Terrform custom registry generator & promotion script

.drone.yml

@@ -625,7 +625,102 @@ volumes:
     temp: {}
 
 ---
+kind: pipeline
+type: kubernetes
+name: tag-stage-terraform-provider
+
+trigger:
+  event:
+    - tag
+  ref:
+    include:
+      - refs/tags/terraform-provider-teleport-v*
+
+depends_on:
+  - tag-build-terraform-linux
+  - tag-build-terraform-darwin
+
+concurrency:
+  limit: 1
+
+steps:
+  - name: Upload terraform provider to staging registry
+    image: golang:1.17.5
+    commands:
+      - cd tooling
+      - |
+        go run ./cmd/promote-terraform   \
+          --tag ${DRONE_TAG}             \
+          -p 4.0 -p 5.1                  \
+          --namespace gravitational      \
+          --name teleport
+
+    environment:
+      STAGING_REGION: us-east-2
+      STAGING_BUCKET:
+        from_secret: AWS_S3_BUCKET
+      STAGING_ACCESS_KEY_ID:
+        from_secret: AWS_ACCESS_KEY_ID
+      STAGING_SECRET_ACCESS_KEY:
+        from_secret: AWS_SECRET_ACCESS_KEY
+
+      PRODUCTION_REGION: us-east-2
+      PROD_BUCKET:
+        from_secret: STAGING_AWS_TERRAFORM_BUCKET
+      PROD_ACCESS_KEY_ID:
+        from_secret: STAGING_AWS_TERRAFORM_ACCESS_KEY_ID
+      PROD_SECRET_ACCESS_KEY:
+        from_secret: STAGING_AWS_TERRAFORM_SECRET_ACCESS_KEY
+
+      SIGNING_KEY:
+        from_secret: STAGING_TERRAFORM_REGISTRY_SIGNING_KEY
+---
+kind: pipeline
+type: kubernetes
+name: promote-terraform-provider
+
+trigger:
+  event:
+  - promote
+  target:
+  - production
+
+concurrency:
+  limit: 1
+
+steps:
+  - name: Promote terraform provider to public registry
+    image: golang:1.17.5
+    commands:
+      - cd tooling
+      - |
+        go run ./cmd/promote-terraform   \
+          --tag ${DRONE_TAG}             \
+          -p 4.0 -p 5.1                  \
+          --namespace gravitational      \
+          --name teleport
+
+    environment:
+      STAGING_REGION: us-east-2
+      STAGING_BUCKET:
+        from_secret: AWS_S3_BUCKET
+      STAGING_ACCESS_KEY_ID:
+        from_secret: AWS_ACCESS_KEY_ID
+      STAGING_SECRET_ACCESS_KEY:
+        from_secret: AWS_SECRET_ACCESS_KEY
+
+      PRODUCTION_REGION: ap-southeast-2
+      PROD_BUCKET:
+        from_secret: PRODUCTION_AWS_TERRAFORM_BUCKET
+      PROD_ACCESS_KEY_ID:
+        from_secret: PRODUCTION_AWS_TERRAFORM_ACCESS_KEY_ID
+      PROD_SECRET_ACCESS_KEY:
+        from_secret: PRODUCTION_AWS_TERRAFORM_SECRET_ACCESS_KEY 
+
+      SIGNING_KEY:
+        from_secret: PRODUCTION_TERRAFORM_REGISTRY_SIGNING_KEY 
+---
 kind: signature
-hmac: 9f4c1a36000b9b2637e790418a624a31c162e2bb248cc6718a1c28a82a8b10c4
+hmac: 7c3217716b77812d57ebf5f3d6965dfef25aedcc6593bd50365903d65bd2b79f
 
 ...

Makefile

@@ -73,9 +73,14 @@ event-handler:
 
 # Run all tests
 .PHONY: test
-test:
+test: test-tooling
 	@echo Testing plugins against Teleport $(TELEPORT_GET_VERSION)
-	go test -race -count 1 ./...
+	go test -race -count 1 $(shell go list ./...)
+
+
+.PHONY: test-tooling
+test-tooling:
+	(cd tooling; go test -v -race ./...)
 
 # Individual releases
 .PHONY: release/access-slack

tooling/cmd/promote-terraform/args.go

@@ -0,0 +1,119 @@
+package main
+
+import (
+	"os"
+	"strings"
+
+	"github.com/gravitational/kingpin"
+)
+
+type bucketConfig struct {
+	region          string
+	bucketName      string
+	accessKeyID     string
+	secretAccessKey string
+}
+
+type args struct {
+	providerTag       string
+	workingDir        string
+	registryURL       string
+	staging           bucketConfig
+	production        bucketConfig
+	signingKeyText    string
+	protocolVersions  []string
+	providerNamespace string
+	providerName      string
+	verbosity         int
+}
+
+func parseCommandLine() *args {
+	app := kingpin.New("promote-terraform", "Adds files to a terraform registry")
+	result := &args{}
+
+	app.Flag("tag", "The version tag identifying  version of provider to promote").
+		Required().
+		StringVar(&result.providerTag)
+
+	app.Flag("staging-bucket", "S3 Staging bucket url (where to fetch tarballs for promotion)").
+		Envar("STAGING_BUCKET").
+		Required().
+		StringVar(&result.staging.bucketName)
+
+	app.Flag("staging-region", "AWS region the staging bucket is in").
+		Envar("STAGING_REGION").
+		Default("us-west-2").
+		StringVar(&result.staging.region)
+
+	app.Flag("staging-access-key-id", "AWS access key id for staging bucket").
+		Envar("STAGING_ACCESS_KEY_ID").
+		Required().
+		StringVar(&result.staging.accessKeyID)
+
+	app.Flag("staging-secret-access-key", "AWS secret access key for staging bucket").
+		Envar("STAGING_SECRET_ACCESS_KEY").
+		Required().
+		StringVar(&result.staging.secretAccessKey)
+
+	app.Flag("prod-bucket", "S3 production bucket url (where to push the resulting registry)").
+		Envar("PROD_BUCKET").
+		StringVar(&result.production.bucketName)
+
+	app.Flag("prod-region", "AWS region the production bucket is in").
+		Envar("PRODUCTION_REGION").
+		Default("us-east-1").
+		StringVar(&result.production.region)
+
+	app.Flag("prod-access-key-id", "AWS access key id for production bucket").
+		Envar("PROD_ACCESS_KEY_ID").
+		Required().
+		StringVar(&result.production.accessKeyID)
+
+	app.Flag("prod-secret-access-key", "AWS secret access key for production bucket").
+		Envar("PROD_SECRET_ACCESS_KEY").
+		Required().
+		StringVar(&result.production.secretAccessKey)
+
+	app.Flag("working-dir", "Working directory to store generated files").
+		Short('d').
+		Default("./workspace").
+		StringVar(&result.workingDir)
+
+	app.Flag("signing-key", "GPG signing key in ASCII armor format").
+		Short('k').
+		Envar("SIGNING_KEY").
+		StringVar(&result.signingKeyText)
+
+	app.Flag("protocol", "Terraform protocol supported by files").
+		Short('p').
+		Default("4.0", "5.1").
+		StringsVar(&result.protocolVersions)
+
+	app.Flag("registry-url", "Address where registry objects will be served.").
+		Default("https://terraform.releases.teleport.dev/").
+		StringVar(&result.registryURL)
+
+	app.Flag("namespace", "Terraform provider namespace").
+		Default("gravitational").
+		StringVar(&result.providerNamespace)
+
+	app.Flag("name", "Terraform provider name").
+		Default("teleport").
+		StringVar(&result.providerName)
+
+	app.Flag("verbose", "Output more trace output").
+		Short('v').
+		CounterVar(&result.verbosity)
+
+	kingpin.MustParse(app.Parse(os.Args[1:]))
+
+	// Marshal the arguments into a canonical format here, so we don't have to
+	// second guess the format later on when we're in the thick of doing the
+	// actual work...
+
+	if !strings.HasSuffix(result.registryURL, "/") {
+		result.registryURL = result.registryURL + "/"
+	}
+
+	return result
+}