cmd: exit 1 if cdk, cloudformation or terraform fail

dschofie · dschofie · commit 87bc331d28ed · 2024-05-08T15:24:23.000-04:00
If the diff or deploy fail then we want to ensure that telophase exits
with a non-zero status code.

This makes it easier to use in a script with set -e to show up as red
when telophasecli is used in CI
diff --git a/cmd/deploy.go b/cmd/deploy.go
@@ -2,10 +2,13 @@ package cmd
 
 import (
 	"fmt"
+	"log"
+	"os"
 	"strings"
 
 	"github.com/santiago-labs/telophasecli/cmd/runner"
 	"github.com/santiago-labs/telophasecli/resourceoperation"
+	"golang.org/x/sync/errgroup"
 
 	"github.com/spf13/cobra"
 )
@@ -34,20 +37,29 @@ var deployCmd = &cobra.Command{
 	Run: func(cmd *cobra.Command, args []string) {
 
 		if err := validateTargets(); err != nil {
-			fmt.Println(err)
-			return
+			log.Fatal("error validating targets err:", err)
 		}
 		var consoleUI runner.ConsoleUI
 		parsedTargets := filterEmptyStrings(strings.Split(targets, ","))
+		var g errgroup.Group
+
 		if useTUI {
 			consoleUI = runner.NewTUI()
-			go ProcessOrgEndToEnd(consoleUI, resourceoperation.Deploy, parsedTargets)
+			g.Go(func() error {
+				return ProcessOrgEndToEnd(consoleUI, resourceoperation.Deploy, parsedTargets)
+			})
 		} else {
 			consoleUI = runner.NewSTDOut()
-			ProcessOrgEndToEnd(consoleUI, resourceoperation.Deploy, parsedTargets)
+			if err := ProcessOrgEndToEnd(consoleUI, resourceoperation.Deploy, parsedTargets); err != nil {
+				fmt.Println(err)
+				os.Exit(1)
+			}
 		}
 
 		consoleUI.Start()
-
+		if err := g.Wait(); err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
 	},
 }
diff --git a/cmd/diff.go b/cmd/diff.go
@@ -2,10 +2,13 @@ package cmd
 
 import (
 	"fmt"
+	"log"
+	"os"
 	"strings"
 
 	"github.com/santiago-labs/telophasecli/cmd/runner"
 	"github.com/santiago-labs/telophasecli/resourceoperation"
+	"golang.org/x/sync/errgroup"
 
 	"github.com/spf13/cobra"
 )
@@ -25,20 +28,29 @@ var diffCmd = &cobra.Command{
 	Run: func(cmd *cobra.Command, args []string) {
 
 		if err := validateTargets(); err != nil {
-			fmt.Println(err)
-			return
+			log.Fatal("error validating targets err:", err)
 		}
 		var consoleUI runner.ConsoleUI
 		parsedTargets := filterEmptyStrings(strings.Split(targets, ","))
 
+		var g errgroup.Group
+
 		if useTUI {
 			consoleUI = runner.NewTUI()
-			go ProcessOrgEndToEnd(consoleUI, resourceoperation.Diff, parsedTargets)
+			g.Go(func() error {
+				return ProcessOrgEndToEnd(consoleUI, resourceoperation.Diff, parsedTargets)
+			})
 		} else {
 			consoleUI = runner.NewSTDOut()
-			ProcessOrgEndToEnd(consoleUI, resourceoperation.Diff, parsedTargets)
+			if err := ProcessOrgEndToEnd(consoleUI, resourceoperation.Diff, parsedTargets); err != nil {
+				fmt.Println(err)
+				os.Exit(1)
+			}
 		}
 
 		consoleUI.Start()
+		if err := g.Wait(); err != nil {
+			os.Exit(1)
+		}
 	},
 }
diff --git a/cmd/iac.go b/cmd/iac.go
@@ -16,9 +16,12 @@ func runIAC(
 	consoleUI runner.ConsoleUI,
 	cmd int,
 	accts []resource.Account,
-) {
+) error {
 	var wg sync.WaitGroup
 
+	var once sync.Once
+	var retError error
+
 	for i := range accts {
 		wg.Add(1)
 		go func(acct resource.Account) {
@@ -40,6 +43,9 @@ func runIAC(
 
 			for _, op := range ops {
 				if err := op.Call(ctx); err != nil {
+					once.Do(func() {
+						retError = err
+					})
 					consoleUI.Print(fmt.Sprintf("%v", err), acct)
 					return
 				}
@@ -48,6 +54,8 @@ func runIAC(
 	}
 
 	wg.Wait()
+
+	return retError
 }
 func contains(e string, s []string) bool {
 	for _, a := range s {
diff --git a/cmd/root.go b/cmd/root.go
@@ -36,24 +36,28 @@ func Execute() {
 	}
 }
 
-func ProcessOrgEndToEnd(consoleUI runner.ConsoleUI, cmd int, targets []string) {
+func setOpsError() error {
+	return fmt.Errorf("error running operations")
+}
+
+func ProcessOrgEndToEnd(consoleUI runner.ConsoleUI, cmd int, targets []string) error {
 	ctx := context.Background()
 	orgClient := awsorgs.New()
 	rootAWSOU, err := ymlparser.NewParser(orgClient).ParseOrganization(ctx, orgFile)
 	if err != nil {
 		consoleUI.Print(fmt.Sprintf("error: %s", err), resource.Account{AccountID: "error", AccountName: "error"})
-		return
+		return oops.Wrapf(err, "ParseOrg")
 	}
 
 	if rootAWSOU == nil {
 		consoleUI.Print("Could not parse AWS Organization", resource.Account{AccountID: "error", AccountName: "error"})
-		return
+		return oops.Errorf("No root AWS OU")
 	}
 
 	mgmtAcct, err := resolveMgmtAcct(ctx, orgClient, rootAWSOU)
 	if err != nil {
 		consoleUI.Print(fmt.Sprintf("Could not fetch AWS Management Account: %s", err), resource.Account{AccountID: "error", AccountName: "error"})
-		return
+		return oops.Wrapf(err, "resolveMgmtAcct")
 	}
 
 	var deployStacks bool
@@ -72,6 +76,11 @@ func ProcessOrgEndToEnd(consoleUI runner.ConsoleUI, cmd int, targets []string) {
 		}
 	}
 
+	// opsError is the error we return eventually. We want to allow partially
+	// applied operations across organizations, IaC, and SCPs so we only return
+	// this error in the end.
+	var opsError error
+
 	if len(targets) == 0 || deployOrganization {
 		orgOps := resourceoperation.CollectOrganizationUnitOps(
 			ctx, consoleUI, orgClient, mgmtAcct, rootAWSOU, cmd,
@@ -88,6 +97,7 @@ func ProcessOrgEndToEnd(consoleUI runner.ConsoleUI, cmd int, targets []string) {
 				err := op.Call(ctx)
 				if err != nil {
 					consoleUI.Print(fmt.Sprintf("Error on AWS Organization Operation: %v", err), *mgmtAcct)
+					opsError = setOpsError()
 				}
 			}
 		}
@@ -105,7 +115,11 @@ func ProcessOrgEndToEnd(consoleUI runner.ConsoleUI, cmd int, targets []string) {
 			consoleUI.Print("No accounts to deploy.", *mgmtAcct)
 		}
 
-		runIAC(ctx, consoleUI, cmd, accountsToApply)
+		err := runIAC(ctx, consoleUI, cmd, accountsToApply)
+		if err != nil {
+			consoleUI.Print("No accounts to deploy.", *mgmtAcct)
+			opsError = setOpsError()
+		}
 	}
 
 	if len(targets) == 0 || deploySCP {
@@ -124,14 +138,17 @@ func ProcessOrgEndToEnd(consoleUI runner.ConsoleUI, cmd int, targets []string) {
 			err := op.Call(ctx)
 			if err != nil {
 				consoleUI.Print(fmt.Sprintf("Error on SCP Operation: %v", err), *scpAdmin)
+				opsError = setOpsError()
 			}
 		}
 
 		if len(scpOps) == 0 {
 			consoleUI.Print("No Service Control Policies to deploy.", *scpAdmin)
 		}
 	}
+
 	consoleUI.Print("Done.\n", *mgmtAcct)
+	return opsError
 }
 
 func validateTargets() error {
diff --git a/go.mod b/go.mod
@@ -13,6 +13,7 @@ require (
 	github.com/samsarahq/go/oops v0.0.0-20220211150445-4b291d6feac4
 	github.com/spf13/cobra v1.7.0
 	github.com/stretchr/testify v1.8.4
+	golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4
 	gopkg.in/yaml.v3 v3.0.1
 )
 
diff --git a/go.sum b/go.sum
@@ -66,6 +66,7 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=

Original file line number	Diff line number	Diff line change
`@@ -36,24 +36,28 @@ func Execute() {`
`36`	`36`	`}`
`37`	`37`	`}`
`38`	`38`
`39`		`-func ProcessOrgEndToEnd(consoleUI runner.ConsoleUI, cmd int, targets []string) {`
	`39`	`+func setOpsError() error {`
	`40`	`+ return fmt.Errorf("error running operations")`
	`41`	`+}`
	`42`	`+`
	`43`	`+func ProcessOrgEndToEnd(consoleUI runner.ConsoleUI, cmd int, targets []string) error {`
`40`	`44`	`ctx := context.Background()`
`41`	`45`	`orgClient := awsorgs.New()`
`42`	`46`	`rootAWSOU, err := ymlparser.NewParser(orgClient).ParseOrganization(ctx, orgFile)`
`43`	`47`	`if err != nil {`
`44`	`48`	`consoleUI.Print(fmt.Sprintf("error: %s", err), resource.Account{AccountID: "error", AccountName: "error"})`
`45`		`- return`
	`49`	`+ return oops.Wrapf(err, "ParseOrg")`
`46`	`50`	`}`
`47`	`51`
`48`	`52`	`if rootAWSOU == nil {`
`49`	`53`	`consoleUI.Print("Could not parse AWS Organization", resource.Account{AccountID: "error", AccountName: "error"})`
`50`		`- return`
	`54`	`+ return oops.Errorf("No root AWS OU")`
`51`	`55`	`}`
`52`	`56`
`53`	`57`	`mgmtAcct, err := resolveMgmtAcct(ctx, orgClient, rootAWSOU)`
`54`	`58`	`if err != nil {`
`55`	`59`	`consoleUI.Print(fmt.Sprintf("Could not fetch AWS Management Account: %s", err), resource.Account{AccountID: "error", AccountName: "error"})`
`56`		`- return`
	`60`	`+ return oops.Wrapf(err, "resolveMgmtAcct")`
`57`	`61`	`}`
`58`	`62`
`59`	`63`	`var deployStacks bool`
`@@ -72,6 +76,11 @@ func ProcessOrgEndToEnd(consoleUI runner.ConsoleUI, cmd int, targets []string) {`
`72`	`76`	`}`
`73`	`77`	`}`
`74`	`78`
	`79`	`+ // opsError is the error we return eventually. We want to allow partially`
	`80`	`+ // applied operations across organizations, IaC, and SCPs so we only return`
	`81`	`+ // this error in the end.`
	`82`	`+ var opsError error`
	`83`	`+`
`75`	`84`	`if len(targets) == 0 \|\| deployOrganization {`
`76`	`85`	`orgOps := resourceoperation.CollectOrganizationUnitOps(`
`77`	`86`	`ctx, consoleUI, orgClient, mgmtAcct, rootAWSOU, cmd,`
`@@ -88,6 +97,7 @@ func ProcessOrgEndToEnd(consoleUI runner.ConsoleUI, cmd int, targets []string) {`
`88`	`97`	`err := op.Call(ctx)`
`89`	`98`	`if err != nil {`
`90`	`99`	`consoleUI.Print(fmt.Sprintf("Error on AWS Organization Operation: %v", err), *mgmtAcct)`
	`100`	`+ opsError = setOpsError()`
`91`	`101`	`}`
`92`	`102`	`}`
`93`	`103`	`}`
`@@ -105,7 +115,11 @@ func ProcessOrgEndToEnd(consoleUI runner.ConsoleUI, cmd int, targets []string) {`
`105`	`115`	`consoleUI.Print("No accounts to deploy.", *mgmtAcct)`
`106`	`116`	`}`
`107`	`117`
`108`		`- runIAC(ctx, consoleUI, cmd, accountsToApply)`
	`118`	`+ err := runIAC(ctx, consoleUI, cmd, accountsToApply)`
	`119`	`+ if err != nil {`
	`120`	`+ consoleUI.Print("No accounts to deploy.", *mgmtAcct)`
	`121`	`+ opsError = setOpsError()`
	`122`	`+ }`
`109`	`123`	`}`
`110`	`124`
`111`	`125`	`if len(targets) == 0 \|\| deploySCP {`
`@@ -124,14 +138,17 @@ func ProcessOrgEndToEnd(consoleUI runner.ConsoleUI, cmd int, targets []string) {`
`124`	`138`	`err := op.Call(ctx)`
`125`	`139`	`if err != nil {`
`126`	`140`	`consoleUI.Print(fmt.Sprintf("Error on SCP Operation: %v", err), *scpAdmin)`
	`141`	`+ opsError = setOpsError()`
`127`	`142`	`}`
`128`	`143`	`}`
`129`	`144`
`130`	`145`	`if len(scpOps) == 0 {`
`131`	`146`	`consoleUI.Print("No Service Control Policies to deploy.", *scpAdmin)`
`132`	`147`	`}`
`133`	`148`	`}`
	`149`	`+`
`134`	`150`	`consoleUI.Print("Done.\n", *mgmtAcct)`
	`151`	`+ return opsError`
`135`	`152`	`}`
`136`	`153`
`137`	`154`	`func validateTargets() error {`
Original file line number	Diff line number	Diff line change
`@@ -13,6 +13,7 @@ require (`
`13`	`13`	`github.com/samsarahq/go/oops v0.0.0-20220211150445-4b291d6feac4`
`14`	`14`	`github.com/spf13/cobra v1.7.0`
`15`	`15`	`github.com/stretchr/testify v1.8.4`
	`16`	`+ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4`
`16`	`17`	`gopkg.in/yaml.v3 v3.0.1`
`17`	`18`	`)`
`18`	`19`