SEIT
/
drone-terraform
5
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Merge pull request #58 from jmccann/commands 

Provide commands to run via actions
pull/65/merge
Jacob McCann 7 years ago
committed by GitHub
parent
fb28a8ae18 a4d1880e41
commit
81e17a4339
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 227 additions and 257 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      .drone.yml
  2. 80
      main.go
  3. 175
      plugin.go
  4. 117
      plugin_test.go

2
.drone.yml
View File

@ -4,7 +4,7 @@ workspace:
pipeline: pipeline:
test: test:
image: golang:1.8 image: golang:1.9
environment: environment:
- CGO_ENABLED=0 - CGO_ENABLED=0
commands: commands:

80
main.go
View File

@ -23,35 +23,30 @@ func main() {
// plugin args // plugin args
// //
cli.BoolFlag{ cli.StringSliceFlag{
Name: "plan", Name: "actions",
Usage: "calculates a plan but does NOT apply it", Usage: "a list of actions to have terraform perform",
EnvVar: "PLUGIN_PLAN", EnvVar: "PLUGIN_ACTIONS",
}, Value: &cli.StringSlice{"validate", "plan", "apply"},
cli.StringFlag{
Name: "init_options",
Usage: "options for the init command. See https://www.terraform.io/docs/commands/init.html",
EnvVar: "PLUGIN_INIT_OPTIONS",
}, },
cli.StringFlag{ cli.StringFlag{
Name: "vars", Name: "ca_cert",
Usage: "a map of variables to pass to the Terraform `plan` and `apply` commands. Each value is passed as a `<key>=<value>` option", Usage: "ca cert to add to your environment to allow terraform to use internal/private resources",
EnvVar: "PLUGIN_VARS", EnvVar: "PLUGIN_CA_CERT",
}, },
cli.StringFlag{ cli.StringFlag{
Name: "secrets", Name: "env-file",
Usage: "a map of secrets to pass to the Terraform `plan` and `apply` commands. Each value is passed as a `<key>=<ENV>` option", Usage: "source env file",
EnvVar: "PLUGIN_SECRETS",
}, },
cli.StringFlag{ cli.StringFlag{
Name: "ca_cert", Name: "init_options",
Usage: "ca cert to add to your environment to allow terraform to use internal/private resources", Usage: "options for the init command. See https://www.terraform.io/docs/commands/init.html",
EnvVar: "PLUGIN_CA_CERT", EnvVar: "PLUGIN_INIT_OPTIONS",
}, },
cli.BoolFlag{ cli.IntFlag{
Name: "sensitive", Name: "parallelism",
Usage: "whether or not to suppress terraform commands to stdout", Usage: "The number of concurrent operations as Terraform walks its graph",
EnvVar: "PLUGIN_SENSITIVE", EnvVar: "PLUGIN_PARALLELISM",
}, },
cli.StringFlag{ cli.StringFlag{
Name: "netrc.machine", Name: "netrc.machine",
@ -78,38 +73,36 @@ func main() {
Usage: "The root directory where the terraform files live. When unset, the top level directory will be assumed", Usage: "The root directory where the terraform files live. When unset, the top level directory will be assumed",
EnvVar: "PLUGIN_ROOT_DIR", EnvVar: "PLUGIN_ROOT_DIR",
}, },
cli.IntFlag{
Name: "parallelism",
Usage: "The number of concurrent operations as Terraform walks its graph",
EnvVar: "PLUGIN_PARALLELISM",
},
cli.StringFlag{ cli.StringFlag{
Name: "env-file", Name: "secrets",
Usage: "source env file", Usage: "a map of secrets to pass to the Terraform `plan` and `apply` commands. Each value is passed as a `<key>=<ENV>` option",
EnvVar: "PLUGIN_SECRETS",
},
cli.BoolFlag{
Name: "sensitive",
Usage: "whether or not to suppress terraform commands to stdout",
EnvVar: "PLUGIN_SENSITIVE",
}, },
cli.StringSliceFlag{ cli.StringSliceFlag{
Name: "targets", Name: "targets",
Usage: "targets to run apply or plan on", Usage: "targets to run apply or plan on",
EnvVar: "PLUGIN_TARGETS", EnvVar: "PLUGIN_TARGETS",
}, },
cli.StringSliceFlag{
Name: "var_files",
Usage: "a list of var files to use. Each value is passed as -var-file=<value>",
EnvVar: "PLUGIN_VAR_FILES",
},
cli.BoolFlag{
Name: "destroy",
Usage: "destory all resurces",
EnvVar: "PLUGIN_DESTROY",
},
cli.StringFlag{ cli.StringFlag{
Name: "tf.version", Name: "tf.version",
Usage: "terraform version to use", Usage: "terraform version to use",
EnvVar: "PLUGIN_TF_VERSION", EnvVar: "PLUGIN_TF_VERSION",
}, },
cli.StringFlag{
Name: "vars",
Usage: "a map of variables to pass to the Terraform `plan` and `apply` commands. Each value is passed as a `<key>=<value>` option",
EnvVar: "PLUGIN_VARS",
},
cli.StringSliceFlag{
Name: "var_files",
Usage: "a list of var files to use. Each value is passed as -var-file=<value>",
EnvVar: "PLUGIN_VAR_FILES",
},
} }
if err := app.Run(os.Args); err != nil { if err := app.Run(os.Args); err != nil {
@ -144,7 +137,7 @@ func run(c *cli.Context) error {
plugin := Plugin{ plugin := Plugin{
Config: Config{ Config: Config{
Plan: c.Bool("plan"), Actions: c.StringSlice("actions"),
Vars: vars, Vars: vars,
Secrets: secrets, Secrets: secrets,
InitOptions: initOptions, InitOptions: initOptions,
@ -155,7 +148,6 @@ func run(c *cli.Context) error {
Parallelism: c.Int("parallelism"), Parallelism: c.Int("parallelism"),
Targets: c.StringSlice("targets"), Targets: c.StringSlice("targets"),
VarFiles: c.StringSlice("var_files"), VarFiles: c.StringSlice("var_files"),
Destroy: c.Bool("destroy"),
}, },
Netrc: Netrc{ Netrc: Netrc{
Login: c.String("netrc.username"), Login: c.String("netrc.username"),

175
plugin.go
View File

@ -21,7 +21,7 @@ import (
type ( type (
// Config holds input parameters for the plugin // Config holds input parameters for the plugin
Config struct { Config struct {
Plan bool Actions []string
Vars map[string]string Vars map[string]string
Secrets map[string]string Secrets map[string]string
InitOptions InitOptions InitOptions InitOptions
@ -32,7 +32,6 @@ type (
Parallelism int Parallelism int
Targets []string Targets []string
VarFiles []string VarFiles []string
Destroy bool
} }
Netrc struct { Netrc struct {
@ -88,15 +87,27 @@ func (p Plugin) Exec() error {
} }
commands = append(commands, deleteCache()) commands = append(commands, deleteCache())
commands = append(commands, initCommand(p.Config.InitOptions)) commands = append(commands, initCommand(p.Config.InitOptions))
commands = append(commands, getModules()) commands = append(commands, getModules())
commands = append(commands, validateCommand(p.Config))
commands = append(commands, planCommand(p.Config)) // Add commands listed from Actions
if !p.Config.Plan { for _, action := range p.Config.Actions {
commands = append(commands, terraformCommand(p.Config)) switch action {
case "validate":
commands = append(commands, tfValidate(p.Config))
case "plan":
commands = append(commands, tfPlan(p.Config, false))
case "plan-destroy":
commands = append(commands, tfPlan(p.Config, true))
case "apply":
commands = append(commands, tfApply(p.Config))
case "destroy":
commands = append(commands, tfDestroy(p.Config))
default:
return fmt.Errorf("valid actions are: validate, plan, apply, plan-destroy, destroy. You provided %s", action)
} }
}
commands = append(commands, deleteCache()) commands = append(commands, deleteCache())
for _, c := range commands { for _, c := range commands {
@ -127,13 +138,7 @@ func (p Plugin) Exec() error {
return nil return nil
} }
func installCaCert(cacert string) *exec.Cmd { // CopyTfEnv creates copies of TF_VAR_ to lowercase
ioutil.WriteFile("/usr/local/share/ca-certificates/ca_cert.crt", []byte(cacert), 0644)
return exec.Command(
"update-ca-certificates",
)
}
func CopyTfEnv() { func CopyTfEnv() {
tfVar := regexp.MustCompile(`^TF_VAR_.*$`) tfVar := regexp.MustCompile(`^TF_VAR_.*$`)
for _, e := range os.Environ() { for _, e := range os.Environ() {
@ -145,6 +150,27 @@ func CopyTfEnv() {
} }
} }
func assumeRole(roleArn string) {
client := sts.New(session.New())
duration := time.Hour * 1
stsProvider := &stscreds.AssumeRoleProvider{
Client: client,
Duration: duration,
RoleARN: roleArn,
RoleSessionName: "drone",
}
value, err := credentials.NewCredentials(stsProvider).Get()
if err != nil {
logrus.WithFields(logrus.Fields{
"error": err,
}).Fatal("Error assuming role!")
}
os.Setenv("AWS_ACCESS_KEY_ID", value.AccessKeyID)
os.Setenv("AWS_SECRET_ACCESS_KEY", value.SecretAccessKey)
os.Setenv("AWS_SESSION_TOKEN", value.SessionToken)
}
func deleteCache() *exec.Cmd { func deleteCache() *exec.Cmd {
return exec.Command( return exec.Command(
"rm", "rm",
@ -153,6 +179,13 @@ func deleteCache() *exec.Cmd {
) )
} }
func getModules() *exec.Cmd {
return exec.Command(
"terraform",
"get",
)
}
func initCommand(config InitOptions) *exec.Cmd { func initCommand(config InitOptions) *exec.Cmd {
args := []string{ args := []string{
"init", "init",
@ -181,50 +214,24 @@ func initCommand(config InitOptions) *exec.Cmd {
) )
} }
func getModules() *exec.Cmd { func installCaCert(cacert string) *exec.Cmd {
ioutil.WriteFile("/usr/local/share/ca-certificates/ca_cert.crt", []byte(cacert), 0644)
return exec.Command( return exec.Command(
"terraform", "update-ca-certificates",
"get",
) )
} }
func validateCommand(config Config) *exec.Cmd { func trace(cmd *exec.Cmd) {
args := []string{ fmt.Println("$", strings.Join(cmd.Args, " "))
"validate",
}
for _, v := range config.VarFiles {
args = append(args, "-var-file", fmt.Sprintf("%s", v))
}
for k, v := range config.Vars {
args = append(args, "-var")
args = append(args, fmt.Sprintf("%s=%s", k, v))
}
return exec.Command(
"terraform",
args...,
)
} }
func planCommand(config Config) *exec.Cmd { func tfApply(config Config) *exec.Cmd {
args := []string{ args := []string{
"plan", "apply",
}
if config.Destroy {
args = append(args, "-destroy")
} else {
args = append(args, "-out=plan.tfout")
} }
for _, v := range config.Targets { for _, v := range config.Targets {
args = append(args, "--target", fmt.Sprintf("%s", v)) args = append(args, "--target", fmt.Sprintf("%s", v))
} }
for _, v := range config.VarFiles {
args = append(args, "-var-file", fmt.Sprintf("%s", v))
}
for k, v := range config.Vars {
args = append(args, "-var")
args = append(args, fmt.Sprintf("%s=%s", k, v))
}
if config.Parallelism > 0 { if config.Parallelism > 0 {
args = append(args, fmt.Sprintf("-parallelism=%d", config.Parallelism)) args = append(args, fmt.Sprintf("-parallelism=%d", config.Parallelism))
} }
@ -234,26 +241,19 @@ func planCommand(config Config) *exec.Cmd {
if config.InitOptions.LockTimeout != "" { if config.InitOptions.LockTimeout != "" {
args = append(args, fmt.Sprintf("-lock-timeout=%s", config.InitOptions.LockTimeout)) args = append(args, fmt.Sprintf("-lock-timeout=%s", config.InitOptions.LockTimeout))
} }
args = append(args, "plan.tfout")
return exec.Command( return exec.Command(
"terraform", "terraform",
args..., args...,
) )
} }
func terraformCommand(config Config) *exec.Cmd { func tfDestroy(config Config) *exec.Cmd {
if config.Destroy {
return destroyCommand(config)
}
return applyCommand(config)
}
func applyCommand(config Config) *exec.Cmd {
args := []string{ args := []string{
"apply", "destroy",
} }
for _, v := range config.Targets { for _, v := range config.Targets {
args = append(args, "--target", fmt.Sprintf("%s", v)) args = append(args, fmt.Sprintf("-target=%s", v))
} }
if config.Parallelism > 0 { if config.Parallelism > 0 {
args = append(args, fmt.Sprintf("-parallelism=%d", config.Parallelism)) args = append(args, fmt.Sprintf("-parallelism=%d", config.Parallelism))
@ -264,19 +264,33 @@ func applyCommand(config Config) *exec.Cmd {
if config.InitOptions.LockTimeout != "" { if config.InitOptions.LockTimeout != "" {
args = append(args, fmt.Sprintf("-lock-timeout=%s", config.InitOptions.LockTimeout)) args = append(args, fmt.Sprintf("-lock-timeout=%s", config.InitOptions.LockTimeout))
} }
args = append(args, "plan.tfout") args = append(args, "-force")
return exec.Command( return exec.Command(
"terraform", "terraform",
args..., args...,
) )
} }
func destroyCommand(config Config) *exec.Cmd { func tfPlan(config Config, destroy bool) *exec.Cmd {
args := []string{ args := []string{
"destroy", "plan",
} }
if destroy {
args = append(args, "-destroy")
} else {
args = append(args, "-out=plan.tfout")
}
for _, v := range config.Targets { for _, v := range config.Targets {
args = append(args, fmt.Sprintf("-target=%s", v)) args = append(args, "--target", fmt.Sprintf("%s", v))
}
for _, v := range config.VarFiles {
args = append(args, "-var-file", fmt.Sprintf("%s", v))
}
for k, v := range config.Vars {
args = append(args, "-var")
args = append(args, fmt.Sprintf("%s=%s", k, v))
} }
if config.Parallelism > 0 { if config.Parallelism > 0 {
args = append(args, fmt.Sprintf("-parallelism=%d", config.Parallelism)) args = append(args, fmt.Sprintf("-parallelism=%d", config.Parallelism))
@ -287,36 +301,27 @@ func destroyCommand(config Config) *exec.Cmd {
if config.InitOptions.LockTimeout != "" { if config.InitOptions.LockTimeout != "" {
args = append(args, fmt.Sprintf("-lock-timeout=%s", config.InitOptions.LockTimeout)) args = append(args, fmt.Sprintf("-lock-timeout=%s", config.InitOptions.LockTimeout))
} }
args = append(args, "-force")
return exec.Command( return exec.Command(
"terraform", "terraform",
args..., args...,
) )
} }
func assumeRole(roleArn string) { func tfValidate(config Config) *exec.Cmd {
client := sts.New(session.New()) args := []string{
duration := time.Hour * 1 "validate",
stsProvider := &stscreds.AssumeRoleProvider{
Client: client,
Duration: duration,
RoleARN: roleArn,
RoleSessionName: "drone",
} }
for _, v := range config.VarFiles {
value, err := credentials.NewCredentials(stsProvider).Get() args = append(args, "-var-file", fmt.Sprintf("%s", v))
if err != nil {
logrus.WithFields(logrus.Fields{
"error": err,
}).Fatal("Error assuming role!")
} }
os.Setenv("AWS_ACCESS_KEY_ID", value.AccessKeyID) for k, v := range config.Vars {
os.Setenv("AWS_SECRET_ACCESS_KEY", value.SecretAccessKey) args = append(args, "-var")
os.Setenv("AWS_SESSION_TOKEN", value.SessionToken) args = append(args, fmt.Sprintf("%s=%s", k, v))
} }
return exec.Command(
func trace(cmd *exec.Cmd) { "terraform",
fmt.Println("$", strings.Join(cmd.Args, " ")) args...,
)
} }
// helper function to write a netrc file. // helper function to write a netrc file.

117
plugin_test.go
View File

@ -3,16 +3,36 @@ package main
import ( import (
"os" "os"
"os/exec" "os/exec"
"reflect"
"testing" "testing"
. "github.com/franela/goblin" . "github.com/franela/goblin"
) )
func Test_destroyCommand(t *testing.T) { func TestPlugin(t *testing.T) {
g := Goblin(t)
g.Describe("CopyTfEnv", func() {
g.It("Should create copies of TF_VAR_ to lowercase", func() {
// Set some initial TF_VAR_ that are uppercase
os.Setenv("TF_VAR_SOMETHING", "some value")
os.Setenv("TF_VAR_SOMETHING_ELSE", "some other value")
os.Setenv("TF_VAR_BASE64", "dGVzdA==")
CopyTfEnv()
// Make sure new env vars exist with proper values
g.Assert(os.Getenv("TF_VAR_something")).Equal("some value")
g.Assert(os.Getenv("TF_VAR_something_else")).Equal("some other value")
g.Assert(os.Getenv("TF_VAR_base64")).Equal("dGVzdA==")
})
})
g.Describe("tfApply", func() {
g.It("Should return correct apply commands given the arguments", func() {
type args struct { type args struct {
config Config config Config
} }
tests := []struct { tests := []struct {
name string name string
args args args args
@ -21,32 +41,32 @@ func Test_destroyCommand(t *testing.T) {
{ {
"default", "default",
args{config: Config{}}, args{config: Config{}},
exec.Command("terraform", "destroy", "-force"), exec.Command("terraform", "apply", "plan.tfout"),
}, },
{ {
"with targets", "with targets",
args{config: Config{Targets: []string{"target1", "target2"}}}, args{config: Config{Targets: []string{"target1", "target2"}}},
exec.Command("terraform", "destroy", "-target=target1", "-target=target2", "-force"), exec.Command("terraform", "apply", "--target", "target1", "--target", "target2", "plan.tfout"),
}, },
{ {
"with parallelism", "with parallelism",
args{config: Config{Parallelism: 5}}, args{config: Config{Parallelism: 5}},
exec.Command("terraform", "destroy", "-parallelism=5", "-force"), exec.Command("terraform", "apply", "-parallelism=5", "plan.tfout"),
}, },
} }
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { g.Assert(tfApply(tt.args.config)).Equal(tt.want)
if got := destroyCommand(tt.args.config); !reflect.DeepEqual(got, tt.want) {
t.Errorf("destroyCommand() = %v, want %v", got, tt.want)
} }
}) })
} })
}
func Test_applyCommand(t *testing.T) { g.Describe("tfDestroy", func() {
g.It("Should return correct destroy commands given the arguments", func() {
type args struct { type args struct {
config Config config Config
} }
tests := []struct { tests := []struct {
name string name string
args args args args
@ -55,102 +75,55 @@ func Test_applyCommand(t *testing.T) {
{ {
"default", "default",
args{config: Config{}}, args{config: Config{}},
exec.Command("terraform", "apply", "plan.tfout"), exec.Command("terraform", "destroy", "-force"),
}, },
{ {
"with targets", "with targets",
args{config: Config{Targets: []string{"target1", "target2"}}}, args{config: Config{Targets: []string{"target1", "target2"}}},
exec.Command("terraform", "apply", "--target", "target1", "--target", "target2", "plan.tfout"), exec.Command("terraform", "destroy", "-target=target1", "-target=target2", "-force"),
}, },
{ {
"with parallelism", "with parallelism",
args{config: Config{Parallelism: 5}}, args{config: Config{Parallelism: 5}},
exec.Command("terraform", "apply", "-parallelism=5", "plan.tfout"), exec.Command("terraform", "destroy", "-parallelism=5", "-force"),
}, },
} }
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := applyCommand(tt.args.config); !reflect.DeepEqual(got, tt.want) {
t.Errorf("applyCommand() = %v, want %v", got, tt.want)
}
})
}
}
func Test_terraformCommand(t *testing.T) {
type args struct {
config Config
}
tests := []struct {
name string
args args
want *exec.Cmd
}{
{
"default",
args{config: Config{}},
exec.Command("terraform", "apply", "plan.tfout"),
},
{
"destroy",
args{config: Config{Destroy: true}},
exec.Command("terraform", "destroy", "-force"),
},
}
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { g.Assert(tfDestroy(tt.args.config)).Equal(tt.want)
if got := terraformCommand(tt.args.config); !reflect.DeepEqual(got, tt.want) {
t.Errorf("terraformCommand() = %v, want %v", got, tt.want)
} }
}) })
} })
}
func Test_planCommand(t *testing.T) { g.Describe("tfPlan", func() {
g.It("Should return correct plan commands given the arguments", func() {
type args struct { type args struct {
config Config config Config
} }
tests := []struct { tests := []struct {
name string name string
args args args args
destroy bool
want *exec.Cmd want *exec.Cmd
}{ }{
{ {
"default", "default",
args{config: Config{}}, args{config: Config{}},
false,
exec.Command("terraform", "plan", "-out=plan.tfout"), exec.Command("terraform", "plan", "-out=plan.tfout"),
}, },
{ {
"destroy", "destroy",
args{config: Config{Destroy: true}}, args{config: Config{}},
true,
exec.Command("terraform", "plan", "-destroy"), exec.Command("terraform", "plan", "-destroy"),
}, },
} }
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { g.Assert(tfPlan(tt.args.config, tt.destroy)).Equal(tt.want)
if got := planCommand(tt.args.config); !reflect.DeepEqual(got, tt.want) {
t.Errorf("planCommand() = %v, want %v", got, tt.want)
}
})
} }
}
func TestPlugin(t *testing.T) {
g := Goblin(t)
g.Describe("CopyTfEnv", func() {
g.It("Should create copies of TF_VAR_ to lowercase", func() {
// Set some initial TF_VAR_ that are uppercase
os.Setenv("TF_VAR_SOMETHING", "some value")
os.Setenv("TF_VAR_SOMETHING_ELSE", "some other value")
os.Setenv("TF_VAR_BASE64", "dGVzdA==")
CopyTfEnv()
// Make sure new env vars exist with proper values
g.Assert(os.Getenv("TF_VAR_something")).Equal("some value")
g.Assert(os.Getenv("TF_VAR_something_else")).Equal("some other value")
g.Assert(os.Getenv("TF_VAR_base64")).Equal("dGVzdA==")
}) })
}) })
} }

Write Preview
Loading…
Cancel
Save