Browse Source

Update to 9.5 as well as the new secrets for .6/.7 to work.

pull/44/head
Joachim Hill-Grannec 8 years ago
parent
commit
88d7d6810c
  1. 11
      DOCS.md
  2. 2
      Dockerfile
  3. 8
      main.go

11
DOCS.md

@ -37,8 +37,9 @@ pipeline:
terraform: terraform:
image: jmccann/drone-terraform:1 image: jmccann/drone-terraform:1
plan: false plan: false
+ secrets: + terraform_secrets:
+ my_secret: TERRAFORM_SECRET + my_secret: TERRAFORM_SECRET
+ secrets: [ TERRAFORM_SECRET ]
``` ```
You may be passing sensitive vars to your terraform commands. If you do not want You may be passing sensitive vars to your terraform commands. If you do not want
@ -151,9 +152,10 @@ pipeline:
- "bucket=my-terraform-config-bucket" - "bucket=my-terraform-config-bucket"
- "key=tf-states/my-project" - "key=tf-states/my-project"
- "region=us-east-1" - "region=us-east-1"
+ secrets: + terraform_secrets:
+ AWS_ACCESS_KEY_ID: DEV_AWS_ACCESS_KEY_ID + AWS_ACCESS_KEY_ID: DEV_AWS_ACCESS_KEY_ID
+ AWS_SECRET_ACCESS_KEY: DEV_AWS_SECRET_ACCESS_KEY + AWS_SECRET_ACCESS_KEY: DEV_AWS_SECRET_ACCESS_KEY
+ secrets: [DEV_AWS_ACCESS_KEY_ID, DEV_AWS_SECRET_ACCESS_KEY]
prod_terraform: prod_terraform:
image: jmccann/drone-terraform:1 image: jmccann/drone-terraform:1
@ -163,9 +165,10 @@ pipeline:
- "bucket=my-terraform-config-bucket" - "bucket=my-terraform-config-bucket"
- "key=tf-states/my-project" - "key=tf-states/my-project"
- "region=us-east-1" - "region=us-east-1"
+ secrets: + terraform_secrets:
+ AWS_ACCESS_KEY_ID: PROD_AWS_ACCESS_KEY_ID + AWS_ACCESS_KEY_ID: PROD_AWS_ACCESS_KEY_ID
+ AWS_SECRET_ACCESS_KEY: PROD_AWS_SECRET_ACCESS_KEY + AWS_SECRET_ACCESS_KEY: PROD_AWS_SECRET_ACCESS_KEY
+ secrets: [PROD_AWS_ACCESS_KEY_ID, PROD_AWS_SECRET_ACCESS_KEY]
``` ```
# Parameter Reference # Parameter Reference
@ -195,7 +198,7 @@ var_files
: a list of variable files to pass to the Terraform `plan` and `apply` commands. : a list of variable files to pass to the Terraform `plan` and `apply` commands.
Each value is passed as a `-var-file <value>` option. Each value is passed as a `-var-file <value>` option.
secrets terraform_secrets
: a map of variables to pass to the Terraform `plan` and `apply` commands as well as setting envvars. : a map of variables to pass to the Terraform `plan` and `apply` commands as well as setting envvars.
The `key` is the var and ENV to set. The `value` is the ENV to read the value from. The `key` is the var and ENV to set. The `value` is the ENV to read the value from.
* Each entry generate a terraform var as follows: `-var <key>=$<value>` * Each entry generate a terraform var as follows: `-var <key>=$<value>`

2
Dockerfile

@ -10,7 +10,7 @@ RUN apk -U add \
wget && \ wget && \
rm -rf /var/cache/apk/* rm -rf /var/cache/apk/*
ENV TERRAFORM_VERSION 0.9.4 ENV TERRAFORM_VERSION 0.9.5
RUN wget -q https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip -O terraform.zip && \ RUN wget -q https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip -O terraform.zip && \
unzip terraform.zip -d /bin && \ unzip terraform.zip -d /bin && \
rm -f terraform.zip rm -f terraform.zip

8
main.go

@ -39,9 +39,9 @@ func main() {
EnvVar: "PLUGIN_VARS", EnvVar: "PLUGIN_VARS",
}, },
cli.StringFlag{ cli.StringFlag{
Name: "secrets", Name: "terraform_secrets",
Usage: "a map of secrets to pass to the Terraform `plan` and `apply` commands. Each value is passed as a `<key>=<ENV>` option", Usage: "a map of secrets to pass to the Terraform `plan` and `apply` commands. Each value is passed as a `<key>=<ENV>` option",
EnvVar: "PLUGIN_SECRETS", EnvVar: "PLUGIN_TERRAFORM_SECRETS",
}, },
cli.StringFlag{ cli.StringFlag{
Name: "ca_cert", Name: "ca_cert",
@ -108,8 +108,8 @@ func run(c *cli.Context) error {
} }
} }
var secrets map[string]string var secrets map[string]string
if c.String("secrets") != "" { if c.String("terraform_secrets") != "" {
if err := json.Unmarshal([]byte(c.String("secrets")), &secrets); err != nil { if err := json.Unmarshal([]byte(c.String("terraform_secrets")), &secrets); err != nil {
panic(err) panic(err)
} }
} }

Loading…
Cancel
Save