October release (#82)

* Add support for TF013 beta 3

* Remove workspace and transition settings
to devcontainer

* Add --clone-launchpad

* Remove --clone-error writing to stdout
download progress

* Remove launchpad command
Remove launchpad landing zone from rover

* Cleanup dockerfile

* Refactor the command logic for more scalability

* Fix a destroy condition

* Fix command conditions + cleanup

* Fix rover clone

* Fix a CI destroy condition

* #56

* Add ssh server for Azure aci

* Updating port for Azure bastion

* Fix sshd port to 22 for aci

* Regenerate sshd keys if missing

* Make the sshd.sh executable

* Run sshd in non-root container

* Fix docker in non-root mode

* Upgrade tools version
Cleanup variables

* Remove password for ssh
Change ssh server config

* Add terraform 0.12.29

* Add 0.13.0-rc1 docker image

* Update changelog.md

* Update changelog.md

* Update rover to version 13 GA

* Create .gitattributes

* Improvements to support multi layers and sub

* Fix plugin-cache creation

* Fix plug-in folder creation

* Add rover import and state list
Add build local image

* Fix minor upgrade for azcli and tfdoc

* Add Ansible

* Adding codespaces support (#72)

* Updating tools version

* Add ansible

* Multi-layer support for 0.4

* Add -var-folder support

* Remove constrain to run vscode with logged-in user

* Fix execution with msi

* Set Tenant_ID when using MSI

* fix ARM_TENANT_ID

* Add support for Packer

* Add yq to parse yaml files

* Add rover version verification in vscode

* Update devcontainer version

* Update yaml to addess Github env variable change

* Fix merge in dockerfile

* Fix tfsec

* Fix a merge issue with ansible

* Fix a permission denied in vscode

* Set TF_VAR_tenant_id when executed by non user

* Fix environment variable for launchpad init

* Update rover verify function

* Remove version verification in pipelines

* Add support for multiple var-folder parameters

* Hotfix to prevent duplicates when using var-folder
nultiple times

* Update docker-compose.yml

* Add git pre-commit

* Update terraform to 0.13.4
Update AzureCli to 2.14.0

* Update ci

* Update vnext trigger

Co-authored-by: Arnaud Lheureux <[email protected]>
Co-authored-by: lolorol <[email protected]>

.devcontainer/devcontainer.json

@@ -1,38 +1,38 @@
 {
     "name": "Azure CAF rover",
- 
+
     // Update the 'dockerComposeFile' list if you have more compose files or use different names.
     "dockerComposeFile": "docker-compose.yml",
- 
+
     // Container user to use in VSCode Online and GitHub Codespaces
     "containerUser" : "vscode",
-    
+
     // The 'service' property is the name of the service for the container that VS Code should
     // use. Update this value and .devcontainer/docker-compose.yml to the real service name.
     "service": "rover",
- 
+
     // The optional 'workspaceFolder' property is the path VS Code should open by default when
     // connected. This is typically a volume mount in .devcontainer/docker-compose.yml
     "workspaceFolder": "/tf/rover",
- 
-    // Use 'settings' to set *default* container specific settings.json values on container create. 
+
+    // Use 'settings' to set *default* container specific settings.json values on container create.
     // You can edit these settings after create using File > Preferences > Settings > Remote.
-    "settings": { 
+    "settings": {
         "files.eol": "\n",
         "terminal.integrated.shell.linux": "/bin/bash",
         "editor.tabSize": 2,
-        "terminal.integrated.scrollback": 2000,
+        "terminal.integrated.scrollback": 8000,
     },
- 
+
     // Uncomment the next line if you want start specific services in your Docker Compose config.
     // "runServices": [],
- 
+
     // Uncomment this like if you want to keep your containers running after VS Code shuts down.
     // "shutdownAction": "none",
- 
+
     // Uncomment the next line to run commands after the container is created.
-    "postCreateCommand": "cp -R /tmp/.ssh-localhost/* ~/.ssh && chmod 700 ~/.ssh && chmod 600 ~/.ssh/*",
- 
+    "postCreateCommand": "cp -R /tmp/.ssh-localhost/* ~/.ssh && sudo chmod 600 ~/.ssh/* && sudo chown -R $(whoami) /tf/caf && git config --global core.editor vi && pre-commit install && pre-commit autoupdate",
+
     // Add the IDs of extensions you want installed when the container is created in the array below.
     "extensions": [
         "4ops.terraform",

.devcontainer/docker-compose.yml

@@ -7,7 +7,8 @@
   services:
     rover:
       image: aztfmod/roverdev:vnext
-
+      user:vscode 
+
       labels:
         - "caf=Azure CAF"
 

.env

@@ -1,10 +1,11 @@
-versionTerraform=0.13.3
-versionAzureCli=2.12.1
+versionTerraform=0.13.5
+versionAzureCli=2.14.0
 versionKubectl=v1.18.6
 versionGit=2.27.0
 versionTflint=v0.18.0
 versionJq=1.6
-versionDockerCompose=1.25.5
+versionDockerCompose=1.27.3
 versionTfsec=v0.27.0
 versionTerraformDocs=v0.10.1
-versionAnsible=2.10
+versionAnsible=2.9.13
+versionPacker=1.6.4

.github/workflows/master.yml

@@ -1,7 +1,7 @@
 name: master
 
 on:
-  pull_request:
+  push:
     branches:
       - master
 
@@ -16,7 +16,7 @@ jobs:
       uses: Azure/docker-login@v1
       with:
         # Container registry username
-        username: aztfmod 
+        username: aztfmod
         # Container registry password
         password: ${{ secrets.docker_registry_password }}
         # Container registry server url

.github/workflows/vnext.yml

@@ -29,17 +29,17 @@ jobs:
       uses: Azure/docker-login@v1
       with:
         # Container registry username
-        username: aztfmod 
+        username: aztfmod
         # Container registry password
         password: ${{ secrets.docker_registry_password }}
         # Container registry server url
         login-server: https://index.docker.io/v1/
+    - name: Set the rover version
+      run: |
+        echo "docker_tag=$(date +"%g%m.%d%H%M")" >> $GITHUB_ENV
     - name: Build the rover
-      run: |        
+      run: |
         set -e
-        docker_tag=$(date +"%g%m.%d%H%M")
-        echo ::set-env name=docker_tag::${docker_tag}
-
         # Build the rover base image
         docker-compose build --build-arg versionRover="aztfmod/roverdev:$docker_tag"
 
@@ -56,8 +56,8 @@ jobs:
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
       with:
-        tag_name: ${{ env.docker_tag }}
-        release_name: aztfmod/roverdev:${{ env.docker_tag }}
+        tag_name: $docker_tag
+        release_name: aztfmod/roverdev:$docker_tag
         draft: true
         prerelease: false
         body: You can also use the latest vnext by using aztfmod/roverdev:vnext

.pre-commit-config.yaml

@@ -0,0 +1,21 @@
+# See http://pre-commit.com for more information
+# See http://pre-commit.com/hooks.html for more hooks
+repos:
+  - repo: git://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.43.0
+    hooks:
+    - id: terraform_fmt
+    # - id: terraform_docs
+    # - id: terraform_tflint
+    # - id: terraform_tfsec
+  - repo: git://github.com/pre-commit/pre-commit-hooks
+    rev: v3.3.0
+    hooks:
+      - id: check-merge-conflict
+      - id: trailing-whitespace
+      - id: check-yaml
+      - id: check-added-large-files
+  # - repo: git://github.com/markdownlint/markdownlint
+  #   rev: v0.9.0
+  #   hooks:
+  #     - id: markdownlint

Dockerfile

@@ -27,7 +27,6 @@ RUN yum makecache fast && \
         openssh-clients \
         openssl \
         man \
-        ansible \
         which && \
     yum -y update
 
@@ -66,6 +65,7 @@ ARG versionJq
 ARG versionDockerCompose
 ARG versionTfsec
 ARG versionAnsible
+ARG versionPacker
 
 ARG USERNAME=vscode
 ARG USER_UID=1000
@@ -83,17 +83,22 @@ ENV SSH_PASSWD=${SSH_PASSWD} \
     versionDockerCompose=${versionDockerCompose} \
     versionTfsec=${versionTfsec} \
     versionAnsible=${versionAnsible} \
+    versionPacker=${versionPacker} \
     TF_DATA_DIR="/home/${USERNAME}/.terraform.cache" \
     TF_PLUGIN_CACHE_DIR="/home/${USERNAME}/.terraform.cache/plugin-cache"
-
+
+
+
 RUN yum -y install \
         make \
         zlib-devel \
         curl-devel \ 
         gettext \
         bzip2 \
         gcc \
-        unzip && \
+        unzip \
+        sudo \
+        openssh-server && \
     #
     # Install git from source code
     #
@@ -112,12 +117,25 @@ RUN yum -y install \
     touch /var/run/docker.sock && \
     chmod 666 /var/run/docker.sock && \
     #
+    # Create USERNAME
+    #
+    echo "Creating ${USERNAME} user..." && \
+    useradd --uid $USER_UID -m -G docker ${USERNAME} && \
+    #
     # Install Terraform
     #
     echo "Installing terraform ${versionTerraform}..." && \
     curl -sSL -o /tmp/terraform.zip https://releases.hashicorp.com/terraform/${versionTerraform}/terraform_${versionTerraform}_linux_amd64.zip 2>&1 && \
     unzip -d /usr/bin /tmp/terraform.zip && \
     chmod +x /usr/bin/terraform && \
+    mkdir -p /home/${USERNAME}/.terraform.cache/plugin-cache && \
+    #
+    # Install Packer
+    #
+    echo "Installing Packer ${versionPacker}..." && \
+    curl -sSL -o /tmp/packer.zip https://releases.hashicorp.com/packer/${versionPacker}/packer_${versionPacker}_linux_amd64.zip 2>&1 && \
+    unzip -d /usr/local/bin /tmp/packer.zip && \
+    chmod +x /usr/local/bin/packer && \
     #
     # Install Docker-Compose - required to rebuild the rover from the rover ;)
     #
@@ -154,45 +172,52 @@ gpgkey=https://packages.microsoft.com/keys/microsoft.asc" > /etc/yum.repos.d/azu
     curl -L -o /usr/bin/jq https://github.com/stedolan/jq/releases/download/jq-${versionJq}/jq-linux64 && \
     chmod +x /usr/bin/jq && \
     #
-    # Install pre-commit
-    #
-    echo "Installing pre-commit ..." && \
-    python3 -m pip install pre-commit && \ 
-    #
-    # Install Ansible
-    #
-    echo "Installing Ansible ..." && \
-    pip3 install --user https://github.com/ansible/ansible/archive/stable-${versionAnsible}.tar.gz && \ 
-    #
     # Install tflint
     #
     echo "Installing tflint ..." && \
     curl -sSL -o /tmp/tflint.zip https://github.com/terraform-linters/tflint/releases/download/${versionTflint}/tflint_linux_amd64.zip && \
     unzip -d /usr/bin /tmp/tflint.zip && \
     chmod +x /usr/bin/tflint && \
     #
+    # Install Ansible
+    #
+    echo "Installing Ansible ${versionAnsible}..." && \
+    pip3 install ansible==${versionAnsible} && \
+    #
+    # Install pre-commit
+    #
+    echo "Installing pre-commit ..." && \
+    pip3 install pre-commit && \ 
+    #
+    # Install yq
+    #
+    echo "Installing yq ..." && \
+    pip3 install yq && \
+    #
     # Clean-up
     rm -f /tmp/*.zip && rm -f /tmp/*.gz && \
     rm -rfd /tmp/git-${versionGit} && \
-    # 
-    echo "Creating ${USERNAME} user..." && \
-    useradd --uid $USER_UID -m -G docker ${USERNAME} && \
-    # sudo usermod -aG docker ${USERNAME} && \
-    mkdir -p /home/${USERNAME}/.vscode-server /home/${USERNAME}/.vscode-server-insiders /home/${USERNAME}/.ssh /home/${USERNAME}/.ssh-localhost /home/${USERNAME}/.azure /home/${USERNAME}/.terraform.cache /home/${USERNAME}/.terraform.cache/tfstates && \
-    chown ${USER_UID}:${USER_GID} /home/${USERNAME}/.vscode-server* /home/${USERNAME}/.ssh /home/${USERNAME}/.ssh-localhost /home/${USERNAME}/.azure /home/${USERNAME}/.terraform.cache /home/${USERNAME}/.terraform.cache/tfstates  && \
-    yum install -y sudo && \
+    #
+    # Create USERNAME home folder structure
+    #
+    mkdir -p /tf/caf \
+        /tf/rover \
+        /home/${USERNAME}/.ansible \
+        /home/${USERNAME}/.azure \
+        /home/${USERNAME}/.gnupg \
+        /home/${USERNAME}/.packer.d \
+        /home/${USERNAME}/.ssh \
+        /home/${USERNAME}/.ssh-localhost \
+        /home/${USERNAME}/.terraform.cache \
+        /home/${USERNAME}/.terraform.cache/tfstates \
+        /home/${USERNAME}/.vscode-server \
+        /home/${USERNAME}/.vscode-server-insiders && \
+    chown -R ${USER_UID}:${USER_GID} /home/${USERNAME} /tf/rover /tf/caf && \
+    chmod 777 -R /home/${USERNAME} /tf/caf && \
+    chmod 700 /home/${USERNAME}/.ssh && \
     echo ${USERNAME} ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/${USERNAME} && \
     chmod 0440 /etc/sudoers.d/${USERNAME}
 
-# ssh server for Azure ACI
-RUN yum install -y openssh-server && \
-    rm -f /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_rsa_key /home/${USERNAME}/.ssh/ssh_host_ecdsa_key && \
-    ssh-keygen -q -N "" -t ecdsa -b 521 -f /home/${USERNAME}/.ssh/ssh_host_ecdsa_key && \
-    mkdir -p /home/${USERNAME}/.ssh
-
-COPY ./scripts/sshd_config /home/${USERNAME}/.ssh/sshd_config
-
-
 # Add Community terraform providers
 COPY --from=tfsec /go/bin/tfsec /bin/
 COPY --from=terraform-docs /go/bin/terraform-docs /bin/
@@ -205,13 +230,24 @@ COPY ./scripts/clone.sh .
 COPY ./scripts/sshd.sh .
 COPY --from=rover_version version.txt /tf/rover/version.txt
 
+#
+# Switch to ${USERNAME} context
+#
+
+USER ${USERNAME}
+
+
+COPY ./scripts/sshd_config /home/${USERNAME}/.ssh/sshd_config
+
 RUN echo "alias rover=/tf/rover/rover.sh" >> /home/${USERNAME}/.bashrc && \
     echo "alias t=/usr/bin/terraform" >> /home/${USERNAME}/.bashrc && \
-    mkdir -p /tf/caf && \
-    chown -R ${USERNAME}:1000 /tf/rover /tf/caf /home/${USERNAME}/.ssh && \
-    chmod +x /tf/rover/sshd.sh
+    # chmod +x /tf/rover/sshd.sh && \
+    #
+    # ssh server for Azure ACI
+    #
+    ssh-keygen -q -N "" -t ecdsa -b 521 -f /home/${USERNAME}/.ssh/ssh_host_ecdsa_key
+
 
-USER ${USERNAME}
 
 EXPOSE 22
 CMD  ["/tf/rover/sshd.sh"]

docker-compose.yml

@@ -24,6 +24,7 @@ services:
         - versionTfsec
         - versionTerraformDocs
         - versionAnsible
+        - versionPacker
 
     volumes:
       - ..:/tf