From 031b44e1f13846c1e823404784699141b385b56c Mon Sep 17 00:00:00 2001 From: rixhieloomis Date: Fri, 5 Jan 2024 00:02:05 +0530 Subject: [PATCH 01/11] cloudformation init --- transformer/cloudformation/data.tf | 5 ++ transformer/cloudformation/locals.tf | 92 +++++++++++++++++++++++++ transformer/cloudformation/main.tf | 5 ++ transformer/cloudformation/resources.tf | 31 +++++++++ transformer/cloudformation/variables.tf | 55 +++++++++++++++ 5 files changed, 188 insertions(+) create mode 100644 transformer/cloudformation/data.tf create mode 100644 transformer/cloudformation/locals.tf create mode 100644 transformer/cloudformation/main.tf create mode 100644 transformer/cloudformation/resources.tf create mode 100644 transformer/cloudformation/variables.tf diff --git a/transformer/cloudformation/data.tf b/transformer/cloudformation/data.tf new file mode 100644 index 0000000..0fa5e41 --- /dev/null +++ b/transformer/cloudformation/data.tf @@ -0,0 +1,5 @@ +data "aws_cloudformation_stack" "resource" { + for_each = { for stack in local.stack_names : stack.Name => stack } + + name = each.value.Name +} diff --git a/transformer/cloudformation/locals.tf b/transformer/cloudformation/locals.tf new file mode 100644 index 0000000..071f132 --- /dev/null +++ b/transformer/cloudformation/locals.tf @@ -0,0 +1,92 @@ +locals { + stack_names = jsondecode(file("stack_names.json")) +} +locals { + workflows = [ + for stack_name, stack_data in data.aws_cloudformation_stack.resource : { + CLIConfiguration = { + WorkflowGroup = { + name = stack_name + } + } + ResourceName = stack_name + Description = stack_data.description + Tags = stack_data.tags + EnvironmentVariables = [ + { + "config": { + "textValue": "eu-west-1", + "varName": "AWS_REGION" + }, + "kind": "PLAIN_TEXT" + } + ] + VCSConfig = {} + TerraformConfig = {} + DeploymentPlatformConfig = var.SGDefaultDeploymentPlatformConfig + WfStepsConfig = [ + { + name = "CreateChangeset" + mountPoints = [] + wfStepTemplateId = "/demo-org/cloudformation:51" + wfStepInputData = { + schemaType = "FORM_JSONSCHEMA" + data = { + cfCapabilities = stack_data.capabilities + cfStackName = stack_name + cfS3TemplateURL = "${var.s3_path}/${stack_name}.yaml" + cfAction = "create-changeset" + } + } + approval = false + }, + { + name = "ApplyChangeset" + mountPoints = [] + wfStepTemplateId = "/demo-org/cloudformation:51" + wfStepInputData = { + schemaType = "FORM_JSONSCHEMA" + data = { + cfStackName = stack_name + RetainExceptOnCreate = false + cfAction = "apply-changeset" + DisableRollback = stack_data.disable_rollback + } + } + approval = true + } + ] + RunnerConstraints = { type = "shared" } + Approvers = var.SGDefaultWfApprovers + WfType = "CUSTOM" + UserSchedules = [] + MiniSteps = { + webhooks = { + COMPLETED = [], + ERRORED = [] + } + notifications = { + email = { + APPROVAL_REQUIRED = [], + CANCELLED = [], + COMPLETED = [], + ERRORED = [] + } + } + wfChaining = { + COMPLETED = [], + ERRORED = [] + } + } + GitHubComSync = { + pull_request_opened = { + createWfRun = { + enabled = false + } + } + } + } + ] + + data = jsonencode(local.workflows) +} \ No newline at end of file diff --git a/transformer/cloudformation/main.tf b/transformer/cloudformation/main.tf new file mode 100644 index 0000000..e2ceb84 --- /dev/null +++ b/transformer/cloudformation/main.tf @@ -0,0 +1,5 @@ +provider "aws" { + region = "eu-central-1" # Change to your desired AWS region +} + + diff --git a/transformer/cloudformation/resources.tf b/transformer/cloudformation/resources.tf new file mode 100644 index 0000000..9ce3cf4 --- /dev/null +++ b/transformer/cloudformation/resources.tf @@ -0,0 +1,31 @@ +resource "null_resource" "get_stack_names" { + provisioner "local-exec" { + command = <<-EOT + aws cloudformation describe-stacks --query 'Stacks[*].{Name:StackName}' --output json > stack_names.json + EOT + } + + # Trigger the provisioner only once + triggers = { + always_run = "${timestamp()}" + } +} + + +resource "aws_s3_object" "upload_templates" { + for_each = data.aws_cloudformation_stack.resource + + bucket = var.s3Bucket + key = "${var.s3_path}/${each.key}.yaml" + content = each.value.template_body + depends_on = [ data.aws_cloudformation_stack.resource] +} + +resource "local_file" "data" { + content = local.data + filename = "${path.module}/../../${var.exportPath}/sg-payload-generated.json" + provisioner "local-exec" { + command = "mv ${path.module}/../../${var.exportPath}/sg-payload-generated.json ${path.module}/../../${var.exportPath}/sg-payload.json" + } + depends_on = [ aws_s3_object.upload_templates ] +} \ No newline at end of file diff --git a/transformer/cloudformation/variables.tf b/transformer/cloudformation/variables.tf new file mode 100644 index 0000000..f5ee70a --- /dev/null +++ b/transformer/cloudformation/variables.tf @@ -0,0 +1,55 @@ +variable "exportPath" { + default = "export" + description = "name of the folder to export the payload, state files to. ./export is the default" + type = string +} +variable "s3_path" { + description = "Base path for CloudFormation templates in S3" + default = "stackguardian/cloudformation_templates" # Adjust to your desired base path +} +variable "default_region" { + description = "default aws region" + default = "eu-central-1" # Adjust to your desired base path +} +variable "s3Bucket" { + default = "" + description = "name of the s3Bucket to export the cf templates" + type = string +} +variable "SGDefaultWfApprovers" { + default = [] + description = "Add emails of the users who should approve the terraform plan, since approvalPreApply is set to true" + type = list(string) +} + +variable "SGDefaultIACVCSRepoPrefix" { + default = "https://VCS_PROVIDER_DOMAIN" + description = "Prefix for your repo URL" + type = string +} + +variable "SGDefaultVCSAuthIntegrationID" { + default = "INTEGRATION_ID" + description = "Provide an integration id like /integrations/aws-dev-account or /secrets/my-git-token" + type = string +} + +variable "SGDefaultDeploymentPlatformConfig" { + default = [ + { + "kind" : "AWS_RBAC", + "config" : { + "integrationId" : "INTEGRATION_ID", + "profileName" : "default" + } + } + ] + description = "Integration to use to authenticate against your cloud provider" + type = list(any) +} + +variable "SGDefaultSourceConfigDestKind" { + default = "GIT_OTHER" + description = "Choose from: GITHUB_COM, BITBUCKET_ORG, GITLAB_COM, AZURE_DEVOPS, GIT_OTHER" + type = string +} \ No newline at end of file From 9428f6392aa2b22ec5db8304e9978b97e4986d2c Mon Sep 17 00:00:00 2001 From: rixhieloomis Date: Tue, 9 Jan 2024 15:52:00 +0530 Subject: [PATCH 02/11] Added docs for migrator usage --- README.md | 13 +-- transformer/cloudformation/README.md | 96 ++++++++++++++++++ .../cloudformation/terraform.tfvars.example | 31 ++++++ transformer/terraform-cloud/README.md | 97 +++++++++++++++++++ 4 files changed, 227 insertions(+), 10 deletions(-) create mode 100644 transformer/cloudformation/README.md create mode 100644 transformer/cloudformation/terraform.tfvars.example create mode 100644 transformer/terraform-cloud/README.md diff --git a/README.md b/README.md index b4e54d0..55afb6b 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,7 @@ Migrate workloads from other platforms to [StackGuardian Platform](https://app.s ## Supported platforms for migration - Terraform Cloud +- Cloudformation stacks ## Overview @@ -19,22 +20,14 @@ Migrate workloads from other platforms to [StackGuardian Platform](https://app.s - Terraform - [sg-cli](https://github.com/StackGuardian/sg-cli/tree/main/shell) -### Perform terraform login -Perform `terraform login` to ensure that your local Terraform can interact with your Terraform Cloud/Enterprise account. ### Export the resource definitions and Terraform state - Choose the transformer and locate the example of `terraform.tfvars.example` and rename it to `terraform.tfvars`. - Edit terraform.tfvars with appropriate variables. -- Run the following commands: +- Run the following commands mentioned in the README.md file in the transformer. -```shell -cd transformer/terraform-cloud -terraform init -terraform apply -auto-approve -var-file=terraform.tfvars -``` - -A new `export` folder should have been created. The `sg-payload.json` file contains the definition for each workflow that will be created for each Terraform Workspace, and the `states` folder contains the files for the Terraform state for each of your workspaces, if the state export was enabled. +A new `export` folder should have been created. The `sg-payload.json` file contains the definition for each workflow that will be created for the resources under the chosen transformer. After completing the export , edit the `sg-payload.json` file to provide tune each workflow configuration with the following: ### Use the example_payload.jsonc file as a reference and edit the schema of the `sg-payload.json` diff --git a/transformer/cloudformation/README.md b/transformer/cloudformation/README.md new file mode 100644 index 0000000..3af5569 --- /dev/null +++ b/transformer/cloudformation/README.md @@ -0,0 +1,96 @@ +# StackGuardian Migrator + +Migrate workloads from other platforms to [StackGuardian Platform](https://app.stackguardian.io). + +## platform for migration + +- Cloudformation Stacks + +## Overview + +- Extract and transform the stacks from AWS cloudformation to StackGuardian Workflows. +- Review the bulk workflow creation payload. +- Run sg-cli with the bulk workflow creation payload. + +## Prerequisites + +- An organization on [StackGuardian Platform](https://app.stackguardian.io) +- Optionally, pre-configure VCS, cloud integrations or private runners to use when importing into StackGuardian Platform. +- Terraform +- [sg-cli](https://github.com/StackGuardian/sg-cli/tree/main/shell) + + +### Export the resource definitions and Terraform state + +- Choose the transformer and locate the example of `terraform.tfvars.example` and rename it to `terraform.tfvars`. +- Edit terraform.tfvars with appropriate variables. +- Run the following commands: + +```shell +cd transformer/terraform-cloud +terraform init +terraform apply -target=null_resource.get_stack_names +terraform apply -auto-approve -var-file=terraform.tfvars +``` + +A new `export` folder should have been created. The `sg-payload.json` file contains the definition for each workflow that will be created for each stack in the given region. + +After completing the export , edit the `sg-payload.json` file to provide tune each workflow configuration with the following: +### Use the example_payload.jsonc file as a reference and edit the schema of the `sg-payload.json` +- `DeploymentPlatformConfig` - This is used to authenticate against a cloud provider using a StackGuardian Integration. Create the relevant integration in StackGuardian platform and update `DeploymentPlatformConfig.kind` from the following "AZURE_STATIC", "AWS_STATIC","GCP_STATIC", "AWS_RBAC". Update `DeploymentPlatformConfig.config.integrationId` with "/integrations/INTEGRATION_NAME" and `DeploymentPlatformConfig.config.profileName` with the name of the integration used upon creation. +``` + DeploymentPlatformConfig: [ + { + "kind": "AWS_RBAC", + "config": { + "integrationId": "/integrations/aws-rbac", + "profileName": "default" + } + } + ] +``` +- `VCSConfig` - Provide full path to the `repo` like as well the relevant `sourceConfigDestKind` from the following "GITHUB_COM", "BITBUCKET_ORG", "GITLAB_COM", "AZURE_DEVOPS" + - `config.auth` + - `config.isPrivate` + +- `ResourceName` - name of your StackGuardian Workflow +- `wfgrpName` - this corresponds to the labelling of workflow group name in the StackGuardian platform +- `Description` - description for the workflows created in the StackGuardian platform +- `Tags` - list of tags for the workflows created in the StackGuardian platform +- `EnvironmentVariables` - environment variables for the workflows created in the StackGuardian platform +- `RunnerConstraints` - Runner description for the workflows in the StackGuardian platform + - Private runners - ``` + "RunnerConstraints": { + "type": "private", + "names": [ + "sg-runner" + ] + }``` + - Shared runners - ``` + "RunnerConstraints": { + "type": "shared" + }``` +- `Approvers` - Approvers for the workflow to run it successfully +- `TerraformConfig` - Terraform configuration for the workflows created in the StackGuardian platform +- `UserSchedules` - Scheduled workflow run configuration for the workflow in the StackGuardian platform +- `MiniSteps` - Ministeps for the workflow to direct the process if the workflow returns an error/success/approval required and workflow chaining + +### Bulk import workflows to StackGuardian Platform + +- Fetch [sg-cli](https://github.com/StackGuardian/sg-cli.git) and set it up locally (documentation present in repo) +- Run the following commands and pass the `sg-payload.json` as payload (represented below) +- Get your SG API Key here: https://app.stackguardian.io/orchestrator/orgs//settings?tab=api_key + +```shell +cd ../../export + +export SG_API_TOKEN= +wget -q "$(wget -qO- "https://api.github.com/repos/stackguardian/sg-cli/releases/latest" | jq -r '.tarball_url')" -O sg-cli.tar.gz && tar -xf sg-cli.tar.gz && rm -f sg-cli.tar.gz && /bin/cp -rf StackGuardian-sg-cli*/shell/sg-cli . && rm -rfd StackGuardian-sg-cli* + +./sg-cli workflow create --bulk --org "" -- sg-payload.json +``` + +if you want to update a workflow with different details, please re-run the sg-cli command with the modified sg-payload.json and your workflow will be updated with the new details, as long as the ResourceName (Workflow name) remains the same. +```shell +./sg-cli workflow create --bulk --org "" -- sg-payload.json +``` diff --git a/transformer/cloudformation/terraform.tfvars.example b/transformer/cloudformation/terraform.tfvars.example new file mode 100644 index 0000000..5b3c6ad --- /dev/null +++ b/transformer/cloudformation/terraform.tfvars.example @@ -0,0 +1,31 @@ +# Directory to export Terraform files to +exportPath = "export" + +# S3 path to uplaoad cloudformation templates +s3_path = "" + +# Default aws region +default_region= "" + +# Add emails of the users who should approve the terraform plan, since approvalPreApply is set to true +SGDefaultWfApprovers = [] + +# Prefix for your repo URL +SGDefaultIACVCSRepoPrefix = "https://www.github.com" + +# Provide an integration id like /integrations/aws-dev-account or /secrets/my-git-token +SGDefaultVCSAuthIntegrationID = "/integrations/github_com" + +# Integration to use to authenticate against your cloud provider +SGDefaultDeploymentPlatformConfig = [ + { + "kind" : "AWS_RBAC", + "config" : { + "integrationId" : "/integrations/aws-dev-account", + "profileName" : "default" + } + } + ] + +# Choose from: GITHUB_COM, BITBUCKET_ORG, GITLAB_COM, AZURE_DEVOPS, GIT_OTHER +SGDefaultSourceConfigDestKind = "GITHUB_COM" diff --git a/transformer/terraform-cloud/README.md b/transformer/terraform-cloud/README.md new file mode 100644 index 0000000..0c2c8db --- /dev/null +++ b/transformer/terraform-cloud/README.md @@ -0,0 +1,97 @@ +# StackGuardian Migrator + +Migrate workloads from other platforms to [StackGuardian Platform](https://app.stackguardian.io). + +## platform for migration + +- Terraform Cloud + +## Overview + +- Extract and transform the workloads from the target platform to StackGuardian Workflows. +- Review the bulk workflow creation payload. +- Run sg-cli with the bulk workflow creation payload. + +## Prerequisites + +- An organization on [StackGuardian Platform](https://app.stackguardian.io) +- Optionally, pre-configure VCS, cloud integrations or private runners to use when importing into StackGuardian Platform. +- Terraform +- [sg-cli](https://github.com/StackGuardian/sg-cli/tree/main/shell) + +### Perform terraform login +Perform `terraform login` to ensure that your local Terraform can interact with your Terraform Cloud/Enterprise account. + +### Export the resource definitions and Terraform state + +- Choose the transformer and locate the example of `terraform.tfvars.example` and rename it to `terraform.tfvars`. +- Edit terraform.tfvars with appropriate variables. +- Run the following commands: + +```shell +cd transformer/terraform-cloud +terraform init +terraform apply -auto-approve -var-file=terraform.tfvars +``` + +A new `export` folder should have been created. The `sg-payload.json` file contains the definition for each workflow that will be created for each Terraform Workspace, and the `states` folder contains the files for the Terraform state for each of your workspaces, if the state export was enabled. + +After completing the export , edit the `sg-payload.json` file to provide tune each workflow configuration with the following: +### Use the example_payload.jsonc file as a reference and edit the schema of the `sg-payload.json` +- `DeploymentPlatformConfig` - This is used to authenticate against a cloud provider using a StackGuardian Integration. Create the relevant integration in StackGuardian platform and update `DeploymentPlatformConfig.kind` from the following "AZURE_STATIC", "AWS_STATIC","GCP_STATIC", "AWS_RBAC". Update `DeploymentPlatformConfig.config.integrationId` with "/integrations/INTEGRATION_NAME" and `DeploymentPlatformConfig.config.profileName` with the name of the integration used upon creation. +``` + DeploymentPlatformConfig: [ + { + "kind": "AWS_RBAC", + "config": { + "integrationId": "/integrations/aws-rbac", + "profileName": "default" + } + } + ] +``` +- `VCSConfig` - Provide full path to the `repo` like as well the relevant `sourceConfigDestKind` from the following "GITHUB_COM", "BITBUCKET_ORG", "GITLAB_COM", "AZURE_DEVOPS" + - `config.auth` + - `config.isPrivate` + +- `ResourceName` - name of your StackGuardian Workflow +- `wfgrpName` - this corresponds to the labelling of workflow group name in the StackGuardian platform +- `Description` - description for the workflows created in the StackGuardian platform +- `Tags` - list of tags for the workflows created in the StackGuardian platform +- `EnvironmentVariables` - environment variables for the workflows created in the StackGuardian platform +- `RunnerConstraints` - Runner description for the workflows in the StackGuardian platform + - Private runners - ``` + "RunnerConstraints": { + "type": "private", + "names": [ + "sg-runner" + ] + }``` + - Shared runners - ``` + "RunnerConstraints": { + "type": "shared" + }``` +- `Approvers` - Approvers for the workflow to run it successfully +- `TerraformConfig` - Terraform configuration for the workflows created in the StackGuardian platform +- `UserSchedules` - Scheduled workflow run configuration for the workflow in the StackGuardian platform +- `MiniSteps` - Ministeps for the workflow to direct the process if the workflow returns an error/success/approval required and workflow chaining + +### Bulk import workflows to StackGuardian Platform + +- Fetch [sg-cli](https://github.com/StackGuardian/sg-cli.git) and set it up locally (documentation present in repo) +- Run the following commands and pass the `sg-payload.json` as payload (represented below) +- Get your SG API Key here: https://app.stackguardian.io/orchestrator/orgs//settings?tab=api_key + +```shell +cd ../../export + +export SG_API_TOKEN= +wget -q "$(wget -qO- "https://api.github.com/repos/stackguardian/sg-cli/releases/latest" | jq -r '.tarball_url')" -O sg-cli.tar.gz && tar -xf sg-cli.tar.gz && rm -f sg-cli.tar.gz && /bin/cp -rf StackGuardian-sg-cli*/shell/sg-cli . && rm -rfd StackGuardian-sg-cli* + +./sg-cli workflow create --bulk --org "" -- sg-payload.json +``` + +if you want to update a workflow with different details, please re-run the sg-cli command with the modified sg-payload.json and your workflow will be updated with the new details, as long as the ResourceName (Workflow name) remains the same. +```shell +./sg-cli workflow create --bulk --org "" -- sg-payload.json +``` From 03ad3ccfc0f26645daedafdde76e7d771b63e121 Mon Sep 17 00:00:00 2001 From: rixhieloomis Date: Tue, 9 Jan 2024 19:30:11 +0530 Subject: [PATCH 03/11] Refactor stackguardian-migartor docs --- README.md | 6 ++-- transformer/cloudformation/.gitignore | 33 +++++++++++++++++++ transformer/cloudformation/README.md | 5 +++ transformer/cloudformation/locals.tf | 42 ++++++++++++------------- transformer/cloudformation/main.tf | 2 +- transformer/cloudformation/resources.tf | 12 +++---- transformer/cloudformation/variables.tf | 4 +-- 7 files changed, 71 insertions(+), 33 deletions(-) create mode 100644 transformer/cloudformation/.gitignore diff --git a/README.md b/README.md index 55afb6b..66e7303 100644 --- a/README.md +++ b/README.md @@ -4,8 +4,8 @@ Migrate workloads from other platforms to [StackGuardian Platform](https://app.s ## Supported platforms for migration -- Terraform Cloud -- Cloudformation stacks +- Terraform Cloud [link](/terraform-cloud/README.md) +- Cloudformation stacks[link](/cloudformation/README.md) ## Overview @@ -25,7 +25,7 @@ Migrate workloads from other platforms to [StackGuardian Platform](https://app.s - Choose the transformer and locate the example of `terraform.tfvars.example` and rename it to `terraform.tfvars`. - Edit terraform.tfvars with appropriate variables. -- Run the following commands mentioned in the README.md file in the transformer. +- Run the commands mentioned in the README.md file in the transformer. A new `export` folder should have been created. The `sg-payload.json` file contains the definition for each workflow that will be created for the resources under the chosen transformer. diff --git a/transformer/cloudformation/.gitignore b/transformer/cloudformation/.gitignore new file mode 100644 index 0000000..5ac5c93 --- /dev/null +++ b/transformer/cloudformation/.gitignore @@ -0,0 +1,33 @@ +# Local .terraform directories +**/.terraform/* + +# Terraform lockfile +.terraform.lock.hcl + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log + +# Exclude all .tfvars files, which are likely to contain sentitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore CLI configuration files +.terraformrc +terraform.rc + +# _stack_names.json + +_stack_names.json \ No newline at end of file diff --git a/transformer/cloudformation/README.md b/transformer/cloudformation/README.md index 3af5569..3e1bb5d 100644 --- a/transformer/cloudformation/README.md +++ b/transformer/cloudformation/README.md @@ -17,6 +17,8 @@ Migrate workloads from other platforms to [StackGuardian Platform](https://app.s - An organization on [StackGuardian Platform](https://app.stackguardian.io) - Optionally, pre-configure VCS, cloud integrations or private runners to use when importing into StackGuardian Platform. - Terraform +- AWS CLI configured locally. +- AWS account with adequate access where CloudFormation stacks are maintained. - [sg-cli](https://github.com/StackGuardian/sg-cli/tree/main/shell) @@ -32,6 +34,9 @@ terraform init terraform apply -target=null_resource.get_stack_names terraform apply -auto-approve -var-file=terraform.tfvars ``` +terraform apply -target=null_resource.get_stack_names , runs an aws cli to list all the stack names in the AWS acount to create _stacks_names.json file existing in the given region during its execution. + +terraform apply -auto-approve -var-file=terraform.tfvars this command , creates a data source with all the stack names retrieved during the previous command to create a sg-payload.json. A new `export` folder should have been created. The `sg-payload.json` file contains the definition for each workflow that will be created for each stack in the given region. diff --git a/transformer/cloudformation/locals.tf b/transformer/cloudformation/locals.tf index 071f132..453f8cf 100644 --- a/transformer/cloudformation/locals.tf +++ b/transformer/cloudformation/locals.tf @@ -1,5 +1,5 @@ locals { - stack_names = jsondecode(file("stack_names.json")) + stack_names = jsondecode(file("_stack_names.json")) } locals { workflows = [ @@ -9,48 +9,48 @@ locals { name = stack_name } } - ResourceName = stack_name - Description = stack_data.description - Tags = stack_data.tags + ResourceName = stack_name + Description = stack_data.description + Tags = stack_data.tags EnvironmentVariables = [ { - "config": { - "textValue": "eu-west-1", - "varName": "AWS_REGION" + "config" : { + "textValue" : "eu-west-1", + "varName" : "AWS_REGION" }, - "kind": "PLAIN_TEXT" + "kind" : "PLAIN_TEXT" } ] - VCSConfig = {} - TerraformConfig = {} + VCSConfig = {} + TerraformConfig = {} DeploymentPlatformConfig = var.SGDefaultDeploymentPlatformConfig WfStepsConfig = [ { - name = "CreateChangeset" - mountPoints = [] + name = "CreateChangeset" + mountPoints = [] wfStepTemplateId = "/demo-org/cloudformation:51" wfStepInputData = { schemaType = "FORM_JSONSCHEMA" data = { - cfCapabilities = stack_data.capabilities - cfStackName = stack_name - cfS3TemplateURL = "${var.s3_path}/${stack_name}.yaml" - cfAction = "create-changeset" + cfCapabilities = stack_data.capabilities + cfStackName = stack_name + cfS3TemplateURL = "${var.s3_path}/${stack_name}.yaml" + cfAction = "create-changeset" } } approval = false }, { - name = "ApplyChangeset" - mountPoints = [] + name = "ApplyChangeset" + mountPoints = [] wfStepTemplateId = "/demo-org/cloudformation:51" wfStepInputData = { schemaType = "FORM_JSONSCHEMA" data = { - cfStackName = stack_name + cfStackName = stack_name RetainExceptOnCreate = false - cfAction = "apply-changeset" - DisableRollback = stack_data.disable_rollback + cfAction = "apply-changeset" + DisableRollback = stack_data.disable_rollback } } approval = true diff --git a/transformer/cloudformation/main.tf b/transformer/cloudformation/main.tf index e2ceb84..0a8fed2 100644 --- a/transformer/cloudformation/main.tf +++ b/transformer/cloudformation/main.tf @@ -1,5 +1,5 @@ provider "aws" { - region = "eu-central-1" # Change to your desired AWS region + region = "eu-central-1" # Change to your desired AWS region } diff --git a/transformer/cloudformation/resources.tf b/transformer/cloudformation/resources.tf index 9ce3cf4..b2e3e9d 100644 --- a/transformer/cloudformation/resources.tf +++ b/transformer/cloudformation/resources.tf @@ -1,7 +1,7 @@ resource "null_resource" "get_stack_names" { provisioner "local-exec" { command = <<-EOT - aws cloudformation describe-stacks --query 'Stacks[*].{Name:StackName}' --output json > stack_names.json + aws cloudformation describe-stacks --query 'Stacks[*].{Name:StackName}' --output json > _stack_names.json EOT } @@ -15,10 +15,10 @@ resource "null_resource" "get_stack_names" { resource "aws_s3_object" "upload_templates" { for_each = data.aws_cloudformation_stack.resource - bucket = var.s3Bucket - key = "${var.s3_path}/${each.key}.yaml" - content = each.value.template_body - depends_on = [ data.aws_cloudformation_stack.resource] + bucket = var.s3Bucket + key = "${var.s3_path}/${each.key}.yaml" + content = each.value.template_body + depends_on = [data.aws_cloudformation_stack.resource] } resource "local_file" "data" { @@ -27,5 +27,5 @@ resource "local_file" "data" { provisioner "local-exec" { command = "mv ${path.module}/../../${var.exportPath}/sg-payload-generated.json ${path.module}/../../${var.exportPath}/sg-payload.json" } - depends_on = [ aws_s3_object.upload_templates ] + depends_on = [aws_s3_object.upload_templates] } \ No newline at end of file diff --git a/transformer/cloudformation/variables.tf b/transformer/cloudformation/variables.tf index f5ee70a..1c849ad 100644 --- a/transformer/cloudformation/variables.tf +++ b/transformer/cloudformation/variables.tf @@ -5,11 +5,11 @@ variable "exportPath" { } variable "s3_path" { description = "Base path for CloudFormation templates in S3" - default = "stackguardian/cloudformation_templates" # Adjust to your desired base path + default = "stackguardian/cloudformation_templates" # Adjust to your desired base path } variable "default_region" { description = "default aws region" - default = "eu-central-1" # Adjust to your desired base path + default = "eu-central-1" # Change to your desired AWS region, where Cloudformation stacks are maintained. } variable "s3Bucket" { default = "" From a252368388adde6b80da7188c8d29ab178498b7c Mon Sep 17 00:00:00 2001 From: rixhieloomis Date: Tue, 9 Jan 2024 19:31:39 +0530 Subject: [PATCH 04/11] Refactor stackguardian-migartor docs --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 66e7303..c5ed5a6 100644 --- a/README.md +++ b/README.md @@ -4,8 +4,8 @@ Migrate workloads from other platforms to [StackGuardian Platform](https://app.s ## Supported platforms for migration -- Terraform Cloud [link](/terraform-cloud/README.md) -- Cloudformation stacks[link](/cloudformation/README.md) +- Terraform Cloud [link](transformer/terraform-cloud/README.md) +- Cloudformation stacks[link](transformer/cloudformation/README.md) ## Overview From 3d0a34f2816d991f75d09cd9581f1e6fdc07a0f4 Mon Sep 17 00:00:00 2001 From: rixhieloomis Date: Tue, 9 Jan 2024 19:36:14 +0530 Subject: [PATCH 05/11] Refactor stackguardian-migartor docs --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c5ed5a6..56b1b14 100644 --- a/README.md +++ b/README.md @@ -4,8 +4,8 @@ Migrate workloads from other platforms to [StackGuardian Platform](https://app.s ## Supported platforms for migration -- Terraform Cloud [link](transformer/terraform-cloud/README.md) -- Cloudformation stacks[link](transformer/cloudformation/README.md) +- Terraform Cloud [link](../blob/f/cloudformation/transformer/terraform-cloud/README.md) +- Cloudformation stacks[link](../blob/f/cloudformation/transformer/cloudformation/README.md) ## Overview From db14301f884b80d41ceb36b4e547d8c280b140d1 Mon Sep 17 00:00:00 2001 From: rixhieloomis Date: Tue, 9 Jan 2024 19:37:47 +0530 Subject: [PATCH 06/11] Refactor stackguardian-migartor docs --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 56b1b14..8e7b411 100644 --- a/README.md +++ b/README.md @@ -4,8 +4,8 @@ Migrate workloads from other platforms to [StackGuardian Platform](https://app.s ## Supported platforms for migration -- Terraform Cloud [link](../blob/f/cloudformation/transformer/terraform-cloud/README.md) -- Cloudformation stacks[link](../blob/f/cloudformation/transformer/cloudformation/README.md) +- Terraform Cloud [link](../cloudformation/transformer/terraform-cloud/README.md) +- Cloudformation stacks[link](../cloudformation/transformer/cloudformation/README.md) ## Overview From 0d832e4407bf4d4b171c51035f64df99dcbb04d6 Mon Sep 17 00:00:00 2001 From: Akshat Tandon Date: Tue, 9 Jan 2024 19:29:44 +0100 Subject: [PATCH 07/11] Update README.md --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 8e7b411..34bc24c 100644 --- a/README.md +++ b/README.md @@ -4,8 +4,8 @@ Migrate workloads from other platforms to [StackGuardian Platform](https://app.s ## Supported platforms for migration -- Terraform Cloud [link](../cloudformation/transformer/terraform-cloud/README.md) -- Cloudformation stacks[link](../cloudformation/transformer/cloudformation/README.md) +- [Terraform Cloud](../cloudformation/transformer/terraform-cloud/README.md) +- [Cloudformation stacks](../cloudformation/transformer/cloudformation/README.md) ## Overview @@ -25,7 +25,7 @@ Migrate workloads from other platforms to [StackGuardian Platform](https://app.s - Choose the transformer and locate the example of `terraform.tfvars.example` and rename it to `terraform.tfvars`. - Edit terraform.tfvars with appropriate variables. -- Run the commands mentioned in the README.md file in the transformer. +- Run the commands mentioned in the README.md for the transformers. A new `export` folder should have been created. The `sg-payload.json` file contains the definition for each workflow that will be created for the resources under the chosen transformer. From cc3f5072c2c99273a57d9ba77aafead98404a7be Mon Sep 17 00:00:00 2001 From: Akshat Tandon Date: Tue, 9 Jan 2024 19:30:06 +0100 Subject: [PATCH 08/11] Update README.md --- transformer/terraform-cloud/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/transformer/terraform-cloud/README.md b/transformer/terraform-cloud/README.md index 0c2c8db..ef94e50 100644 --- a/transformer/terraform-cloud/README.md +++ b/transformer/terraform-cloud/README.md @@ -2,7 +2,7 @@ Migrate workloads from other platforms to [StackGuardian Platform](https://app.stackguardian.io). -## platform for migration +## Platform for migration - Terraform Cloud From 4d1eda1b6bea8a0a6cb0a2d6728a5e3932a5cccf Mon Sep 17 00:00:00 2001 From: Akshat Tandon Date: Tue, 9 Jan 2024 19:30:24 +0100 Subject: [PATCH 09/11] Update README.md --- transformer/cloudformation/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/transformer/cloudformation/README.md b/transformer/cloudformation/README.md index 3e1bb5d..ba1b1d7 100644 --- a/transformer/cloudformation/README.md +++ b/transformer/cloudformation/README.md @@ -2,7 +2,7 @@ Migrate workloads from other platforms to [StackGuardian Platform](https://app.stackguardian.io). -## platform for migration +## Platform for migration - Cloudformation Stacks From 0bd9c9be0a78dbae20aca41d6ab3323028e98bbe Mon Sep 17 00:00:00 2001 From: Akshat Tandon Date: Tue, 9 Jan 2024 19:31:47 +0100 Subject: [PATCH 10/11] Update README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 34bc24c..dd8b33c 100644 --- a/README.md +++ b/README.md @@ -13,12 +13,13 @@ Migrate workloads from other platforms to [StackGuardian Platform](https://app.s - Review the bulk workflow creation payload. - Run sg-cli with the bulk workflow creation payload. -## Prerequisites +## Common Prerequisites - An organization on [StackGuardian Platform](https://app.stackguardian.io) - Optionally, pre-configure VCS, cloud integrations or private runners to use when importing into StackGuardian Platform. - Terraform - [sg-cli](https://github.com/StackGuardian/sg-cli/tree/main/shell) +- Other prerequisites mentioned in the README.md for the transformers ### Export the resource definitions and Terraform state From 3ed442a117d03aaad3ab36071bfba4fb0c97c5bc Mon Sep 17 00:00:00 2001 From: Akshat Tandon Date: Tue, 9 Jan 2024 19:32:16 +0100 Subject: [PATCH 11/11] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index dd8b33c..f518fb0 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ Migrate workloads from other platforms to [StackGuardian Platform](https://app.s ## Supported platforms for migration - [Terraform Cloud](../cloudformation/transformer/terraform-cloud/README.md) -- [Cloudformation stacks](../cloudformation/transformer/cloudformation/README.md) +- [Cloudformation Stacks](../cloudformation/transformer/cloudformation/README.md) ## Overview