variable.
To find thie configuratin file, directories will be lookup in this order:
user home directory
command line directory
/etc/tfr
Environment variable
Name
Enviromnent variable name
secret_key_name
TFR_SECRET_KEY_NAME
repository_url
TFR_REPOSITORY_URL
dynamodb_table_name
TFR_DYNAMODB_TABLE_NAME
bucket_name
TFR_BUCKET_NAME
default_namespace
TFR_DEFAULT_NAMESPACE
All environment variable can be set with .env file inside your command line directory.
Usage
> tfr
usage: tfr [-h] {config,generate-token,generate-terraformrc,publish,release} ...
Manage terraform registry
positional arguments:
{config,generate-token,generate-terraformrc,release,unpublish,publish}
commands
config Show configuration parameters
generate-token Generate an access token
generate-terraformrc
Generate terraformrc configuration file
release Release a terraform module from custom source.
publish Publish a terraform module from custom source.
unpublish Unpublish a terraform module (Keep archive on s3).
optional arguments:
-h, --help show this help message and exit
Configuration
You can print what the python client use as configuration with the command :
tfr config
Example with an empty configuration:
bucket_name: null
default_namespace: devops
dynamodb_table_name: null
repository_url: null
secret_key_name: null
Authentication
Obtain a JWT token
Command :
usage: tfr generate-token [-h] [-weeks WEEKS]
optional arguments:
-h, --help show this help message and exit
-weeks WEEKS, --weeks WEEKS
#weeks of validity (52 per default)
Configure terraform with your private registry
Users must create .terraformrc file in their $HOME directory, with this content:
credentials "registry.my-domain.com" {
token = "Mytoken"
}
Command :
usage: tfr generate-terraformrc [-h] -output-directory OUTPUT_DIRECTORY [-weeks WEEKS]
optional arguments:
-h, --help show this help message and exit
-output-directory OUTPUT_DIRECTORY, --output-directory OUTPUT_DIRECTORY
output directory
-weeks WEEKS, --weeks WEEKS
#weeks of validity (52 per default)
Terraform & Publication
You have two way to publish a module, using:
publish
release
What's the difference ?
publish: register the source module as is in the aws private terraform regstry. You could have access issue if this url is not public.
release:
store the source into the dedicated bucket of aws private terraform regstry. The access is managed within registry.
archive (targ.gz) if the source is a folder
download the source if it's an http url
As your module will be stored within registry bucket, terraform client will use s3 signed url
We use release from our ci/cd pipeline and publish only when we have to do something like 'quick and dirty' ... (It never happen, I swear !)
Release command
usage: tfr release [-h] [-namespace NAMESPACE] -name NAME -system SYSTEM -version VERSION -source SOURCE
optional arguments:
-h, --help show this help message and exit
-namespace NAMESPACE, --namespace NAMESPACE
module namespace
-name NAME, --name NAME
module name
-system SYSTEM, --system SYSTEM
module system (aws, ...)
-version VERSION, --version VERSION
module version
-source SOURCE, --source SOURCE
module source
Unpublish command
usage: tfr unpublish [-h] [-namespace NAMESPACE] -name NAME -system SYSTEM -version VERSION -source SOURCE
optional arguments:
-h, --help show this help message and exit
-namespace NAMESPACE, --namespace NAMESPACE
module namespace
-name NAME, --name NAME
module name
-system SYSTEM, --system SYSTEM
module system (aws, ...)
-version VERSION, --version VERSION
module version
Publish command
usage: tfr publish [-h] [-namespace NAMESPACE] -name NAME -system SYSTEM -version VERSION -source SOURCE
optional arguments:
-h, --help show this help message and exit
-namespace NAMESPACE, --namespace NAMESPACE
module namespace
-name NAME, --name NAME
module name
-system SYSTEM, --system SYSTEM
module system (aws, ...)
-version VERSION, --version VERSION
module version
-source SOURCE, --source SOURCE
module source
For personal and professional use. You cannot resell or redistribute these repositories in their original state.
There are no reviews.