Skip to content

Generating tf files and tfstate from existing GCP resources.

License

Notifications You must be signed in to change notification settings

cloud-ace/terraformit-gcp

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

12 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

terraformit-gcp

terraformit-gcp is an open source command line tool for generating tf files and tfstate from existing GCP resources.
Relieve the pain of coding tf of manually created GCP resources.

terraformit-gcp steps are as below.

  1. terraformit-gcp get json data of existing GCP resources using Cloud Asset API exportAssets method.

  2. terraformit-gcp generates files for creating a tfstate(="terraform import") from the json data.

  3. terraformit-gcp generates tf files from the tfstate.

  4. terraformit-gcp executes "terraform plan" command to check tf files are generated successfully.

Version Table

terraformit-gcp does not support terraform 0.12.0 now.

terraformit-gcp go terraform google provider google provider (beta)
v0.9.0 v1.12 v0.11.13 and v0.11.14 v2.5.1 v2.5.1

To start using terraformit-gcp

Please follow these steps.

Install commands

Install terraform or tfenv(Terraform version manager).

Install gcloud to create a credential.

Install Go tools to use go command.

Set gcloud authentication

Generate ~/.config/gcloud/application_default_credentials.json credential.
Terraform command and google storage library use this credential.

gcloud init

or

gcloud auth login

Install terraformit-gcp

Install terraformit-gcp. git clone terraformit-gcp to your GOPATH.

export GO111MODULE=on
git clone https://github.com/cloud-ace/terraformit-gcp.git -b v0.9.1 ~/go/src/github.com/cloud-ace/terraformit-gcp
cd ~/go/src/github.com/cloud-ace/terraformit-gcp
go install

Set path

Add GOPATH to PATH, if you need.
(mac)

echo 'export GOPATH=$HOME/go' >> ~/.bash_profile
echo 'export PATH=$PATH:$GOPATH/bin' >> ~/.bash_profile
source ~/.bash_profile

Enable CloudAssetAPI

Enable CloudAssetAPI.

Create bucket for storing CloudAssetAPI json data

Create bucket for storing CloudAssetAPI outputs.

Generate and download credential for CloudAssetAPI

Genereate Oauth Client ID and download a credentials.
Cloud Asset API only supports Oauth Client ID now.
https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/calling-api-with-local-machine-howto?hl=en#downloading_the_credential_file

cd your pj directory

Change your terraform project directory.

cd "your terraform project directory"

Create .terraformit-gcp.yaml in your project directory

Create .terraformit-gcp.yaml in your project directory and set your configuration.
Please refer to the sample file(sample.terraformit-gcp.yaml) in this repository.

CloudAsset:
  # GCP project number
  project-number: "xxxxxxxx" 

  # bucket name. CloudAssetAPI MetadataFile is exported to this bucket.
  bucket: "xxxxxxxxx"

  # Oauth Client ID credential location
  credential: "/Users/xxxxx/Downloads/xxxxxx.json"

Terraform:
  # provider. "google" or "google-beta" should be set.
  provider: "google"

  # your workspace 
  workspace: "default"

  # buckend type "local" or "gcs" is supported now.
  # https://www.terraform.io/docs/backends/types/gcs.html
  backend-type: "local"

  # if you set "local" to backend-type, set "" to backend-location.
  # backend-location: ""
  # if you set "gcs" to backend-type ,set your bucket name to backend-location
  # backend-location: "bucketname"  
  backend-location: ""

  # Default Region
  gcp-provider-default-region: "asia-northeast1"

  # whether add Default resources("true") or remove("false").
  # set true or false. If you set "false", skip default resource.
  # Default service accounts are removed automatically because their name start with number("12233445@....") which cause an error. 
  resource-default-network: false
  resource-default-subnetwork: false
  resource-default-route: false
  resource-default-firewall: false

terraformit-gcp Command

terraformit-gcp plan

Following steps below are executed.

  1. create CloudAssetMetadata calling CloudAssetAPI
  2. get CloudAssetMetadata from GCS
  3. create ImportFiles
  4. "terraform init"
  5. "terraform workspace new"
  6. "terraform import"(create tfstate)
  7. create tffile
  8. "terraform plan"

terraformit-gcp create cloudasset

Following steps below are executed.

  1. create CloudAssetMetadata calling CloudAssetAPI

terraformit-gcp create importfiles (-f ./xxx/xxxxx or gs://xxxxxx/xxxx)

Following steps below are executed.

  1. get CloudAssetMetadata from GCS or local(-f option)
  2. create ImportFiles

terraformit-gcp create tfstate

Following steps below are executed.

  1. "terraform init"
  2. "terraform workspace new"
  3. "terraform import" using importfiles

terraformit-gcp create tffile (-f tfstatefile)

Following steps below are executed.

  1. create tffile

Support Table

This command supports GCP resources which is supported by Cloud Asset API.

βœ…:support
πŸ”§:will support
/ :not supported

CloudAssetAPI Name CloudAssetAPI Support terrafromResource name terrafromResource Support
Cloud Key Management Service
cloudkms.googleapis.com/KeyRing βœ… google_kms_key_ring βœ…
cloudkms.googleapis.com/CryptoKey βœ… google_kms_crypto_key βœ…
cloudkms.googleapis.com/CryptoKeyVersion / / /
Resource Manager
cloudresourcemanager.googleapis.com/Organization / / /
cloudresourcemanager.googleapis.com/Folder / google_folder /
cloudresourcemanager.googleapis.com/Project βœ… google_project βœ…
Compute Engine
compute.googleapis.com/Autoscaler βœ… google_compute_autoscaler βœ…
compute.googleapis.com/BackendBucket βœ… google_compute_backend_bucket βœ…
compute.googleapis.com/BackendService βœ… google_compute_backend_service βœ…
compute.googleapis.com/Disk βœ… google_compute_disk βœ…
compute.googleapis.com/Firewall βœ… google_compute_firewall βœ…
compute.googleapis.com/ForwardingRule βœ…(only support in default Region) google_compute_forwarding_rule βœ…
compute.googleapis.com/GlobalForwardingRule βœ… google_compute_global_forwarding_rule βœ…
compute.googleapis.com/HealthCheck βœ… google_compute_health_check βœ…
compute.googleapis.com/HttpHealthCheck βœ… google_compute_http_health_check βœ…
compute.googleapis.com/HttpsHealthCheck πŸ”§ google_compute_https_health_check πŸ”§
compute.googleapis.com/Image βœ… google_compute_image βœ…
compute.googleapis.com/Instance βœ… google_compute_instance βœ…
compute.googleapis.com/InstanceGroup βœ… google_compute_instance_group βœ…
compute.googleapis.com/InstanceGroupManager βœ… google_compute_instance_group_manager βœ…
compute.googleapis.com/InstanceTemplate βœ… google_compute_instance_template βœ…
compute.googleapis.com/Network βœ… google_compute_network βœ…
compute.googleapis.com/Project / / /
compute.googleapis.com/RegionBackendService πŸ”§ google_compute_region_backend_service πŸ”§
compute.googleapis.com/Route βœ… google_compute_route βœ…
compute.googleapis.com/Router πŸ”§ google_compute_router πŸ”§
compute.googleapis.com/Snapshot βœ… google_compute_snapshot βœ…
compute.googleapis.com/SslCertificate βœ… google_compute_ssl_certificate(you need to set your private key manually) βœ…
compute.googleapis.com/Subnetwork βœ… google_compute_subnetwork βœ…
compute.googleapis.com/TargetHttpProxy βœ… google_compute_target_http_proxy βœ…
compute.googleapis.com/TargetHttpsProxy βœ… google_compute_target_https_proxy βœ…
compute.googleapis.com/TargetInstance / / /
compute.googleapis.com/TargetPool βœ…(only support in default Region) google_compute_target_pool βœ…
compute.googleapis.com/TargetTcpProxy πŸ”§ google_compute_target_tcp_proxy πŸ”§
compute.googleapis.com/TargetSslProxy πŸ”§ google_compute_target_ssl_proxy πŸ”§
compute.googleapis.com/TargetVpnGateway πŸ”§ google_compute_vpn_gateway πŸ”§
compute.googleapis.com/UrlMap βœ… google_compute_url_map βœ…
compute.googleapis.com/VpnTunnel πŸ”§ google_compute_vpn_tunnel πŸ”§
App Engine
appengine.googleapis.com/Application πŸ”§ google_app_engine_application(cannot delete app engine) πŸ”§
appengine.googleapis.com/Service / / /
appengine.googleapis.com/Version / / /
Google Kubernetes Engine
container.googleapis.com/Cluster βœ… google_container_cluster βœ…
container.googleapis.com/NodePool(beta) πŸ”§ google_container_node_pool πŸ”§
Cloud Billing
cloudbilling.googleapis.com/BillingAccount / / /
Cloud Storage
storage.googleapis.com/Bucket βœ… google_storage_bucket βœ…
Cloud DNS
dns.googleapis.com/ManagedZone βœ… google_dns_managed_zone βœ…
dns.googleapis.com/Policy βœ…(only google-beta) google_dns_policy βœ…
Cloud Spanner
spanner.googleapis.com/Instance πŸ”§ google_spanner_instance πŸ”§
spanner.googleapis.com/Database πŸ”§ google_spanner_database πŸ”§
BigQuery
bigquery.googleapis.com/Dataset πŸ”§ google_bigquery_dataset πŸ”§
bigquery.googleapis.com/Table πŸ”§ google_bigquery_table πŸ”§
Cloud Identity and Access Management
iam.googleapis.com/Role πŸ”§ google_iam_member πŸ”§
iam.googleapis.com/ServiceAccount βœ… google_service_account βœ…
Cloud Pub/Sub
pubsub.googleapis.com/Topic βœ… google_pubsub_subscription βœ…
pubsub.googleapis.com/Subscription βœ… google_pubsub_topic βœ…
Cloud Dataproc
dataproc.googleapis.com/Cluster πŸ”§ google_dataproc_cluster πŸ”§
dataproc.googleapis.com/Job πŸ”§ google_dataproc_job πŸ”§
Cloud SQL
sqladmin.googleapis.com/Instance βœ… google_sql_database_instance βœ…
Cloud Bigtable
bigtableadmin.googleapis.com/Cluster / / /
bigtableadmin.googleapis.com/Instance πŸ”§ google_bigtable_instance πŸ”§
bigtableadmin.googleapis.com/Table πŸ”§ google_bigtable_table πŸ”§
Google Kubernetes Engine
k8s.io/Node / / /
k8s.io/Pod / / /
k8s.io/Namespace / / /
rbac.authorization.k8s.io/Role / / /
rbac.authorization.k8s.io/RoleBinding / / /
rbac.authorization.k8s.io/ClusterRole / / /
rbac.authorization.k8s.io/RoleBinding / / /

About

Generating tf files and tfstate from existing GCP resources.

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages