blast-radius
blast-radius copied to clipboard
Published
20 hours ago •
28mm
28mm
Compatibility with newest Python, Terraform versions + new features
I've been working on the improvements of this tool as a Cisco Technical Intern this summer.
Here are some of the major changes I've made:
- Add compatibility with recent versions of Terraform, Python, and Python packages
- Allow Blast Radius to run independent of any Terraform file/folder/installation. Just simply provide a DOT script (file upload/text input)
- New functionality (on app)
- Tabs. This enables infrastructure comparison from different Terraform plans from different people.
- Print graph. Allows users to print graph directly. (TODO: Doesn't work all the time)
- Upload DOT files to generate graphs. Upload .txt files with DOT script (copy and past
terraform graphoutput into a text file. - Text input for DOT script.
- UI enhancements. Updated color scheme to more closely follow the 60-30-10 rule.
- Added an example for running Blast Radius on AWS EC2 via Terraform
- Added an example for running Blast Radius on Kubernetes
- Added 3 example DOT files in examples/ folder to test out the newest features I've added
- Better error handling to notify user of the problem
- Create new Docker repo
- Updated Dockerfile and Docker image to implement aforementioned functionality and features.
- Update Docker image to include multi-cpu architecture (ARM, AMD, etc.)
- Updated README.md to include more information
- Other changes: I've spend quite some time looking across different forks and pull requests from others like gruberdev, AshleyHollis, etc. to merge changes (haven't finished). Some them include, switching to pyhcl2, adding Terratests to Dockerfile, PowerShell scripts that run Blast Radius on Docker, allowing Blast Radius to run even if JSON data couldn't be parsed, etc.
You can test out my Docker image at https://hub.docker.com/repository/docker/ianyliu/blast-radius-fork/
My first attempt at using BlastRadius led me to https://github.com/28mm/blast-radius/issues/93, which led me to here.
I'm on an M1 MacBook and when I run the docker run command, I get:
$ docker run --rm -it -p 5000:5000 -v $(pwd):/data:ro --security-opt apparmor:unconfined --cap-add=SYS_ADMIN ianyliu/blast-radius-fork
Initializing modules...
Initializing the backend...
╷
│ Error: Backend configuration changed
│
│ A change in the backend configuration has been detected, which may require migrating existing state.
│
│ If you wish to attempt automatic migration of the state, use "terraform init -migrate-state".
│ If you wish to store the current configuration with no changes to the state, use "terraform init -reconfigure".
╵
This is run immediately after running the necessary commands to initialise and plan Terraform.
I've got a plan summary script to help reduce the volume of "stuff" produced by Terraform.
[snipped and cleaned]
Plan: 11 to add, 7 to change, 7 to destroy.
Changes to Outputs:
~ shared_rds_route_53 = {
~ postgresql_16_1_serverless = {
~ compute = {
+ rds_read_only_proxy = "rds-postgresql-16-1-serverless-ro-proxy.***.aws"
+ rds_read_write_proxy = "rds-postgresql-16-1-serverless-proxy.***.aws"
# (2 unchanged attributes hidden)
}
~ devops = {
+ rds_read_only_proxy = "rds-postgresql-16-1-serverless-ro-proxy.***.aws"
+ rds_read_write_proxy = "rds-postgresql-16-1-serverless-proxy.***.aws"
# (2 unchanged attributes hidden)
}
}
# (1 unchanged attribute hidden)
}
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Saved the plan to: terraform.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "terraform.tfplan"
Plan Summary
============
Resource address Read Deleted Created Updated Trigger
---------------- ---- ------- ------- ------- -------
aws_db_proxy_default_target_group.rds_proxy_target_group *
aws_db_proxy_endpoint.rds_proxy_read_only_endpoint *
aws_db_proxy_target.rds_proxy_target *
aws_iam_policy.rds_proxy_policy *
aws_iam_role.rds_proxy_role *
aws_iam_role_policy_attachment.rds_proxy_role_policy_attachment *
aws_route53_record.compute_r53_store_rds_proxy_read_only *
aws_route53_record.compute_store_rds_proxy_read_only *
aws_route53_record.devops_r53_store_rds_proxy_read_only *
aws_secretsmanager_secret.proxy_credentials *
module.cloudfront_invalidation.aws_lambda_function.cloudfront_invalidation_lambda *
module.rds_proxy["mysql_5_7_provisioned"].data.aws_iam_policy_document.proxy_policy_document *
module.rds_proxy["mysql_5_7_provisioned"].data.aws_kms_alias.proxy *
module.rds_proxy["mysql_5_7_provisioned"].aws_db_proxy.proxy *
module.rds_proxy["mysql_5_7_provisioned"].aws_db_proxy_default_target_group.proxy *
module.rds_proxy["mysql_5_7_provisioned"].aws_db_proxy_endpoint.proxy *
module.rds_proxy["mysql_5_7_provisioned"].aws_db_proxy_target.proxy *
module.rds_proxy["mysql_5_7_provisioned"].aws_iam_policy.proxy *
module.rds_proxy["mysql_5_7_provisioned"].aws_iam_role.proxy *
module.rds_proxy["mysql_5_7_provisioned"].aws_iam_role_policy_attachment.proxy_role_policy_attachment *
module.rds_proxy["mysql_5_7_provisioned"].aws_secretsmanager_secret.proxy *
module.rds_r53["mysql_5_7_provisioned"].aws_route53_record.compute["rds_read_only_proxy"] *
module.rds_r53["mysql_5_7_provisioned"].aws_route53_record.devops["rds_read_only_proxy"] *
module.rds_r53["postgresql_16_1_serverless"].aws_route53_record.compute["rds_read_only_proxy"] *
module.rds_r53["postgresql_16_1_serverless"].aws_route53_record.compute["rds_read_write_proxy"] *
module.rds_r53["postgresql_16_1_serverless"].aws_route53_record.devops["rds_read_only_proxy"] *
module.rds_r53["postgresql_16_1_serverless"].aws_route53_record.devops["rds_read_write_proxy"] *
Completed
Effectively, I'm ready to apply the changes. I just wanted to see the dependency graph so I can see the sequence of what gets altered.
I want the new things created and the updates to carry through to the resources that use the references, before the old resources are deleted.
If I use moved, the deletion comes first. If I don't use moved, then the above is the list of create/destroy, just with no easy way of seeing the dependency order.
