-
Notifications
You must be signed in to change notification settings - Fork 0
/
migrate.py
executable file
·424 lines (341 loc) · 12.6 KB
/
migrate.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
#!/usr/bin/env python3
# Copyright 2019 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import argparse
import copy
import subprocess
import sys
import re
import json
def get_key_for_each_key(state, old_resource):
account_id = state.resource_value(old_resource, "service_account_id")
name = account_id.split('@')[0]
return name
def get_iam_for_each_key(state, old_resource):
account_id = state.resource_value(old_resource, "service_account_id")
name = account_id.split('@')[0]
return name
MIGRATIONS = [
{
"resource_type": "google_service_account",
"name": "service_accounts",
"module": "",
"for_each_migration": True,
"for_each_migration_key": "account_id"
},
{
"resource_type": "google_service_account_key",
"name": "keys",
"module": "",
"for_each_migration": True,
"for_each_migration_key": get_key_for_each_key
}
]
class ModuleMigration:
"""
Migrate the resources from a flat project factory to match the new
module structure created by the G Suite refactor.
"""
def __init__(self, source_module, state):
self.source_module = source_module
self.state = state
def moves(self):
"""
Generate the set of old/new resource pairs that will be migrated
to the `destination` module.
"""
resources = self.targets()
for_each_migrations = []
moves = []
for (old, migration) in resources:
new = copy.deepcopy(old)
new.module += migration["module"]
# Update the copied resource with the "rename" value if it is set
if "rename" in migration:
new.name = migration["rename"]
old.plural = migration.get("old_plural", True)
new.plural = migration.get("new_plural", True)
if (migration.get("for_each_migration", False) and
migration.get("old_plural", True)):
pass
for_each_migrations.append((old, new, migration))
else:
pair = (old.path(), new.path())
moves.append(pair)
for_each_moves = self.for_each_moves(for_each_migrations)
return moves + for_each_moves
def for_each_moves(self, for_each_migrations):
"""
When migrating from count to for_each we need to move the
whole collection first
https://github.com/hashicorp/terraform/issues/22301
"""
for_each_initial_migration = {}
moves = []
for (old, new, migration) in for_each_migrations:
# Do the initial migration of the whole collection
# only once if it hasn't been done yet
key = old.resource_type + "." + old.name
if key not in for_each_initial_migration:
for_each_initial_migration[key] = True
old.plural = False
new.plural = False
pair = (old.path(), new.path())
# moves.append(pair)
# Whole collection is moved to new location. Now needs right index
new.plural = True
new_indexed = copy.deepcopy(new)
mig = migration["for_each_migration_key"]
if callable(mig):
new_indexed.key = mig(self.state, old)
else:
new_indexed.key = self.state.resource_value(old, mig)
pair = (new.path(), new_indexed.path())
moves.append(pair)
return moves
def targets(self):
"""
A list of resources that will be moved to the new module.
"""
to_move = []
for migration in MIGRATIONS:
resource_type = migration["resource_type"]
resource_name = migration["name"]
matching_resources = self.source_module.get_resources(
resource_type,
resource_name)
to_move += [(r, migration) for r in matching_resources]
return to_move
class TerraformModule:
"""
A Terraform module with associated resources.
"""
def __init__(self, name, resources):
"""
Create a new module and associate it with a list of resources.
"""
self.name = name
self.resources = resources
def get_resources(self, resource_type=None, resource_name=None):
"""
Return a list of resources matching the given resource type and name.
"""
ret = []
for resource in self.resources:
matches_type = (resource_type is None or
resource_type == resource.resource_type)
name_pattern = re.compile(r'%s(\[\d+\])?' % resource_name)
matches_name = (resource_name is None or
name_pattern.match(resource.name))
if matches_type and matches_name:
ret.append(resource)
return ret
def has_resource(self, resource_type=None, resource_name=None):
"""
Does this module contain a resource with the matching type and name?
"""
for resource in self.resources:
matches_type = (resource_type is None or
resource_type == resource.resource_type)
matches_name = (resource_name is None or
resource_name in resource.name)
if matches_type and matches_name:
return True
return False
def __repr__(self):
return "{}({!r}, {!r})".format(
self.__class__.__name__,
self.name,
[repr(resource) for resource in self.resources])
class TerraformResource:
"""
A Terraform resource, defined by the the identifier of that resource.
"""
@classmethod
def from_path(cls, path):
"""
Generate a new Terraform resource, based on the fully qualified
Terraform resource path.
"""
if re.match(r'\A[\w.\["/\]-]+\Z', path) is None:
raise ValueError(
"Invalid Terraform resource path {!r}".format(path))
parts = path.split(".")
name = parts.pop()
resource_type = parts.pop()
module = ".".join(parts)
return cls(module, resource_type, name)
def __init__(self, module, resource_type, name):
"""
Create a new TerraformResource from a pre-parsed path.
"""
self.module = module
self.resource_type = resource_type
self.key = None
self.plural = True
find_suffix = re.match(r'(^.+)\[(\d+)\]', name)
if find_suffix:
self.name = find_suffix.group(1)
self.index = find_suffix.group(2)
else:
self.name = name
self.index = -1
def path(self):
"""
Return the fully qualified resource path.
"""
parts = [self.module, self.resource_type, self.name]
if parts[0] == '':
del parts[0]
path = ".".join(parts)
if self.key is not None:
path = "{0}[\"{1}\"]".format(path, self.key)
elif self.index != -1 and self.plural:
path = "{0}[{1}]".format(path, self.index)
return path
def __repr__(self):
return "{}({!r}, {!r}, {!r})".format(
self.__class__.__name__,
self.module,
self.resource_type,
self.name)
class TerraformState:
"""
A Terraform state representation, pulled from terraform state pull
Used for getting values out of individual resources
"""
def __init__(self):
self.read_state()
def read_state(self):
"""
Read the terraform state
"""
argv = ["terraform", "state", "pull"]
result = subprocess.run(argv,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
check=True,
encoding='utf-8')
self.state = json.loads(result.stdout)
def resource_value(self, resource, key):
# Find the resource in the state
state_resource_list = [r for r in self.state["resources"] if
r.get("module", "none") == resource.module and
r["type"] == resource.resource_type and
r["name"] == resource.name]
if (len(state_resource_list) != 1):
raise ValueError(
"Could not find resource list in state for {}"
.format(resource))
index = int(resource.index)
# If this a collection use the index to find the right resource,
# otherwise use the first
if (index >= 0):
state_resource = [r for r in state_resource_list[0]["instances"] if
r["index_key"] == index]
if (len(state_resource) != 1):
raise ValueError(
"Could not find resource in state for {} key {}"
.format(resource, resource.index))
else:
state_resource = state_resource_list[0]["instances"]
return state_resource[0]["attributes"][key]
def group_by_module(resources):
"""
Group a set of resources according to their containing module.
"""
groups = {}
for resource in resources:
if resource.module in groups:
groups[resource.module].append(resource)
else:
groups[resource.module] = [resource]
return [
TerraformModule(name, contained)
for name, contained in groups.items()
]
def read_resources():
"""
Read the terraform state at the given path.
"""
argv = ["terraform", "state", "list"]
result = subprocess.run(argv,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
check=True,
encoding='utf-8')
elements = result.stdout.split("\n")
elements.pop()
return elements
def state_changes_for_module(module, state):
"""
Compute the Terraform state changes (deletions and moves) for a single
module.
"""
commands = []
migration = ModuleMigration(module, state)
for (old, new) in migration.moves():
wrapper = "'{0}'"
argv = ["terraform",
"state",
"mv",
wrapper.format(old),
wrapper.format(new)]
commands.append(argv)
return commands
def migrate(state=None, dryrun=False):
"""
Generate and run terraform state mv commands to migrate resources from one
state structure to another
"""
# Generate a list of Terraform resource states from the output of
# `terraform state list`
resources = [
TerraformResource.from_path(path)
for path in read_resources()
]
# Group resources based on the module where they're defined.
modules = group_by_module(resources)
# Filter our list of Terraform modules down to this one
modules_to_migrate = [
module for module in modules
if module.has_resource("google_service_account", "service_accounts")
]
print("---- Migrating the following modules:")
for module in modules_to_migrate:
print("-- " + module.name)
# Collect a list of resources for each module
commands = []
for module in modules_to_migrate:
commands += state_changes_for_module(module, state)
print("---- Commands to run:")
for argv in commands:
if dryrun:
print(" ".join(argv))
else:
argv = [arg.strip("'") for arg in argv]
subprocess.run(argv, check=True, encoding='utf-8')
def main(argv):
parser = argparser()
args = parser.parse_args(argv[1:])
state = TerraformState()
migrate(state=state, dryrun=args.dryrun)
def argparser():
parser = argparse.ArgumentParser(description='Migrate Terraform state')
parser.add_argument('--dryrun', action='store_true',
help='Print the `terraform state mv` commands instead '
'of running the commands.')
return parser
if __name__ == "__main__":
main(sys.argv)