I tried it out on an existing legacy project which used Google Cloud Storage, BigQuery and various service accounts. The setup was a little tricky so I put together a script to simply things. The script assumes you have gcloud setup or a service account key/impersonation and you may need to adjust the --resources parameter.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| gcp_provider_zip_url=https://releases.hashicorp.com/terraform-provider-google/4.41.0/terraform-provider-google_4.41.0_linux_amd64.zip | |
| GCP_PROJECT=$1 | |
| TARGET_DIR=$2 | |
| mkdir -p ${TARGET_DIR} | |
| cd ${TARGET_DIR} | |
| # check if command line argument is empty or not present | |
| if [ -z $1 ]; then | |
| echo "Missing first parameter, name of GCP_PROJECT" | |
| exit 1 | |
| fi | |
| if [ -z $2 ]; then | |
| echo "Missing second parameter, name of TARGET_DIR to store generated terraform" | |
| exit 1 | |
| fi | |
| command_exists() { | |
| command -v "$1" >/dev/null 2>&1 | |
| if [[ $? -ne 0 ]]; then | |
| echo "I require $1 but it's not installed. Abort." | |
| exit 1 | |
| fi | |
| } | |
| function terraform-install() { | |
| [[ -f /usr/bin/terraform ]] && echo "$(/usr/bin/terraform version) already installed at /usr/bin/terraform" && return 0 | |
| wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg | |
| echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list | |
| sudo apt update && sudo apt install terraform | |
| } | |
| function terraformer-install() { | |
| [[ -f ${HOME}/bin/terraformer ]] && echo "$(${HOME}/bin/terraformer version) already installed at ${HOME}/bin/terraformer" && return 0 | |
| # Install terraformer | |
| #export PROVIDER={all,google,aws,kubernetes} | |
| export PROVIDER=google | |
| curl -LO https://github.com/GoogleCloudPlatform/terraformer/releases/download/$(curl -s https://api.github.com/repos/GoogleCloudPlatform/terraformer/releases/latest | grep tag_name | cut -d '"' -f 4)/terraformer-${PROVIDER}-linux-amd64 | |
| chmod +x terraformer-${PROVIDER}-linux-amd64 | |
| sudo mv terraformer-${PROVIDER}-linux-amd64 ${HOME}/bin/terraformer | |
| export gcp_provider_zip_url=https://releases.hashicorp.com/terraform-provider-google/4.41.0/terraform-provider-google_4.41.0_linux_amd64.zip | |
| curl $gcp_provider_zip_url | jar xv ~/.terraform.d/plugins/linux_amd64/ | |
| } | |
| function gcp-provider-install() { | |
| mkdir -p ~/.terraform.d/plugins/linux_amd64/ | |
| echo downloding gcp provider to ~/.terraform.d/plugins/linux_amd64/ | |
| (cd ${HOME}/.terraform.d/plugins/linux_amd64 && curl $gcp_provider_zip_url | jar xv && chmod +x terraform-provider-google*) | |
| } | |
| for COMMAND in "gcloud" "curl" "wget" "jar"; do | |
| command_exists "${COMMAND}" | |
| done | |
| terraform-install | |
| terraformer-install | |
| gcp-provider-install | |
| echo 'terraform { | |
| required_version = "~> 1.3.3" | |
| }' >versions.tf | |
| terraform --version | |
| terraform init | |
| terraformer import google \ | |
| --resources=project,iam,bigQuery,addresses,autoscalers,backendBuckets,backendServices,cloudbuild,cloudFunctions,cloudsql,firewall,disks,dns,externalVpnGateways,forwardingRules,gcs,gke,globalAddresses--zone=us-east4 \ | |
| --projects ${GCP_PROJECT} |
You may be in for a shock when you examine the generated code. Terraform works well when you think of you application are modules. A module that groups together a variety of resources (gcs bucket + service account + compute engine) that forms part of the application is far more valuable then simply considering each resource by itself. Terraformer has no idea how these resources are used or grouped. So you might need to consider refactoring the generated code into more manageable modules.
I would definitely use the tool again on projects where there is no Terraform or where there has been significant infrastructure drift. There's also Pulumi, maybe for another day.