diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml index 50d91237..77839aef 100644 --- a/.github/workflows/dev.yml +++ b/.github/workflows/dev.yml @@ -397,22 +397,6 @@ jobs: - name: /secretsForGpgFromEnv/example run: nix-env -if . && m . /secretsForGpgFromEnv/example - linux_taintTerraform_module: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 - - uses: docker://docker.io/nixos/nix@sha256:c3db4c484f6b1ee6c9bb8ca90307cfbeca8ef88156840911356a677eeaff4845 - name: /taintTerraform/module - with: - args: sh -c "chown -R root:root /github/workspace && nix-env -if . && m . /taintTerraform/module" - macos_taintTerraform_module: - runs-on: macos-latest - steps: - - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 - - uses: cachix/install-nix-action@6ed004b9ccb68dbc28e7c85bee15fa93dbd214ac - - name: /taintTerraform/module - run: nix-env -if . && m . /taintTerraform/module - linux_testLicense: runs-on: ubuntu-latest steps: diff --git a/.github/workflows/prod.yml b/.github/workflows/prod.yml index ea27ab25..fbd53f20 100644 --- a/.github/workflows/prod.yml +++ b/.github/workflows/prod.yml @@ -571,26 +571,6 @@ jobs: env: CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - linux_taintTerraform_module: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 - - uses: docker://docker.io/nixos/nix@sha256:c3db4c484f6b1ee6c9bb8ca90307cfbeca8ef88156840911356a677eeaff4845 - name: /taintTerraform/module - with: - args: sh -c "chown -R root:root /github/workspace && nix-env -if . && m . /taintTerraform/module" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_taintTerraform_module: - runs-on: macos-latest - steps: - - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 - - uses: cachix/install-nix-action@6ed004b9ccb68dbc28e7c85bee15fa93dbd214ac - - name: /taintTerraform/module - run: nix-env -if . && m . /taintTerraform/module - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - linux_testLicense: runs-on: ubuntu-latest steps: diff --git a/docs/src/api/builtins/deploy.md b/docs/src/api/builtins/deploy.md index bfb34db6..45ca512c 100644 --- a/docs/src/api/builtins/deploy.md +++ b/docs/src/api/builtins/deploy.md @@ -367,58 +367,5 @@ Example: m . /deployTerraform/module1 ``` -## taintTerraform - -Taint Terraform code -by performing a `terraform taint $resource` -over the specified Terraform modules. - -Types: - -- taintTerraform: - - modules (`attrsOf moduleType`): Optional. - Path to Terraform modules to lint. - Defaults to `{ }`. -- moduleType (`submodule`): - - reDeploy (`bool`): Optional. - Perform a `terraform apply` after tainting resources. - Defaults to `false`. - - resources (`listOf str`): - Resources to taint. - - setup (`listOf package`): Optional. - [Makes Environment][makes_environment] - or [Makes Secrets][makes_secrets] - to `source` (as in Bash's `source`) - before anything else. - Defaults to `[ ]`. - - src (`str`): - Path to the Terraform module. - - version (`enum [ "0.14" "0.15" "1.0" ]`): - Terraform version your module is built with. - -Example: - -=== "makes.nix" - - ```nix - { - taintTerraform = { - modules = { - module = { - resources = [ "null_resource.example" ]; - src = "/test/terraform/module"; - version = "0.14"; - }; - }; - }; - } - ``` - -=== "Invocation" - - ```bash - m . /taintTerraform/module - ``` - [makes_environment]: ./environment.md [makes_secrets]: ./secrets.md diff --git a/makes.nix b/makes.nix index 8a8c2a1d..4352e934 100644 --- a/makes.nix +++ b/makes.nix @@ -192,15 +192,6 @@ }; }; secretsForTerraformFromEnv = { example = { test = "VAR_NAME"; }; }; - taintTerraform = { - modules = { - module = { - resources = [ "null_resource.example" ]; - src = "/test/terraform/module"; - version = "1.0"; - }; - }; - }; testLicense = { enable = true; }; testTerraform = { modules = { diff --git a/src/args/agnostic.nix b/src/args/agnostic.nix index 74a086d7..0b39b7a9 100644 --- a/src/args/agnostic.nix +++ b/src/args/agnostic.nix @@ -119,7 +119,6 @@ let (a: b: __nixpkgs__.lib.toLower a < __nixpkgs__.lib.toLower b); stringCapitalize = import ./string-capitalize/default.nix self; sublist = import ./sublist/default.nix self; - taintTerraform = import ./taint-terraform/default.nix self; testLicense = import ./test-license/default.nix self; testTerraform = import ./test-terraform/default.nix self; toDerivationName = __nixpkgs__.lib.strings.sanitizeDerivationName; diff --git a/src/args/taint-terraform/default.nix b/src/args/taint-terraform/default.nix deleted file mode 100644 index c123cf3b..00000000 --- a/src/args/taint-terraform/default.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ makeScript, makeTerraformEnvironment, toBashArray, ... }: -{ setup, name, version, reDeploy ? false, resources, src, ... }: -makeScript { - entrypoint = ./entrypoint.sh; - replace = { - __argResources__ = toBashArray resources; - __argReDeploy__ = reDeploy; - __argSrc__ = src; - }; - name = "taint-terraform-for-${name}"; - searchPaths = { - source = [ (makeTerraformEnvironment { inherit version; }) ] ++ setup; - }; -} diff --git a/src/args/taint-terraform/entrypoint.sh b/src/args/taint-terraform/entrypoint.sh deleted file mode 100644 index 67b134d9..00000000 --- a/src/args/taint-terraform/entrypoint.sh +++ /dev/null @@ -1,29 +0,0 @@ -# shellcheck shell=bash - -function main { - local args=( - -refresh=true - ) - local src=__argSrc__ - source __argResources__/template local resources - - pushd "${src}" \ - && info Initializing "${src}" \ - && terraform init \ - && info Refreshing state "${src}" \ - && terraform refresh \ - && for resource in "${resources[@]}"; do - info Tainting "${src}" @ "${resource}" \ - && terraform taint -allow-missing "${resource}" \ - || return 1 - done \ - && if test -n '__argReDeploy__'; then - info Applying "${src}" \ - && if running_in_ci_cd_provider; then - args+=(-auto-approve) - fi \ - && terraform apply "${args[@]}" - fi -} - -main "${@}" diff --git a/src/evaluator/modules/default.nix b/src/evaluator/modules/default.nix index 0ad5f35b..90961d03 100644 --- a/src/evaluator/modules/default.nix +++ b/src/evaluator/modules/default.nix @@ -36,7 +36,6 @@ (import ./secrets-for-gpg-from-env/default.nix args) (import ./secrets-for-kubernetes-config-from-aws/default.nix args) (import ./secrets-for-terraform-from-env/default.nix args) - (import ./taint-terraform/default.nix args) (import ./test-license/default.nix args) (import ./test-terraform/default.nix args) (import ./workspace-for-terraform-from-env args) diff --git a/src/evaluator/modules/taint-terraform/default.nix b/src/evaluator/modules/taint-terraform/default.nix deleted file mode 100644 index 5be2f5f4..00000000 --- a/src/evaluator/modules/taint-terraform/default.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ __nixpkgs__, __toModuleOutputs__, taintTerraform, ... }: -{ config, lib, ... }: -let - makeOutput = name: - { reDeploy, resources, setup, src, version, }: { - name = "/taintTerraform/${name}"; - value = taintTerraform { - inherit name; - inherit reDeploy; - inherit setup; - src = "." + src; - inherit resources; - inherit version; - }; - }; -in { - options = { - taintTerraform = { - modules = lib.mkOption { - default = { }; - type = lib.types.attrsOf (lib.types.submodule (_: { - options = { - reDeploy = lib.mkOption { - default = false; - type = lib.types.bool; - }; - resources = lib.mkOption { type = lib.types.listOf lib.types.str; }; - setup = lib.mkOption { - default = [ ]; - type = lib.types.listOf lib.types.package; - }; - src = lib.mkOption { type = lib.types.str; }; - version = - lib.mkOption { type = lib.types.enum [ "0.14" "0.15" "1.0" ]; }; - }; - })); - }; - }; - }; - config = { - outputs = __toModuleOutputs__ makeOutput config.taintTerraform.modules; - }; -}