Browse Source

Fix bug with remote states and implement secrets for remote state

I think I found a bug in the plugin, it looks for terraform.config for the remote configuration.
It should just be looking under the "config" key. Otherwise remote state configuration was being skipped.

Updated the documentation in the Dockerfile so that people can build this locally and test

Updated plugin.go -- Implemented exportSecrets
terraform remote configuration in some cases requires AWS credentials to grab the remote state, the current implementation did not allow for the secure use of those secrets.

Updated DOCS.md -- Adding documentation to use secrets for aws s3 remote configuration
pull/28/head
Edwin.Avalos 8 years ago
parent
commit
8302e41573
  1. 23
      DOCS.md
  2. 4
      Dockerfile
  3. 4
      main.go
  4. 11
      plugin.go

23
DOCS.md

@ -144,3 +144,26 @@ pipeline:
app_version: 1.0.0 app_version: 1.0.0
parallelism: 2 parallelism: 2
``` ```
## Remote configuration
If you are configuring an s3 remote state and require S3 environment secrets you add the secrets "FOO" and "BAR" to your drone environment and reference the secrets as follows. These will not be outputted to stdout.
```yaml
pipeline:
terraform:
image: jmccann/drone-terraform:0.5
plan: false
remote:
backend: S3
config:
bucket: my-terraform-config-bucket
key: tf-states/my-project
region: us-east-1
vars:
app_name: my-project
app_version: 1.0.0
secrets:
AWS_ACCESS_KEY_ID: FOO
AWS_SECRET_ACCESS_KEY: BAR
```

4
Dockerfile

@ -1,7 +1,7 @@
# Docker image for Drone's terraform deployment plugin # Docker image for Drone's terraform deployment plugin
# #
# CGO_ENABLED=0 go build -a -tags netgo # CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -tags netgo
# docker build --rm=true -t plugins/drone-terraform . # docker build --rm=true -t jmccann/drone-terraform .
FROM gliderlabs/alpine:3.2 FROM gliderlabs/alpine:3.2
RUN apk-install ca-certificates git RUN apk-install ca-certificates git

4
main.go

@ -4,8 +4,8 @@ import (
"encoding/json" "encoding/json"
"os" "os"
"github.com/joho/godotenv"
"github.com/Sirupsen/logrus" "github.com/Sirupsen/logrus"
"github.com/joho/godotenv"
"github.com/urfave/cli" "github.com/urfave/cli"
) )
@ -90,7 +90,7 @@ func run(c *cli.Context) error {
} }
remote := Remote{} remote := Remote{}
json.Unmarshal([]byte(c.String("terraform.remote")), &remote) json.Unmarshal([]byte(c.String("remote")), &remote)
var vars map[string]string var vars map[string]string
if c.String("vars") != "" { if c.String("vars") != "" {

11
plugin.go

@ -2,11 +2,11 @@ package main
import ( import (
"fmt" "fmt"
"github.com/Sirupsen/logrus"
"github.com/aws/aws-sdk-go/aws/credentials" "github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/credentials/stscreds" "github.com/aws/aws-sdk-go/aws/credentials/stscreds"
"github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/sts" "github.com/aws/aws-sdk-go/service/sts"
"github.com/Sirupsen/logrus"
"io/ioutil" "io/ioutil"
"os" "os"
"os/exec" "os/exec"
@ -44,6 +44,9 @@ func (p Plugin) Exec() error {
var commands []*exec.Cmd var commands []*exec.Cmd
remote := p.Config.Remote remote := p.Config.Remote
if len(p.Config.Secrets) != 0 {
exportSecrets(p.Config.Secrets)
}
if p.Config.Cacert != "" { if p.Config.Cacert != "" {
commands = append(commands, installCaCert(p.Config.Cacert)) commands = append(commands, installCaCert(p.Config.Cacert))
} }
@ -93,6 +96,12 @@ func installCaCert(cacert string) *exec.Cmd {
) )
} }
func exportSecrets(secrets map[string]string) {
for k, v := range secrets {
os.Setenv(fmt.Sprintf("%s", k), fmt.Sprintf("%s", os.Getenv(v)))
}
}
func deleteCache() *exec.Cmd { func deleteCache() *exec.Cmd {
return exec.Command( return exec.Command(
"rm", "rm",

Loading…
Cancel
Save