allow running terraform-resources based integrations per account (app…

…-sre#1032) Signed-off-by: Feng Huang <fehuang@redhat.com>
jmelis · Sep 2, 2020 · 1357675 · 1357675
1 parent 5d1f021
commit 1357675
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 9 deletions.
diff --git a/reconcile/cli.py b/reconcile/cli.py
@@ -241,6 +241,14 @@ def namespace_name(function):
     return function
 
 
+def account_name(function):
+    function = click.option('--account-name',
+                            help='aws account name to act on.',
+                            default=None)(function)
+
+    return function
+
+
 def gitlab_project_id(function):
     function = click.option('--gitlab-project-id',
                             help='gitlab project id to submit PRs to. '
@@ -849,17 +857,19 @@ def user_validator(ctx):
 @internal()
 @use_jump_host()
 @enable_deletion(default=False)
+@account_name
 @click.option('--light/--full',
               default=False,
               help='run without executing terraform plan and apply.')
 @click.pass_context
 def terraform_resources(ctx, print_only, enable_deletion,
                         io_dir, thread_pool_size, internal, use_jump_host,
-                        light, vault_output_path):
+                        light, vault_output_path, account_name):
     run_integration(reconcile.terraform_resources,
                     ctx.obj, print_only,
                     enable_deletion, io_dir, thread_pool_size,
-                    internal, use_jump_host, light, vault_output_path)
+                    internal, use_jump_host, light, vault_output_path,
+                    account_name=account_name)
 
 
 @integration.command()

diff --git a/reconcile/terraform_resources.py b/reconcile/terraform_resources.py
@@ -238,9 +238,15 @@ def init_working_dirs(accounts, thread_pool_size,
     return ts, working_dirs
 
 
-def setup(print_only, thread_pool_size, internal, use_jump_host):
+def setup(print_only, thread_pool_size, internal, use_jump_host,
+          account_name):
     gqlapi = gql.get_api()
     accounts = queries.get_aws_accounts()
+    if account_name:
+        accounts = [n for n in accounts
+                    if n['name'] == account_name]
+        if not accounts:
+            raise ValueError(f"aws account {account_name} is not found")
     settings = queries.get_app_interface_settings()
     namespaces = gqlapi.query(TF_NAMESPACES_QUERY)['namespaces']
     tf_namespaces = [namespace_info for namespace_info in namespaces
@@ -257,7 +263,7 @@ def setup(print_only, thread_pool_size, internal, use_jump_host):
                    working_dirs,
                    thread_pool_size)
     existing_secrets = tf.get_terraform_output_secrets()
-    ts.populate_resources(tf_namespaces, existing_secrets)
+    ts.populate_resources(tf_namespaces, existing_secrets, account_name)
     ts.dump(print_only, existing_dirs=working_dirs)
 
     return ri, oc_map, tf
@@ -286,10 +292,12 @@ def write_outputs_to_vault(vault_path, ri):
 def run(dry_run, print_only=False,
         enable_deletion=False, io_dir='throughput/',
         thread_pool_size=10, internal=None, use_jump_host=True,
-        light=False, vault_output_path='', defer=None):
+        light=False, vault_output_path='',
+        account_name=None, defer=None):
 
     ri, oc_map, tf = \
-        setup(print_only, thread_pool_size, internal, use_jump_host)
+        setup(print_only, thread_pool_size, internal, use_jump_host,
+              account_name)
 
     defer(lambda: oc_map.cleanup())
 

diff --git a/utils/terrascript_client.py b/utils/terrascript_client.py
@@ -443,13 +443,13 @@ def populate_vpc_peerings(self, desired_state):
                     tf_resource = aws_route(route_identifier, **values)
                     self.add_resource(acc_account_name, tf_resource)
 
-    def populate_resources(self, namespaces, existing_secrets):
-        self.init_populate_specs(namespaces)
+    def populate_resources(self, namespaces, existing_secrets, account_name):
+        self.init_populate_specs(namespaces, account_name)
         for specs in self.account_resources.values():
             for spec in specs:
                 self.populate_tf_resources(spec, existing_secrets)
 
-    def init_populate_specs(self, namespaces):
+    def init_populate_specs(self, namespaces, account_name):
         self.account_resources = {}
         for namespace_info in namespaces:
             # Skip if namespace has no terraformResources
@@ -460,6 +460,9 @@ def init_populate_specs(self, namespaces):
                 populate_spec = {'resource': resource,
                                  'namespace_info': namespace_info}
                 account = resource['account']
+                # Skip if account_name is specified
+                if account_name and account != account_name:
+                    continue
                 if account not in self.account_resources:
                     self.account_resources[account] = []
                 self.account_resources[account].append(populate_spec)