This repository has been archived by the owner on Jul 2, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 28
/
Copy pathaz2tf.sh
executable file
·281 lines (248 loc) · 6.97 KB
/
az2tf.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
usage()
{ echo "Usage: $0 -s <Subscription ID> [-g <Resource Group>] [-r azurerm_<resource_type>] [-x <yes|no(default)>] [-p <yes|no(default)>] [-f <yes|no(default)>] " 1>&2; exit 1;
}
x="no"
p="no"
f="no"
while getopts ":s:g:r:x:p:f:" o; do
case "${o}" in
s)
s=${OPTARG}
;;
g)
g=${OPTARG}
;;
r)
r=${OPTARG}
;;
x)
x="yes"
;;
p)
p="yes"
;;
f)
f="yes"
;;
*)
usage
;;
esac
done
shift $((OPTIND-1))
if [ -z "${s}" ]; then
usage
fi
export az2tfmess="# File generated by az2tf see https://github.com/andyt530/az2tf"
if [ "$s" != "" ]; then
mysub=$s
else
echo -n "Enter id of Subscription [$mysub] > "
read response
if [ -n "$response" ]; then
mysub=$response
fi
fi
echo "Checking Subscription $mysub exists ..."
isok="no"
subs=`az account list --query '[].id' -o json | jq '.[]' | tr -d '"'`
for i in `echo $subs`
do
if [ "$i" = "$mysub" ] ; then
echo "Found subscription $mysub proceeding ..."
isok="yes"
fi
done
if [ "$isok" != "yes" ]; then
echo "Could not find subscription with ID $mysub"
exit
fi
myrg=$g
export ARM_SUBSCRIPTION_ID="$mysub"
az account set -s $mysub
mkdir -p generated/tf.$mysub
cd generated/tf.$mysub
rm -rf .terraform
if [ "$f" = "no" ]; then
rm -f import.log resources*.txt
rm -f processed.txt
else
sort -u processed.txt > pt.txt
cp pt.txt processed.txt
fi
if [ "$f" = "no" ]; then
../../scripts/resources.sh 2>&1 | tee -a import.log
fi
echo " "
echo "Subscription ID = ${s}"
echo "Azure Resource Group Filter = ${g}"
echo "Terraform Resource Type Filter = ${r}"
echo "Get Subscription Policies & RBAC = ${p}"
echo "Extract Key Vault Secrets to .tf files (insecure) = ${x}"
echo "Fast Forward = ${f}"
echo " "
pfx[1]="az group list"
res[1]="azurerm_resource_group"
pfx[2]="az lock list"
res[2]="azurerm_management_lock"
res[51]="azurerm_role_definition"
res[52]="azurerm_role_assignment"
res[53]="azurerm_policy_definition"
res[54]="azurerm_policy_assignment"
#
# uncomment following line if you want to use an SPN login
#../../setup-env.sh
if [ "$g" != "" ]; then
lcg=`echo $g | awk '{print tolower($0)}'`
# check provided resource group exists in subscription
exists=`az group exists -g $g -o json`
if ! $exists ; then
echo "Resource Group $g does not exists in subscription $mysub Exit ....."
exit
fi
echo "Filtering by Azure RG $g"
grep $g resources2.txt > tmp.txt
rm -f resources2.txt
cp tmp.txt resources2.txt
fi
if [ "$r" != "" ]; then
lcr=`echo $r | awk '{print tolower($0)}'`
echo "Filtering by Terraform resource $lcr"
grep $lcr resources2.txt > tmp2.txt
rm -f resources2.txt
cp tmp2.txt resources2.txt
fi
# cleanup from any previous runs
rm -f terraform*.backup
#rm -f terraform.tfstate
rm -f tf*.sh
cp ../../stub/*.tf .
echo "terraform init"
terraform init 2>&1 | tee -a import.log
# subscription level stuff - roles & policies
if [ "$p" = "yes" ]; then
for j in `seq 51 54`; do
docomm="../../scripts/${res[$j]}.sh $mysub"
echo $docomm
eval $docomm 2>&1 | tee -a import.log
if grep -q Error: import.log ; then
echo "Error in log file exiting ...."
exit
fi
done
fi
#echo $myrg
#../scripts/193_azurerm_application_gateway.sh $myrg
date
# top level stuff - resource groups
if [ "$f" = "no" ]; then
j=1
if [ "$g" != "" ]; then
trgs=`az group list --query "[?name=='$myrg']" -o json`
else
trgs=`az group list -o json`
fi
count=`echo $trgs | jq '. | length'`
if [ "$count" -gt "0" ]; then
count=`expr $count - 1`
for i in `seq 0 $count`; do
myrg=`echo $trgs | jq ".[(${i})].name" | tr -d '"'`
echo -n $i of $count " "
docomm="../../scripts/${res[$j]}.sh $myrg"
echo "$docomm"
eval $docomm 2>&1 | tee -a import.log
if grep Error: import.log ; then
echo "Error in log file exiting ...."
exit
fi
done
fi
date
# 2 - management locks
for j in `seq 2 2`; do
if [ "$r" = "" ]; then
c1=`echo ${pfx[${j}]}`
gr=`printf "%s-" ${res[$j]}`
#echo c1=$c1 gr=$gr
comm=`printf "%s --query '[].resourceGroup' -o json | jq '.[]' | sort -u" "$c1"`
comm2=`printf "%s --query '[].resourceGroup' -o json | jq '.[]' | sort -u | wc -l" "$c1"`
#echo comm=$comm2
tc=`eval $comm2`
#echo tc=$tc
tc=`echo $tc | tr -d ' '`
trgs=`eval $comm`
count=`echo ${#trgs}`
if [ "$g" != "" ]; then
../../scripts/${res[$j]}.sh $g
else
if [ "$count" -gt "0" ]; then
c5="1"
for j2 in `echo $trgs`; do
echo -n "$c5 of $tc "
docomm="../../scripts/${res[$j]}.sh $j2"
echo "$docomm"
eval $docomm 2>&1 | tee -a import.log
c5=`expr $c5 + 1`
if grep -q Error: import.log ; then
echo "Error in log file exiting ...."
exit
fi
done
fi
fi
fi
done
fi
echo loop through providers
for com in `ls ../../scripts/*_azurerm*.sh | cut -d'/' -f4 | sort -g`; do
gr=`echo $com | awk -F 'azurerm_' '{print $2}' | awk -F '.sh' '{print $1}'`
echo $gr
lc="1"
tc2=`cat resources2.txt | grep $gr | wc -l`
for l in `cat resources2.txt | grep $gr` ; do
echo -n $lc of $tc2 " "
myrg=`echo $l | cut -d':' -f1`
prov=`echo $l | cut -d':' -f2`
#echo "debug $j prov=$prov res=${res[$j]}"
docomm="../../scripts/$com $myrg"
echo "$docomm"
if [ "$f" = "no" ]; then
eval $docomm 2>&1 | tee -a import.log
else
grep "$docomm" processed.txt
if [ $? -eq 0 ]; then
echo "skipping $docomm"
else
eval $docomm 2>&1 | tee -a import.log
fi
fi
lc=`expr $lc + 1`
if grep Error: import.log; then
echo "Error in log file exiting ...."
exit
else
echo "$docomm" >> processed.txt
fi
done
rm -f terraform*.backup
done
date
if [ "$x" = "yes" ]; then
echo "Attempting to extract secrets"
../../scripts/350_key_vault_secret.sh
fi
#
echo "Cleanup Cloud Shell"
#rm -f *cloud-shell-storage*.tf
#states=`terraform state list | grep cloud-shell-storage`
#echo $states
#terraform state rm $states
#
echo "Terraform fmt ..."
terraform fmt
echo "Terraform Plan ..."
terraform plan .
echo "---------------------------------------------------------------------------"
echo "az2tf output files are in generated/tf.$mysub"
echo "---------------------------------------------------------------------------"
exit