Merge pull request #311 from aztfmod/tfe_agents_msub

Terraform Cloud Agent support and multi-sub bootstrap
aztfmod · May 18, 2023 · 272b8c6 · 272b8c6
2 parents cef6ed7 + 64d81bb
commit 272b8c6
Show file tree

Hide file tree

Showing 29 changed files with 1,438 additions and 391 deletions.
diff --git a/.devcontainer/.zshrc b/.devcontainer/.zshrc
@@ -102,4 +102,7 @@ export LANG=en_US.UTF-8
 alias rover=/tf/rover/rover.sh
 alias t=/usr/bin/terraform
 alias k=/usr/bin/kubectl
-cd /tf/caf || true
+cd /tf/caf || true
+[ -f /tf/rover/.kubectl_aliases ] && source /tf/rover/.kubectl_aliases
+source /tf/rover/zsh-autosuggestions.zsh
+alias watch=\"watch \"
diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml
@@ -7,7 +7,7 @@
 version: "3.7"
 services:
   rover:
-    image: aztfmod/rover-preview:1.4.2-2303.221435
+    image: aztfmod/rover:1.4.2-2303.2414
     user: vscode
 
     labels:

diff --git a/.env.terraform b/.env.terraform
@@ -1,4 +1,3 @@
 1.2.9
-1.1.9
 1.3.9
-1.4.2
+1.4.6
diff --git a/.github/workflows/rover-preview.yml b/.github/workflows/rover-preview.yml
@@ -29,7 +29,7 @@ jobs:
       run: |
         set -e
         # Build the rover base image
-        make dev
+        make github
 
     # - name: Create Release
     #   id: create_release

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -6,7 +6,7 @@ repos:
   #   hooks:
   #   - id: docker-compose-check
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.3.0
+    rev: v4.4.0
     hooks:
       - id: check-merge-conflict
       - id: trailing-whitespace

diff --git a/Dockerfile b/Dockerfile
@@ -37,7 +37,7 @@ ENV SSH_PASSWD=${SSH_PASSWD} \
     extensionsAzureCli=${extensionsAzureCli} \
     PATH="${PATH}:/opt/mssql-tools/bin:/home/vscode/.local/lib/shellspec/bin:/home/vscode/go/bin:/usr/local/go/bin" \
     TF_DATA_DIR="/home/${USERNAME}/.terraform.cache" \
-    TF_PLUGIN_CACHE_DIR="/home/${USERNAME}/.terraform.cache/plugin-cache" \
+    TF_PLUGIN_CACHE_DIR="/tf/cache" \
     TF_REGISTRY_DISCOVERY_RETRY=5 \
     TF_REGISTRY_CLIENT_TIMEOUT=15 \
     ARM_USE_MSGRAPH=true \
@@ -71,12 +71,16 @@ RUN apt-get update && \
     locales \
     make \
     openssh-server \
-    dnsutils \
+    # Networking tools
+    dnsutils net-tools iputils-ping traceroute \
     python3-dev \
     python3-pip \
+    rsync \
+    # openvpn client and ipsec tools to generate certificates
+    openvpn network-manager-openvpn strongswan strongswan-pki libstrongswan-extra-plugins libtss2-tcti-tabrmd0 \
+    #
     software-properties-common \
     sudo \
-    openvpn \
     unzip \
     vim \
     wget \
@@ -267,6 +271,10 @@ RUN apt-get update && \
     echo "}" >> /home/${USERNAME}/.tflint.d/config/.tflint.hcl && \
     unzip -d /home/${USERNAME}/.tflint.d/plugins /tmp/tflint-ruleset-azurerm.zip && \
     #
+    # Change ownership on the plugin cache directory
+    mkdir /tf/cache && \
+    chown -R ${USERNAME}:${USERNAME} ${TF_PLUGIN_CACHE_DIR} && \
+    #
     # Create USERNAME home folder structure
     #
     mkdir -p /tf/caf \
@@ -369,6 +377,7 @@ RUN echo  "Set rover version to ${versionRover}..." && echo "Installing Terrafor
     echo "${versionRover}" > /tf/rover/version.txt
 
 
-COPY ./scripts/rover.sh ./scripts/tfstate.sh ./scripts/functions.sh ./scripts/remote.sh ./scripts/terraform-enterprise-push.sh ./scripts/parse_command.sh ./scripts/banner.sh ./scripts/clone.sh ./scripts/walkthrough.sh ./scripts/sshd.sh ./scripts/backend.hcl.tf ./scripts/backend.azurerm.tf ./scripts/ci.sh ./scripts/cd.sh ./scripts/task.sh ./scripts/symphony_yaml.sh ./scripts/test_runner.sh ./
+COPY ./scripts/rover.sh ./scripts/tfstate.sh ./scripts/functions.sh ./scripts/remote.sh ./scripts/parse_command.sh ./scripts/banner.sh ./scripts/clone.sh ./scripts/walkthrough.sh ./scripts/sshd.sh ./scripts/backend.hcl.tf ./scripts/backend.azurerm.tf ./scripts/ci.sh ./scripts/cd.sh ./scripts/task.sh ./scripts/symphony_yaml.sh ./scripts/test_runner.sh ./
 COPY ./scripts/ci_tasks/* ./ci_tasks/
-COPY ./scripts/lib/* ./lib/
+COPY ./scripts/lib/* ./lib/
+COPY ./scripts/tfcloud/* ./tfcloud/
diff --git a/Makefile b/Makefile
@@ -1,14 +1,20 @@
-
 default: github
 
 github:
 	@bash "$(CURDIR)/scripts/build_image.sh" "github"
 
+#
+# To build local images in a different platform architecture (from a macos m1 processor). (used to generate the azdo agent on macos)
+# make local arch=Linux/amd64
+#
+# To build local images
+# make local
 local:
-	@bash "$(CURDIR)/scripts/build_image.sh" "local"
+	echo ${arch}
+	@bash "$(CURDIR)/scripts/build_image.sh" "local" ${arch} ${agent}
 
 dev:
-	@bash "$(CURDIR)/scripts/build_image.sh" "dev"
+	@bash "$(CURDIR)/scripts/build_image.sh" "dev" ${arch} ${agent}
 
 ci:
 	@bash "$(CURDIR)/scripts/build_image.sh" "ci"

diff --git a/agents/.env → agents/.env.old b/agents/.env → agents/.env.old
@@ -1,5 +1,5 @@
 USERNAME=vscode
 versionAzdo=2.186.1
 versionGithubRunner=2.277.1
-versionTfc=0.1.8
+versionTfc=1.5.0
 versionGitlab=13.8.0
diff --git a/agents/azure_devops/Dockerfile b/agents/azure_devops/Dockerfile
@@ -16,6 +16,7 @@ ARG VSTS_AGENT_INPUT_SECRET
 ARG VSTS_AGENT_INPUT_TOKEN
 ARG VSTS_AGENT_INPUT_URL
 ARG VSTS_AGENT_KEYVAULT_NAME
+ARG versionNode="20"
 
 ENV AGENT_KEYVAULT_NAME=${AGENT_KEYVAULT_NAME} \
     DEBIAN_FRONTEND=noninteractive \
@@ -27,14 +28,15 @@ ENV AGENT_KEYVAULT_NAME=${AGENT_KEYVAULT_NAME} \
     TARGETOS=${TARGETOS} \
     USERNAME=${USERNAME} \
     versionAzdo=${versionAzdo} \
+    versionNode=${versionNode} \
     VSTS_AGENT_INPUT_AGENT=${VSTS_AGENT_INPUT_AGENT} \
     VSTS_AGENT_INPUT_AUTH=${VSTS_AGENT_INPUT_AUTH} \
     VSTS_AGENT_INPUT_POOL=${VSTS_AGENT_INPUT_POOL} \
     VSTS_AGENT_INPUT_SECRET=${VSTS_AGENT_INPUT_SECRET} \
     VSTS_AGENT_INPUT_TOKEN=${VSTS_AGENT_INPUT_TOKEN} \
     VSTS_AGENT_INPUT_URL=${VSTS_AGENT_INPUT_URL} \
     VSTS_AGENT_KEYVAULT_NAME=${VSTS_AGENT_KEYVAULT_NAME}
-
+    # https://github.com/microsoft/azure-pipelines-agent/issues/3599#issuecomment-1083564092
 
 RUN mkdir /home/${USERNAME}/agent
 
@@ -47,7 +49,7 @@ RUN echo "versionRover=${versionRover}" && \
     latestAzdo="$(curl -s https://api.github.com/repos/Microsoft/azure-pipelines-agent/releases/latest | grep -oP '"tag_name": "v\K(.*)(?=")')" && \
     echo "Info - Release "${latestAzdo}" appears to be latest" && \
     #
-    echo "Downloading Azure devops agent version ${versionAzdo}..." && \
+    echo "Downloading Azure devops agent version ${versionAzdo} for architecture ${TARGETARCH}..." && \
     #
     if [ ${TARGETARCH} == "amd64" ]; then \
         AGENTURL="https://vstsagentpackage.azureedge.net/agent/${versionAzdo}/vsts-agent-linux-x64-${versionAzdo}.tar.gz" ; \
@@ -56,20 +58,16 @@ RUN echo "versionRover=${versionRover}" && \
     fi \
     && curl -s ${AGENTURL} -o /tmp/agent_package.tar.gz && \
     tar zxvf /tmp/agent_package.tar.gz && \
-    sudo ./bin/installdependencies.sh && \
-    echo "dependencies installed" && \
     sudo chmod +x ./azdo.sh && \
     #
     # Cleanup
     #
-    rm -rf /home/vscode/agent/externals/node && \
-    rm -rf /home/vscode/agent/externals/node10 && \
-    rm -rf /tmp/*
+    rm -rf /tmp/* && \
     #
-    # install node 16
+    # install node # https://github.com/microsoft/azure-pipelines-agent/pull/4240
     #
-    curl -sL https://deb.nodesource.com/setup_16.x | sudo -E bash -
-    sudo apt-get install -y nodejs
+    curl -sL https://deb.nodesource.com/setup_${versionNode}.x | sudo -E bash - && \
+    sudo apt-get install -y nodejs && \
     node --version
 
 CMD /bin/bash -c ./azdo.sh
diff --git a/agents/tfc/Dockerfile b/agents/tfc/Dockerfile
@@ -20,6 +20,10 @@ ENV DEBIAN_FRONTEND=noninteractive \
     TFC_AGENT_DATA_DIR=${TFC_AGENT_DATA_DIR:-/home/vscode/agent/.tfc-agent} \
     TFC_AGENT_LOG_JSON=false \
     TFC_AGENT_LOG_LEVEL=info \
+    TF_LOG_PATH=${TF_LOG_PATH:-/home/vscode/.terraform.logs/logfile} \
+    # unset TF_DATA_DIR and TF_PLUGIN_CACHE_DIR as not recommended to override in TFE agent execution mode
+    TF_DATA_DIR= \
+    TF_PLUGIN_CACHE_DIR= \
     USERNAME=${USERNAME:-vscode}
 
 CMD ["/bin/bash"]
@@ -32,6 +36,20 @@ RUN echo "Installing Terraform Cloud Agents ${versionTfc}..." && \
     sudo curl -L -o /tmp/tfc-agent.zip https://releases.hashicorp.com/tfc-agent/${versionTerraformCloudAgent}/tfc-agent_${versionTerraformCloudAgent}_linux_amd64.zip 2>&1 && \
     sudo unzip -d /usr/bin /tmp/tfc-agent.zip && \
     sudo chmod +x /usr/bin/tfc-agent && \
-    sudo chmod +x /usr/bin/tfc-agent-core
+    sudo chmod +x /usr/bin/tfc-agent-core && \
+    sudo rm /tmp/tfc-agent.zip && \
+    mkdir -p ${TFC_AGENT_DATA_DIR}
+    #
+    # Adding the hooks
+    #
+COPY agents/tfc/login.sh ${TFC_AGENT_DATA_DIR}/hooks/terraform-pre-plan
+COPY agents/tfc/login.sh ${TFC_AGENT_DATA_DIR}/hooks/terraform-pre-apply
+COPY agents/tfc/logout.sh ${TFC_AGENT_DATA_DIR}/hooks/terraform-post-plan
+COPY agents/tfc/logout.sh ${TFC_AGENT_DATA_DIR}/hooks/terraform-post-apply
+
+RUN sudo chmod +x ${TFC_AGENT_DATA_DIR}/hooks/* && \
+    sudo chown -R ${USERNAME}:${USERNAME} ${TFC_AGENT_DATA_DIR}/* && \
+    unset TF_DATA_DIR && \
+    unset TF_PLUGIN_CACHE_DIR
 
 ENTRYPOINT ["/usr/bin/tfc-agent"]
diff --git a/agents/tfc/login.sh b/agents/tfc/login.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+if [[ -v ARM_CLIENT_SECRET ]]; then
+  echo "Logging with the service principal secret flow. ($ARM_CLIENT_ID)"
+  az login --service-principal -u $ARM_CLIENT_ID -p $ARM_CLIENT_SECRET -t $ARM_TENANT_ID --allow-no-subscriptions >/dev/null >&1
+fi
+
+if [[ -v ARM_SUBSCRIPTION_ID ]]; then
+  echo "Set the subscription to $ARM_SUBSCRIPTION_ID."
+  az account set -s $ARM_SUBSCRIPTION_ID
+  az account show -o json | jq
+fi
diff --git a/agents/tfc/logout.sh b/agents/tfc/logout.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+echo "Closing Azure cli sessions."
+az account clear
diff --git a/docker-bake-agents.hcl b/docker-bake-agents.hcl
@@ -24,7 +24,7 @@ variable "versionRover" {
 }
 
 group "rover_agents" {
-  targets = ["github", "tfc", "gitlab"]
+  targets = ["github", "tfc", "azdo", "gitlab"]
 }
 
 target "github" {
@@ -44,7 +44,7 @@ target "azdo" {
   dockerfile = "./agents/azure_devops/Dockerfile"
   tags = ["${registry}rover-agent:${tag}-${tag_strategy}azdo"]
   args = {
-    versionAzdo = versionAzdo
+    versionAzdo  = versionAzdo
     versionRover = versionRover
     USERNAME     = USERNAME
   }
@@ -57,7 +57,7 @@ target "tfc" {
   dockerfile = "./agents/tfc/Dockerfile"
   tags = ["${registry}rover-agent:${tag}-${tag_strategy}tfc"]
   args = {
-    versionTfc = versionTfc
+    versionTfc   = versionTfc
     versionRover = versionRover
     USERNAME     = USERNAME
   }

diff --git a/docker-bake.override.hcl b/docker-bake.override.hcl
@@ -1,17 +1,18 @@
 # Base image tools version
 extensionsAzureCli="resource-graph"
 versionDockerCompose="2.9.0"
-versionGolang="1.19.5"
+versionGolang="1.20.3"
 versionKubectl="1.25.4"
-versionPacker="1.8.3"
+versionPacker="1.8.6"
 versionPowershell="7.2.7"
 versionTerraformDocs="0.16.0"
-versionVault="1.12.3"
+versionVault="1.13.2"
 versionAnsible="2.14.4"
 
 # Agents versions
 USERNAME="vscode"
-versionAzdo="3.217.0"
-versionGithubRunner="2.302.1"
+versionAzdo="3.220.0"
+versionGithubRunner="2.304.0"
 versionGitlab="15.9.1"
-versionTfc="1.6.0"
+versionTfc="1.8.0"
+
-Original file line number
+Diff line change
@@ -1,4 +1,3 @@
 .2.9
-.1.9
 .3.9
-.4.2
+.4.6