-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathterraform.mk
More file actions
174 lines (154 loc) · 7.16 KB
/
terraform.mk
File metadata and controls
174 lines (154 loc) · 7.16 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
# Terraform Make Targets for TFScaffold
# NHS Notify standard for production infrastructure
# Requires infrastructure/terraform/bin/terraform.sh
# ==============================================================================
# TFScaffold Terraform Operations
terraform-plan: # Plan Terraform changes - mandatory: component=[component_name], environment=[environment]; optional: project=[default: nhs], region=[default: eu-west-2], group=[default: dev], opts=[additional options] @Development
# Example: make terraform-plan component=mycomp environment=myenv group=mygroup
# Args: --project nhs --region eu-west-2 --component mycomp --environment myenv --group mygroup --action plan
make _terraform-scaffold action=plan \
component=$(component) \
environment=$(environment) \
project=$(or ${project}, nhs) \
region=$(or ${region}, eu-west-2) \
group=$(or ${group}, dev) \
opts=$(or ${opts}, )
terraform-plan-destroy: # Plan Terraform destroy - mandatory: component=[component_name], environment=[environment]; optional: project, region, group, opts @Development
# Example: make terraform-plan-destroy component=mycomp environment=myenv group=mygroup
# Args: --project nhs --region eu-west-2 --component mycomp --environment myenv --group mygroup --action plan-destroy
make _terraform-scaffold action=plan-destroy \
component=$(component) \
environment=$(environment) \
project=$(or ${project}, nhs) \
region=$(or ${region}, eu-west-2) \
group=$(or ${group}, dev) \
opts=$(or ${opts}, )
terraform-apply: # Apply Terraform changes - mandatory: component=[component_name], environment=[environment]; optional: project, region, group, build_id, opts @Development
# Example: make terraform-apply component=mycomp environment=myenv group=mygroup
# Args: --project nhs --region eu-west-2 --component mycomp --environment myenv --group mygroup --action apply
make _terraform-scaffold action=apply \
component=$(component) \
environment=$(environment) \
project=$(or ${project}, nhs) \
region=$(or ${region}, eu-west-2) \
group=$(or ${group}, dev) \
build_id=$(or ${build_id}, ) \
opts=$(or ${opts}, )
terraform-destroy: # Destroy Terraform resources - mandatory: component=[component_name], environment=[environment]; optional: project, region, group, opts @Development
# Example: make terraform-destroy component=mycomp environment=myenv group=mygroup
# Args: --project nhs --region eu-west-2 --component mycomp --environment myenv --group mygroup --action destroy
make _terraform-scaffold action=destroy \
component=$(component) \
environment=$(environment) \
project=$(or ${project}, nhs) \
region=$(or ${region}, eu-west-2) \
group=$(or ${group}, dev) \
opts=$(or ${opts}, )
terraform-output: # Get Terraform outputs - mandatory: component=[component_name], environment=[environment]; optional: project, region, group @Development
# Example: make terraform-output component=mycomp environment=myenv group=mygroup
# Args: --project nhs --region eu-west-2 --component mycomp --environment myenv --group mygroup --action output
make _terraform-scaffold action=output \
component=$(component) \
environment=$(environment) \
project=$(or ${project}, nhs) \
region=$(or ${region}, eu-west-2) \
group=$(or ${group}, dev)
_terraform-scaffold: # Internal wrapper for terraform.sh - mandatory: action=[terraform action]; optional: component, environment, project, region, group, bootstrap, build_id, opts
cd infrastructure/terraform && \
if [ "$(bootstrap)" = "true" ]; then \
./bin/terraform.sh \
--bootstrap \
--project $(project) \
--region $(region) \
--group $(group) \
--action $(action) \
$(if $(opts),-- $(opts),); \
else \
./bin/terraform.sh \
--project $(project) \
--region $(region) \
--component $(component) \
--environment $(environment) \
--group $(group) \
$(if $(build_id),--build-id $(build_id),) \
--action $(action) \
$(if $(opts),-- $(opts),); \
fi
# ==============================================================================
# Formatting and Validation
terraform-fmt: # Format Terraform files in components/ and modules/ (excludes etc/) @Quality
# Example: make terraform-fmt
@cd infrastructure/terraform && \
for dir in components modules; do \
[ -d "$$dir" ] && terraform fmt -recursive "$$dir"; \
done
terraform-fmt-check: # Check Terraform formatting in components/ and modules/ (excludes etc/) @Quality
# Example: make terraform-fmt-check
@cd infrastructure/terraform && \
for dir in components modules; do \
[ -d "$$dir" ] && terraform fmt -check -recursive "$$dir"; \
done
terraform-validate: # Validate Terraform configuration - mandatory: component=[component_name] @Quality
# Example: make terraform-validate component=mycomp
# Note: Validation does not require environment/group as it checks syntax only
cd infrastructure/terraform/components/$(component) && \
terraform init -backend=false && \
terraform validate
terraform-validate-all: # Validate all Terraform components @Quality
# Example: make terraform-validate-all
for dir in infrastructure/terraform/components/*; do \
if [ -d "$$dir" ]; then \
echo "Validating $$(basename $$dir)..."; \
cd $$dir && \
terraform init -backend=false && \
terraform validate && \
cd - > /dev/null; \
fi; \
done
# TODO - Re-visit Trivy usage https://nhsd-jira.digital.nhs.uk/browse/CCM-15549
# terraform-sec: # Run Trivy IaC security scanning on Terraform code @Quality
# # Example: make terraform-sec
# ./scripts/terraform/trivy-scan.sh --mode iac infrastructure/terraform
terraform-docs: # Generate Terraform documentation - optional: component=[specific component, or all if omitted] @Quality
# Example: make terraform-docs component=mycomp
# Example: make terraform-docs (generates for all components)
@if [ -n "$(component)" ]; then \
./scripts/terraform/terraform-docs.sh infrastructure/terraform/components/$(component); \
else \
for dir in infrastructure/terraform/components/* infrastructure/terraform/modules/*; do \
if [ -d "$$dir" ]; then \
./scripts/terraform/terraform-docs.sh $$dir; \
fi; \
done; \
fi
# ==============================================================================
# Cleanup
clean:: # Remove Terraform build artifacts and cache @Operations
# Example: make clean
rm -rf infrastructure/terraform/components/*/build
rm -rf infrastructure/terraform/components/*/.terraform
rm -rf infrastructure/terraform/components/*/.terraform.lock.hcl
rm -rf infrastructure/terraform/bootstrap/.terraform
rm -rf infrastructure/terraform/bootstrap/.terraform.lock.hcl
rm -rf infrastructure/terraform/plugin-cache/*
# ==============================================================================
# Installation
terraform-install: # Install Terraform using asdf @Installation
# Example: make terraform-install
make _install-dependency name="terraform"
# ==============================================================================
${VERBOSE}.SILENT: \
_terraform-scaffold \
clean \
terraform-apply \
terraform-destroy \
terraform-docs \
terraform-fmt \
terraform-fmt-check \
terraform-install \
terraform-output \
terraform-plan \
terraform-plan-destroy \
# terraform-sec \
terraform-validate \
terraform-validate-all \