feat: dockerize terraform makefile

Author: gregswift

Makefile.terraform

@@ -1,93 +1,83 @@
 # This makefile is intended to enable Terraform repositories.
 # We've had some success with using it manually and with Jenkins.
 #
-# We mainly run with it from Linux. If you want to see if support
-# other OSes send a PR :D
-
-.PHONY: all docs taint-node select plan apply
-.SILENT: banner help
-
-## Terraform is very version specific, so know what you need
-TF_VERSION = 0.11.11
-
-TF_PATH = ./terraform
-
-ifeq ("${TF_PATH}", "./terraform")
-  ifeq ("$(wildcard $(TF_PATH))", "")
-    ifeq ("$(shell uname)", "Linux")
-      ARCHIVE_FILE = terraform_${TF_VERSION}_linux_amd64.zip
-    else
-      ifeq ("$(shell uname)", "Darwin")
-        ARCHIVE_FILE = terraform_${TF_VERSION}_darwin_amd64.zip
-      else
-        $(error This only works on darwin and linux for now... PRs welcome)
-      endif
-    endif
-    BASE_URL = https://releases.hashicorp.com/terraform/${TF_VERSION}/
-    BOOTSTRAP_CMD := test ! -f ${TF_PATH} && curl -O ${BASE_URL}${ARCHIVE_FILE} && unzip ${ARCHIVE_FILE} && rm -f ${ARCHIVE_FILE}
-  endif
-endif
 
-ifeq ($(origin BOOTSTRAP_CMD), undefined)
-    BOOTSTRAP_CMD := echo "INFO: Using installed ${TF_PATH}"
+## Override any of the below ?= variables in .config.mk
+-include .config.mk
+
+TERRAFORM_IMAGE ?= docker.io/hashicorp/terraform
+TERRAFORM_VERSION ?= 1.0 ## Terraform is very version specific, so know what you need
+TERRAFORM_STATE_S3 ?= no ## If using S3 for shared state, override this with a 'yes'
+CONTAINER_ENGINE ?= docker ## Commands will be executed via the container engine, expected to be docker cli compatible
+
+# Container based commands to for use handling target steps
+BASE_COMMAND := $(CONTAINER_ENGINE) run --rm -it --env-file $(BASE_ENV) -v "$(CURDIR)":$(WORKDIR):Z
+TERRAFORM_COMMAND := $(BASE_COMMAND) $(TERRAFORM_IMAGE):$(TERRAFORM_VERSION)
+
+# Determine some runtime values
+ifeq (".terraform/environment", "$(wildcard .terraform/environment)")
+	# if file exists on disk, get the workspace from it
+	TERRAFORM_VAR_FILE := -var-file=$(shell cat .terraform/environment).tfvars
 endif
 
 all: help
 
-check-env:
-# Uncomment this block if you use S3 for buckets
-#ifeq ($(origin AWS_ACCESS_KEY_ID), undefined)
-#$(error Environment variable AWS_ACCESS_KEY_ID needs to be defined)
-#endif
-#
-#ifeq ($(origin AWS_SECRET_ACCESS_KEY), undefined)
-#$(error Environment variable AWS_SECRET_ACCESS_KEY needs to be defined)
-#endif
-#
-#ifeq ($(origin AWS_SESSION_TOKEN), undefined)
-#$(warn For temporary credentials the environment variable AWS_SESSION_TOKEN needs to be defined)
-#endif
+.PHONY:.check-env
+.check-env:
+ifeq ($(origin TERRAFORM_STATE_S3), "yes")
+	@if [ "${AWS_PROFILE}" == "" ]; then \
+		if [ "${AWS_SECRET_ACCESS_KEY}" == "" ] || [ "${AWS_ACCESS_KEY_ID}" == "" ]; then \
+			echo "ERROR: AWS_PROFILE _or_ AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY must be profiled"; \
+			exit 1; \
+		fi; \
+	fi
+endif
 
+.PHONY: help
 help:   ## Show this help, includes list of all actions.
 	@awk 'BEGIN {FS = ":.*?## "}; /^.+: .*?## / && !/awk/ {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' ${MAKEFILE_LIST}
 
+.PHONY: clean
 clean: ## Cleanup the local checkout
-	-rm -f *.zip terraform *.backup
+	-rm -f *.zip *.backup
 
-setup: ## Use this to install terraform
-	-${BOOTSTRAP_CMD}
+.terraform:
+	@if [ ! -d .terraform ]; then $(TERRAFORM_COMMAND) init; else $(TERRAFORM_COMMAND) get --update > /dev/null; fi
 
-init: ## Initalize shared storage bucket for state and ensure modules are loaded
-	@if [ ! -d .terraform ]; then ${TF_PATH} init; else ${TF_PATH} get --update > /dev/null;fi
+.PHONY: init
+init: .terraform ## Initalize shared storage bucket for state and ensure modules are loaded
 
+.PHONY: list-workspaces
 list-workspaces: init ## Displays list of workspaces
-	${TF_PATH} workspace list
+	$(TERRAFORM_COMMAND) workspace list
 
+.PHONY: new-workspace-%
 new-workspace-%: init ## Creates and selects a new workspace
-	${TF_PATH} workspace new $*
+	$(TERRAFORM_COMMAND) workspace new $*
 
+.PHONY: select-%
 select-%: init ## Change to the provided workspace
-	${TF_PATH} workspace select $*
+	$(TERRAFORM_COMMAND) workspace select $*
 
 plan-%: select-% plan ## Run terraform plan against the defined workspace
-	: # This is because make doesnt like this target to not have any actions
+	: # This is because make doesnt like wildcard targets to not have any actions
 
 plan: init  ## Run terraform plan against the current workspace
-	${TF_PATH} plan -var-file=$(shell cat .terraform/environment).tfvars
+	$(TERRAFORM_COMMAND) plan $(TERRAFORM_VAR_FILE)
 
 test: plan ## Standard entry point for running tests. Calls plan
 
 apply-%: select-% apply ## Run terraform apply against the defined workspace
 	: # This is because make doesnt like this target to not have any actions
 
 apply: init ## Run terraform apply against the current workspace
-	${TF_PATH} apply -var-file=$(shell cat .terraform/environment).tfvars
+	$(TERRAFORM_COMMAND) apply $(TERRAFORM_VAR_FILE)
 
 show: init ## Run terraform show against the current workspace
-	${TF_PATH} show
+	$(TERRAFORM_COMMAND) show
 
 show-node: init ## Run terraform show against the current workspace. NODE_REGEX search pattern
-	${TF_PATH} show  | grep -P '^module| id| ip' | grep -C1 -P "${NODE_REGEX}"
+	$(TERRAFORM_COMMAND) show | grep -P '^module| id| ip' | grep -C1 -P "${NODE_REGEX}"
 
 taint-node: init ## Run terraform taint against the current workspace. NODE_REGEX search pattern
-	./scripts/taint.sh ${TF_PATH} ${NODE_REGEX}
+	./scripts/taint.sh $(TERRAFORM_COMMAND) ${NODE_REGEX}