diff --git a/DOCS.md b/DOCS.md index 92c1e16..1f33aab 100644 --- a/DOCS.md +++ b/DOCS.md @@ -9,6 +9,7 @@ Use the Terraform plugin to apply the infrastructure configuration contained wit * `ca_cert` - ca cert to add to your environment to allow terraform to use internal/private resources * `sensitive` (default: `false`) - Whether or not to suppress terraform commands to stdout. * `role_arn_to_assume` - A role to assume before running the terraform commands +* `root_dir` - The root directory where the terraform files live. When unset, the top level directory will be assumed. The following is a sample Terraform configuration in your .drone.yml file: @@ -93,3 +94,22 @@ deploy: app_version: 1.0.0 role_arn_to_assume: arn:aws:iam::account-of-role-to-assume:role/name-of-role ``` + +## Root dir +You may want to change directories before applying the terraform commands. This parameter is useful if you have multiple environments in different folders and you want to use different drone configurations to apply different environments. + +```yaml +deploy: + terraform: + plan: false + remote: + backend: S3 + config: + bucket: my-terraform-config-bucket + key: tf-states/my-project + region: us-east-1 + vars: + app_name: my-project + app_version: 1.0.0 + root_dir: some/path/here +``` diff --git a/main.go b/main.go index cc13f49..46da9a6 100644 --- a/main.go +++ b/main.go @@ -2,16 +2,16 @@ package main import ( "fmt" + "github.com/aws/aws-sdk-go/aws/credentials" + "github.com/aws/aws-sdk-go/aws/credentials/stscreds" + "github.com/aws/aws-sdk-go/aws/session" + "github.com/aws/aws-sdk-go/service/sts" + "github.com/drone/drone-plugin-go/plugin" "io/ioutil" "os" "os/exec" "strings" - "time" - "github.com/aws/aws-sdk-go/aws/credentials" - "github.com/aws/aws-sdk-go/aws/credentials/stscreds" - "github.com/aws/aws-sdk-go/aws/session" - "github.com/aws/aws-sdk-go/service/sts" - "github.com/drone/drone-plugin-go/plugin" + "time" ) var ( @@ -24,7 +24,8 @@ type terraform struct { Vars map[string]string `json:"vars"` Cacert string `json:"ca_cert"` Sensitive bool `json:"sensitive"` - RoleARN string `json:"role_arn_to_assume"` + RoleARN string `json:"role_arn_to_assume"` + RootDir string `json:"root_dir"` } type remote struct { @@ -64,6 +65,9 @@ func main() { for _, c := range commands { c.Env = os.Environ() c.Dir = workspace.Path + if vargs.RootDir != "" { + c.Dir = c.Dir + "/" + vargs.RootDir + } c.Stdout = os.Stdout c.Stderr = os.Stderr if !vargs.Sensitive { @@ -135,24 +139,24 @@ func applyCommand() *exec.Cmd { } func assumeRole(roleArn string) { - client := sts.New(session.New()) - duration := time.Hour * 1 - stsProvider := &stscreds.AssumeRoleProvider{ - Client: client, - Duration: duration, - RoleARN: roleArn, - RoleSessionName: "drone", - } - - value, err := credentials.NewCredentials(stsProvider).Get() + client := sts.New(session.New()) + duration := time.Hour * 1 + stsProvider := &stscreds.AssumeRoleProvider{ + Client: client, + Duration: duration, + RoleARN: roleArn, + RoleSessionName: "drone", + } + + value, err := credentials.NewCredentials(stsProvider).Get() if err != nil { fmt.Println("Error assuming role!") fmt.Println(err) os.Exit(1) } - os.Setenv("AWS_ACCESS_KEY_ID",value.AccessKeyID) - os.Setenv("AWS_SECRET_ACCESS_KEY",value.SecretAccessKey) - os.Setenv("AWS_SESSION_TOKEN",value.SessionToken) + os.Setenv("AWS_ACCESS_KEY_ID", value.AccessKeyID) + os.Setenv("AWS_SECRET_ACCESS_KEY", value.SecretAccessKey) + os.Setenv("AWS_SESSION_TOKEN", value.SessionToken) } func trace(cmd *exec.Cmd) {