Skip to content

StackGuardian/stackguardian-migrator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

73 Commits
transformer/terraform-cloud
transformer/terraform-cloud
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
convert_hcl_to_json.sh
convert_hcl_to_json.sh
 
 

Repository files navigation

StackGuardian Migrator

Migrate workloads from other platforms to StackGuardian Platform.

Supported platforms for migration

  • Terraform Cloud

Overview

  • Extract and transform the workloads from the target platform to StackGuardian Workflows.
  • Review the bulk workflow creation payload.
  • Run sg-cli with the bulk workflow creation payload.

Prerequisites

  • An organization on StackGuardian Platform
  • Optionally, pre-configure VCS, cloud integrations or private runners to use when importing into StackGuardian Platform.
  • Terraform
  • sg-cli

Perform terraform login

Perform terraform login to ensure that your local Terraform can interact with your Terraform Cloud/Enterprise account.

Export the resource definitions and Terraform state

  • Choose the transformer and copy terraform.tfvars.example to terraform.tfvars.
  • Edit terraform.tfvars with appropriate variables.
  • Run the following commands:
cd transformer/terraform-cloud
terraform init
terraform apply -auto-approve -var-file=terraform.tfvars

A new export folder should have been created. The sg-payload.json file contains the definition for each workflow that will be created for each Terraform Workspace, and the states folder contains the files for the Terraform state for each of your workspaces, if the state export was enabled.

After completing the export, edit the sg-payload.json file to tune each workflow configuration with the following:

Use the example_payload.jsonc file as a reference and edit the schema of the sg-payload.json

  • DeploymentPlatformConfig - This is used to authenticate against a cloud provider using a StackGuardian Integration. Create the relevant integration in StackGuardian platform and update DeploymentPlatformConfig.kind to one of the following "AZURE_STATIC", "AWS_STATIC","GCP_STATIC", "AWS_RBAC". Update DeploymentPlatformConfig.config.integrationId with "/integrations/INTEGRATION_NAME" and DeploymentPlatformConfig.config.profileName with the name of the integration used upon creation.
  DeploymentPlatformConfig: [
    {
      "kind": "AWS_RBAC",
      "config": {
        "integrationId": "/integrations/aws-rbac",
        "profileName": "default"
      }
    }
  ]
  • VCSConfig - Provide the full path to the repo, as well as the relevant sourceConfigDestKind from the following "GITHUB_COM", "BITBUCKET_ORG", "GITLAB_COM", "AZURE_DEVOPS"
    • config.auth
    • config.isPrivate
  • ResourceName - name of your StackGuardian Workflow
  • wfgrpName - this corresponds to the labelling of workflow group name in the StackGuardian platform
  • Description - description for the workflows created in the StackGuardian platform
  • Tags - list of tags for the workflows created in the StackGuardian platform
  • EnvironmentVariables - environment variables for the workflows created in the StackGuardian platform
  • RunnerConstraints - Runner description for the workflows in the StackGuardian platform
    • Private runners - "RunnerConstraints": { "type": "private", "names": [ "sg-runner" ] }
    • Shared runners - "RunnerConstraints": { "type": "shared" }
  • Approvers - Approvers for the workflow to run it successfully
  • TerraformConfig - Terraform configuration for the workflows created in the StackGuardian platform
  • UserSchedules - Scheduled workflow run configuration for the workflow in the StackGuardian platform
  • MiniSteps - Ministeps for the workflow to direct the process if the workflow returns an error/success/approval required and workflow chaining

Convert HCL variables to JSON

HCL variables from Terraform Cloud appear as strings in sg-payload.json and need to be converted to JSON before importing.

Run the script from the repo root, passing the exported payload. It rewrites the file in place — converting the HCL-string variable values under VCSConfig.iacInputData.data into JSON — so none of the following steps need any change. The script downloads jq and hcl2json at runtime.

./convert_hcl_to_json.sh export/sg-payload.json

Bulk import workflows to StackGuardian Platform

  • Fetch sg-cli and set it up locally (documentation present in repo)
  • Run the following commands and pass the sg-payload.json as payload (represented below)
  • --workflow-group is required even though wfgrpName is set in the payload. Pass the workflow group ID (e.g. prj-ThpsFFz59kqFaVr4).
  • Get your SG API Key here:
    • Login to Stackguardian.
    • Go to profile at the bottom left. Click on the email or the username.
    • Click API key and click on view.
cd ../../export

export SG_API_TOKEN=<YOUR_SG_API_TOKEN>
wget -q "$(wget -qO- "https://api.github.com/repos/stackguardian/sg-cli/releases/latest" | jq -r '.tarball_url')" -O sg-cli.tar.gz && tar -xf sg-cli.tar.gz && rm -f sg-cli.tar.gz && /bin/cp -rf StackGuardian-sg-cli*/shell/sg-cli . && rm -rfd StackGuardian-sg-cli*

./sg-cli workflow create --bulk --workflow-group "<WORKFLOW GROUP ID>" --org "<ORG NAME>" -- sg-payload.json

if you want to update a workflow with different details, please re-run the sg-cli command with the modified sg-payload.json and your workflow will be updated with the new details, as long as the ResourceName (Workflow name) remains the same.

./sg-cli workflow create --bulk --workflow-group "<WORKFLOW GROUP ID>" --org "<ORG NAME>" -- sg-payload.json

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases 7

v1.2.0-beta Latest
Oct 30, 2023
+ 6 releases

Packages

 
 
 

Contributors

Languages