From e5a46168e3596214108d345f2248b46197554a5e Mon Sep 17 00:00:00 2001 From: Taher Kathanawala Date: Thu, 14 Aug 2025 16:37:05 +0530 Subject: [PATCH 1/4] transform hcl variable to json --- create_workflow.sh | 127 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 127 insertions(+) create mode 100755 create_workflow.sh diff --git a/create_workflow.sh b/create_workflow.sh new file mode 100755 index 0000000..08b2997 --- /dev/null +++ b/create_workflow.sh @@ -0,0 +1,127 @@ +#!/bin/bash + +install_jq(){ + OS=$(uname -s) + if [[ "$OS" == "Darwin" ]]; then + OS="macos" + elif [[ "$OS" == "Linux" ]]; then + OS="linux" + else + echo "Unsupported OS: $OS" + exit 1 + fi + + ARCH=$(uname -m) + + JQ_BIN="/tmp/jq" + url="https://github.com/jqlang/jq/releases/latest/download/jq-${OS}-${ARCH}" + curl -L -o $JQ_BIN $url + chmod +x $JQ_BIN + +} + +install_hcl2json(){ + OS=$(uname -s) + if [[ "$OS" == "Darwin" ]]; then + OS="darwin" + elif [[ "$OS" == "Linux" ]]; then + OS="linux" + else + echo "Unsupported OS: $OS" + exit 1 + fi + + ARCH=$(uname -m) + + HCL2JSON_BIN="./hcl2json" + + url="https://github.com/tmccombs/hcl2json/releases/latest/download/hcl2json_${OS}_${ARCH}" + echo $url + curl -L -o $HCL2JSON_BIN $url + chmod +x $HCL2JSON_BIN +} + + +INPUT_FILE_JSON="$1" +if [ -z "$INPUT_FILE_JSON" ]; then + echo "Usage: $0 " + exit 1 +fi + +JQ_BIN=$(which jq) +if [ $? -ne 0 ]; then + install_jq +fi + +HCL2JSON_BIN=$(which hcl2json) +if [ $? -ne 0 ]; then + install_hcl2json +fi + +# Read entire JSON array into a variable +json_data=$(cat "$INPUT_FILE_JSON") + +# Use jq to get the length of array +length=$($JQ_BIN length <<<"$json_data") + +# Create a temporary file to store updated objects +tmpfile=$(mktemp) + +> "$tmpfile" + +for ((i=0; i> "$tmpfile" + continue + fi + + # Initialize new_val as empty object + new_val="{}" + + # Loop over key-value pairs in val + keys=$($JQ_BIN -r 'keys[]' <<<"$val") + for key in $keys; do + # Get the string value for the key + value=$($JQ_BIN --arg k "$key" '.[$k]' <<<"$val" | sed 's/\\"/"/g') + value="${value%\"}" + value="${value#\"}" + value="temp = $value" + + # Heuristic: if value contains '=', treat as HCL string + if [[ "$value" == *"="* ]]; then + # Convert HCL to JSON using hcl2json + parsed=$(echo -e "$value" | $HCL2JSON_BIN | $JQ_BIN -c '.temp') + if [[ $? -eq 0 && "$parsed" != "" ]]; then + # Add parsed json as the key's value + new_val=$($JQ_BIN --arg k "$key" --argjson v "$parsed" '. + {($k): $v}' <<<"$new_val") + else + # If parse fails, keep original string + echo "parsing failed: $value" + new_val=$($JQ_BIN --arg k "$key" --arg v "$value" '. + {($k): $v}' <<<"$new_val") + fi + else + # Not HCL, keep as string + new_val=$($JQ_BIN --arg k "$key" --arg v "$value" '. + {($k): $v}' <<<"$new_val") + fi + done + + # Update the object by assigning new_val back at JSON_PATH + updated_obj=$($JQ_BIN --argjson nv "$new_val" "$JSON_PATH = \$nv" <<<"$obj") + + # Save updated object + echo "$updated_obj" >> "$tmpfile" +done + +# Combine updated objects into an array and overwrite the original file +$JQ_BIN -s '.' "$tmpfile" > "$INPUT_FILE_JSON" + +rm "$tmpfile" $HCL2JSON_BIN $JQ_BIN \ No newline at end of file From c19d408e609be230f713f1d006298c2989c7296c Mon Sep 17 00:00:00 2001 From: Taher Kathanawala Date: Thu, 14 Aug 2025 16:45:47 +0530 Subject: [PATCH 2/4] add versions to jq and hcl2json and change their storage paths --- create_workflow.sh | 17 +++++------------ transformer/terraform-cloud/main.tf | 2 +- 2 files changed, 6 insertions(+), 13 deletions(-) diff --git a/create_workflow.sh b/create_workflow.sh index 08b2997..e49b862 100755 --- a/create_workflow.sh +++ b/create_workflow.sh @@ -14,7 +14,7 @@ install_jq(){ ARCH=$(uname -m) JQ_BIN="/tmp/jq" - url="https://github.com/jqlang/jq/releases/latest/download/jq-${OS}-${ARCH}" + url="https://github.com/jqlang/jq/releases/download/jq-1.8.1/jq-${OS}-${ARCH}" curl -L -o $JQ_BIN $url chmod +x $JQ_BIN @@ -33,9 +33,9 @@ install_hcl2json(){ ARCH=$(uname -m) - HCL2JSON_BIN="./hcl2json" + HCL2JSON_BIN="/tmp/hcl2json" - url="https://github.com/tmccombs/hcl2json/releases/latest/download/hcl2json_${OS}_${ARCH}" + url="https://github.com/tmccombs/hcl2json/releases/download/v0.6.7/hcl2json_${OS}_${ARCH}" echo $url curl -L -o $HCL2JSON_BIN $url chmod +x $HCL2JSON_BIN @@ -48,15 +48,8 @@ if [ -z "$INPUT_FILE_JSON" ]; then exit 1 fi -JQ_BIN=$(which jq) -if [ $? -ne 0 ]; then - install_jq -fi - -HCL2JSON_BIN=$(which hcl2json) -if [ $? -ne 0 ]; then - install_hcl2json -fi +install_jq +install_hcl2json # Read entire JSON array into a variable json_data=$(cat "$INPUT_FILE_JSON") diff --git a/transformer/terraform-cloud/main.tf b/transformer/terraform-cloud/main.tf index 9b5a288..5ae44be 100644 --- a/transformer/terraform-cloud/main.tf +++ b/transformer/terraform-cloud/main.tf @@ -15,4 +15,4 @@ terraform { version = "~> 3.2.1" } } -} \ No newline at end of file +} From b26ce2fa2b91056bc5e63996f7e9c66c55d9a969 Mon Sep 17 00:00:00 2001 From: Taher Kathanawala Date: Fri, 29 Aug 2025 19:31:28 +0530 Subject: [PATCH 3/4] create bash script to convert hcl variables to json in iacinputdata and create readme for it --- README.md | 48 +++++++++++++------- create_workflow.sh => convert_hcl_to_json.sh | 1 + 2 files changed, 32 insertions(+), 17 deletions(-) rename create_workflow.sh => convert_hcl_to_json.sh (99%) diff --git a/README.md b/README.md index b4e54d0..081b60b 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,7 @@ Migrate workloads from other platforms to [StackGuardian Platform](https://app.s - [sg-cli](https://github.com/StackGuardian/sg-cli/tree/main/shell) ### Perform terraform login + Perform `terraform login` to ensure that your local Terraform can interact with your Terraform Cloud/Enterprise account. ### Export the resource definitions and Terraform state @@ -37,8 +38,11 @@ terraform apply -auto-approve -var-file=terraform.tfvars A new `export` folder should have been created. The `sg-payload.json` file contains the definition for each workflow that will be created for each Terraform Workspace, and the `states` folder contains the files for the Terraform state for each of your workspaces, if the state export was enabled. After completing the export , edit the `sg-payload.json` file to provide tune each workflow configuration with the following: -### Use the example_payload.jsonc file as a reference and edit the schema of the `sg-payload.json` + +### Use the example_payload.jsonc file as a reference and edit the schema of the `sg-payload.json` + - `DeploymentPlatformConfig` - This is used to authenticate against a cloud provider using a StackGuardian Integration. Create the relevant integration in StackGuardian platform and update `DeploymentPlatformConfig.kind` from the following "AZURE_STATIC", "AWS_STATIC","GCP_STATIC", "AWS_RBAC". Update `DeploymentPlatformConfig.config.integrationId` with "/integrations/INTEGRATION_NAME" and `DeploymentPlatformConfig.config.profileName` with the name of the integration used upon creation. + ``` DeploymentPlatformConfig: [ { @@ -50,27 +54,27 @@ After completing the export , edit the `sg-payload.json` file to provide tune ea } ] ``` + - `VCSConfig` - Provide full path to the `repo` like as well the relevant `sourceConfigDestKind` from the following "GITHUB_COM", "BITBUCKET_ORG", "GITLAB_COM", "AZURE_DEVOPS" - - `config.auth` - - `config.isPrivate` - + - `config.auth` + - `config.isPrivate` - `ResourceName` - name of your StackGuardian Workflow - `wfgrpName` - this corresponds to the labelling of workflow group name in the StackGuardian platform - `Description` - description for the workflows created in the StackGuardian platform -- `Tags` - list of tags for the workflows created in the StackGuardian platform +- `Tags` - list of tags for the workflows created in the StackGuardian platform - `EnvironmentVariables` - environment variables for the workflows created in the StackGuardian platform - `RunnerConstraints` - Runner description for the workflows in the StackGuardian platform - - Private runners - ``` - "RunnerConstraints": { - "type": "private", - "names": [ - "sg-runner" - ] - }``` - - Shared runners - ``` - "RunnerConstraints": { - "type": "shared" - }``` + - Private runners - ` +"RunnerConstraints": { + "type": "private", + "names": [ + "sg-runner" + ] +}` + - Shared runners - ` +"RunnerConstraints": { + "type": "shared" +}` - `Approvers` - Approvers for the workflow to run it successfully - `TerraformConfig` - Terraform configuration for the workflows created in the StackGuardian platform - `UserSchedules` - Scheduled workflow run configuration for the workflow in the StackGuardian platform @@ -79,7 +83,7 @@ After completing the export , edit the `sg-payload.json` file to provide tune ea ### Bulk import workflows to StackGuardian Platform - Fetch [sg-cli](https://github.com/StackGuardian/sg-cli.git) and set it up locally (documentation present in repo) -- Run the following commands and pass the `sg-payload.json` as payload (represented below) +- Run the following commands and pass the `sg-payload.json` as payload (represented belkkkkkkkkkkow) - Get your SG API Key here: https://app.stackguardian.io/orchestrator/orgs//settings?tab=api_key ```shell @@ -92,6 +96,16 @@ wget -q "$(wget -qO- "https://api.github.com/repos/stackguardian/sg-cli/releases ``` if you want to update a workflow with different details, please re-run the sg-cli command with the modified sg-payload.json and your workflow will be updated with the new details, as long as the ResourceName (Workflow name) remains the same. + ```shell ./sg-cli workflow create --bulk --org "" -- sg-payload.json ``` + +## Convert hcl variables to json + +HCL variables in terraform cloud appear as strings in sg-payload.json, which needs to be converted to json.
+It will change the file input file in place so that none of the other steps need any change. + +```shell +./convert_hcl_to_json.sh +``` diff --git a/create_workflow.sh b/convert_hcl_to_json.sh similarity index 99% rename from create_workflow.sh rename to convert_hcl_to_json.sh index e49b862..ddafe6a 100755 --- a/create_workflow.sh +++ b/convert_hcl_to_json.sh @@ -74,6 +74,7 @@ for ((i=0; i> "$tmpfile" + continue fi From ef0bdaa8a5f6fd5e0e1e8cb40df2326aa3e3aaa2 Mon Sep 17 00:00:00 2001 From: Taher Kathanawala Date: Mon, 1 Sep 2025 13:23:57 +0530 Subject: [PATCH 4/4] fix: typo --- README.md | 7 +++++-- convert_hcl_to_json.sh | 2 -- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 081b60b..401a7b6 100644 --- a/README.md +++ b/README.md @@ -83,8 +83,11 @@ After completing the export , edit the `sg-payload.json` file to provide tune ea ### Bulk import workflows to StackGuardian Platform - Fetch [sg-cli](https://github.com/StackGuardian/sg-cli.git) and set it up locally (documentation present in repo) -- Run the following commands and pass the `sg-payload.json` as payload (represented belkkkkkkkkkkow) -- Get your SG API Key here: https://app.stackguardian.io/orchestrator/orgs//settings?tab=api_key +- Run the following commands and pass the `sg-payload.json` as payload (represented below) +- Get your SG API Key here: + - Login to Stackguardian. + - Go to profile at the bottom left. Click on the eamil or the username. + - Click API key and click on view. ```shell cd ../../export diff --git a/convert_hcl_to_json.sh b/convert_hcl_to_json.sh index ddafe6a..f2dcf6e 100755 --- a/convert_hcl_to_json.sh +++ b/convert_hcl_to_json.sh @@ -60,8 +60,6 @@ length=$($JQ_BIN length <<<"$json_data") # Create a temporary file to store updated objects tmpfile=$(mktemp) -> "$tmpfile" - for ((i=0; i