terraformit-gcp
terraformit-gcp is an open source command line tool for generating tf files and tfstate from existing GCP resources.
Relieve the pain of coding tf of manually created GCP resources.
terraformit-gcp steps are as below.
-
terraformit-gcp get json data of existing GCP resources using Cloud Asset API exportAssets method.
-
terraformit-gcp generates files for creating a tfstate(="terraform import") from the json data.
-
terraformit-gcp generates tf files from the tfstate.
-
terraformit-gcp executes "terraform plan" command to check tf files are generated successfully.
Version Table
terraformit-gcp does not support terraform 0.12.0 now.
terraformit-gcp | go | terraform | google provider | google provider (beta) |
---|---|---|---|---|
v0.9.0 | v1.12 | v0.11.13 and v0.11.14 | v2.5.1 | v2.5.1 |
To start using terraformit-gcp
Please follow these steps.
Install commands
Install terraform or tfenv(Terraform version manager).
Install gcloud to create a credential.
Install Go tools to use go command.
Set gcloud authentication
Generate ~/.config/gcloud/application_default_credentials.json credential.
Terraform command and google storage library use this credential.
gcloud init
or
gcloud auth login
Install terraformit-gcp
Install terraformit-gcp. git clone terraformit-gcp to your GOPATH.
export GO111MODULE=on
git clone https://github.com/cloud-ace/terraformit-gcp.git -b v0.9.1 ~/go/src/github.com/cloud-ace/terraformit-gcp
cd ~/go/src/github.com/cloud-ace/terraformit-gcp
go install
Set path
Add GOPATH to PATH, if you need.
(mac)
echo 'export GOPATH=$HOME/go' >> ~/.bash_profile
echo 'export PATH=$PATH:$GOPATH/bin' >> ~/.bash_profile
source ~/.bash_profile
Enable CloudAssetAPI
Enable CloudAssetAPI.
Create bucket for storing CloudAssetAPI json data
Create bucket for storing CloudAssetAPI outputs.
Generate and download credential for CloudAssetAPI
Genereate Oauth Client ID and download a credentials.
Cloud Asset API only supports Oauth Client ID now.
https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/calling-api-with-local-machine-howto?hl=en#downloading_the_credential_file
cd your pj directory
Change your terraform project directory.
cd "your terraform project directory"
Create .terraformit-gcp.yaml in your project directory
Create .terraformit-gcp.yaml in your project directory and set your configuration.
Please refer to the sample file(sample.terraformit-gcp.yaml) in this repository.
CloudAsset:
# GCP project number
project-number: "xxxxxxxx"
# bucket name. CloudAssetAPI MetadataFile is exported to this bucket.
bucket: "xxxxxxxxx"
# Oauth Client ID credential location
credential: "/Users/xxxxx/Downloads/xxxxxx.json"
Terraform:
# provider. "google" or "google-beta" should be set.
provider: "google"
# your workspace
workspace: "default"
# buckend type "local" or "gcs" is supported now.
# https://www.terraform.io/docs/backends/types/gcs.html
backend-type: "local"
# if you set "local" to backend-type, set "" to backend-location.
# backend-location: ""
# if you set "gcs" to backend-type ,set your bucket name to backend-location
# backend-location: "bucketname"
backend-location: ""
# Default Region
gcp-provider-default-region: "asia-northeast1"
# whether add Default resources("true") or remove("false").
# set true or false. If you set "false", skip default resource.
# Default service accounts are removed automatically because their name start with number("12233445@....") which cause an error.
resource-default-network: false
resource-default-subnetwork: false
resource-default-route: false
resource-default-firewall: false
terraformit-gcp Command
terraformit-gcp plan
Following steps below are executed.
- create CloudAssetMetadata calling CloudAssetAPI
- get CloudAssetMetadata from GCS
- create ImportFiles
- "terraform init"
- "terraform workspace new"
- "terraform import"(create tfstate)
- create tffile
- "terraform plan"
terraformit-gcp create cloudasset
Following steps below are executed.
- create CloudAssetMetadata calling CloudAssetAPI
terraformit-gcp create importfiles (-f ./xxx/xxxxx or gs://xxxxxx/xxxx)
Following steps below are executed.
- get CloudAssetMetadata from GCS or local(-f option)
- create ImportFiles
terraformit-gcp create tfstate
Following steps below are executed.
- "terraform init"
- "terraform workspace new"
- "terraform import" using importfiles
terraformit-gcp create tffile (-f tfstatefile)
Following steps below are executed.
- create tffile
Support Table
This command supports GCP resources which is supported by Cloud Asset API.
โ
:support
๐ง:will support
/ :not supported
CloudAssetAPI Name | CloudAssetAPI Support | terrafromResource name | terrafromResource Support |
---|---|---|---|
Cloud Key Management Service | |||
cloudkms.googleapis.com/KeyRing | โ | google_kms_key_ring | โ |
cloudkms.googleapis.com/CryptoKey | โ | google_kms_crypto_key | โ |
cloudkms.googleapis.com/CryptoKeyVersion | / | / | / |
Resource Manager | |||
cloudresourcemanager.googleapis.com/Organization | / | / | / |
cloudresourcemanager.googleapis.com/Folder | / | google_folder | / |
cloudresourcemanager.googleapis.com/Project | โ | google_project | โ |
Compute Engine | |||
compute.googleapis.com/Autoscaler | โ | google_compute_autoscaler | โ |
compute.googleapis.com/BackendBucket | โ | google_compute_backend_bucket | โ |
compute.googleapis.com/BackendService | โ | google_compute_backend_service | โ |
compute.googleapis.com/Disk | โ | google_compute_disk | โ |
compute.googleapis.com/Firewall | โ | google_compute_firewall | โ |
compute.googleapis.com/ForwardingRule | โ (only support in default Region) | google_compute_forwarding_rule | โ |
compute.googleapis.com/GlobalForwardingRule | โ | google_compute_global_forwarding_rule | โ |
compute.googleapis.com/HealthCheck | โ | google_compute_health_check | โ |
compute.googleapis.com/HttpHealthCheck | โ | google_compute_http_health_check | โ |
compute.googleapis.com/HttpsHealthCheck | ๐ง | google_compute_https_health_check | ๐ง |
compute.googleapis.com/Image | โ | google_compute_image | โ |
compute.googleapis.com/Instance | โ | google_compute_instance | โ |
compute.googleapis.com/InstanceGroup | โ | google_compute_instance_group | โ |
compute.googleapis.com/InstanceGroupManager | โ | google_compute_instance_group_manager | โ |
compute.googleapis.com/InstanceTemplate | โ | google_compute_instance_template | โ |
compute.googleapis.com/Network | โ | google_compute_network | โ |
compute.googleapis.com/Project | / | / | / |
compute.googleapis.com/RegionBackendService | ๐ง | google_compute_region_backend_service | ๐ง |
compute.googleapis.com/Route | โ | google_compute_route | โ |
compute.googleapis.com/Router | ๐ง | google_compute_router | ๐ง |
compute.googleapis.com/Snapshot | โ | google_compute_snapshot | โ |
compute.googleapis.com/SslCertificate | โ | google_compute_ssl_certificate(you need to set your private key manually) | โ |
compute.googleapis.com/Subnetwork | โ | google_compute_subnetwork | โ |
compute.googleapis.com/TargetHttpProxy | โ | google_compute_target_http_proxy | โ |
compute.googleapis.com/TargetHttpsProxy | โ | google_compute_target_https_proxy | โ |
compute.googleapis.com/TargetInstance | / | / | / |
compute.googleapis.com/TargetPool | โ (only support in default Region) | google_compute_target_pool | โ |
compute.googleapis.com/TargetTcpProxy | ๐ง | google_compute_target_tcp_proxy | ๐ง |
compute.googleapis.com/TargetSslProxy | ๐ง | google_compute_target_ssl_proxy | ๐ง |
compute.googleapis.com/TargetVpnGateway | ๐ง | google_compute_vpn_gateway | ๐ง |
compute.googleapis.com/UrlMap | โ | google_compute_url_map | โ |
compute.googleapis.com/VpnTunnel | ๐ง | google_compute_vpn_tunnel | ๐ง |
App Engine | |||
appengine.googleapis.com/Application | ๐ง | google_app_engine_application(cannot delete app engine) | ๐ง |
appengine.googleapis.com/Service | / | / | / |
appengine.googleapis.com/Version | / | / | / |
Google Kubernetes Engine | |||
container.googleapis.com/Cluster | โ | google_container_cluster | โ |
container.googleapis.com/NodePool(beta) | ๐ง | google_container_node_pool | ๐ง |
Cloud Billing | |||
cloudbilling.googleapis.com/BillingAccount | / | / | / |
Cloud Storage | |||
storage.googleapis.com/Bucket | โ | google_storage_bucket | โ |
Cloud DNS | |||
dns.googleapis.com/ManagedZone | โ | google_dns_managed_zone | โ |
dns.googleapis.com/Policy | โ (only google-beta) | google_dns_policy | โ |
Cloud Spanner | |||
spanner.googleapis.com/Instance | ๐ง | google_spanner_instance | ๐ง |
spanner.googleapis.com/Database | ๐ง | google_spanner_database | ๐ง |
BigQuery | |||
bigquery.googleapis.com/Dataset | ๐ง | google_bigquery_dataset | ๐ง |
bigquery.googleapis.com/Table | ๐ง | google_bigquery_table | ๐ง |
Cloud Identity and Access Management | |||
iam.googleapis.com/Role | ๐ง | google_iam_member | ๐ง |
iam.googleapis.com/ServiceAccount | โ | google_service_account | โ |
Cloud Pub/Sub | |||
pubsub.googleapis.com/Topic | โ | google_pubsub_subscription | โ |
pubsub.googleapis.com/Subscription | โ | google_pubsub_topic | โ |
Cloud Dataproc | |||
dataproc.googleapis.com/Cluster | ๐ง | google_dataproc_cluster | ๐ง |
dataproc.googleapis.com/Job | ๐ง | google_dataproc_job | ๐ง |
Cloud SQL | |||
sqladmin.googleapis.com/Instance | โ | google_sql_database_instance | โ |
Cloud Bigtable | |||
bigtableadmin.googleapis.com/Cluster | / | / | / |
bigtableadmin.googleapis.com/Instance | ๐ง | google_bigtable_instance | ๐ง |
bigtableadmin.googleapis.com/Table | ๐ง | google_bigtable_table | ๐ง |
Google Kubernetes Engine | |||
k8s.io/Node | / | / | / |
k8s.io/Pod | / | / | / |
k8s.io/Namespace | / | / | / |
rbac.authorization.k8s.io/Role | / | / | / |
rbac.authorization.k8s.io/RoleBinding | / | / | / |
rbac.authorization.k8s.io/ClusterRole | / | / | / |
rbac.authorization.k8s.io/RoleBinding | / | / | / |