-
Notifications
You must be signed in to change notification settings - Fork 110
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mass import existing resources from JFrog into Terraform #621
Comments
@ssyeds There're 2 steps in starting to manage existing infrastructure:
There have been a few request for an utility to generate the Terraform configuration file from the Artifactory instance. There's no current schedule on when that will be created. |
Maybe a import block can work for your use case: https://developer.hashicorp.com/terraform/language/import |
@alexhung can you give an example of, say what a What would the |
@chb0github The new provider "artifactory" {
...
}
import {
to = artifactory_local_generic.my-generic-local
id = "my-generic-local"
} Then terraform import plan -generate-config-out=generated.tf |
@chb0github I envision this tool will have ability to let user specify the 'category' to extract, e.g. local/remote/virtual/federated repos, security, configuration, etc. as well as specific resource type So the users would need to execute this tool multiple times to generate multiple |
Yeah, I was thinking something like: cat - <EOF > import.hcl
provider "artifactory" {
}
import {
$(curl -snLf https://my.artifactory.com/artifactory/api/repositories | jq 'map("
to = \(.packageType).\(key)
id = \"\(.key)\"
")
| .[]'
)
}
EOF
terraform import If you give me
I am sure I can whip out something fast that will generate a monster HCL |
I am feeling a bit bored ATM 😴 |
from a cli: Not too challenging |
@chb0github 😄 Now try this on an instance with 5000+ repos. And you must not DDoS the instance. |
Sure. Np |
looking at the docs, actually, only 1 single call is needed:
here's the sample - There should be no scaling issue at all because, until you run [
{
"key" : "libs-releases-local",
"type" : "LOCAL",
"description" : "Local repository for in-house libraries",
"url" : "http://localhost:8081/artifactory/libs-releases-local",
"packageType": "Generic"
}, {
"key" : "libs-snapshots-local",
"type" : "LOCAL",
"description" : "Local repository for in-house snapshots",
"url" : "http://localhost:8081/artifactory/libs-snapshots-local",
"packageType": "Maven"
}
] If we continue on this path a bit: cat << EOF
provider "artifactory" {
}
import {
$(jq -re '.[] | "\(.key) \(.type) \(.packageType)"' packages.json | xargs -n 3 bash -c 'printf "
to = ${2,,}.${1,,}
id = \"${3,,}\""' _
)
}
EOF
provider "artifactory" {
}
import {
to = local.libs-releases-local
id = "generic"
to = local.libs-snapshots-local
id = "maven"
}
here is a loop/read version that should be faster since it doesn't spawn a shell per repo: while read -r key _ package; do
echo "to = ${package,,}.${key,,}"
echo "id = \"${key,,}\""
done < <(jq -re '.[] | "\(.key) \(.type) \(.packageType)"' packages.json)
to = generic.libs-releases-local
id = "libs-releases-local"
to = maven.libs-snapshots-local
id = "libs-snapshots-local" |
You know, I actually thought about this: technically you don't need terra form import: you can just interrogate all the resources yourself and generate the proper HCl |
This generates the proper syntax: printf '
provider "artifactory" {
}
'
while read -r key type package; do
printf '
import {
to = artifactory_%s_%s.%s
id = %s
}
' "${type,,}" "${package,,}" "${key,,}" "${key,,}"
done < <(jq -re '.[] | "\(.key) \(.type) \(.packageType)"' packages.json) And, the way to handle importing some, but not others, is to create a function per resource type, then putting those in a set and executing them: function importRepos {
while read -r key type package; do
cat <<-EOF
import {
to = artifactory_"${type,,}"_ "${package,,}". "${key,,}
id = "${key,,}
}
EOF
done < <(jq -re '.[] | "\(.key) \(.type) \(.packageType)"' packages.json)
}
function importUsers {
for i in {1..10}; do
local username="username-${RANDOM}-${i}"
cat <<-EOF
import {
to = artifactory_user.${username}
id = %s
}
EOF
done
}
resources=(importRepos importUsers importRepos)
for f in $(echo "${resources[@]}" | sort -u); do
$(f)
done with this sort of thing, they could do |
That's the original design/plan for this tool. |
@chb0github You should consider creating a public repo with these scripts 😄 |
I have... repeatedly... :) Let's sync up this morning and discuss an approach for this thing |
I think what is/was being proposed is that you can generate the import {
} block, and then just run |
This issue was created before HashiCorp released the Then the |
well, it can be done the way your suggest, and wouldn't be impossible. If you still wanna do it that way, you can throttle your calls easily enough: curl -snLf https://my.artifactory.com/artifactory/api/repositories | jq -re '.[].key' |
xargs printf 'https://my.artifactory.com/artifactory/api/repositories/%s ' |
xargs -n 10 -p 10 curl -snLf | jq -sre 'flatten' this last part is where the throttling is done:
You were worried about DOSing the system. This allows you to dial in some default or let the user system override. If you just did a So, which approach were you thinking? |
next steps: handle the special case of docker local repos (we need to fetch the version number which requires an extra call) test management of netrc (we don't want to mess up someones file) exclude resources found in the local terraform state
* master: Update devfile.yaml trying out spaces
…tainering this script isn't done, but it's also out-of-scope
…form-provider-artifactory into jfrogGH-621-bulk-import * 'jfrogGH-621-bulk-import' of github.com:chb0github/terraform-provider-artifactory: fix store_artifacts_locally docs to reflect reality JFrog Pipelines - Add Artifactory version to CHANGELOG.md Update CHANGELOG Update module path from 'v8' to 'v9' Add planmodifier.RequiresReplace() to "key" attribute Update CHANGELOG Migrate 'artifactory_backup' resource to terraform-plugin-framework Update CHANGELOG Update validation for "project_environments" to allow empty list Update documentation JFrog Pipelines - Add Artifactory version to CHANGELOG.md Update CHANGELOG Add "force_conan_authentication" attribute to local, virtual, and federated repo resources and data sources
@ssyeds - This pr is almost merged in. I'll be curious to get your input |
Being able to mass import an existing infrastructure into terraform templates would be very helpful. Currently from my understanding the only way to do this is to do a terraform import for every resource individually which can lead to a long list of TF templates being created. A mass import would allow for a much cleaner way of readability and usage.
The text was updated successfully, but these errors were encountered: