40 lines
1.4 KiB
Python
40 lines
1.4 KiB
Python
import argparse
|
|
import os
|
|
import string
|
|
import sys
|
|
from ansible_vault import Vault
|
|
|
|
if __name__ == "__main__":
|
|
|
|
parser = argparse.ArgumentParser(description='Securely wrap terraform like a terrarist!')
|
|
parser.add_argument('action', choices=['plan', 'apply', 'import'], help='Terraform action to execute')
|
|
parser.add_argument('--vault', '--ansible-vault', dest='vault_file', required=True, help='Ansible Vault File')
|
|
parser.add_argument('--vault-password-file', dest='vault_password', required=True, help='Ansible Vault Password File')
|
|
parser.add_argument('--environment', dest='environment', required=True, help='Production, Staging, etc...')
|
|
|
|
args, options = parser.parse_known_args()
|
|
|
|
if not os.path.isfile(args.vault_file):
|
|
sys.stderr.write("Ansible vault file does not exist.\n")
|
|
sys.exit(3)
|
|
|
|
if not os.path.isfile(args.vault_password):
|
|
sys.stderr.write("Ansible vault password does not exist.\n")
|
|
sys.exit(3)
|
|
|
|
password = open(args.vault_password).read().strip()
|
|
|
|
vault = Vault(password)
|
|
data = vault.load(open(args.vault_file).read())
|
|
|
|
cmd = ["terraform", args.action, "--var", "environment=%s" %args.environment ]
|
|
|
|
for key, value in data.items():
|
|
cmd.append("--var")
|
|
cmd.append("'%s=%s'" %(key, value))
|
|
|
|
cmd += string.join(options)
|
|
|
|
x = os.system(string.join(cmd))
|
|
sys.exit(x)
|