terraformit-gcp is an open source command line tool for generating tf files and tfstate from existing GCP resources.
Relieve the pain of coding tf of manually created GCP resources.
terraformit-gcp steps are as below.
-
terraformit-gcp get json data of existing GCP resources using Cloud Asset API exportAssets method.
-
terraformit-gcp generates files for creating a tfstate(="terraform import") from the json data.
-
terraformit-gcp generates tf files from the tfstate.
-
terraformit-gcp executes "terraform plan" command to check tf files are generated successfully.
terraformit-gcp does not support terraform 0.12.0 now.
terraformit-gcp | go | terraform | google provider | google provider (beta) |
---|---|---|---|---|
v0.9.0 | v1.12 | v0.11.13 and v0.11.14 | v2.5.1 | v2.5.1 |
Please follow these steps.
Install terraform or tfenv(Terraform version manager).
Install gcloud to create a credential.
Install Go tools to use go command.
Generate ~/.config/gcloud/application_default_credentials.json credential.
Terraform command and google storage library use this credential.
gcloud init
or
gcloud auth login
Install terraformit-gcp. git clone terraformit-gcp to your GOPATH.
export GO111MODULE=on
git clone https://github.com/cloud-ace/terraformit-gcp.git -b v0.9.1 ~/go/src/github.com/cloud-ace/terraformit-gcp
cd ~/go/src/github.com/cloud-ace/terraformit-gcp
go install
Add GOPATH to PATH, if you need.
(mac)
echo 'export GOPATH=$HOME/go' >> ~/.bash_profile
echo 'export PATH=$PATH:$GOPATH/bin' >> ~/.bash_profile
source ~/.bash_profile
Enable CloudAssetAPI.
Create bucket for storing CloudAssetAPI outputs.
Genereate Oauth Client ID and download a credentials.
Cloud Asset API only supports Oauth Client ID now.
https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/calling-api-with-local-machine-howto?hl=en#downloading_the_credential_file
Change your terraform project directory.
cd "your terraform project directory"
Create .terraformit-gcp.yaml in your project directory and set your configuration.
Please refer to the sample file(sample.terraformit-gcp.yaml) in this repository.
CloudAsset:
# GCP project number
project-number: "xxxxxxxx"
# bucket name. CloudAssetAPI MetadataFile is exported to this bucket.
bucket: "xxxxxxxxx"
# Oauth Client ID credential location
credential: "/Users/xxxxx/Downloads/xxxxxx.json"
Terraform:
# provider. "google" or "google-beta" should be set.
provider: "google"
# your workspace
workspace: "default"
# buckend type "local" or "gcs" is supported now.
# https://www.terraform.io/docs/backends/types/gcs.html
backend-type: "local"
# if you set "local" to backend-type, set "" to backend-location.
# backend-location: ""
# if you set "gcs" to backend-type ,set your bucket name to backend-location
# backend-location: "bucketname"
backend-location: ""
# Default Region
gcp-provider-default-region: "asia-northeast1"
# whether add Default resources("true") or remove("false").
# set true or false. If you set "false", skip default resource.
# Default service accounts are removed automatically because their name start with number("12233445@....") which cause an error.
resource-default-network: false
resource-default-subnetwork: false
resource-default-route: false
resource-default-firewall: false
Following steps below are executed.
- create CloudAssetMetadata calling CloudAssetAPI
- get CloudAssetMetadata from GCS
- create ImportFiles
- "terraform init"
- "terraform workspace new"
- "terraform import"(create tfstate)
- create tffile
- "terraform plan"
Following steps below are executed.
- create CloudAssetMetadata calling CloudAssetAPI
Following steps below are executed.
- get CloudAssetMetadata from GCS or local(-f option)
- create ImportFiles
Following steps below are executed.
- "terraform init"
- "terraform workspace new"
- "terraform import" using importfiles
Following steps below are executed.
- create tffile
This command supports GCP resources which is supported by Cloud Asset API.
β
:support
π§:will support
/ :not supported
CloudAssetAPI Name | CloudAssetAPI Support | terrafromResource name | terrafromResource Support |
---|---|---|---|
Cloud Key Management Service | |||
cloudkms.googleapis.com/KeyRing | β | google_kms_key_ring | β |
cloudkms.googleapis.com/CryptoKey | β | google_kms_crypto_key | β |
cloudkms.googleapis.com/CryptoKeyVersion | / | / | / |
Resource Manager | |||
cloudresourcemanager.googleapis.com/Organization | / | / | / |
cloudresourcemanager.googleapis.com/Folder | / | google_folder | / |
cloudresourcemanager.googleapis.com/Project | β | google_project | β |
Compute Engine | |||
compute.googleapis.com/Autoscaler | β | google_compute_autoscaler | β |
compute.googleapis.com/BackendBucket | β | google_compute_backend_bucket | β |
compute.googleapis.com/BackendService | β | google_compute_backend_service | β |
compute.googleapis.com/Disk | β | google_compute_disk | β |
compute.googleapis.com/Firewall | β | google_compute_firewall | β |
compute.googleapis.com/ForwardingRule | β (only support in default Region) | google_compute_forwarding_rule | β |
compute.googleapis.com/GlobalForwardingRule | β | google_compute_global_forwarding_rule | β |
compute.googleapis.com/HealthCheck | β | google_compute_health_check | β |
compute.googleapis.com/HttpHealthCheck | β | google_compute_http_health_check | β |
compute.googleapis.com/HttpsHealthCheck | π§ | google_compute_https_health_check | π§ |
compute.googleapis.com/Image | β | google_compute_image | β |
compute.googleapis.com/Instance | β | google_compute_instance | β |
compute.googleapis.com/InstanceGroup | β | google_compute_instance_group | β |
compute.googleapis.com/InstanceGroupManager | β | google_compute_instance_group_manager | β |
compute.googleapis.com/InstanceTemplate | β | google_compute_instance_template | β |
compute.googleapis.com/Network | β | google_compute_network | β |
compute.googleapis.com/Project | / | / | / |
compute.googleapis.com/RegionBackendService | π§ | google_compute_region_backend_service | π§ |
compute.googleapis.com/Route | β | google_compute_route | β |
compute.googleapis.com/Router | π§ | google_compute_router | π§ |
compute.googleapis.com/Snapshot | β | google_compute_snapshot | β |
compute.googleapis.com/SslCertificate | β | google_compute_ssl_certificate(you need to set your private key manually) | β |
compute.googleapis.com/Subnetwork | β | google_compute_subnetwork | β |
compute.googleapis.com/TargetHttpProxy | β | google_compute_target_http_proxy | β |
compute.googleapis.com/TargetHttpsProxy | β | google_compute_target_https_proxy | β |
compute.googleapis.com/TargetInstance | / | / | / |
compute.googleapis.com/TargetPool | β (only support in default Region) | google_compute_target_pool | β |
compute.googleapis.com/TargetTcpProxy | π§ | google_compute_target_tcp_proxy | π§ |
compute.googleapis.com/TargetSslProxy | π§ | google_compute_target_ssl_proxy | π§ |
compute.googleapis.com/TargetVpnGateway | π§ | google_compute_vpn_gateway | π§ |
compute.googleapis.com/UrlMap | β | google_compute_url_map | β |
compute.googleapis.com/VpnTunnel | π§ | google_compute_vpn_tunnel | π§ |
App Engine | |||
appengine.googleapis.com/Application | π§ | google_app_engine_application(cannot delete app engine) | π§ |
appengine.googleapis.com/Service | / | / | / |
appengine.googleapis.com/Version | / | / | / |
Google Kubernetes Engine | |||
container.googleapis.com/Cluster | β | google_container_cluster | β |
container.googleapis.com/NodePool(beta) | π§ | google_container_node_pool | π§ |
Cloud Billing | |||
cloudbilling.googleapis.com/BillingAccount | / | / | / |
Cloud Storage | |||
storage.googleapis.com/Bucket | β | google_storage_bucket | β |
Cloud DNS | |||
dns.googleapis.com/ManagedZone | β | google_dns_managed_zone | β |
dns.googleapis.com/Policy | β (only google-beta) | google_dns_policy | β |
Cloud Spanner | |||
spanner.googleapis.com/Instance | π§ | google_spanner_instance | π§ |
spanner.googleapis.com/Database | π§ | google_spanner_database | π§ |
BigQuery | |||
bigquery.googleapis.com/Dataset | π§ | google_bigquery_dataset | π§ |
bigquery.googleapis.com/Table | π§ | google_bigquery_table | π§ |
Cloud Identity and Access Management | |||
iam.googleapis.com/Role | π§ | google_iam_member | π§ |
iam.googleapis.com/ServiceAccount | β | google_service_account | β |
Cloud Pub/Sub | |||
pubsub.googleapis.com/Topic | β | google_pubsub_subscription | β |
pubsub.googleapis.com/Subscription | β | google_pubsub_topic | β |
Cloud Dataproc | |||
dataproc.googleapis.com/Cluster | π§ | google_dataproc_cluster | π§ |
dataproc.googleapis.com/Job | π§ | google_dataproc_job | π§ |
Cloud SQL | |||
sqladmin.googleapis.com/Instance | β | google_sql_database_instance | β |
Cloud Bigtable | |||
bigtableadmin.googleapis.com/Cluster | / | / | / |
bigtableadmin.googleapis.com/Instance | π§ | google_bigtable_instance | π§ |
bigtableadmin.googleapis.com/Table | π§ | google_bigtable_table | π§ |
Google Kubernetes Engine | |||
k8s.io/Node | / | / | / |
k8s.io/Pod | / | / | / |
k8s.io/Namespace | / | / | / |
rbac.authorization.k8s.io/Role | / | / | / |
rbac.authorization.k8s.io/RoleBinding | / | / | / |
rbac.authorization.k8s.io/ClusterRole | / | / | / |
rbac.authorization.k8s.io/RoleBinding | / | / | / |