Discover bridgecrewio/yor Open Source project

Yor is an open-source tool that helps add informative and consistent tags across infrastructure as code (IaC) frameworks. Today, Yor can automatically add tags to Terraform, CloudFormation, and Serverless Frameworks.

Yor is built to run as a GitHub Action automatically adding consistent tagging logics to your IaC. Yor can also run as a pre-commit hook and a standalone CLI.

Features

Apply tags and labels on infrastructure as code directory
Tracing: yor_trace tag enables simple attribution between an IaC resource block and a running cloud resource.
Change management: git-based tags automatically add org, repo, commit and modifier details on every resource block.
Custom taggers: user-defined tagging logics can be added to run using Yor.
Skips: inline annotations enable developers to exclude paths that should not be tagged.
Dry-Run: get a preview of what tags will be added without applying any.

Demo

Getting Started
- Installation
- Usage
Support
Customizing Yor

Getting Started

Installation

MacOS / Linux

brew tap bridgecrewio/tap
brew install bridgecrewio/tap/yor

If not using Brew:

pip3 install lastversion
lastversion bridgecrewio/yor -d --assets
tar -xzf $(find . -name *.tar.gz)
chmod +x yor
sudo mv yor /usr/local/bin

Windows

choco install yor

Docker

docker pull bridgecrew/yor

docker run --tty --volume /local/path/to/tf:/tf bridgecrew/yor tag --directory /tf

GitHub Action

name: IaC trace

on:
  # Triggers the workflow on push or pull request events but only for the main branch
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]

  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

jobs:
  yor:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
        name: Checkout repo
        with:
          fetch-depth: 0
          ref: ${{ github.head_ref }}
      - name: Run yor action and commit
        uses: bridgecrewio/yor-action@main

Azure DevOps Pipeline

Install Yor with:

trigger:
- main

pool:
  vmImage: ubuntu-latest

steps:
- script: |
    curl -s -k https://api.github.com/repos/bridgecrewio/yor/releases/latest | jq '.assets[] | select(.name | contains("linux_386")) | select(.content_type | contains("gzip")) | .browser_download_url' -r | awk '{print "curl -L -k " $0 " -o yor.tar.gz"}' | sh
    sudo tar -xf yor.tar.gz -C /usr/bin/ 
    rm yor.tar.gz 
    sudo chmod +x /usr/bin/yor 
    echo 'alias yor="/usr/bin/yor"' >> ~/.bashrc
    yor --version

Pre-commit

  - repo: https://github.com/bridgecrewio/yor
    rev: 0.1.143
    hooks:
      - id: yor
        name: yor
        entry: yor tag -d
        args: ["."]
        language: golang
        types: [terraform]
        pass_filenames: false

Usage

tag : Apply tagging on a given directory.

# Apply all the tags in yor on the directory tree terraform.
yor tag --directory terraform/

# Apply only the specified tags git_file and git_org
yor tag --directory terraform/ --tags git_file,git_org

# Apply all the tags in yor except the tags starting with git and yor_trace
yor tag --directory terraform/ --skip-tags git*,yor_trace

# Apply only the tags under the git tag group
yor tag --tag-groups git --directory terraform/

# Apply key-value tags on a specific directory
export YOR_SIMPLE_TAGS='{ "Environment" : "Dev" }'
yor tag --tag-groups simple --directory terraform/dev/

# Perform a dry run to get a preview in the CLI output of all of the tags that will be added using Yor without applying any changes to your IaC files.
yor tag -d . --dry-run

# Use an external tag group configuration file path
yor tag -d . --config-file /path/to/conf/file/

# Apply tags to all resources except of a specified type
yor tag -d . --skip-resource-types aws_s3_bucket

# Apply tags with a specifix prefix
yor tag -d . --tag-prefix "module_"

# Apply tags to all resources except with the specified name
yor tag -d . --skip-resources aws_s3_bucket.operations

# Apply tags to only the specified frameworks
yor tag -d . --parsers Terraform,CloudFormation

# Run yor with custom tags located in tests/yor_plugins/example and custom taggers located in tests/yor_plugins/tag_group_example
yor tag -d . --custom-tagging tests/yor_plugins/example,tests/yor_plugins/tag_group_example

-o : Modify output formats.

# Default cli output
yor tag -d . -o cli

# json output
yor tag -d . -o json

# Print CLI output and additional output to a JSON file -- enables programmatic analysis alongside printing human readable results
yor tag -d . --output cli --output-json-file result.json

--skip-dirs : Skip directory paths you can define paths that will not be tagged.

## Run on the directory path/to/files
yor tag -d path/to/files

## Run yor on the directory path/to/files, skipping path/to/files/skip/ and path/to/files/another/skip2/
yor tag -d path/to/files --skip-dirs path/to/files/skip,path/to/files/another/skip2

list-tag

# List tag classes that are built into yor.
yor list-tag-groups

# List all the tags built into yor
yor list-tags

# List all the tags built into yor under the tag group git
yor list-tags --tag-groups git

What is Yor trace?

yor_trace is a magical tag creating a unique identifier for an IaC resource code block.

Having a yor_trace in place can help with tracing code block to its cloud provisioned resources without access to sensitive data such as plan or state files.

See demo here

Contributing

Contribution is welcomed!

We are working on extending Yor and adding more parsers (to support additional IaC frameworks) and more taggers (to tag using other contextual data).

To maintain our conventions, please run lint on your branch before opening a PR. To run lint:

golangci-lint run --fix --skip-dirs tests/yor_plugins

Support

For more support contact us at https://slack.bridgecrew.io/.

bridgecrewio/yor

bridgecrewio

Reviews

Repository Details