terraformit-gcp
terraformit-gcp is an open source command line tool for generating tf files and tfstate from existing GCP resources.
Relieve the pain of coding tf of manually created GCP resources.
terraformit-gcp steps are as below.
-
terraformit-gcp get json data of existing GCP resources using Cloud Asset API exportAssets method.
-
terraformit-gcp generates files for creating a tfstate(="terraform import") from the json data.
-
terraformit-gcp generates tf files from the tfstate.
-
terraformit-gcp executes "terraform plan" command to check tf files are generated successfully.
Version Table
terraformit-gcp does not support terraform 0.12.0 now.
| terraformit-gcp | go | terraform | google provider | google provider (beta) |
|---|---|---|---|---|
| v0.9.0 | v1.12 | v0.11.13 and v0.11.14 | v2.5.1 | v2.5.1 |
To start using terraformit-gcp
Please follow these steps.
Install commands
Install terraform or tfenv(Terraform version manager).
Install gcloud to create a credential.
Install Go tools to use go command.
Set gcloud authentication
Generate ~/.config/gcloud/application_default_credentials.json credential.
Terraform command and google storage library use this credential.
gcloud init
or
gcloud auth login
Install terraformit-gcp
Install terraformit-gcp. git clone terraformit-gcp to your GOPATH.
export GO111MODULE=on
git clone https://github.com/cloud-ace/terraformit-gcp.git -b v0.9.1 ~/go/src/github.com/cloud-ace/terraformit-gcp
cd ~/go/src/github.com/cloud-ace/terraformit-gcp
go install
Set path
Add GOPATH to PATH, if you need.
(mac)
echo 'export GOPATH=$HOME/go' >> ~/.bash_profile
echo 'export PATH=$PATH:$GOPATH/bin' >> ~/.bash_profile
source ~/.bash_profile
Enable CloudAssetAPI
Enable CloudAssetAPI.
Create bucket for storing CloudAssetAPI json data
Create bucket for storing CloudAssetAPI outputs.
Generate and download credential for CloudAssetAPI
Genereate Oauth Client ID and download a credentials.
Cloud Asset API only supports Oauth Client ID now.
https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/calling-api-with-local-machine-howto?hl=en#downloading_the_credential_file
cd your pj directory
Change your terraform project directory.
cd "your terraform project directory"
Create .terraformit-gcp.yaml in your project directory
Create .terraformit-gcp.yaml in your project directory and set your configuration.
Please refer to the sample file(sample.terraformit-gcp.yaml) in this repository.
CloudAsset:
# GCP project number
project-number: "xxxxxxxx"
# bucket name. CloudAssetAPI MetadataFile is exported to this bucket.
bucket: "xxxxxxxxx"
# Oauth Client ID credential location
credential: "/Users/xxxxx/Downloads/xxxxxx.json"
Terraform:
# provider. "google" or "google-beta" should be set.
provider: "google"
# your workspace
workspace: "default"
# buckend type "local" or "gcs" is supported now.
# https://www.terraform.io/docs/backends/types/gcs.html
backend-type: "local"
# if you set "local" to backend-type, set "" to backend-location.
# backend-location: ""
# if you set "gcs" to backend-type ,set your bucket name to backend-location
# backend-location: "bucketname"
backend-location: ""
# Default Region
gcp-provider-default-region: "asia-northeast1"
# whether add Default resources("true") or remove("false").
# set true or false. If you set "false", skip default resource.
# Default service accounts are removed automatically because their name start with number("12233445@....") which cause an error.
resource-default-network: false
resource-default-subnetwork: false
resource-default-route: false
resource-default-firewall: false
terraformit-gcp Command
terraformit-gcp plan
Following steps below are executed.
- create CloudAssetMetadata calling CloudAssetAPI
- get CloudAssetMetadata from GCS
- create ImportFiles
- "terraform init"
- "terraform workspace new"
- "terraform import"(create tfstate)
- create tffile
- "terraform plan"
terraformit-gcp create cloudasset
Following steps below are executed.
- create CloudAssetMetadata calling CloudAssetAPI
terraformit-gcp create importfiles (-f ./xxx/xxxxx or gs://xxxxxx/xxxx)
Following steps below are executed.
- get CloudAssetMetadata from GCS or local(-f option)
- create ImportFiles
terraformit-gcp create tfstate
Following steps below are executed.
- "terraform init"
- "terraform workspace new"
- "terraform import" using importfiles
terraformit-gcp create tffile (-f tfstatefile)
Following steps below are executed.
- create tffile
Support Table
This command supports GCP resources which is supported by Cloud Asset API.
/ :not supported
| CloudAssetAPI Name | CloudAssetAPI Support | terrafromResource name | terrafromResource Support |
|---|---|---|---|
| Cloud Key Management Service | |||
| cloudkms.googleapis.com/KeyRing | google_kms_key_ring | ||
| cloudkms.googleapis.com/CryptoKey | google_kms_crypto_key | ||
| cloudkms.googleapis.com/CryptoKeyVersion | / | / | / |
| Resource Manager | |||
| cloudresourcemanager.googleapis.com/Organization | / | / | / |
| cloudresourcemanager.googleapis.com/Folder | / | google_folder | / |
| cloudresourcemanager.googleapis.com/Project | google_project | ||
| Compute Engine | |||
| compute.googleapis.com/Autoscaler | google_compute_autoscaler | ||
| compute.googleapis.com/BackendBucket | google_compute_backend_bucket | ||
| compute.googleapis.com/BackendService | google_compute_backend_service | ||
| compute.googleapis.com/Disk | google_compute_disk | ||
| compute.googleapis.com/Firewall | google_compute_firewall | ||
| compute.googleapis.com/ForwardingRule | google_compute_forwarding_rule | ||
| compute.googleapis.com/GlobalForwardingRule | google_compute_global_forwarding_rule | ||
| compute.googleapis.com/HealthCheck | google_compute_health_check | ||
| compute.googleapis.com/HttpHealthCheck | google_compute_http_health_check | ||
| compute.googleapis.com/HttpsHealthCheck | google_compute_https_health_check | ||
| compute.googleapis.com/Image | google_compute_image | ||
| compute.googleapis.com/Instance | google_compute_instance | ||
| compute.googleapis.com/InstanceGroup | google_compute_instance_group | ||
| compute.googleapis.com/InstanceGroupManager | google_compute_instance_group_manager | ||
| compute.googleapis.com/InstanceTemplate | google_compute_instance_template | ||
| compute.googleapis.com/Network | google_compute_network | ||
| compute.googleapis.com/Project | / | / | / |
| compute.googleapis.com/RegionBackendService | google_compute_region_backend_service | ||
| compute.googleapis.com/Route | google_compute_route | ||
| compute.googleapis.com/Router | google_compute_router | ||
| compute.googleapis.com/Snapshot | google_compute_snapshot | ||
| compute.googleapis.com/SslCertificate | google_compute_ssl_certificate(you need to set your private key manually) | ||
| compute.googleapis.com/Subnetwork | google_compute_subnetwork | ||
| compute.googleapis.com/TargetHttpProxy | google_compute_target_http_proxy | ||
| compute.googleapis.com/TargetHttpsProxy | google_compute_target_https_proxy | ||
| compute.googleapis.com/TargetInstance | / | / | / |
| compute.googleapis.com/TargetPool | google_compute_target_pool | ||
| compute.googleapis.com/TargetTcpProxy | google_compute_target_tcp_proxy | ||
| compute.googleapis.com/TargetSslProxy | google_compute_target_ssl_proxy | ||
| compute.googleapis.com/TargetVpnGateway | google_compute_vpn_gateway | ||
| compute.googleapis.com/UrlMap | google_compute_url_map | ||
| compute.googleapis.com/VpnTunnel | google_compute_vpn_tunnel | ||
| App Engine | |||
| appengine.googleapis.com/Application | google_app_engine_application(cannot delete app engine) | ||
| appengine.googleapis.com/Service | / | / | / |
| appengine.googleapis.com/Version | / | / | / |
| Google Kubernetes Engine | |||
| container.googleapis.com/Cluster | google_container_cluster | ||
| container.googleapis.com/NodePool(beta) | google_container_node_pool | ||
| Cloud Billing | |||
| cloudbilling.googleapis.com/BillingAccount | / | / | / |
| Cloud Storage | |||
| storage.googleapis.com/Bucket | google_storage_bucket | ||
| Cloud DNS | |||
| dns.googleapis.com/ManagedZone | google_dns_managed_zone | ||
| dns.googleapis.com/Policy | google_dns_policy | ||
| Cloud Spanner | |||
| spanner.googleapis.com/Instance | google_spanner_instance | ||
| spanner.googleapis.com/Database | google_spanner_database | ||
| BigQuery | |||
| bigquery.googleapis.com/Dataset | google_bigquery_dataset | ||
| bigquery.googleapis.com/Table | google_bigquery_table | ||
| Cloud Identity and Access Management | |||
| iam.googleapis.com/Role | google_iam_member | ||
| iam.googleapis.com/ServiceAccount | google_service_account | ||
| Cloud Pub/Sub | |||
| pubsub.googleapis.com/Topic | google_pubsub_subscription | ||
| pubsub.googleapis.com/Subscription | google_pubsub_topic | ||
| Cloud Dataproc | |||
| dataproc.googleapis.com/Cluster | google_dataproc_cluster | ||
| dataproc.googleapis.com/Job | google_dataproc_job | ||
| Cloud SQL | |||
| sqladmin.googleapis.com/Instance | google_sql_database_instance | ||
| Cloud Bigtable | |||
| bigtableadmin.googleapis.com/Cluster | / | / | / |
| bigtableadmin.googleapis.com/Instance | google_bigtable_instance | ||
| bigtableadmin.googleapis.com/Table | google_bigtable_table | ||
| Google Kubernetes Engine | |||
| k8s.io/Node | / | / | / |
| k8s.io/Pod | / | / | / |
| k8s.io/Namespace | / | / | / |
| rbac.authorization.k8s.io/Role | / | / | / |
| rbac.authorization.k8s.io/RoleBinding | / | / | / |
| rbac.authorization.k8s.io/ClusterRole | / | / | / |
| rbac.authorization.k8s.io/RoleBinding | / | / | / |