2007 (#60)

* Add support for TF013 beta 3 * Remove workspace and transition settings to devcontainer * Add --clone-launchpad * Remove --clone-error writing to stdout download progress * Remove launchpad command Remove launchpad landing zone from rover * Cleanup dockerfile * Refactor the command logic for more scalability * Fix a destroy condition * Fix command conditions + cleanup * Fix rover clone * Fix a CI destroy condition * #56 * Add ssh server for Azure aci * Updating port for Azure bastion * Fix sshd port to 22 for aci * Regenerate sshd keys if missing * Make the sshd.sh executable * Run sshd in non-root container * Fix docker in non-root mode * Upgrade tools version Cleanup variables * Remove password for ssh Change ssh server config * Add terraform 0.12.29 * Add 0.13.0-rc1 docker image * Update changelog.md * Update changelog.md Co-authored-by: Arnaud Lheureux <arnaudlh@users.noreply.github.com> Co-authored-by: lolorol <lalesle@microsoft.com>
aztfmod · Jul 24, 2020 · e75b6fa · e75b6fa
1 parent 7f95fbb
commit e75b6fa
Show file tree

Hide file tree

Showing 15 changed files with 523 additions and 386 deletions.
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -15,8 +15,10 @@
     // Use 'settings' to set *default* container specific settings.json values on container create. 
     // You can edit these settings after create using File > Preferences > Settings > Remote.
     "settings": { 
-        // If you are using an Alpine-based image, change this to /bin/ash
-        "terminal.integrated.shell.linux": "/bin/bash"
+        "files.eol": "\n",
+        "terminal.integrated.shell.linux": "/bin/bash",
+        "editor.tabSize": 2,
+        "terminal.integrated.scrollback": 2000,
     },
 
     // Uncomment the next line if you want start specific services in your Docker Compose config.
@@ -31,6 +33,7 @@
     // Add the IDs of extensions you want installed when the container is created in the array below.
     "extensions": [
         "4ops.terraform",
-        "mutantdino.resourcemonitor"
+        "mutantdino.resourcemonitor",
+        "eamodio.gitlens"
     ]
 }
diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml
@@ -6,8 +6,8 @@
   version: '3.7'
   services:
     rover:
-      image: aztfmod/roverdev:vnext
-    
+      image: aztfmod/rover:latest
+
       labels:
         - "caf=Azure CAF"
 

diff --git a/.env b/.env
@@ -1,11 +1,10 @@
-versionTerraform=0.12.28
-versionAzureCli=2.7.0
-versionKubectl=v1.18.2
-versionGit=2.25.0
-versionTflint=v0.16.2
+versionTerraform=0.12.29
+versionAzureCli=2.9.1
+versionKubectl=v1.18.6
+versionGit=2.27.0
+versionTflint=v0.18.0
 versionJq=1.6
 versionDockerCompose=1.25.5
-versionLaunchpadOpensource=master
 versionAzureCafTerraform=v.0.3.1
-versionTfsec=v0.21.0
+versionTfsec=v0.24.1
 versionTerraformDocs=v0.9.1
diff --git a/.github/workflows/vnext.yml b/.github/workflows/vnext.yml
@@ -52,10 +52,10 @@ jobs:
     - name: Build the rover (beta 0.13)
       run: |        
         set -e
-        docker_tag=vnext-13-beta2
+        docker_tag=vnext-13-rc1
         
         # Override .env variable
-        export versionTerraform="0.13.0-beta2"
+        export versionTerraform="0.13.0-rc1"
 
         # Build the rover base image
         docker-compose build --build-arg versionRover="aztfmod/roverdev:$docker_tag"

diff --git a/.gitignore b/.gitignore
@@ -9,3 +9,4 @@
 **/~*.*
 **/*.log
 version.txt
+landingzones
diff --git a/Dockerfile b/Dockerfile
@@ -50,18 +50,6 @@ FROM golang:1.13 as tfsec
 # to force the docker cache to invalidate when there is a new version
 RUN env GO111MODULE=on go get -u github.com/liamg/tfsec/cmd/tfsec
 
-# ###########################################################
-# # Getting latest version of Azure DevOps Terraform provider
-# ###########################################################
-# FROM golang:1.13 as devops
-
-# # to force the docker cache to invalidate when there is a new version
-# ADD https://api.github.com/repos/microsoft/terraform-provider-azuredevops/git/refs/heads/master version.json
-# RUN cd /tmp && \
-#     git clone https://github.com/microsoft/terraform-provider-azuredevops.git && \
-#     cd terraform-provider-azuredevops && \
-#     ./scripts/build.sh
-
 ###########################################################
 # Getting latest version of Azure CAF Terraform provider
 ###########################################################
@@ -104,21 +92,22 @@ ARG versionTflint
 ARG versionGit
 ARG versionJq
 ARG versionDockerCompose
-ARG versionLaunchpadOpensource
 ARG versionTfsec
 
 ARG USERNAME=vscode
 ARG USER_UID=1000
 ARG USER_GID=${USER_UID}
+ARG SSH_PASSWD
 
-ENV versionTerraform=${versionTerraform} \
+ENV SSH_PASSWD=${SSH_PASSWD} \
+    USERNAME=${USERNAME} \
+    versionTerraform=${versionTerraform} \
     versionAzureCli=${versionAzureCli} \
     versionKubectl=${versionKubectl} \
     versionTflint=${versionTflint} \
     versionJq=${versionJq} \
     versionGit=${versionGit} \
     versionDockerCompose=${versionDockerCompose} \
-    versionLaunchpadOpensource=${versionLaunchpadOpensource} \
     versionTfsec=${versionTfsec} \
     TF_DATA_DIR="/home/${USERNAME}/.terraform.cache" \
     TF_PLUGIN_CACHE_DIR="/home/${USERNAME}/.terraform.cache/plugin-cache"
@@ -146,6 +135,8 @@ RUN yum -y install \
     #
     yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo && \
     yum -y install docker-ce-cli && \
+    touch /var/run/docker.sock && \
+    chmod 666 /var/run/docker.sock && \
     #
     # Install Terraform
     #
@@ -194,11 +185,6 @@ gpgkey=https://packages.microsoft.com/keys/microsoft.asc" > /etc/yum.repos.d/azu
     echo "Installing pre-commit ..." && \
     python3 -m pip install pre-commit && \ 
     #
-    # Install graphviz
-    #
-    # echo "Installing graphviz ..." && \
-    # yum -y install graphviz && \
-    #
     # Install tflint
     #
     echo "Installing tflint ..." && \
@@ -219,33 +205,36 @@ gpgkey=https://packages.microsoft.com/keys/microsoft.asc" > /etc/yum.repos.d/azu
     echo ${USERNAME} ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/${USERNAME} && \
     chmod 0440 /etc/sudoers.d/${USERNAME}
 
+# ssh server for Azure ACI
+RUN yum install -y openssh-server && \
+    rm -f /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_rsa_key /home/${USERNAME}/.ssh/ssh_host_ecdsa_key && \
+    ssh-keygen -q -N "" -t ecdsa -b 521 -f /home/${USERNAME}/.ssh/ssh_host_ecdsa_key && \
+    mkdir -p /home/${USERNAME}/.ssh
+
+COPY ./scripts/sshd_config /home/${USERNAME}/.ssh/sshd_config
 
-# to force the docker cache to invalidate when there is a new version
-ADD https://api.github.com/repos/aztfmod/level0/git/refs/heads/${versionLaunchpadOpensource} version.json
-RUN echo "cloning the launchpads version ${versionLaunchpadOpensource}" && \
-    mkdir -p /tf && \
-    git clone https://github.com/aztfmod/level0.git /tf --branch ${versionLaunchpadOpensource} && \
-    chown -R ${USERNAME}:1000 /tf/launchpads && \
-    chmod +x /tf/bootstrap/**/*.sh && \
-    chmod +x /tf/bootstrap/*.sh
 
 # Add Community terraform providers
-# COPY --from=devops /tmp/terraform-provider-azuredevops/bin /bin/
 COPY --from=azurecaf /tmp/terraform-provider-azurecaf/terraform-provider-azurecaf /bin/
 COPY --from=msgraph /tmp/terraform-provider-msgraph/terraform-provider-msgraph /bin/
 COPY --from=tfsec /go/bin/tfsec /bin/
 COPY --from=terraform-docs /go/bin/terraform-docs /bin/
 
 WORKDIR /tf/rover
 COPY ./scripts/rover.sh .
-COPY ./scripts/launchpad.sh .
 COPY ./scripts/functions.sh .
 COPY ./scripts/banner.sh .
+COPY ./scripts/clone.sh .
+COPY ./scripts/sshd.sh .
 COPY --from=rover_version version.txt /tf/rover/version.txt
 
 RUN echo "alias rover=/tf/rover/rover.sh" >> /home/${USERNAME}/.bashrc && \
-    echo "alias launchpad=/tf/rover/launchpad.sh" >> /home/${USERNAME}/.bashrc && \
     echo "alias t=/usr/bin/terraform" >> /home/${USERNAME}/.bashrc && \
-    chown -R ${USERNAME}:1000 /tf/rover
+    mkdir -p /tf/caf && \
+    chown -R ${USERNAME}:1000 /tf/rover /tf/caf /home/${USERNAME}/.ssh && \
+    chmod +x /tf/rover/sshd.sh
 
 USER ${USERNAME}
+
+EXPOSE 22
+CMD  ["/tf/rover/sshd.sh"]
diff --git a/changelog.md b/changelog.md
@@ -1,4 +1,32 @@
-## 2002.dev (Unrelease)
+## 2007.2408
+
+NEW COMMANDS
+* Launchpad commands moved into the rover with 
+```bash
+rover -lz /tf/caf/landingzones/launchpad -a apply -launchpad 
+```
+
+* Clone the public launchpad folder
+```bash
+# List all
+rover --clone
+```
+
+* Clone the public landingzones folder (includes the launchpad)
+```bash
+# Clone the public open source landingzones from master branch
+rover --clone-landingzones
+
+# Clone the public open source landingzones from vnext branch
+rover --clone-landingzones --clone-branch vnext
+```
+
+REMOVED COMMANDS
+* launchpad.sh as now been replaced with
+```
+# Clone the launchpad with the new clone command
+rover -lz launchpad_path -a plan -launchpad
+```
 
 # v2002 refresh
 

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -20,7 +20,6 @@ services:
         - versionTflint
         - versionJq
         - versionDockerCompose
-        - versionLaunchpadOpensource
         - versionAzureCafTerraform
         - versionRover
         - versionTfsec

diff --git a/scripts/clone.sh b/scripts/clone.sh
@@ -0,0 +1,153 @@
+#!/bin/bash
+
+export clone_destination=${clone_destination:="/tf/caf/landingzones"}
+export clone_folder=${clone_folder:="/"}
+export clone_folder_strip=${clone_folder_strip:=2}
+export clone_project_name=${clone_project_name:="Azure/caf-terraform-landingzones"}
+export landingzone_branch=${landingzone_branch:="master"}
+
+current_path=$(pwd)
+
+
+function display_clone_instructions {
+
+    while (( "$#" )); do
+        case "${1}" in
+            --intro)
+                echo
+                echo "Rover clone is used to bring the landing zones dependencies you need to deploy your landing zone"
+                echo
+                shift 1
+                ;;
+            --clone)
+                display_clone_instructions --intro --examples --clone-branch --clone-destination --clone-folder --clone-folder-strip
+                echo "--clone specify a GitHub organization and project in the for org/project"
+                echo "      The default setting if not set is azure/caf-terraform-landingzones"
+                echo
+                shift 1
+                ;;
+            --clone-branch)
+                echo "--clone-branch set the branch to pull the package."
+                echo "      By default is not set use the master branch."
+                echo
+                shift 1
+                ;;
+            --clone-destination)
+                echo "--clone-destination change the destination local folder."
+                echo "      By default clone the package into the /tf/caf/landingzones folder of the rover"
+                echo
+                shift 1
+                ;;
+            --clone-folder)
+                echo "--clone-folder specify the folder to extract from the original project"
+                echo 
+                echo "      Example: --clone-folder /landingzones/landingzone_caf_foundations will only extract the caf foundations landing zone"
+                echo
+                shift 1
+                ;;
+            --clone-folder-strip)
+                echo "--clone-folder-strip is used strip the base folder structure from the original folder"
+                echo
+                echo "      In the GitHub package of azure/caf-terraform-landingzones, the data are packaged in the following structure"
+                echo "      caf-terraform-landingzones-master/landingzones/launchpad/main.tf"
+                echo "      [project]-[branch]/landgingzones/[landingzone]"
+                echo "      To reproduce a nice folder structure in the rover it it possible to set the --clone-folder-strip to 2 to remove [project]-[branch]/landingzones and only retrieve the third level folder"
+                echo ""
+                echo "      Default to 2 when using azure/caf-terraform-landingzones and 1 for all other git projects"
+                echo
+                shift 1
+                ;;
+            --examples)
+                echo "By default the rover will clone the azure/caf-terraform-landingzones into the local rover folder /tf/caf/landinzones"
+                echo
+                echo "Examples:"
+                echo "    - Clone the launchpad: rover --clone-folder /landingzones/launchpad"
+                echo "    - Clone the launchpad in different folder: rover --clone-destination /tf/caf/landingzones/public --clone-folder /landingzones/launchpad"
+                echo "    - Clone the launchpad (branch vnext): rover --clone-folder-strip 2 --clone-destination /tf/rover/landingzones --clone-folder /landingzones/launchpad --clone-branch vnext"
+                echo
+                echo "    - Clone the CAF foundations landingzone: rover --clone-folder /landingzones/landingzone_caf_foundations"
+                echo "    - Clone the AKS landingzone: rover --clone aztfmod/landingzone_aks --clone-destination /tf/caf/landingzones/landingzone_aks"
+                echo
+                echo
+                shift 1
+                ;;
+        esac
+    done
+}
+
+
+function clone_repository {
+    echo "@calling clone_repository"
+
+    url="https://codeload.github.com/${clone_project_name}/tar.gz/${landingzone_branch}"
+
+    echo
+    echo "clone_project_name    : ${clone_project_name}"
+    echo "landingzone_branch    : ${landingzone_branch}"
+    echo "clone_folder          : ${clone_folder}"
+    echo "clone_folder_strip    : ${clone_folder_strip}"
+    echo "clone_destination     : ${clone_destination}"
+    echo "clone_url             : ${url}"
+    echo ""
+
+    rm -rf ${clone_destination}/$(basename ${clone_folder})
+    mkdir -p ${clone_destination}
+
+    curl https://codeload.github.com/${clone_project_name}/tar.gz/${landingzone_branch} --fail --silent --show-error | tar -zxv --strip=${clone_folder_strip} -C ${clone_destination} "$(basename ${clone_project_name})-${landingzone_branch}${clone_folder}"
+
+    echo
+    echo "Clone complete"
+    echo
+}
+
+function process_clone_parameter {
+    echo "@calling process_clone_parameter with $@"
+
+
+    case "${1}" in
+        --clone)
+            if [ $# -eq 1 ]; then
+                display_clone_instructions ${1}
+                exit 21
+            else
+                export caf_command="clone"
+                export landingzone_branch=${landingzone_branch:="master"}
+                export clone_project_name=${2}
+                export clone_folder_strip=1
+            fi
+            ;;
+        --clone-branch)
+            echo $#
+            if [ $# -eq 1 ]; then
+                display_clone_instructions ${1}
+                exit 22
+            else
+                export landingzone_branch=${2}
+            fi
+            ;;
+        --clone-destination)
+            if [ $# -eq 1 ]; then
+                display_clone_instructions ${1}
+                exit 23
+            else
+                export clone_destination=${2}
+            fi
+            ;;
+        --clone-folder)
+            if [ $# -eq 1 ]; then
+                display_clone_instructions ${1}
+                exit 24
+            else
+                export clone_folder=${2}
+            fi
+            ;;
+        --clone-folder-strip)
+            if [ $# -eq 1 ]; then
+                display_clone_instructions ${1}
+                exit 24
+            else
+                export clone_folder_strip=${2}
+            fi
+            ;;
+    esac
+}