refactor

Author: Akshat0694

.gitignore

@@ -159,6 +159,7 @@ override.tf.json
 terraform.rc
 
 export/*
+out/*
 zip
 zip/*
 

README.md

@@ -14,30 +14,31 @@ Migrate workloads from other platforms to [StackGuardian Platform](https://app.s
 
 ## Prerequisites
 
+- An organization on [StackGuardian Platform](https://app.stackguardian.io)
+- Optionally, pre-configure VCS, cloud integrations or private runners to use when importing into StackGuardian Platform.
 - Terraform
-  - terraform login to ensure that Terraform can interact with your Terraform Cloud/Enterprise account.
 - [sg-cli](https://github.com/StackGuardian/sg-cli/tree/main/shell)
 
 ### Perform terraform login
-`terraform login`
+Perform `terraform login` to ensure that your local Terraform can interact with your Terraform Cloud/Enterprise account.
 
 ### Export the resource definitions and Terraform state
 
 - Choose the transformer and locate the example of `terraform.tfvars.example` and rename it to `terraform.tfvars`.
-- Edit that file ( terraform.tfvars) to match your context.
+- Edit terraform.tfvars with appropriate variables.
 - Run the following commands:
 
 ```shell
-cd transformer/exporter
+cd transformer/terraform-cloud
 terraform init
 terraform apply -auto-approve -var-file=terraform.tfvars
 ```
 
 A new `export` folder should have been created. The `sg-payload.json` file contains the definition for each workflow that will be created for each Terraform Workspace, and the `states` folder contains the files for the Terraform state for each of your workspaces, if the state export was enabled.
 
 After completing the export , edit the `sg-payload.json` file to provide tune each workflow configuration with the following:
-###  Use the example_payload.jsonc file to refrence and edit the schema of the `sg-payload.json`
-- `DeploymentPlatformConfig` - (Used to authenticate against a cloud provider using a StackGuardian Integration), Create the relevant integration in StackGuardian platform and update `DeploymentPlatformConfig.kind` from the following "AZURE_STATIC", "AWS_STATIC","GCP_STATIC", "AWS_RBAC". Update `DeploymentPlatformConfig.config.integrationId` with "/integrations/INTEGRATION_NAME" and `DeploymentPlatformConfig.config.profileName` with the name of the integration used upon creation.
+###  Use the example_payload.jsonc file as a reference and edit the schema of the `sg-payload.json`
+- `DeploymentPlatformConfig` - THis is used to authenticate against a cloud provider using a StackGuardian Integration. Create the relevant integration in StackGuardian platform and update `DeploymentPlatformConfig.kind` from the following "AZURE_STATIC", "AWS_STATIC","GCP_STATIC", "AWS_RBAC". Update `DeploymentPlatformConfig.config.integrationId` with "/integrations/INTEGRATION_NAME" and `DeploymentPlatformConfig.config.profileName` with the name of the integration used upon creation.
 ```
   DeploymentPlatformConfig: {
       "kind": "AWS_RBAC",
@@ -47,33 +48,30 @@ After completing the export , edit the `sg-payload.json` file to provide tune ea
       }
     }
 ```
-- `VCSConfig` - Provide full path to the `repo` like as well the relevant `sourceConfigDestKind` from the following "GITHUB_COM", "BITBUCKET_ORG", "GITLAB_COM", "AZURE_DEVOPS".
+- `VCSConfig` - Provide full path to the `repo` like as well the relevant `sourceConfigDestKind` from the following "GITHUB_COM", "BITBUCKET_ORG", "GITLAB_COM", "AZURE_DEVOPS"
     - `config.auth` 
     - `config.isPrivate`
 
-- `ResourceName` // workspace name 
-- `wfgrpName` // this corresponds to the labelling of workflow group name in the StackGuardian platform
-- `Description` // description for the workflows created in the StackGuardian platform
-- `Tags` // list of tags for the workflows created in the StackGuardian platform 
-- `EnvironmentVariables` // environment variables for the workflows created in the StackGuardian platform
-- `RunnerConstraints` // Runner description for the workflows in the StackGuardian platform
-- `DeploymentPlatformConfig`
-- `Approvers` // Aprrovers for the workflow to run it successfully
-- `TerraformConfig` // Terraform configuration for the workflows created in the StackGuardian platform
-- `WfType` // this corresponds to the workflow type of  the workflow created in the StackGuardian platform
-- `UserSchedules` // Scheduled workflow run configuration for the workflow in the StackGuardian platform
-- `MiniSteps` // Ministeps for the workflow to direct the process if the workflow returns an error/success/approval required and workflow chaining .
+- `ResourceName` - name of your StackGuardian Workflow
+- `wfgrpName` - this corresponds to the labelling of workflow group name in the StackGuardian platform
+- `Description` - description for the workflows created in the StackGuardian platform
+- `Tags` - list of tags for the workflows created in the StackGuardian platform 
+- `EnvironmentVariables` - environment variables for the workflows created in the StackGuardian platform
+- `RunnerConstraints` - Runner description for the workflows in the StackGuardian platform
+- `Approvers` - Approvers for the workflow to run it successfully
+- `TerraformConfig` - Terraform configuration for the workflows created in the StackGuardian platform
+- `UserSchedules` - Scheduled workflow run configuration for the workflow in the StackGuardian platform
+- `MiniSteps` - Ministeps for the workflow to direct the process if the workflow returns an error/success/approval required and workflow chaining
 
 ### Bulk import workflows to StackGuardian Platform
 
-- Fetch sg-cli (https://github.com/StackGuardian/sg-cli.git) and set up sg-cli locally (documentation present in repo)
+- Fetch [sg-cli](https://github.com/StackGuardian/sg-cli.git) and set it up locally (documentation present in repo)
 - Run the following commands and pass the `sg-payload.json` as payload (represented below)
+- Get your SG API Key here: https://app.stackguardian.io/orchestrator/orgs/<ORG_ID>/settings?tab=api_key
 
 ```shell
 cd ../../export
 
-Get your SG API Key here: https://app.stackguardian.io/orchestrator/orgs/<org-id>/settings?tab=api_key
-
 export SG_API_TOKEN=<YOUR_SG_API_TOKEN>
 wget -q "$(wget -qO- "https://api.github.com/repos/stackguardian/sg-cli/releases/latest" | jq -r '.tarball_url')" -O sg-cli.tar.gz && tar -xf sg-cli.tar.gz && rm -f sg-cli.tar.gz && /bin/cp -rf StackGuardian-sg-cli*/shell/sg-cli . && rm -rfd StackGuardian-sg-cli*
 

transformer/exporter/locals.tf

@@ -1,18 +1,18 @@
-data "tfe_workspace_ids" "ids" {
+data "tfe_workspace_ids" "data" {
   names        = var.workspaceIds
   organization = var.tfOrg
   tag_names    = var.tfWorkspaceTags
   exclude_tags = var.tfWorkspaceIgnoreTags
 }
 
-data "tfe_workspace" "ids" {
+data "tfe_workspace" "data" {
   for_each = toset(local.workflowNames)
 
   name         = each.key
   organization = var.tfOrg
 }
 
-data "tfe_variables" "ids" {
+data "tfe_variables" "data" {
   for_each = toset(local.workflowIds)
 
   workspace_id = each.key

transformer/exporter/terraform.tfvars.example

@@ -0,0 +1,73 @@
+locals {
+  workflowIds   = [for i, v in data.tfe_workspace_ids.data.ids : v]
+  workflowNames = [for i, v in data.tfe_workspace_ids.data.ids : i]
+  workflows = [for i, v in data.tfe_workspace_ids.data.ids : {
+    CLIConfiguration = {
+      "WorkflowGroup" : {
+        "name" : data.tfe_workspace.data[i].project_id
+      },
+      "TfStateFilePath" : "${abspath(path.root)}/../../${var.exportPath}/states/${data.tfe_workspace.data[i].name}.tfstate"
+    }
+    ResourceName = data.tfe_workspace.data[i].name
+    Description  = ""
+    Tags         = data.tfe_workspace.data[i].tag_names
+    EnvironmentVariables = [for i, v in data.tfe_variables.data[v].variables :
+      { "config" : {
+        "textValue" : v.value,
+        "varName" : v.name
+        },
+    "kind" : "PLAIN_TEXT" } if v.category == "env" && v.sensitive == false]
+
+    DeploymentPlatformConfig = []
+    RunnerConstraints        = { "type" : "shared" }
+    VCSConfig = {
+      "iacVCSConfig" : {
+        "useMarketplaceTemplate" : false,
+        "customSource" : {
+          "sourceConfigDestKind" : "Choose from: GITHUB_COM, BITBUCKET_ORG, GITLAB_COM, AZURE_DEVOPS",
+          "config" : {
+            "includeSubModule" : false,
+            "ref" : length(data.tfe_workspace.data[i].vcs_repo) > 0 ? data.tfe_workspace.data[i].vcs_repo[0].branch != "" ? data.tfe_workspace.data[i].vcs_repo[0].branch : "" : "",
+            "isPrivate" : length(data.tfe_workspace.data[i].vcs_repo) > 0 ? length(data.tfe_workspace.data[i].vcs_repo[0].oauth_token_id) > 0 || length(data.tfe_workspace.data[i].vcs_repo[0].github_app_installation_id) > 0 ? true : false : false,
+            "auth" : length(data.tfe_workspace.data[i].vcs_repo) > 0 ? length(data.tfe_workspace.data[i].vcs_repo[0].oauth_token_id) > 0 || length(data.tfe_workspace.data[i].vcs_repo[0].github_app_installation_id) > 0 ? "Provide an integration id like /integrations/aws-dev-account or /secrets/my-git-token" : "" : "",
+            "workingDir" : data.tfe_workspace.data[i].working_directory,
+            "repo" : length(data.tfe_workspace.data[i].vcs_repo) > 0 ? data.tfe_workspace.data[i].vcs_repo[0].identifier : ""
+          }
+        }
+      },
+      "iacInputData" : {
+        "schemaType" : "RAW_JSON",
+        "data" : { for i, v in data.tfe_variables.data[v].variables : v.name => v.value if v.category == "terraform" }
+      }
+    }
+
+    MiniSteps = {
+      "wfChaining" : {
+        "ERRORED" : [],
+        "COMPLETED" : []
+      },
+      "notifications" : {
+        "email" : {
+          "ERRORED" : [],
+          "COMPLETED" : [],
+          "APPROVAL_REQUIRED" : [],
+          "CANCELLED" : []
+        }
+      }
+    }
+
+    Approvers = data.tfe_workspace.data[i].auto_apply == true ? [] : ["Add emails of the users who should approve the terraform plan, since approvalPreApply is set to true"]
+
+    TerraformConfig = {
+      "managedTerraformState" : true,
+      "terraformVersion" : data.tfe_workspace.data[i].terraform_version,
+      "approvalPreApply" : !data.tfe_workspace.data[i].auto_apply
+    }
+
+    WfType        = "TERRAFORM"
+    UserSchedules = []
+  }]
+  data = jsonencode(
+    local.workflows
+  )
+}

transformer/exporter/.gitignore renamed to transformer/terraform-cloud/.gitignore

@@ -6,13 +6,13 @@ terraform {
       source  = "hashicorp/local"
       version = "~> 2.4.0"
     }
+    tfe = {
+      source  = "hashicorp/tfe"
+      version = "~> 0.48.0"
+    }
     null = {
       source  = "hashicorp/null"
       version = "~> 3.2.1"
     }
-    tfe = {
-      source  = "hashicorp/tfe"
-      version = "~> 0.45.0"
-    }
   }
 }

transformer/exporter/data.tf renamed to transformer/terraform-cloud/data.tf

@@ -7,7 +7,7 @@ resource "local_file" "data" {
 }
 
 resource "local_file" "generateTempTfFiles" {
-  for_each = var.stateExport ? toset(local.workflowNames) : []
+  for_each = var.exportStateFiles ? toset(local.workflowNames) : []
 
   content  = templatefile("${path.module}/workspace.tmpl", { tfOrg = var.tfOrg, workspace = each.key })
   filename = "${path.module}/../../${var.exportPath}/tfDir/${each.key}/main.tf"
@@ -18,7 +18,7 @@ resource "null_resource" "exportStateFiles" {
   triggers = {
     always-update =  timestamp()
   }
-  for_each   = var.stateExport ? toset(local.workflowNames) : []
+  for_each   = var.exportStateFiles ? toset(local.workflowNames) : []
 
   provisioner "local-exec" {
     command     = "mkdir -p ../../states && rm -rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup && terraform init -input=false && terraform state pull > ../../states/'${each.key}.tfstate'"
@@ -27,7 +27,7 @@ resource "null_resource" "exportStateFiles" {
 }
 
 resource "null_resource" "deleteTempTfFiles" {
-  count      = var.stateExport ? 1 : 0
+  count      = var.exportStateFiles ? 1 : 0
   triggers = {
     always-update =  timestamp()
   }