From 75eaf0671fded5d9de73ccd108c2cd7dee45e352 Mon Sep 17 00:00:00 2001 From: Jon Prentice <4913666+jon77p@users.noreply.github.com> Date: Fri, 29 Dec 2023 19:05:33 -0800 Subject: [PATCH 1/9] feat(cdktf): use 1Password for secrets management --- .envrc | 3 +- cdktf/.gitignore | 1 + cdktf/cdktf.json | 6 +++- cdktf/main.ts | 5 ++++ cdktf/package.json | 2 ++ cdktf/secrets.ts | 67 +++++++++++++++++++++++++++++++++++++++++++++ cdktf/yarn.lock | 68 ++++++++++++++++++++++++++-------------------- 7 files changed, 121 insertions(+), 31 deletions(-) create mode 100644 cdktf/secrets.ts diff --git a/.envrc b/.envrc index d43e9e050..a61f8d2a6 100644 --- a/.envrc +++ b/.envrc @@ -5,6 +5,7 @@ export PATH=$PWD/node_modules/.bin:$PATH export KUBECONFIG=$(expand_path ./ansible/kubeconfig) export ANSIBLE_CONFIG=$(expand_path ./ansible.cfg) export GPG_TTY=$(tty) -export NODE_OPTIONS="$NODE_OPTIONS --max-old-space-size=2048" +export NODE_OPTIONS="$NODE_OPTIONS --max-old-space-size=4096" export GITGUARDIAN_API_KEY="op://Infrastructure/gitguardian/credentials/token" +export OP_SERVICE_ACCOUNT_TOKEN="$(op read 'op://Infrastructure/Service Account Auth Token - GitHub Actions RO/credential')" source $(expand_path ./.config.env) diff --git a/cdktf/.gitignore b/cdktf/.gitignore index 5f20a5665..016e47827 100644 --- a/cdktf/.gitignore +++ b/cdktf/.gitignore @@ -9,3 +9,4 @@ cdktf.log tsconfig.tsbuildinfo !jest.config.js !setup.js +!secrets.ts diff --git a/cdktf/cdktf.json b/cdktf/cdktf.json index b38070c52..e5ca0bc22 100644 --- a/cdktf/cdktf.json +++ b/cdktf/cdktf.json @@ -3,7 +3,11 @@ "app": "npx ts-node main.ts", "projectId": "ws-V5gxjePJpgWgsGj6", "sendCrashReports": "false", - "terraformProviders": ["oracle/oci", "tailscale/tailscale"], + "terraformProviders": [ + "oracle/oci", + "tailscale/tailscale", + "1Password/onepassword@1.4.1-beta01" + ], "terraformModules": ["oracle-terraform-modules/vcn/oci"], "context": { "excludeStackIdFromLogicalIds": "true", diff --git a/cdktf/main.ts b/cdktf/main.ts index 31c6c22b3..932048857 100644 --- a/cdktf/main.ts +++ b/cdktf/main.ts @@ -9,6 +9,7 @@ import * as tailscale from "./.gen/providers/tailscale" import { Construct } from "constructs" import { App, TerraformStack, TerraformVariable, VariableType } from "cdktf" import { OCIConfig } from "./oci/main" +import { Secrets } from "./secrets" require("json5/lib/register") // eslint-disable-line no-eval @@ -22,6 +23,8 @@ class InfrastructureStack extends TerraformStack { workspaces: new cdktf.NamedCloudWorkspace("infrastructure"), }) + new Secrets(this, name, {}) + // Terraform Vars const cfAccountId = new TerraformVariable(this, "cf_account_id", { description: "The Cloudflare UUID for the Account the Zone lives in.", @@ -123,6 +126,8 @@ class InfrastructureStack extends TerraformStack { default: {}, }) + return + // Read infrastructure config from local file const ociConfig: Map = require(path.join( __dirname, diff --git a/cdktf/package.json b/cdktf/package.json index 468f483fd..ee5107958 100644 --- a/cdktf/package.json +++ b/cdktf/package.json @@ -23,9 +23,11 @@ }, "dependencies": { "@cdktf/provider-cloudflare": "^10.0.0", + "@cdktf/provider-null": "^9.0.1", "@cdktf/provider-random": "^10.0.0", "@cdktf/provider-template": "^9.0.0", "cdktf": "^0.19.0", + "cdktf-local-exec": "^0.4.13", "constructs": "^10.1.136", "json5": "^2.2.3" }, diff --git a/cdktf/secrets.ts b/cdktf/secrets.ts new file mode 100644 index 000000000..35eebb86b --- /dev/null +++ b/cdktf/secrets.ts @@ -0,0 +1,67 @@ +import * as onepassword from "./.gen/providers/onepassword" +import * as localExec from "cdktf-local-exec"; +import * as cdktf from "cdktf"; + +import { Construct } from "constructs"; + +function Setup1Password(scope: Construct) { + const opPath = "tools/op" + const install = new localExec.LocalExec(scope, "1password-install", { + cwd: "tools", + command: `ARCH="amd64"; \ + OP_VERSION="v$(curl https://app-updates.agilebits.com/check/1/0/CLI2/en/2.0.0/N -s | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+')"; \ + curl -sSfo op.zip \ + https://cache.agilebits.com/dist/1P/op2/pkg/"$OP_VERSION"/op_linux_"$ARCH"_"$OP_VERSION".zip \ + && unzip -od . op.zip \ + && rm op.zip \ + && chmod 0755 op \ + && export PATH="$PATH:$(pwd)/tools" \ + && echo $PATH \ + && op --version` + }); + + return { + path: opPath, + install: install + } +} + +export interface SecretsConfig { +} + +export class Secrets extends Construct { + constructor(scope: Construct, name: string, _: SecretsConfig) { + super(scope, name) + + // Initialize local-exec provider + new localExec.Provider(this, "local-exec"); + + // Setup 1Password + const setup = Setup1Password(this) + + // Initialize 1Password provider + const opProvider = new onepassword.provider.OnepasswordProvider(this, "onepassword", { + serviceAccountToken: process.env.OP_SERVICE_ACCOUNT_TOKEN, + opCliPath: cdktf.Fn.join("/", [setup.install.cwd, "op"]), + }); + + // Make sure opProvider depends on the install + opProvider.node.addDependency(setup.install); + + // Fetch the 1Password Infrastructure vault + const vault = new onepassword.dataOnepasswordVault.DataOnepasswordVault(this, "vault", { + name: "Infrastructure", + }); + + // Fetch the 1Password item for the Terraform login + const item = new onepassword.dataOnepasswordItem.DataOnepasswordItem(this, "item", { + vault: vault.id, + title: "terraform", + }); + + // Create output for the result + new cdktf.TerraformOutput(this, "item-output", { + value: item.title, + }); + } +} diff --git a/cdktf/yarn.lock b/cdktf/yarn.lock index 6258d6912..8ad888f0f 100644 --- a/cdktf/yarn.lock +++ b/cdktf/yarn.lock @@ -24,19 +24,19 @@ integrity sha512-uU27kfDRlhfKl+w1U6vp16IuvSLtjAxdArVXPa9BvLkrr7CYIsxH5adpHObeAGY/41+syctUWOZ140a2Rvkgjw== "@babel/core@^7.11.6", "@babel/core@^7.12.3": - version "7.23.6" - resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.23.6.tgz#8be77cd77c55baadcc1eae1c33df90ab6d2151d4" - integrity sha512-FxpRyGjrMJXh7X3wGLGhNDCRiwpWEF74sKjTLDJSG5Kyvow3QZaG0Adbqzi9ZrVjTWpsX+2cxWXD71NMg93kdw== + version "7.23.7" + resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.23.7.tgz#4d8016e06a14b5f92530a13ed0561730b5c6483f" + integrity sha512-+UpDgowcmqe36d4NwqvKsyPMlOLNGMsfMmQ5WGCu+siCe3t3dfe9njrzGfdN4qq+bcNUt0+Vw6haRxBOycs4dw== dependencies: "@ampproject/remapping" "^2.2.0" "@babel/code-frame" "^7.23.5" "@babel/generator" "^7.23.6" "@babel/helper-compilation-targets" "^7.23.6" "@babel/helper-module-transforms" "^7.23.3" - "@babel/helpers" "^7.23.6" + "@babel/helpers" "^7.23.7" "@babel/parser" "^7.23.6" "@babel/template" "^7.22.15" - "@babel/traverse" "^7.23.6" + "@babel/traverse" "^7.23.7" "@babel/types" "^7.23.6" convert-source-map "^2.0.0" debug "^4.1.0" @@ -137,13 +137,13 @@ resolved "https://registry.yarnpkg.com/@babel/helper-validator-option/-/helper-validator-option-7.23.5.tgz#907a3fbd4523426285365d1206c423c4c5520307" integrity sha512-85ttAOMLsr53VgXkTbkx8oA6YTfT4q7/HzXSLEYmjcSTJPMPQtvq1BD79Byep5xMUYbGRzEpDsjUf3dyp54IKw== -"@babel/helpers@^7.23.6": - version "7.23.6" - resolved "https://registry.yarnpkg.com/@babel/helpers/-/helpers-7.23.6.tgz#d03af2ee5fb34691eec0cda90f5ecbb4d4da145a" - integrity sha512-wCfsbN4nBidDRhpDhvcKlzHWCTlgJYUUdSJfzXb2NuBssDSIjc3xcb+znA7l+zYsFljAcGM0aFkN40cR3lXiGA== +"@babel/helpers@^7.23.7": + version "7.23.7" + resolved "https://registry.yarnpkg.com/@babel/helpers/-/helpers-7.23.7.tgz#eb543c36f81da2873e47b76ee032343ac83bba60" + integrity sha512-6AMnjCoC8wjqBzDHkuqpa7jAKwvMo4dC+lr/TFBz+ucfulO1XMpDnwWPGBNwClOKZ8h6xn5N81W/R5OrcKtCbQ== dependencies: "@babel/template" "^7.22.15" - "@babel/traverse" "^7.23.6" + "@babel/traverse" "^7.23.7" "@babel/types" "^7.23.6" "@babel/highlight@^7.23.4": @@ -267,10 +267,10 @@ "@babel/parser" "^7.22.15" "@babel/types" "^7.22.15" -"@babel/traverse@^7.23.6": - version "7.23.6" - resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.23.6.tgz#b53526a2367a0dd6edc423637f3d2d0f2521abc5" - integrity sha512-czastdK1e8YByZqezMPFiZ8ahwVMh/ESl9vPgvgdB9AmFMGP5jfpFax74AQgl5zj4XHzqeYAg2l8PuUeRS1MgQ== +"@babel/traverse@^7.23.7": + version "7.23.7" + resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.23.7.tgz#9a7bf285c928cb99b5ead19c3b1ce5b310c9c305" + integrity sha512-tY3mM8rH9jM0YHFGyfC0/xf+SB5eKUu7HPj7/k3fpi9dAlsMc5YbQvDi0Sh2QTPXqMhyaAtzAr807TIyfQrmyg== dependencies: "@babel/code-frame" "^7.23.5" "@babel/generator" "^7.23.6" @@ -406,9 +406,9 @@ prebuild-install "^7.1.1" "@cdktf/provider-cloudflare@^10.0.0": - version "10.0.4" - resolved "https://registry.yarnpkg.com/@cdktf/provider-cloudflare/-/provider-cloudflare-10.0.4.tgz#f285e5f7431ad8b47d5f71b88ee2f2289795774f" - integrity sha512-GrgwNUk2BHkOWZEMzyp9Bu4gWgrvs3HbEJrXKhFTDvt7Af74Y/FpZxd6IzIE7qk0CV2eqpBpKeqA92AM47pAVQ== + version "10.1.0" + resolved "https://registry.yarnpkg.com/@cdktf/provider-cloudflare/-/provider-cloudflare-10.1.0.tgz#28c850e031f51de889274b51096e44d14cca0316" + integrity sha512-f9fXmH8Z9SK5hdP14FeYw5MMrU1PhlCexC1KDY+PATLyssu2KgqN5kFAnkeQZtFTGGz2QY9X5GD0/ruDWlWgoQ== "@cdktf/provider-generator@0.19.2": version "0.19.2" @@ -424,6 +424,11 @@ fs-extra "^8.1.0" jsii-srcmak "^0.1.954" +"@cdktf/provider-null@^9.0.1": + version "9.0.1" + resolved "https://registry.yarnpkg.com/@cdktf/provider-null/-/provider-null-9.0.1.tgz#fd54f09fdbfd6994fb253ed672526a6a8e7909f0" + integrity sha512-unmz1i944Y0gIavZTYl54jZBXQh95i21SStCRqRfiFyrsc88aw665HJt1G69uQXK3VtPuwjFSSVsG9UMRmZh6A== + "@cdktf/provider-random@^10.0.0": version "10.0.1" resolved "https://registry.yarnpkg.com/@cdktf/provider-random/-/provider-random-10.0.1.tgz#1b8f448a0b3a3f019f0becb01b80128d805ab487" @@ -1050,9 +1055,9 @@ "@types/node" "*" "@types/node@*", "@types/node@^20.4.0", "@types/node@^20.4.2", "@types/node@^20.9.0": - version "20.10.5" - resolved "https://registry.yarnpkg.com/@types/node/-/node-20.10.5.tgz#47ad460b514096b7ed63a1dae26fad0914ed3ab2" - integrity sha512-nNPsNE65wjMxEKI93yOP+NPGGBJz/PoN3kZsVLee0XMiJolxSekEVD8wRwBUBqkwc7UWop0edW50yrCQW4CyRw== + version "20.10.6" + resolved "https://registry.yarnpkg.com/@types/node/-/node-20.10.6.tgz#a3ec84c22965802bf763da55b2394424f22bfbb5" + integrity sha512-Vac8H+NlRNNlAmDfGUP7b5h/KA+AtWIzuXy0E6OyP8f1tCLYAtPvKRRDJjAPqhpCb0t6U2j7/xqAuLEebW2kiw== dependencies: undici-types "~5.26.4" @@ -1108,9 +1113,9 @@ acorn-walk@^8.1.1: integrity sha512-TgUZgYvqZprrl7YldZNoa9OciCAyZR+Ejm9eXzKCmjsF5IKp/wgQ7Z/ZpjpGTIUPwrHQIcYeI8qDh4PsEwxMbw== acorn@^8.4.1: - version "8.11.2" - resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.11.2.tgz#ca0d78b51895be5390a5903c5b3bdcdaf78ae40b" - integrity sha512-nc0Axzp/0FILLEVsm4fNwLCwMttvhEI263QtVPQcbpfZZ3ts0hLsZGOpE6czNlid7CJ9MlyH8reXkpsf3YUY4w== + version "8.11.3" + resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.11.3.tgz#71e0b14e13a4ec160724b38fb7b0f233b1b81d7a" + integrity sha512-Y9rRfJG5jcKOE0CLisYbojUjIrIEE7AGMzA/Sm4BslANhbS+cDMpgBdcPT91oJ7OuJ9hYJBx59RjbhxVnrF8Xg== address@^1.0.1: version "1.2.2" @@ -1451,9 +1456,9 @@ camelcase@^6.2.0, camelcase@^6.3.0: integrity sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA== caniuse-lite@^1.0.30001565: - version "1.0.30001571" - resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001571.tgz#4182e93d696ff42930f4af7eba515ddeb57917ac" - integrity sha512-tYq/6MoXhdezDLFZuCO/TKboTzuQ/xR5cFdgXPfDtM7/kchBO3b4VWghE/OAi/DV7tTdhmLjZiZBZi1fA/GheQ== + version "1.0.30001572" + resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001572.tgz#1ccf7dc92d2ee2f92ed3a54e11b7b4a3041acfa0" + integrity sha512-1Pbh5FLmn5y4+QhNyJE9j3/7dK44dGB83/ZMjv/qJk86TvDbjk0LosiZo0i0WB0Vx607qMX9jYrn1VLHCkN4rw== case@^1.6.3: version "1.6.3" @@ -1491,6 +1496,11 @@ cdktf-cli@^0.19.0: yoga-layout-prebuilt "^1.10.0" zod "^3.22.4" +cdktf-local-exec@^0.4.13: + version "0.4.13" + resolved "https://registry.yarnpkg.com/cdktf-local-exec/-/cdktf-local-exec-0.4.13.tgz#1c7adf374afbd5b4a5edd3169fdfdc2cd672eb36" + integrity sha512-lRFDotoy29k7BhPMbpTHdoM7tGa8yjtD0C4x06Af80VMJ+AFDOJ1+Xa0ZQARiDrlSm914VgwJvqjSbMZbLJnfA== + cdktf@0.19.2, cdktf@^0.19.0: version "0.19.2" resolved "https://registry.yarnpkg.com/cdktf/-/cdktf-0.19.2.tgz#c93b794a9c8ac6b4e50bc24e80d06d84089a8766" @@ -4473,9 +4483,9 @@ typescript@^5.0.0, typescript@~5.3: integrity sha512-pXWcraxM0uxAS+tN0AG/BF2TyqmHO014Z070UsJ+pFvYuRSq8KH8DmWpnbXe0pEPDHXZV3FcAbJkijJ5oNEnWw== typescript@next: - version "5.4.0-dev.20231224" - resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.4.0-dev.20231224.tgz#92bdc3844e2480bacd20dcc4bd04360c7069b995" - integrity sha512-FbcuMRM2iUkY4cxHsHAGWm40kQ2fwkqmLNciqrzfBMEnuLN88t3iTEJhOAxJjVOl8LY58odFb0crTILOB/VtCw== + version "5.4.0-dev.20231229" + resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.4.0-dev.20231229.tgz#235ab24e925c13f1dfbe513ab2cbdda64e55491d" + integrity sha512-XFSQ1IdxXaQOAwS8Jz6uSrms9jVnbwLdqnmiaBIW+xJQL/09S4cp5h+0PhawoxcBAK+gtffIIS5/qU2oioAjgA== typescript@~3.9.10: version "3.9.10" From 44dbc62b8466c9fdb1e545a635254f9fbde0ab8c Mon Sep 17 00:00:00 2001 From: Jon Prentice <4913666+jon77p@users.noreply.github.com> Date: Fri, 29 Dec 2023 19:11:18 -0800 Subject: [PATCH 2/9] chore(.github/workflows/cdktf-cicd): remove hard-coded CDKTF and terraform versions --- .github/workflows/cdktf-cicd.yml | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/.github/workflows/cdktf-cicd.yml b/.github/workflows/cdktf-cicd.yml index 92d22d3c0..7688d16f4 100644 --- a/.github/workflows/cdktf-cicd.yml +++ b/.github/workflows/cdktf-cicd.yml @@ -25,10 +25,6 @@ permissions: pull-requests: write issues: read -env: - CDKTF_VERSION: 0.14.3 - TERRAFORM_VERSION: 1.3.5 - jobs: terraform: name: "Terraform CDK CICD" @@ -54,7 +50,6 @@ jobs: - name: Install Terraform uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3 with: - terraform_version: ${{ env.TERRAFORM_VERSION }} terraform_wrapper: false cli_config_credentials_token: ${{ steps.fetch-terraform-cloud-token.outputs.TERRAFORM_CLOUD_TOKEN }} # Fetch the node version from the .nvmrc file @@ -79,8 +74,6 @@ jobs: yarn install --frozen-lockfile --immutable - name: Generate module and provider bindings working-directory: ./cdktf - env: - TERRAFORM_CLOUD_TOKEN: ${{ steps.fetch-terraform-cloud-token.outputs.TERRAFORM_CLOUD_TOKEN }} run: yarn get - name: Determine mode id: determine-mode @@ -101,14 +94,11 @@ jobs: uses: hashicorp/terraform-cdk-action@7a6efa0bdbd9e966036d1bf84385042d3a8fc272 # v1.0.2 id: terraform-cdk with: - terraformVersion: ${{ env.TERRAFORM_VERSION }} - cdktfVersion: ${{ env.CDKTF_VERSION }} workingDirectory: ./cdktf stackName: cdktf mode: ${{ steps.determine-mode.outputs.mode }} githubToken: ${{ secrets.GITHUB_TOKEN }} - env: - TERRAFORM_CLOUD_TOKEN: ${{ steps.fetch-terraform-cloud-token.outputs.TERRAFORM_CLOUD_TOKEN }} + terraformCloudToken: ${{ steps.fetch-terraform-cloud-token.outputs.TERRAFORM_CLOUD_TOKEN }} - name: Store generated CDKTF uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4 # Only store the CDKTF output if the Terraform CDK step ran From f57d7e3d4f94dac9352c4b63c6259f419048ec07 Mon Sep 17 00:00:00 2001 From: Jon Prentice <4913666+jon77p@users.noreply.github.com> Date: Fri, 29 Dec 2023 19:19:26 -0800 Subject: [PATCH 3/9] testing --- cdktf/secrets.ts | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/cdktf/secrets.ts b/cdktf/secrets.ts index 35eebb86b..2f6c9f8a8 100644 --- a/cdktf/secrets.ts +++ b/cdktf/secrets.ts @@ -39,15 +39,18 @@ export class Secrets extends Construct { // Setup 1Password const setup = Setup1Password(this) + new cdktf.TerraformOutput(this, "op-path", { + value: setup.path, + }); + + return; + // Initialize 1Password provider - const opProvider = new onepassword.provider.OnepasswordProvider(this, "onepassword", { + new onepassword.provider.OnepasswordProvider(this, "onepassword", { serviceAccountToken: process.env.OP_SERVICE_ACCOUNT_TOKEN, opCliPath: cdktf.Fn.join("/", [setup.install.cwd, "op"]), }); - // Make sure opProvider depends on the install - opProvider.node.addDependency(setup.install); - // Fetch the 1Password Infrastructure vault const vault = new onepassword.dataOnepasswordVault.DataOnepasswordVault(this, "vault", { name: "Infrastructure", From e490071af6b9c613de747a6cd23f28c37730b3ea Mon Sep 17 00:00:00 2001 From: Jon Prentice <4913666+jon77p@users.noreply.github.com> Date: Fri, 29 Dec 2023 19:38:08 -0800 Subject: [PATCH 4/9] testing --- cdktf/secrets.ts | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/cdktf/secrets.ts b/cdktf/secrets.ts index 2f6c9f8a8..2d9742d0f 100644 --- a/cdktf/secrets.ts +++ b/cdktf/secrets.ts @@ -7,14 +7,15 @@ import { Construct } from "constructs"; function Setup1Password(scope: Construct) { const opPath = "tools/op" const install = new localExec.LocalExec(scope, "1password-install", { - cwd: "tools", + cwd: ".", command: `ARCH="amd64"; \ OP_VERSION="v$(curl https://app-updates.agilebits.com/check/1/0/CLI2/en/2.0.0/N -s | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+')"; \ curl -sSfo op.zip \ https://cache.agilebits.com/dist/1P/op2/pkg/"$OP_VERSION"/op_linux_"$ARCH"_"$OP_VERSION".zip \ - && unzip -od . op.zip \ + && mkdir -p tools \ + && unzip -od tools op.zip \ && rm op.zip \ - && chmod 0755 op \ + && chmod 0755 tools/op \ && export PATH="$PATH:$(pwd)/tools" \ && echo $PATH \ && op --version` From 7f840afd70b725281f72c6ff285bc5f7dffc60b8 Mon Sep 17 00:00:00 2001 From: Jon Prentice <4913666+jon77p@users.noreply.github.com> Date: Fri, 29 Dec 2023 19:49:16 -0800 Subject: [PATCH 5/9] fix URL for op version check --- cdktf/secrets.ts | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cdktf/secrets.ts b/cdktf/secrets.ts index 2d9742d0f..cc79f390a 100644 --- a/cdktf/secrets.ts +++ b/cdktf/secrets.ts @@ -9,7 +9,7 @@ function Setup1Password(scope: Construct) { const install = new localExec.LocalExec(scope, "1password-install", { cwd: ".", command: `ARCH="amd64"; \ - OP_VERSION="v$(curl https://app-updates.agilebits.com/check/1/0/CLI2/en/2.0.0/N -s | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+')"; \ + OP_VERSION="v$(curl https://app-updates.agilebits.com/check/1/0/CLI2/en/2.0.0 -s | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+')"; \ curl -sSfo op.zip \ https://cache.agilebits.com/dist/1P/op2/pkg/"$OP_VERSION"/op_linux_"$ARCH"_"$OP_VERSION".zip \ && mkdir -p tools \ @@ -55,6 +55,9 @@ export class Secrets extends Construct { // Fetch the 1Password Infrastructure vault const vault = new onepassword.dataOnepasswordVault.DataOnepasswordVault(this, "vault", { name: "Infrastructure", + provisioners: [ + // setup.install, + ], }); // Fetch the 1Password item for the Terraform login From bf2f99abc1a957ba1e7589fa5b656e397ccbe8ae Mon Sep 17 00:00:00 2001 From: Jon Prentice <4913666+jon77p@users.noreply.github.com> Date: Fri, 29 Dec 2023 19:54:32 -0800 Subject: [PATCH 6/9] testing --- cdktf/secrets.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdktf/secrets.ts b/cdktf/secrets.ts index cc79f390a..de32bf2b6 100644 --- a/cdktf/secrets.ts +++ b/cdktf/secrets.ts @@ -11,7 +11,7 @@ function Setup1Password(scope: Construct) { command: `ARCH="amd64"; \ OP_VERSION="v$(curl https://app-updates.agilebits.com/check/1/0/CLI2/en/2.0.0 -s | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+')"; \ curl -sSfo op.zip \ - https://cache.agilebits.com/dist/1P/op2/pkg/"$OP_VERSION"/op_linux_"$ARCH"_"$OP_VERSION".zip \ + "https://cache.agilebits.com/dist/1P/op2/pkg/$OP_VERSION/op_linux_$ARCH_$OP_VERSION.zip" \ && mkdir -p tools \ && unzip -od tools op.zip \ && rm op.zip \ From 261f9128d4d616a35e795251c41dfc1fcfe4a818 Mon Sep 17 00:00:00 2001 From: Jon Prentice <4913666+jon77p@users.noreply.github.com> Date: Fri, 29 Dec 2023 20:01:57 -0800 Subject: [PATCH 7/9] testing --- cdktf/secrets.ts | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/cdktf/secrets.ts b/cdktf/secrets.ts index de32bf2b6..50f50c63a 100644 --- a/cdktf/secrets.ts +++ b/cdktf/secrets.ts @@ -5,24 +5,19 @@ import * as cdktf from "cdktf"; import { Construct } from "constructs"; function Setup1Password(scope: Construct) { - const opPath = "tools/op" + // const opPath = "tools/op" const install = new localExec.LocalExec(scope, "1password-install", { cwd: ".", command: `ARCH="amd64"; \ - OP_VERSION="v$(curl https://app-updates.agilebits.com/check/1/0/CLI2/en/2.0.0 -s | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+')"; \ - curl -sSfo op.zip \ - "https://cache.agilebits.com/dist/1P/op2/pkg/$OP_VERSION/op_linux_$ARCH_$OP_VERSION.zip" \ - && mkdir -p tools \ - && unzip -od tools op.zip \ - && rm op.zip \ - && chmod 0755 tools/op \ - && export PATH="$PATH:$(pwd)/tools" \ - && echo $PATH \ - && op --version` +OP_VERSION="v$(curl https://app-updates.agilebits.com/check/1/0/CLI2/en/2.0.0/N -s | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+')"; \ +curl -sSfo op.zip \ +https://cache.agilebits.com/dist/1P/op2/pkg/"$OP_VERSION"/op_linux_"$ARCH"_"$OP_VERSION".zip \ +&& unzip -od /usr/local/bin/ op.zip \ +&& rm op.zip`, }); return { - path: opPath, + path: '/usr/local/bin/op', install: install } } From b1af17387b458d7d3b0b9bb7d268610464915c26 Mon Sep 17 00:00:00 2001 From: Jon Prentice <4913666+jon77p@users.noreply.github.com> Date: Fri, 29 Dec 2023 20:10:09 -0800 Subject: [PATCH 8/9] testing --- cdktf/secrets.ts | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/cdktf/secrets.ts b/cdktf/secrets.ts index 50f50c63a..9634a385f 100644 --- a/cdktf/secrets.ts +++ b/cdktf/secrets.ts @@ -5,15 +5,12 @@ import * as cdktf from "cdktf"; import { Construct } from "constructs"; function Setup1Password(scope: Construct) { + const command = 'curl -sSfo op.zip "https://cache.agilebits.com/dist/1P/op2/pkg/$(curl https://app-updates.agilebits.com/check/1/0/CLI2/en/2.0.0/N -s | grep -Eo \'[0-9]+\.[0-9]+\.[0-9]+\')/op_linux_amd64_v$(curl https://app-updates.agilebits.com/check/1/0/CLI2/en/2.0.0/N -s | grep -Eo \'[0-9]+\.[0-9]+\.[0-9]+\')".zip && unzip -od /usr/local/bin/ op.zip && rm op.zip' + // const opPath = "tools/op" const install = new localExec.LocalExec(scope, "1password-install", { cwd: ".", - command: `ARCH="amd64"; \ -OP_VERSION="v$(curl https://app-updates.agilebits.com/check/1/0/CLI2/en/2.0.0/N -s | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+')"; \ -curl -sSfo op.zip \ -https://cache.agilebits.com/dist/1P/op2/pkg/"$OP_VERSION"/op_linux_"$ARCH"_"$OP_VERSION".zip \ -&& unzip -od /usr/local/bin/ op.zip \ -&& rm op.zip`, + command: command, }); return { From 129cefc87d1f481f8c88b0e6b502994a6cfccbd1 Mon Sep 17 00:00:00 2001 From: Jon Prentice <4913666+jon77p@users.noreply.github.com> Date: Fri, 29 Dec 2023 20:19:45 -0800 Subject: [PATCH 9/9] testing --- cdktf/secrets.ts | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/cdktf/secrets.ts b/cdktf/secrets.ts index 9634a385f..9edd7accc 100644 --- a/cdktf/secrets.ts +++ b/cdktf/secrets.ts @@ -5,7 +5,23 @@ import * as cdktf from "cdktf"; import { Construct } from "constructs"; function Setup1Password(scope: Construct) { - const command = 'curl -sSfo op.zip "https://cache.agilebits.com/dist/1P/op2/pkg/$(curl https://app-updates.agilebits.com/check/1/0/CLI2/en/2.0.0/N -s | grep -Eo \'[0-9]+\.[0-9]+\.[0-9]+\')/op_linux_amd64_v$(curl https://app-updates.agilebits.com/check/1/0/CLI2/en/2.0.0/N -s | grep -Eo \'[0-9]+\.[0-9]+\.[0-9]+\')".zip && unzip -od /usr/local/bin/ op.zip && rm op.zip' + const arch = "amd64" + + // Fetch 1Password CLI version with typescript + const version = fetch("https://app-updates.agilebits.com/check/1/0/CLI2/en/2.0.0/N").then((response) => { + // Parse version from response as JSON + return response.json().then((json: any) => { + // Check if version is available + if (!json["version"]) { + throw new Error("No version found"); + } + + // Return version + return json["version"]; + }); + }); + + const command = `curl -sSfo op.zip "https://cache.agilebits.com/dist/1P/op2/pkg/v${version}/op_linux_${arch}_v${version}.zip" && unzip -od /usr/local/bin/ op.zip && rm op.zip` // const opPath = "tools/op" const install = new localExec.LocalExec(scope, "1password-install", {