cycloidio / inframap Goto Github PK

When we Prune older versions of TF, we read them from the old version but return a newer version with the values sett of the older version (basically the flatmap-0.11 or a JSON-0.12+)

We have to check if it's possible to write it back on the same version so we do not have issues regarding that and if there are any other issues that may be related to that wrong formatting.

If I am executing below command with verbose I am getting the respective Icon..

Terraform v1.0.1
provider : Azure
Inframapcurrent version is: v0.6.7

===================================================================================

root@61e25d5f9ffd:/home/project/jobs/NHoRa6NT8hIY/20210820141618-1629468978/infrastructure# ../../infrastructure/inframap/inframap generate terraform.tfstate --clean=false| dot -Tpng > graph1.png -v
dot - graphviz version 2.43.0 (0)
Using render: cairo:cairo
Using device: png:cairo:cairo
libdir = "/usr/lib/x86_64-linux-gnu/graphviz"
Activated plugin library: libgvplugin_dot_layout.so.6
Using layout: dot:dot_layout
The plugin configuration file:
/usr/lib/x86_64-linux-gnu/graphviz/config6a
was successfully loaded.
render : cairo dot dot_json fig gd json json0 map mp pic pov ps svg tk visio vml vrml xdot xdot_json
layout : circo dot fdp neato nop nop1 nop2 osage patchwork sfdp twopi
textlayout : textlayout
device : canon cmap cmapx cmapx_np dot dot_json eps fig gd gd2 gif gv imap imap_np ismap jpe jpeg jpg json json0 mp pdf pic plain plain-ext png pov ps ps2 svg svgz tk vdx vml vmlz vrml wbmp webp x11 xdot xdot1.2 xdot1.4 xdot_json xlib
loadimage : (lib) eps gd gd2 gif jpe jpeg jpg png ps svg webp xbm
pack info:
mode undefined
size 0
flags 0
margin 8
pack info:
mode node
size 0
flags 0
fontname: "Times-Roman" resolved to: (ps:pango DejaVu Serif, ) (PangoCairoFcFont) "DejaVu Serif, Book" /usr/share/fonts/truetype/dejavu/DejaVuSerif.ttf
network simplex: 2 nodes 1 edges maxiter=2147483647 balance=1
network simplex: 2 nodes 1 edges 0 iter 0.00 sec
network simplex: 1 nodes 0 edges maxiter=2147483647 balance=1
network simplex: 1 nodes 0 edges 0 iter 0.00 sec
Maxrank = 1, minrank = 0
mincross: pass 0 iter 0 trying 0 cur_cross 0 best_cross 0
mincross: pass 0 iter 0 trying 0 cur_cross 0 best_cross 0
mincross G: 0 crossings, 0.00 secs.
network simplex: 4 nodes 3 edges maxiter=2147483647 balance=2
network simplex: 4 nodes 3 edges 0 iter 0.00 sec
routesplines: 1 edges, 3 boxes 0.00 sec
Using render: cairo:cairo
Using device: png:cairo:cairo
dot: allocating a 1036K cairo image surface (947 x 280 pixels)
Using render: cairo:cairo
Using loadimage: png:cairo:cairo
Using render: cairo:cairo
Using loadimage: png:cairo:cairo
Using render: cairo:cairo
Using loadimage: png:cairo:cairo
gvRenderJobs G: 0.03 secs.
root@61e25d5f9ffd:/home/project/jobs/NHoRa6NT8hIY/20210820141618-1629468978/infrastructure#

==========================================

=========================================
We can see we have many resources :

root@61e25d5f9ffd:/home/project/jobs/NHoRa6NT8hIY/20210820141618-1629468978/infrastructure# terraform state list
module.app-insights.azurerm_application_insights.insights
module.kv01.data.azurerm_client_config.current
module.kv01.azurerm_key_vault.example
module.monitor.azurerm_log_analytics_workspace.law
module.monitor.azurerm_monitor_action_group.actiongroup01
module.monitor.azurerm_network_watcher.nw
module.monitor.azurerm_network_watcher_flow_log.flowlog
module.policy.azurerm_policy_assignment.Blocked_Ingesion_Public_Network[0]
module.policy.azurerm_policy_assignment.NIC_PIP_not_allowed[0]
module.policy.azurerm_policy_assignment.Public_access_to_SQL_DB[0]
module.policy.azurerm_policy_assignment.SQL_logs_to_workspace[0]
module.policy.azurerm_policy_assignment.SQL_server_enable_auditing[0]
module.policy.azurerm_policy_assignment.TLS_1_2_SQL_DB[0]
module.policy.azurerm_policy_assignment.VNET_flow_log_configure[0]
module.policy.azurerm_policy_assignment.auditLockOnNetworking[0]
module.policy.azurerm_policy_assignment.secure_storage_transfer[0]
module.policy.azurerm_policy_assignment.storage_VNET_endpoint[0]
module.policy.azurerm_policy_assignment.storage_private_link_usage[0]
module.policy.azurerm_policy_assignment.storage_shared_access_key_usage[0]
module.policy.azurerm_policy_definition.auditLockOnNetworking[0]
module.rg01.azurerm_resource_group.rg01
module.rsv.azurerm_recovery_services_vault.vault
module.sqldb.azurerm_sql_database.sqldb
module.sqlserver.azurerm_key_vault_secret.pass
module.sqlserver.azurerm_key_vault_secret.user
module.sqlserver.azurerm_mssql_server_extended_auditing_policy.auditing_policy
module.sqlserver.azurerm_sql_server.sqlserver
module.sqlserver.random_password.password
module.sqlserver.random_string.user
module.sta01.azurerm_storage_account.sta
module.subnet.azurerm_network_security_group.nsg
module.subnet.azurerm_network_security_rule.rules[0]
module.subnet.azurerm_network_security_rule.rules[1]
module.subnet.azurerm_subnet.snet
module.subnet.azurerm_subnet_network_security_group_association.nsgAssociate
module.vnet01.azurerm_network_ddos_protection_plan.ddos
module.vnet01.azurerm_virtual_network.main
root@61e25d5f9ffd:/home/project/jobs/NHoRa6NT8hIY/20210820141618-1629468978/infrastructure#

============================================================
If We execute with --raw command then we can see the Terraform Graph utility graph. .
../../infrastructure/inframap/inframap generate terraform.tfstate --raw --clean=false| dot -Tpng > g
root@61e25d5f9ffd:/home/project/jobs/NHoRa6NT8hIY/20210820141618-1629468978/infrastructure# raph2.png -v
PFA graph2.png for this

.....................................

Is the other Azure resources not supported currently ..
If I am doing prune then getting below response :

========================
{
"version": 4,
"terraform_version": "0.15.3",
"serial": 38,
"lineage": "8444fdc7-c916-xxxxxx-bb8fbcd72755",
"outputs": {},
"resources": [
{
"module": "module.sqldb",
"mode": "managed",
"type": "azurerm_sql_database",
"name": "EfyRy",
"provider": "provider["registry.terraform.io/hashicorp/azurerm"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "/subscriptions/c3fd45ea-xxxxxxxxx-xxxxxxxxxxxdb733/resourceGroups/MSSalesWUS2DevRSGLAND01/providers/Microsoft.Sql/servers/mssaleswus2devsdb/databases/MSSalesWUS2DevSQL",
"name": "MSSalesWUS2DevSQL"
},
"sensitive_attributes": [],
"dependencies": [
"module.sqlserver.azurerm_sql_server.nCOuU"
]
}
]
},
{
"module": "module.sqlserver",
"mode": "managed",
"type": "azurerm_sql_server",
"name": "nCOuU",
"provider": "provider["registry.terraform.io/hashicorp/azurerm"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "/subscriptions/c3fd45ea-xxxxxxxxx-xxxxxxxxxxxdb733/resourceGroups/MSSalesWUS2DevRSGLAND01/providers/Microsoft.Sql/servers/mssaleswus2devsdb",
"name": "mssaleswus2devsdb"
},
"sensitive_attributes": [
[
{
"type": "get_attr",
"value": "administrator_login_password"
}
]
]
}
]
},
{
"module": "module.vnet01",
"mode": "managed",
"type": "azurerm_virtual_network",
"name": "jSsoX",
"provider": "provider["registry.terraform.io/hashicorp/azurerm"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "/subscriptions/c3fd45ea-xxxxxxxxx-xxxxxxxxxxxdb733/resourceGroups/MSSalesWUS2DevRSGLAND01/providers/Microsoft.Network/virtualNetworks/MSSalesWUS2DevVNT01",
"name": "MSSalesWUS2DevVNT01"
},
"sensitive_attributes": []
}
]
}
]
}
==================================

The README is slowly growing, so TOC may be a nice addition

Hello there 👋

It seems the google_project_iam_policy is not yet supported

Error: could not get resource "google_project_iam_policy": provider resource not found

Hey, interesting initiative! One question though: are you planning on supporting Oracle Cloud Infrastructure anytime in the future? That would be awesome!

My team vends many Terraform modules out to the larger organization. Because they're modules, they don't have state. I would love to be able to generate a graph of the resources created by these modules, and how they are interconnected.

I write *.tf files that pair with my Terratest *.go code, so I could probably invoke the module to get the state of the test file and generate from that, but it would be nice to be able to pass my raw *.tf files (perhaps with some annotations in comments? I'm still learning the Hashicorp HCL Golang package to understand what's possible) and be able to generate a nice graph for the README and my end-users that is dramatically more user-friendly than terraform graph.

I've tested this tool on a few of my modules, and some have some data, and some come up blank.

Thanks!

Add the "google" provider to the known providers.

Using tfdocs we know the link to the images, would improve a lot if we added those images to the result graph.

An edge is defined from one Node to an other Node. What if we have incoming connections from the outside (SSH from 0.0.0.0/0, 80/443 connection on LB) ?

We could create a dedicated node for the outside.

This logic should belong to the provider.Provider.ResourceInOut

Understanding how the internals of the software are organized, how logic is applied to data, and how code is grouped together would make it easier for interested people (like me) to make sense of the software and begin contributing fixes/features.

The golangci-lint project does a great job of this, and is what I have in mind. https://golangci-lint.run/contributing/architecture/

I saw a "how does it work?" section in the README, but it's a 30,000 foot view and I'm looking for a 1,000 foot view.

The current implementation only works with TF version 4 as the migration from TFState V3->v4 do not carry the depends_on so we cannot create the dependencies between Nodes.

For more info on v3->v4 hashicorp/terraform#27020.

Graph generation is supported using tfstate for Google. We need to PreProcess the data in order to add explicit links between resources based on the tags.

The HCL generator needs to preprocessing.

More information wil come later

Terraform version : 0.14.7
OS: Ubuntu 20 on WSL
Provider: AWS
Command: terraform state pull | inframap generate --tfstate --connections=false | dot -Tpng > inframap.png

First I got empty graph, Then I try with --connections=false and got error

Error: with canonical "aws_security_group.this_name_prefix": graph node already exists

I think you need this output terraform state list | grep aws_security_group.this_name_prefix

module.alb_sg.aws_security_group.this_name_prefix[0]
module.allow_memcached_sg.aws_security_group.this_name_prefix[0]
module.grafana_sg.aws_security_group.this_name_prefix[0]
module.graylog_sg.aws_security_group.this_name_prefix[0]
module.moodle_sg.aws_security_group.this_name_prefix[0]
module.rds_mariadb_sg.aws_security_group.this_name_prefix[0]

Hi,
really cool tool, i just have problems getting it to work on my Terraform state. It has the Azurerm provider. I am on Windows 10. When trying to inframap generate, i get the following error:
panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xc0000005 code=0x0 addr=0x20 pc=0x988d24]

goroutine 1 [running]:
github.com/cycloidio/inframap/printer/dot.Dot.Print(0x0, 0x1, 0x1130740, 0xc000006018, 0xc000124620, 0x1029f70)
/tmp/build/6b18b934/code/printer/dot/printer.go:35 +0x2c4
github.com/cycloidio/inframap/cmd.glob..func1(0x1699ea0, 0xc000056ee0, 0x1, 0x1, 0x0, 0x0)
/tmp/build/6b18b934/code/cmd/generate.go:84 +0x12c
github.com/spf13/cobra.(*Command).execute(0x1699ea0, 0xc000056d10, 0x1, 0x1, 0x1699ea0, 0xc000056d10)
/tmp/build/6b18b934/go/pkg/mod/github.com/spf13/[email protected]/command.go:852 +0x45a
github.com/spf13/cobra.(*Command).ExecuteC(0x169a3a0, 0x0, 0xa0eb80, 0xc000024178)
/tmp/build/6b18b934/go/pkg/mod/github.com/spf13/[email protected]/command.go:960 +0x350
github.com/spf13/cobra.(*Command).Execute(...)
/tmp/build/6b18b934/go/pkg/mod/github.com/spf13/[email protected]/command.go:897
github.com/cycloidio/inframap/cmd.Execute(...)
/tmp/build/6b18b934/code/cmd/root.go:27
main.main()
/tmp/build/6b18b934/code/main.go:10 +0x35
If you need anything else, let me know.

Is your feature request related to a problem? Please describe.
No. Prefer to use https://scoop.sh to install cli tools. It is like brew.sh but for windows.

Describe the solution you'd like

• Fix windows releases to include .exe
• Generate checksums.txt for releases, this allows scoop to verify and autoupdate
• Add inframap manifest to scoop/main. See similar file I've created for tfsec.
• Add scoop install inframap to README.md

Describe alternatives you've considered
N/A

Additional context

https://scoop.sh monitors GitHub releases and will auto-update 🐏

Creating the issue to discuss/guidance before starting any work.

Please add Alicloud support

Amazon ASG (auto scaling groups) define a group of instances to create.

An ASG is defined by the autoscaling group itself and linked to a LaunchConfig (or template).

This component is expected to be displayed but will never have associated security group to it.
An ASG simply define the number of instance to create and target a launch config which define "how" create them.
Then the ASG schedule X instaces based on it such as.

 +---------+             +-----------------+
 |         |             |                 |
 |   ASG   +------------->   LaunchConfig  |
 |         |             |                 |
 +----+----+             +-----------------+
      |
      |
      |
      |
+-----v-------+
|             |
|  Instances  |
|             |
+-------------+

The actual security group to create a link can be found in 2 places. On the created instances themself or in the used launch config.
By not having this element, we are rendering incomplete/misleading architecture diagram.

Running brew install inframap today gave me version 0.3.0, while the latest is 0.6.x.

For Azure the testdata/azure.tf was added but no test using it.

I tried to add the test but the current implementation does not work, some things I've found:

• https://github.com/cycloidio/inframap/blob/master/provider/azurerm/azurerm.go#L72 will never work on HCL as the cfg["id"] will never exists, what has to be done is (IIRC):

func getRsIDByName(cfgs map[string]map[string]interface{}, name interface{}) (string, bool) {
    sname := name.(string)
	for _, cfg := range cfgs {
		rsName := cfg["name"]
		if rsName == name {
			pvid, ok := cfg["id"].(string)
			return pvid, ok
		} else if can, ok = cfg[provider.HCLCanonicalKey]; ok && fmt.Sprintf("${%s.name}",can) == sname {
            return sname, true
        }
	}
	return "", false
}

And also the main issue is that on the HCL the graph build before doing any operation is:

strict digraph G {                                                                                                                                                                                                  
        "azurerm_virtual_network_peering.example-1"->"azurerm_virtual_network.myterraformnetwork";                                                                                                                  
        "azurerm_virtual_network_peering.example-1"->"azurerm_virtual_network.myterraformnetwork2";                                                                                                                 
        "azurerm_linux_virtual_machine.myterraformvm" [ shape=ellipse ];                                                                                                                                            
        "azurerm_linux_virtual_machine.myterraformvm2" [ shape=ellipse ];                                                                                                                                           
        "azurerm_virtual_network.myterraformnetwork" [ shape=ellipse ];                                                                                                                                             
        "azurerm_virtual_network.myterraformnetwork2" [ shape=ellipse ];                                                                                                                                            
        "azurerm_virtual_network_peering.example-1" [ shape=rectangle ];                                                                                                                                            
                                                                                                                                                                                                                    
}

Which means that the azurerm_linux_virtual_machine are not connected to anything and will be removed on the first operation. They are not connected to anything as the "only" allowed connection is azurerm_virtual_network_peering and they do not know it. They know of azurerm_resource_group and azurerm_network_interface and those are not valid Nodes/Edges so are discarted.

The solution should be to add those resources as edges and the attributes needed on the Provider and fix the ResourceInOutNodes to know how to read those Edges.

We use Terraform Workspaces, and it appears to be the case that there's no way to use inframap with that. It would be nice if we could integrate all the pertinent state data (from the central state file, and the per-workspace state files). As it stands, the views I can produce with inframap are... not terribly useful.

Hi,
Terraform version : 13.5
Os : Alpine Linux
Provider : AWS

I'm executing this command on a tfstate containing a beanstalk env (just then env, not the app, it is already created on AWS) and an RDS database :
inframap generate --tfstate terraformtest.tfstate --clean=false

It's only showing in the graph the RDS, and nothing about the Beanstalk env.

I also have a problem with the graph created using this command :
inframap generate --tfstate terraform.tfstate --clean=false | dot -Tpng > inframap.png

Resulting in this :

EDIT : The squares were due to the use of the Alpine OS. Problem found for this one.

Any help would be greatly appreciated :) Thanks !

The HCL generation still has some errors and sometimes fails or produces wrong outputs (not right directions or nodes).

We do not have such issue on TFState (we use to but was fixed) but on HCL we have it.

We have to find why is it failing, most probably related on how the HCL->graph.Graph before any operation is done to the graph as reading the HCL it's not as easy as TFState(json).

This issues are "hard" to reproduce as they fail once in a while but not always, for example:

--- FAIL: TestFromHCL_FlexibleEngine (0.00s)
    --- FAIL: TestFromHCL_FlexibleEngine/SuccessSG (0.00s)
        helper_test.go:66: 
            	Error Trace:	helper_test.go:66
            	            				hcl_test.go:90
            	Error:      	Fail
            	Test:       	TestFromHCL_FlexibleEngine/SuccessSG
            	Messages:   	The Edge with Source "flexibleengine_compute_instance_v2.instance_two" and Target "flexibleengine_compute_instance_v2.instance_one" is present but in the other direction
FAIL

Hi, to run this app you need the minimum requirements which are not specified like graphviz. I don't know if some other requirement is necessary.
This is the only issue I have, else great job.

I like this tool a lot and I'd like to add this to our markdown if possible without creating a separate image.

It would be nice to export it in mermaid markdown

https://github.com/mermaid-js/mermaid
https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams

FYI, I have just added some homebrew support for this utility.

Now that we have #5 finished, maybe would also be good to have egress connections represented on the Graph.

For FlexibleEngine / OpenStack, there is a case where you define the blockstorage_volume_v2 as a count.

compute_instance_v2 who are using this volume, will have this relationship with the volume

"depends_on": [
    "flexibleengine_blockstorage_volume_v2.instance_sysvol"
]

connection is made inside the compute_instance_v2 component, through the UUID of the instance_sysvol (incomplete 👇 ):

"block_device": [
    {
        "source_type": "volume",
        "uuid": "2ff83afc-ccfa-452c-8569-c7ab49870fd2",
    }
],

This implementation would be done after #17:

1. create one node per count
2. define a ins/outs for a Node non-Edge.

before:

after:

Could also be done in the PreProcess that we'll add to preparse configs and have:

"depends_on": [
    "flexibleengine_blockstorage_volume_v2.instance_sysvol"
]

to

"depends_on": [
    "flexibleengine_blockstorage_volume_v2.instance_sysvol[0]"
]

Right now we are just getting the first element and ignoring the rest and not communicating anything about count on the Graph or the Config of the Graph.

The solution would be to add a Node.Count to show that that Graph Node has more than one "entity/element" and on the Config, instead of having the format resource.aws_lb.front: {} we would need resource.aws_lb.front: [{}] as one element could have more than one Config depending on the count.

Some things to note (answered by @gaelL):

• Do the count need to be represented as different Nodes?

I would say yes, it's better. As if they have different counts per environment this should be visible.

• If different Nodes they could have different connections?

From a technical point of view I would say yes.
From a usage point of view, I can't find any case where count nodes have different connection. Usually those are the same servers with the same roles the main differences are IP/subnets and Aws availability zone assigned

I think this is all

Instead of having the --tfstate and --hcl would be good to directly use one or the other based on the file.

If used like inframap generate hcl.tf it's easy as we know the file extension, the hard part is if it's piped like cat hcl.tf | inframap generate, in this case the best guess is to try to marshal it with JSON and if it's invalid then try with HCL and return error if also invalid.

This would improve a lot the user experience as it would remove the need of --tfstate and --hcl making it much simpler and intuitive to use.

I'm trying to generate a graph from a GCP HCL configuration, and I'm receiving this error. I installed inframap on MacOS via homebrew today, inframap--0.6.7.big_sur.bottle.tar.gz

panic: interface conversion: interface {} is string, not []interface {}

goroutine 1 [running]:
github.com/cycloidio/inframap/provider/google.Provider.PreProcess(0xc00009a2a0, 0x0, 0x0, 0x38)
	github.com/cycloidio/inframap/provider/google/google.go:192 +0xaa5
github.com/cycloidio/inframap/generate.preprocess(0xc000c00180, 0xc00009a2a0, 0xc001010100, 0xe, 0x22acba0)
	github.com/cycloidio/inframap/generate/state.go:841 +0x1b4
github.com/cycloidio/inframap/generate.FromHCL(0x1d36420, 0xc000b46c90, 0x169bb64, 0x9, 0x1010100, 0x0, 0x0, 0x2f78)
	github.com/cycloidio/inframap/generate/hcl.go:156 +0x100f
github.com/cycloidio/inframap/cmd.glob..func1(0x21b6b40, 0xc000b91b70, 0x1, 0x1, 0x0, 0x0)
	github.com/cycloidio/inframap/cmd/generate.go:69 +0x2f0
github.com/spf13/cobra.(*Command).execute(0x21b6b40, 0xc000b91b50, 0x1, 0x1, 0x21b6b40, 0xc000b91b50)
	github.com/spf13/[email protected]/command.go:852 +0x472
github.com/spf13/cobra.(*Command).ExecuteC(0x21b7040, 0x0, 0xffffffff, 0xc00007c058)
	github.com/spf13/[email protected]/command.go:960 +0x375
github.com/spf13/cobra.(*Command).Execute(...)
	github.com/spf13/[email protected]/command.go:897
github.com/cycloidio/inframap/cmd.Execute(...)
	github.com/cycloidio/inframap/cmd/root.go:27
main.main()
	github.com/cycloidio/inframap/main.go:10 +0x2e

I downloaded a windows release from the release page. After extracting it, I found a file instead of windows executable. Can someone please tell me how to download and use it for Windows machine

/Users/et2448/Downloads/inframap-darwin-amd64 generate --tfstate /tmp/tfstate 
strict digraph G {

}

with --raw I get some kind of output:

/Users/et2448/Downloads/inframap-darwin-amd64 generate --tfstate /tmp/tfstate --raw
strict digraph G {
        "aws_iam_user_policy.s3_upload_user_policy"->"aws_iam_user.s3_upload";
        "aws_iam_user_policy.s3_upload_user_policy"->"aws_kms_key.bucket_key";
        "aws_s3_bucket_public_access_block.this"->"aws_kms_key.bucket_key";
        "aws_s3_bucket_notification.s3_notification"->"aws_sqs_queue.bucket_notification_queue";
        "aws_s3_bucket.this"->"aws_kms_key.bucket_key";
        "aws_s3_bucket_object.upload_folder"->"aws_kms_key.bucket_key";
        "aws_sqs_queue.bucket_notification_queue"->"aws_kms_key.bucket_key";
        "aws_iam_access_key.s3_upload_ak"->"aws_iam_user.s3_upload";
        "aws_iam_access_key.s3_upload_ak" [ shape=ellipse ];
        "aws_iam_user.s3_upload" [ shape=ellipse ];
        "aws_iam_user_policy.s3_upload_user_policy" [ shape=ellipse ];
        "aws_kms_key.bucket_key" [ shape=ellipse ];
        "aws_s3_bucket.this" [ shape=ellipse ];
        "aws_s3_bucket_notification.s3_notification" [ shape=ellipse ];
        "aws_s3_bucket_object.upload_folder" [ shape=ellipse ];
        "aws_s3_bucket_public_access_block.this" [ shape=ellipse ];
        "aws_sqs_queue.bucket_notification_queue" [ shape=ellipse ];

}

Note that I use remote state, but download it like this: https://www.terraform.io/docs/commands/state/pull.html

Hi,
After cloning the repo (Fedora 34 , go version go1.16.5 linux/amd64, don't know if that matters) and running the mod download comment I get this

$ go mod download go: github.com/hashicorp/[email protected] requires github.com/tencentcloud/[email protected]+incompatible: reading github.com/tencentcloud/tencentcloud-sdk-go/go.mod at revision v3.0.82: unknown revision v3.0.82

Any idea?

Cheers,
Carlos

Since #72 we found out that we can only support TFState version 4.

Version 3 also has the depends_on so we could manually parse the State (JSON) and build the dependencies and interpolate them instead of using the internal TF logic to do it.

Version 3 is from TF 0.11.

Add the logic for VPCs, Subnets and Regions. The idea is to have a Grouping between resources that belong to the same VPC, Subnet and/or Region.

On AWS reading the TFState/HCL we are able to know if some resource belong to those:

• VPC: vpc_id and vpc_security_group_ids.
• Subnets: TBD
• Region: TBD

The idea would be to add a Groups on the provider.Provider that does the same as ResourceInOut that returns which groups the resource belongs to and then from that extend to different Providers bit by bit.

With #25 we have added Icons to InfraMap, this icons are compiled into the binary but for DOT Printer those icons have to be on the FileSystem.

What we are doing now is store them into $XDG_CACHE_HOME/inframa/assets/{provider} when we need to diplay them (not all of them, just the ones that are needed for the Graph). But if for any reason we change the Icons to display new ones with the same Name they'll never be updated.

We should find a way to know that the Icon that it's in $XDG_CACHE_HOME is on the last version. Some solutions could be:

• Compare content: If it's not the same replace
• Compare hashes: If it's not the same replace
• Have a global version of the Icons: As it's easy to write them to the Cache we could have a general version for the Icons and write it to the Cache (like a Manifest). And if the icons change we generate a new Manifest and if they are different we drop all of them (we do not expect to change Icons that often)
• Any others?

Right now we do not have any kind of logs.

Would be useful to add detailed logs of the mutations+actions that are been done so some bugs would be more easily debugable for example #136.

Hi all

I'm trying to test your code into my OS Ubuntu 20.04.3 and this was the response when I run the program:

$./inframap generate ~/IdeaProjects/terraform/tfstate/ad_connector.tfstate 
strict digraph G {

}

I was try to use the version allocated into brew repository and then I was try to compile the code like it's appear into your readme. Now I have the compiler version from your git repo:

$./inframap version
The current version is: v0.6.7-1-gd9632dd

Any suggestion of what i did wrong?

Best Regards

Is there a way to use this tool when the state is stored in a terraform backend like S3 ? There is no .tfstate file in that case.

Thanks :)

On AWS we only support basic networking connections, but there are also IAM connections, we need to also implement them as they give access (link) resources.

And add associated elements: S3 buckets, access to specific AWS services, etc.

Add the "azurerm" provider to the known providers.

Discussed in #177

Error: error while reading TFState: state snapshot was created by Terraform v0.13.0, which is newer than current v0.12.28; upgrade to Terraform v0.13.0 or greater to work with this state

...0.12.28 is not current anymore! ;-) What needs to be done to support TF 0.13? Neither HCL nor TF State works with a code that uses TF 0.13 features.

cycloid-community-catalog/stack-gke

> inframap generate --hcl ./terraform/module-vpc --raw

strict digraph G {

}

Can you document why and/or how to fix it?

The source argument in a module block tells Terraform where to find the source code for the desired child module.

[doc]

Following this issue (#54), we should be able to support the source argument.

• Local paths
• Terraform Registry
• Github
• Bitbucket
• Generic Git, Mercurial repositories
• HTTP URLs
• S3 Buckets
• GCS Buckets

inframap version

$ inframap version                                                                                                                                                                                                                        
The current version is: v0.5.2

terraform version

$ aws s3 cp s3://xxx/terraform.tfstate - | grep terraform_version -B 1
  "version": 4,
  "terraform_version": "0.13.6",

error

$ aws s3 cp s3://xxx/terraform.tfstate - | inframap generate --tfstate |  dot -Tpng > graph.png                 
Error: could not find the ID of the canonical "im_out.tcp/22->22": invalid Terraform State file
Usage:
...

Terraform state

{
      "mode": "managed",
      "type": "aws_security_group",
      "name": "allow_cluster_basics",
      "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
      "instances": [
        {
          "schema_version": 1,
          "attributes": {
            "arn": "arn:aws:ec2:eu-central-1:99999999999:security-group/sg-9999999999999999",
            "description": "Allow Cluster Traffic",
            "egress": [
              {
                "cidr_blocks": [
                  "0.0.0.0/0"
                ],
                "description": "",
                "from_port": 0,
                "ipv6_cidr_blocks": [],
                "prefix_list_ids": [],
                "protocol": "-1",
                "security_groups": [],
                "self": false,
                "to_port": 0
              }
            ],
            "id": "sg-9999999999999999",
            "ingress": [
              {
                "cidr_blocks": [
                  "0.0.0.0/0"
                ],
                "description": "ping",
                "from_port": -1,
                "ipv6_cidr_blocks": [],
                "prefix_list_ids": [],
                "protocol": "icmp",
                "security_groups": [],
                "self": false,
                "to_port": -1
              },
              {
                "cidr_blocks": [
                  "0.0.0.0/0"
                ],
                "description": "ssh internal",
                "from_port": 22,
                "ipv6_cidr_blocks": [],
                "prefix_list_ids": [],
                "protocol": "tcp",
                "security_groups": [],
                "self": false,
                "to_port": 22
              }
            ],
            "name": "xxx_cluster_ssh_in",
            "name_prefix": "",
            "owner_id": "99999999999",
            "revoke_rules_on_delete": false,
            "tags": {
              "Name": "XXXXX_cluster_ssh_in",
              "Project": "XXXX"
            },
            "timeouts": null,
            "vpc_id": "vpc-9999999999999999"
          },
          "private": "XXX",
          "dependencies": [
            "module.vpc.aws_vpc.this"
          ]
        }
      ]
    }