accept SG defaults in tf vars; tf fmt

Author: Akshat0694

README.md

@@ -38,7 +38,7 @@ A new `export` folder should have been created. The `sg-payload.json` file conta
 
 After completing the export , edit the `sg-payload.json` file to provide tune each workflow configuration with the following:
 ###  Use the example_payload.jsonc file as a reference and edit the schema of the `sg-payload.json`
-- `DeploymentPlatformConfig` - THis is used to authenticate against a cloud provider using a StackGuardian Integration. Create the relevant integration in StackGuardian platform and update `DeploymentPlatformConfig.kind` from the following "AZURE_STATIC", "AWS_STATIC","GCP_STATIC", "AWS_RBAC". Update `DeploymentPlatformConfig.config.integrationId` with "/integrations/INTEGRATION_NAME" and `DeploymentPlatformConfig.config.profileName` with the name of the integration used upon creation.
+- `DeploymentPlatformConfig` - This is used to authenticate against a cloud provider using a StackGuardian Integration. Create the relevant integration in StackGuardian platform and update `DeploymentPlatformConfig.kind` from the following "AZURE_STATIC", "AWS_STATIC","GCP_STATIC", "AWS_RBAC". Update `DeploymentPlatformConfig.config.integrationId` with "/integrations/INTEGRATION_NAME" and `DeploymentPlatformConfig.config.profileName` with the name of the integration used upon creation.
 ```
   DeploymentPlatformConfig: [
     {

transformer/terraform-cloud/locals.tf

@@ -18,20 +18,20 @@ locals {
         },
     "kind" : "PLAIN_TEXT" } if v.category == "env" && v.sensitive == false]
 
-    DeploymentPlatformConfig = []
+    DeploymentPlatformConfig = var.SGDefaultDeploymentPlatformConfig
     RunnerConstraints        = { "type" : "shared" }
     VCSConfig = {
       "iacVCSConfig" : {
         "useMarketplaceTemplate" : false,
         "customSource" : {
-          "sourceConfigDestKind" : "Choose from: GITHUB_COM, BITBUCKET_ORG, GITLAB_COM, AZURE_DEVOPS",
+          "sourceConfigDestKind" : var.SGDefaultSourceConfigDestKind
           "config" : {
             "includeSubModule" : false,
             "ref" : length(data.tfe_workspace.data[i].vcs_repo) > 0 ? data.tfe_workspace.data[i].vcs_repo[0].branch != "" ? data.tfe_workspace.data[i].vcs_repo[0].branch : "" : "",
             "isPrivate" : length(data.tfe_workspace.data[i].vcs_repo) > 0 ? length(data.tfe_workspace.data[i].vcs_repo[0].oauth_token_id) > 0 || length(data.tfe_workspace.data[i].vcs_repo[0].github_app_installation_id) > 0 ? true : false : false,
-            "auth" : length(data.tfe_workspace.data[i].vcs_repo) > 0 ? length(data.tfe_workspace.data[i].vcs_repo[0].oauth_token_id) > 0 || length(data.tfe_workspace.data[i].vcs_repo[0].github_app_installation_id) > 0 ? "Provide an integration id like /integrations/aws-dev-account or /secrets/my-git-token" : "" : "",
+            "auth" : length(data.tfe_workspace.data[i].vcs_repo) > 0 ? length(data.tfe_workspace.data[i].vcs_repo[0].oauth_token_id) > 0 || length(data.tfe_workspace.data[i].vcs_repo[0].github_app_installation_id) > 0 ? var.SGDefaultVCSAuthIntegrationID : "" : "",
             "workingDir" : data.tfe_workspace.data[i].working_directory,
-            "repo" : length(data.tfe_workspace.data[i].vcs_repo) > 0 ? data.tfe_workspace.data[i].vcs_repo[0].identifier : ""
+            "repo" : length(data.tfe_workspace.data[i].vcs_repo) > 0 ? format("%s/%s", var.SGDefaultIACVCSRepoPrefix, data.tfe_workspace.data[i].vcs_repo[0].identifier) : ""
           }
         }
       },
@@ -56,7 +56,7 @@ locals {
       }
     }
 
-    Approvers = data.tfe_workspace.data[i].auto_apply == true ? [] : ["Add emails of the users who should approve the terraform plan, since approvalPreApply is set to true"]
+    Approvers = data.tfe_workspace.data[i].auto_apply == true ? [] : var.SGDefaultWfApprovers
 
     TerraformConfig = {
       "managedTerraformState" : true,
@@ -70,4 +70,4 @@ locals {
   data = jsonencode(
     local.workflows
   )
-}
+}

transformer/terraform-cloud/resources.tf

@@ -16,9 +16,9 @@ resource "local_file" "generateTempTfFiles" {
 resource "null_resource" "exportStateFiles" {
   depends_on = [local_file.generateTempTfFiles]
   triggers = {
-    always-update =  timestamp()
+    always-update = timestamp()
   }
-  for_each   = var.exportStateFiles ? toset(local.workflowNames) : []
+  for_each = var.exportStateFiles ? toset(local.workflowNames) : []
 
   provisioner "local-exec" {
     command     = "mkdir -p ../../states && rm -rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup && terraform init -input=false && terraform state pull > ../../states/'${each.key}.tfstate'"
@@ -27,9 +27,9 @@ resource "null_resource" "exportStateFiles" {
 }
 
 resource "null_resource" "deleteTempTfFiles" {
-  count      = var.exportStateFiles ? 1 : 0
+  count = var.exportStateFiles ? 1 : 0
   triggers = {
-    always-update =  timestamp()
+    always-update = timestamp()
   }
   depends_on = [null_resource.exportStateFiles]
 

transformer/terraform-cloud/terraform.tfvars.example

@@ -8,10 +8,33 @@ workspacenames = ["*"]
 exportStateFiles = true
 
 # Specify a list of tags in workspace tags to include, or leave empty to include all, for example: ["include"]
-# tfWorkspaceTags = []
+tfWorkspaceTags = null
 
 # Specify a list of tags in workspace tags to exclude, or leave empty to include all, for example: [exclude"]
-# tfWorkspaceIgnoreTags = []
+tfWorkspaceIgnoreTags = null
 
 # Directory to export Terraform files to
-# exportPath = "export"
+exportPath = "export"
+
+# Add emails of the users who should approve the terraform plan, since approvalPreApply is set to true
+SGDefaultWfApprovers = []
+
+# Prefix for your repo URL
+SGDefaultIACVCSRepoPrefix = "https://www.github.com"
+
+# Provide an integration id like /integrations/aws-dev-account or /secrets/my-git-token
+SGDefaultVCSAuthIntegrationID = "/integrations/github_com"
+
+# Integration to use to authenticate against your cloud provider
+SGDefaultDeploymentPlatformConfig = [
+    {
+      "kind" : "AWS_RBAC",
+      "config" : {
+        "integrationId" : "/integrations/aws-dev-account",
+        "profileName" : "default"
+      }
+    }
+  ]
+
+# Choose from: GITHUB_COM, BITBUCKET_ORG, GITLAB_COM, AZURE_DEVOPS, GIT_OTHER
+SGDefaultSourceConfigDestKind = "GITHUB_COM"

transformer/terraform-cloud/variables.tf

@@ -29,6 +29,44 @@ variable "tfWorkspaceIgnoreTags" {
 
 variable "exportPath" {
   default     = "export"
-  description = "name of the folder to export the payload, state files to ./export is the Default "
+  description = "name of the folder to export the payload, state files to. ./export is the default"
+  type        = string
+}
+
+variable "SGDefaultWfApprovers" {
+  default     = []
+  description = "Add emails of the users who should approve the terraform plan, since approvalPreApply is set to true"
+  type        = list(string)
+}
+
+variable "SGDefaultIACVCSRepoPrefix" {
+  default     = "https://VCS_PROVIDER_DOMAIN"
+  description = "Prefix for your repo URL"
+  type        = string
+}
+
+variable "SGDefaultVCSAuthIntegrationID" {
+  default     = "INTEGRATION_ID"
+  description = "Provide an integration id like /integrations/aws-dev-account or /secrets/my-git-token"
+  type        = string
+}
+
+variable "SGDefaultDeploymentPlatformConfig" {
+  default = [
+    {
+      "kind" : "AWS_RBAC",
+      "config" : {
+        "integrationId" : "INTEGRATION_ID",
+        "profileName" : "default"
+      }
+    }
+  ]
+  description = "Integration to use to authenticate against your cloud provider"
+  type        = list(any)
+}
+
+variable "SGDefaultSourceConfigDestKind" {
+  default     = "GIT_OTHER"
+  description = "Choose from: GITHUB_COM, BITBUCKET_ORG, GITLAB_COM, AZURE_DEVOPS, GIT_OTHER"
   type        = string
 }