Proposals to make it easier to use

[nitrocode]

I often use vscode to update terraform. When I see json, I usually have to copy the json to my clipboard, open my terminal, and begin with the following command.

cat <<EOF | iam-policy-json-to-terraform

Then hit enter, paste from my clipboard, hit enter, type EOF, and hit enter again.

It's a bit painful but I've done it so many times that I've almost stopped forgetting the order of the hyphenated command (was it policy then json or json then policy?).

Here are some suggestions to make this easier

1. vscode extension that could auto detect json and allow converting all or specific jsons to policy documents
2. A repl command where you can run the command without stdin and then paste the json to get the output

   $ iam-policy-json-to-terraform
   > 
   > {...json...}
   data aws_iam_policy_document...

3. Easier to remember command name

   Perhaps using alias commands like

   iam-json-policy-to-terraform
   iam-json-to-tf
   ijtt

4. Run command in a module and have it convert all json policies to data policy documents

Would be interested in hearing the owner and community's thoughts on these. Thank you.

[flosell]

Hi @nitrocode, thanks for the feedback!

I've had similar thoughts in the past and experimented with them (e.g. in the context of looking at #14 and #15). The big blocker was that it's a lot harder to rewrite terraform code than JSON and there's a lot less library support for it :) If someone in the community has some experience parsing and manipulating terraform code, I'd be happy about some pointers or a call to get me started in the right direction.

To your specific points:

• Point 4 sounds like the highest impact one to me. If we are able to parse terraform code, detect JSON policies and rewrite them, IDE and editor support might become both less important and easier to do. I'd say editor support should then be part of the existing terraform extensions, e,g. vscode-terraform, terraform-ls, terraform-lsp.
• On point 3, I picked that name because it spoke to what the tool does and I'm horribly uncreative when it comes to naming :) I guess naming could become a long debate and not very high-impact work. Is it good enough for folks to set up their own aliases in their shell?

  alias ijtt="iam-policy-json-to-terraform"

• Point 2 sounds interesting, what's your usual workflow? You are converting multiple JSON snippets one after the other and would like to optimise the "copy-json, run-command-and-paste, copy-output" cycle? Here's some quick bash magic that that might make things a bit more pleasant

  while true; do
  echo "Copy policy json and hit ENTER"
  read
  pbpaste | iam-policy-json-to-terraform | pbcopy
  done

  This works for OS X, on Linux you'd need to replace pbcopy and pbpaste with xclip and xsel

[nitrocode]

Maybe the easiest solution would be to prompt the user if there is an empty stdout.

$ iam-policy-json-to-terraform

No stdout was detected. Please paste json directly here.

(iam-policy-json-to-terraform) $ {"Statement":[{"Effect":"Allow","Action":["ec2:Describe*"],"Resource":"*"}]}
data "aws_iam_policy_document" "policy" {
  statement {
    sid       = ""
    effect    = "Allow"
    resources = ["*"]
    actions   = ["ec2:Describe*"]
  }
}
$

[flosell]

Thanks for the idea - I tried this out just now in this commit - presenting a usage message if the STDIN is a terminal (indicating interactive usage). What do you think?

[nitrocode]

That seems nice and easy for the user. Thanks!

[flosell]

Released this in 1.8.0.

Closing this one since I think all the other thoughts in here are discussed or already covered in other issues (e.g #15 for rewriting entire terraform documents). If I missed anything, feel free to comment and remind me :)

[nitrocode]

@flosell am I doing this incorrectly ?

$ iam-policy-json-to-terraform
Paste a valid IAM policy and press the EOF afterwards.
Alternatively, you can pipe input directly into the command.
> {"Statement":[{"Effect":"Allow","Action":["ec2:Describe*"],"Resource":"*"}]}

EOF
^C

[flosell]

Oh, with EOF I mean the end-of-file character, not the actual EOF string. Should be CTRL-d on Mac and Linux, CTRL-z on windows.

[nitrocode]

Ah ok that worked for me! Could you also allow it so all it works by simply clicking enter? The EOF wasn't intuitive for me.

Also sometimes, I want to run the command multiple times. If I hit enter and it dumped out the valid terraform code and showed the > prompt again until I did a CTRL-c, that would be convenient.

It would also be nice to document the CTRL-d portion.

$ iam-policy-json-to-terraform             
Paste a valid IAM policy and press the EOF afterwards.
Alternatively, you can pipe input directly into the command.

Press enter to translate and re-enter the prompt.
Press CTRL + d on OSX or Linux and CTRL + z on Windows to translate and exit the prompt.
Press CTRL + c to exit the prompt.

> {"Statement":[{"Effect":"Allow","Action":["ec2:Describe*"],"Resource":"*"}]}
data "aws_iam_policy_document" "policy" {
  statement {
    sid       = ""
    effect    = "Allow"
    resources = ["*"]
    actions   = ["ec2:Describe*"]
  }
}
(I pressed enter so it translated the above and re-entered the prompt)
> {"Statement":[{"Effect":"Deny","Action":["ec2:Describe*"],"Resource":"*"}]}
data "aws_iam_policy_document" "policy" {
  statement {
    sid       = ""
    effect    = "Deny"
    resources = ["*"]
    actions   = ["ec2:Describe*"]
  }
}

But no biggie. Thanks again for adding the above change and showing me how it works.