Skip to content

Commit

Permalink
Feature set 01 (#59)
Browse files Browse the repository at this point in the history 
* 1. Support querying PolicySets and PolicyChecks
2. Returns detailed PolicyCheck output for a given TFC run
3. Vendoring

* Update root_test

* chore: update dependency

* feat: Use native go-tfe to retrieve sentinel body of policy check

* feat: More details in policy-set list, improve README

* feat: List all runs

* chore: vendoring

* fix: Bump to go 1.19

* fix: bump go version

* fix: spurious declaration in vendored go-tfe (?)
  • Loading branch information
@sharathrnair87
sharathrnair87 authored Jan 21, 2024
1 parent 5612360 commit 3af6f36
Show file tree
Hide file tree
Showing 32 changed files with 1,406 additions and 167 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
- name: setup-go
uses: actions/setup-go@v5
with:
go-version: 1.18
go-version: 1.19

- name: lint
run: make fmt
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
- name: setup-go
uses: actions/setup-go@v5
with:
go-version: 1.18
go-version: 1.19

- name: build
uses: goreleaser/goreleaser-action@v5
Expand Down
166 changes: 148 additions & 18 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,15 +16,17 @@
tfectl [command]
Available Commands:
admin Manage TFE admin operations
completion Generate the autocompletion script for the specified shell
help Help about any command
policy Query TFE policies
run Manage TFE runs
tag Query TFE tags
team Manage TFE teams
variable Manage TFE workspace variables
workspace Manage TFE workspaces
admin Manage TFE admin operations
completion Generate the autocompletion script for the specified shell
help Help about any command
policy Query TFE policies
policy-check Manage policy check workflows of a TFE run
policy-set Query TFE policy sets
run Manage TFE runs
tag Query TFE tags
team Manage TFE teams
variable Manage TFE workspace variables
workspace Manage TFE workspaces
Flags:
Expand Down Expand Up @@ -54,15 +56,17 @@ Usage:
tfectl [command]

Available Commands:
admin Manage TFE admin operations
completion Generate the autocompletion script for the specified shell
help Help about any command
policy Query TFE policies
run Manage TFE runs
tag Query TFE tags
team Manage TFE teams
variable Manage TFE workspace variables
workspace Manage TFE workspaces
admin Manage TFE admin operations
completion Generate the autocompletion script for the specified shell
help Help about any command
policy Query TFE policies
policy-check Manage policy check workflows of a TFE run
policy-set Query TFE policy sets
run Manage TFE runs
tag Query TFE tags
team Manage TFE teams
variable Manage TFE workspace variables
workspace Manage TFE workspaces


Flags:
Expand All @@ -77,6 +81,9 @@ Use "tfectl [command] --help" for more information about a command.
```

### Workspace
<details>
<summary>Workspace Operations</summary>

* #### List
* Run with no arguments to return the following for all workspaces in the Org

Expand Down Expand Up @@ -229,7 +236,12 @@ Use "tfectl [command] --help" for more information about a command.
}
]
```
</details>

### Runs
<details>
<summary>Run Operations</summary>

* `run` sub-command lets you manage runs against one or more workspaces
* #### List run
* List runs in workspace specified by workspaceID
Expand Down Expand Up @@ -292,7 +304,12 @@ Use "tfectl [command] --help" for more information about a command.
}
]
```
</details>

### Variables
<details>
<summary>Variable Operations</summary>

* CRUD operations on workspace variables
* #### Query/List workspace variables
```bash
Expand Down Expand Up @@ -443,8 +460,12 @@ Use "tfectl [command] --help" for more information about a command.
}
]
```
</details>

### Admin
<details>
<summary>Admin Operations - TFE ONLY</summary>

* Perform Admin operations supported by the TFE Admin API.
* NOTE: Admin settings are only available in Terraform Enterprise.

Expand Down Expand Up @@ -485,8 +506,12 @@ Use "tfectl [command] --help" for more information about a command.
}
]
```
</details>

### Policy
<details>
<summary>Policy Operations</summary>

* Query policies in TFE/TFC

* #### List
Expand All @@ -502,8 +527,12 @@ Use "tfectl [command] --help" for more information about a command.
}
]
```
</details>

### Tag
<details>
<summary>Tag Operations</summary>

* Query Organization tag information in TFE/TFC

* #### List
Expand Down Expand Up @@ -539,6 +568,107 @@ Use "tfectl [command] --help" for more information about a command.
}
]
```
</details>

### Policy Set
<details>
<summary>Policy Set Operations</summary>
* Query policy sets in TFE/TFC

* #### 1. List
* Lists all policy sets
```bash
$ tfectl policy-set list
[
{
"id": "polset-7586a2UeKeNgPD3s",
"name": "dev-policy-set",
"kind": "sentinel",
"global": false,
"workspaces": null,
"workspace_count": 5,
"workspace_exclusions": null,
"projects": [
"prj-LsSPiJnMYl7tSMZ"
],
"project_count": 1,
"policies": [
"pol-B3pWfMyAzR2VtQI"
],
"policy_count": 1
},
{
"id": "polset-Q8zN9Q6TfMVs8mu",
"name": "prod-policy-set",
"kind": "sentinel",
"global": false,
"workspaces": null,
"workspace_count": 10,
"workspace_exclusions": null,
"projects": [
"prj-yOtqzR2msFUFCDx"
],
"project_count": 1,
"policies": [
"pol-Lm0WgxPdwUm2zGE",
"pol-crBeEEB5b8EZtaB"
],
"policy_count": 2
}
]
```
</details>

### Policy Check
<details>
<summary>Policy Check Operations</summary>

* Examine the details of a policy check performed against a given RunID

* #### 1. Show
* Generates the details of a policy check performed against a RunID
```bash
$ tfectl policy-check show --run-id run-A8PuL0GnIeldng1
{
"id": "polchk-ndVuh5Y2abygp5fu",
"result": {
"advisory_failed": 2,
"hard_failed": 0,
"passed": 46,
"result": true,
"soft_failed": 0,
"total_failed": 2,
"sentinel": {
"data": {
"policy-set-01": {
"error": null,
"policies": [
{
"error": null
# OUTPUT TRUNCATED
} # OUTPUT TRUNCATED
] # OUTPUT TRUNCATED
} # OUTPUT TRUNCATED
}
}
}
}
```
* To query only those checks which have failedd
```bash
$ tfectl policy-check show --run-id run-Wxk42edRCCLB5fMi --query '.result.sentinel.data | to_entries | .[].value.policies | .[] | select(.result|not) | .policy'
[
{
"enforcement-level": "advisory",
"name": "policy-set-01/deploy-to-approved-regions"
},
{
"enforcement-level": "advisory",
"name": "policy-set-02/iaas-allowed-vm-skus"
}
]
```
</details>

### Build
GoReleaser is used to produce binaries for multiple platforms (Windows, Mac, Linux).
Expand Down
96 changes: 96 additions & 0 deletions cmd/policy_check.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
package cmd

import (
"context"
"encoding/json"
"fmt"

"github.com/AGLEnergyPublic/tfectl/resources"
"github.com/hashicorp/go-tfe"

log "github.com/sirupsen/logrus"

"github.com/spf13/cobra"
)

type PolicyCheckResult struct {
AdvisoryFailed int `json:"advisory_failed"`
HardFailed int `json:"hard_failed"`
Passed int `json:"passed"`
Result bool `json:"result"`
SoftFailed int `json:"soft_failed"`
TotalFailed int `json:"total_failed"`
Sentinel any `json:"sentinel"`
}

type PolicyCheck struct {
ID string `json:"id"`
Result PolicyCheckResult `json:"result"`
Status tfe.PolicyStatus `json:"status"`
Scope tfe.PolicyScope `json:"scope"`
}

var policyCheckCmd = &cobra.Command{
Use: "policy-check",
Short: "Manage policy check workflows of a TFE run",
Long: `Manage policy check workflows of a TFE run.`,
}

var policyCheckShowCmd = &cobra.Command{
Use: "show",
Short: "Show details of the policy check in a TFE run",
Long: `Show details of the policy check in a TFE run`,
Run: func(cmd *cobra.Command, args []string) {
// policy check show function
_, client, err := resources.Setup(cmd)
check(err)

runId, _ := cmd.Flags().GetString("run-id")
query, _ := cmd.Flags().GetString("query")

var policyCheckJson []byte

policyCheck, _ := showPolicyChecks(client, runId)

policyCheckJson, _ = json.MarshalIndent(policyCheck, "", " ")
if query != "" {
resources.JqRun(policyCheckJson, query)
} else {
fmt.Println(string(policyCheckJson))
}

},
}

func init() {
rootCmd.AddCommand(policyCheckCmd)

// Show sub-command
// Returns the detailed policy check results for a given list of RunIDs
policyCheckCmd.AddCommand(policyCheckShowCmd)
policyCheckShowCmd.Flags().String("run-id", "", "RunId to inspect")
}

func showPolicyChecks(client *tfe.Client, runID string) (PolicyCheck, error) {
result := PolicyCheck{}
log.Debugf("Retrieving policy checks for run: %s\n", runID)
options := &tfe.PolicyCheckListOptions{}

pc, err := client.PolicyChecks.List(context.Background(), runID, options)
check(err)

polchk := pc.Items[0]

result.ID = polchk.ID
result.Scope = polchk.Scope
result.Status = polchk.Status
result.Result.AdvisoryFailed = polchk.Result.AdvisoryFailed
result.Result.HardFailed = polchk.Result.HardFailed
result.Result.TotalFailed = polchk.Result.TotalFailed
result.Result.SoftFailed = polchk.Result.SoftFailed
result.Result.Passed = polchk.Result.Passed
result.Result.Sentinel = polchk.Result.Sentinel
result.Result.Result = polchk.Result.Result

return result, nil
}
Loading

0 comments on commit 3af6f36

Please sign in to comment.