Browse Source

Merge pull request #3 from jmccann/commands

Provide commands to run via actions
pull/63/head
Jonathan Wright 7 years ago
committed by GitHub
parent
commit
ebac723266
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
  1. 2
      .drone.yml
  2. 80
      main.go
  3. 175
      plugin.go
  4. 117
      plugin_test.go

2
.drone.yml

@ -4,7 +4,7 @@ workspace:
pipeline: pipeline:
test: test:
image: golang:1.8 image: golang:1.9
environment: environment:
- CGO_ENABLED=0 - CGO_ENABLED=0
commands: commands:

80
main.go

@ -23,35 +23,30 @@ func main() {
// plugin args // plugin args
// //
cli.BoolFlag{ cli.StringSliceFlag{
Name: "plan", Name: "actions",
Usage: "calculates a plan but does NOT apply it", Usage: "a list of actions to have terraform perform",
EnvVar: "PLUGIN_PLAN", EnvVar: "PLUGIN_ACTIONS",
}, Value: &cli.StringSlice{"validate", "plan", "apply"},
cli.StringFlag{
Name: "init_options",
Usage: "options for the init command. See https://www.terraform.io/docs/commands/init.html",
EnvVar: "PLUGIN_INIT_OPTIONS",
}, },
cli.StringFlag{ cli.StringFlag{
Name: "vars", Name: "ca_cert",
Usage: "a map of variables to pass to the Terraform `plan` and `apply` commands. Each value is passed as a `<key>=<value>` option", Usage: "ca cert to add to your environment to allow terraform to use internal/private resources",
EnvVar: "PLUGIN_VARS", EnvVar: "PLUGIN_CA_CERT",
}, },
cli.StringFlag{ cli.StringFlag{
Name: "secrets", Name: "env-file",
Usage: "a map of secrets to pass to the Terraform `plan` and `apply` commands. Each value is passed as a `<key>=<ENV>` option", Usage: "source env file",
EnvVar: "PLUGIN_SECRETS",
}, },
cli.StringFlag{ cli.StringFlag{
Name: "ca_cert", Name: "init_options",
Usage: "ca cert to add to your environment to allow terraform to use internal/private resources", Usage: "options for the init command. See https://www.terraform.io/docs/commands/init.html",
EnvVar: "PLUGIN_CA_CERT", EnvVar: "PLUGIN_INIT_OPTIONS",
}, },
cli.BoolFlag{ cli.IntFlag{
Name: "sensitive", Name: "parallelism",
Usage: "whether or not to suppress terraform commands to stdout", Usage: "The number of concurrent operations as Terraform walks its graph",
EnvVar: "PLUGIN_SENSITIVE", EnvVar: "PLUGIN_PARALLELISM",
}, },
cli.StringFlag{ cli.StringFlag{
Name: "netrc.machine", Name: "netrc.machine",
@ -78,38 +73,36 @@ func main() {
Usage: "The root directory where the terraform files live. When unset, the top level directory will be assumed", Usage: "The root directory where the terraform files live. When unset, the top level directory will be assumed",
EnvVar: "PLUGIN_ROOT_DIR", EnvVar: "PLUGIN_ROOT_DIR",
}, },
cli.IntFlag{
Name: "parallelism",
Usage: "The number of concurrent operations as Terraform walks its graph",
EnvVar: "PLUGIN_PARALLELISM",
},
cli.StringFlag{ cli.StringFlag{
Name: "env-file", Name: "secrets",
Usage: "source env file", Usage: "a map of secrets to pass to the Terraform `plan` and `apply` commands. Each value is passed as a `<key>=<ENV>` option",
EnvVar: "PLUGIN_SECRETS",
},
cli.BoolFlag{
Name: "sensitive",
Usage: "whether or not to suppress terraform commands to stdout",
EnvVar: "PLUGIN_SENSITIVE",
}, },
cli.StringSliceFlag{ cli.StringSliceFlag{
Name: "targets", Name: "targets",
Usage: "targets to run apply or plan on", Usage: "targets to run apply or plan on",
EnvVar: "PLUGIN_TARGETS", EnvVar: "PLUGIN_TARGETS",
}, },
cli.StringSliceFlag{
Name: "var_files",
Usage: "a list of var files to use. Each value is passed as -var-file=<value>",
EnvVar: "PLUGIN_VAR_FILES",
},
cli.BoolFlag{
Name: "destroy",
Usage: "destory all resurces",
EnvVar: "PLUGIN_DESTROY",
},
cli.StringFlag{ cli.StringFlag{
Name: "tf.version", Name: "tf.version",
Usage: "terraform version to use", Usage: "terraform version to use",
EnvVar: "PLUGIN_TF_VERSION", EnvVar: "PLUGIN_TF_VERSION",
}, },
cli.StringFlag{
Name: "vars",
Usage: "a map of variables to pass to the Terraform `plan` and `apply` commands. Each value is passed as a `<key>=<value>` option",
EnvVar: "PLUGIN_VARS",
},
cli.StringSliceFlag{
Name: "var_files",
Usage: "a list of var files to use. Each value is passed as -var-file=<value>",
EnvVar: "PLUGIN_VAR_FILES",
},
} }
if err := app.Run(os.Args); err != nil { if err := app.Run(os.Args); err != nil {
@ -144,7 +137,7 @@ func run(c *cli.Context) error {
plugin := Plugin{ plugin := Plugin{
Config: Config{ Config: Config{
Plan: c.Bool("plan"), Actions: c.StringSlice("actions"),
Vars: vars, Vars: vars,
Secrets: secrets, Secrets: secrets,
InitOptions: initOptions, InitOptions: initOptions,
@ -155,7 +148,6 @@ func run(c *cli.Context) error {
Parallelism: c.Int("parallelism"), Parallelism: c.Int("parallelism"),
Targets: c.StringSlice("targets"), Targets: c.StringSlice("targets"),
VarFiles: c.StringSlice("var_files"), VarFiles: c.StringSlice("var_files"),
Destroy: c.Bool("destroy"),
}, },
Netrc: Netrc{ Netrc: Netrc{
Login: c.String("netrc.username"), Login: c.String("netrc.username"),

175
plugin.go

@ -21,7 +21,7 @@ import (
type ( type (
// Config holds input parameters for the plugin // Config holds input parameters for the plugin
Config struct { Config struct {
Plan bool Actions []string
Vars map[string]string Vars map[string]string
Secrets map[string]string Secrets map[string]string
InitOptions InitOptions InitOptions InitOptions
@ -32,7 +32,6 @@ type (
Parallelism int Parallelism int
Targets []string Targets []string
VarFiles []string VarFiles []string
Destroy bool
} }
Netrc struct { Netrc struct {
@ -88,15 +87,27 @@ func (p Plugin) Exec() error {
} }
commands = append(commands, deleteCache()) commands = append(commands, deleteCache())
commands = append(commands, initCommand(p.Config.InitOptions)) commands = append(commands, initCommand(p.Config.InitOptions))
commands = append(commands, getModules()) commands = append(commands, getModules())
commands = append(commands, validateCommand(p.Config))
commands = append(commands, planCommand(p.Config)) // Add commands listed from Actions
if !p.Config.Plan { for _, action := range p.Config.Actions {
commands = append(commands, terraformCommand(p.Config)) switch action {
case "validate":
commands = append(commands, tfValidate(p.Config))
case "plan":
commands = append(commands, tfPlan(p.Config, false))
case "plan-destroy":
commands = append(commands, tfPlan(p.Config, true))
case "apply":
commands = append(commands, tfApply(p.Config))
case "destroy":
commands = append(commands, tfDestroy(p.Config))
default:
return fmt.Errorf("valid actions are: validate, plan, apply, plan-destroy, destroy. You provided %s", action)
} }
}
commands = append(commands, deleteCache()) commands = append(commands, deleteCache())
for _, c := range commands { for _, c := range commands {
@ -127,13 +138,7 @@ func (p Plugin) Exec() error {
return nil return nil
} }
func installCaCert(cacert string) *exec.Cmd { // CopyTfEnv creates copies of TF_VAR_ to lowercase
ioutil.WriteFile("/usr/local/share/ca-certificates/ca_cert.crt", []byte(cacert), 0644)
return exec.Command(
"update-ca-certificates",
)
}
func CopyTfEnv() { func CopyTfEnv() {
tfVar := regexp.MustCompile(`^TF_VAR_.*$`) tfVar := regexp.MustCompile(`^TF_VAR_.*$`)
for _, e := range os.Environ() { for _, e := range os.Environ() {
@ -145,6 +150,27 @@ func CopyTfEnv() {
} }
} }
func assumeRole(roleArn string) {
client := sts.New(session.New())
duration := time.Hour * 1
stsProvider := &stscreds.AssumeRoleProvider{
Client: client,
Duration: duration,
RoleARN: roleArn,
RoleSessionName: "drone",
}
value, err := credentials.NewCredentials(stsProvider).Get()
if err != nil {
logrus.WithFields(logrus.Fields{
"error": err,
}).Fatal("Error assuming role!")
}
os.Setenv("AWS_ACCESS_KEY_ID", value.AccessKeyID)
os.Setenv("AWS_SECRET_ACCESS_KEY", value.SecretAccessKey)
os.Setenv("AWS_SESSION_TOKEN", value.SessionToken)
}
func deleteCache() *exec.Cmd { func deleteCache() *exec.Cmd {
return exec.Command( return exec.Command(
"rm", "rm",
@ -153,6 +179,13 @@ func deleteCache() *exec.Cmd {
) )
} }
func getModules() *exec.Cmd {
return exec.Command(
"terraform",
"get",
)
}
func initCommand(config InitOptions) *exec.Cmd { func initCommand(config InitOptions) *exec.Cmd {
args := []string{ args := []string{
"init", "init",
@ -181,50 +214,24 @@ func initCommand(config InitOptions) *exec.Cmd {
) )
} }
func getModules() *exec.Cmd { func installCaCert(cacert string) *exec.Cmd {
ioutil.WriteFile("/usr/local/share/ca-certificates/ca_cert.crt", []byte(cacert), 0644)
return exec.Command( return exec.Command(
"terraform", "update-ca-certificates",
"get",
) )
} }
func validateCommand(config Config) *exec.Cmd { func trace(cmd *exec.Cmd) {
args := []string{ fmt.Println("$", strings.Join(cmd.Args, " "))
"validate",
}
for _, v := range config.VarFiles {
args = append(args, "-var-file", fmt.Sprintf("%s", v))
}
for k, v := range config.Vars {
args = append(args, "-var")
args = append(args, fmt.Sprintf("%s=%s", k, v))
}
return exec.Command(
"terraform",
args...,
)
} }
func planCommand(config Config) *exec.Cmd { func tfApply(config Config) *exec.Cmd {
args := []string{ args := []string{
"plan", "apply",
}
if config.Destroy {
args = append(args, "-destroy")
} else {
args = append(args, "-out=plan.tfout")
} }
for _, v := range config.Targets { for _, v := range config.Targets {
args = append(args, "--target", fmt.Sprintf("%s", v)) args = append(args, "--target", fmt.Sprintf("%s", v))
} }
for _, v := range config.VarFiles {
args = append(args, "-var-file", fmt.Sprintf("%s", v))
}
for k, v := range config.Vars {
args = append(args, "-var")
args = append(args, fmt.Sprintf("%s=%s", k, v))
}
if config.Parallelism > 0 { if config.Parallelism > 0 {
args = append(args, fmt.Sprintf("-parallelism=%d", config.Parallelism)) args = append(args, fmt.Sprintf("-parallelism=%d", config.Parallelism))
} }
@ -234,26 +241,19 @@ func planCommand(config Config) *exec.Cmd {
if config.InitOptions.LockTimeout != "" { if config.InitOptions.LockTimeout != "" {
args = append(args, fmt.Sprintf("-lock-timeout=%s", config.InitOptions.LockTimeout)) args = append(args, fmt.Sprintf("-lock-timeout=%s", config.InitOptions.LockTimeout))
} }
args = append(args, "plan.tfout")
return exec.Command( return exec.Command(
"terraform", "terraform",
args..., args...,
) )
} }
func terraformCommand(config Config) *exec.Cmd { func tfDestroy(config Config) *exec.Cmd {
if config.Destroy {
return destroyCommand(config)
}
return applyCommand(config)
}
func applyCommand(config Config) *exec.Cmd {
args := []string{ args := []string{
"apply", "destroy",
} }
for _, v := range config.Targets { for _, v := range config.Targets {
args = append(args, "--target", fmt.Sprintf("%s", v)) args = append(args, fmt.Sprintf("-target=%s", v))
} }
if config.Parallelism > 0 { if config.Parallelism > 0 {
args = append(args, fmt.Sprintf("-parallelism=%d", config.Parallelism)) args = append(args, fmt.Sprintf("-parallelism=%d", config.Parallelism))
@ -264,19 +264,33 @@ func applyCommand(config Config) *exec.Cmd {
if config.InitOptions.LockTimeout != "" { if config.InitOptions.LockTimeout != "" {
args = append(args, fmt.Sprintf("-lock-timeout=%s", config.InitOptions.LockTimeout)) args = append(args, fmt.Sprintf("-lock-timeout=%s", config.InitOptions.LockTimeout))
} }
args = append(args, "plan.tfout") args = append(args, "-force")
return exec.Command( return exec.Command(
"terraform", "terraform",
args..., args...,
) )
} }
func destroyCommand(config Config) *exec.Cmd { func tfPlan(config Config, destroy bool) *exec.Cmd {
args := []string{ args := []string{
"destroy", "plan",
} }
if destroy {
args = append(args, "-destroy")
} else {
args = append(args, "-out=plan.tfout")
}
for _, v := range config.Targets { for _, v := range config.Targets {
args = append(args, fmt.Sprintf("-target=%s", v)) args = append(args, "--target", fmt.Sprintf("%s", v))
}
for _, v := range config.VarFiles {
args = append(args, "-var-file", fmt.Sprintf("%s", v))
}
for k, v := range config.Vars {
args = append(args, "-var")
args = append(args, fmt.Sprintf("%s=%s", k, v))
} }
if config.Parallelism > 0 { if config.Parallelism > 0 {
args = append(args, fmt.Sprintf("-parallelism=%d", config.Parallelism)) args = append(args, fmt.Sprintf("-parallelism=%d", config.Parallelism))
@ -287,36 +301,27 @@ func destroyCommand(config Config) *exec.Cmd {
if config.InitOptions.LockTimeout != "" { if config.InitOptions.LockTimeout != "" {
args = append(args, fmt.Sprintf("-lock-timeout=%s", config.InitOptions.LockTimeout)) args = append(args, fmt.Sprintf("-lock-timeout=%s", config.InitOptions.LockTimeout))
} }
args = append(args, "-force")
return exec.Command( return exec.Command(
"terraform", "terraform",
args..., args...,
) )
} }
func assumeRole(roleArn string) { func tfValidate(config Config) *exec.Cmd {
client := sts.New(session.New()) args := []string{
duration := time.Hour * 1 "validate",
stsProvider := &stscreds.AssumeRoleProvider{
Client: client,
Duration: duration,
RoleARN: roleArn,
RoleSessionName: "drone",
} }
for _, v := range config.VarFiles {
value, err := credentials.NewCredentials(stsProvider).Get() args = append(args, "-var-file", fmt.Sprintf("%s", v))
if err != nil {
logrus.WithFields(logrus.Fields{
"error": err,
}).Fatal("Error assuming role!")
} }
os.Setenv("AWS_ACCESS_KEY_ID", value.AccessKeyID) for k, v := range config.Vars {
os.Setenv("AWS_SECRET_ACCESS_KEY", value.SecretAccessKey) args = append(args, "-var")
os.Setenv("AWS_SESSION_TOKEN", value.SessionToken) args = append(args, fmt.Sprintf("%s=%s", k, v))
} }
return exec.Command(
func trace(cmd *exec.Cmd) { "terraform",
fmt.Println("$", strings.Join(cmd.Args, " ")) args...,
)
} }
// helper function to write a netrc file. // helper function to write a netrc file.

117
plugin_test.go

@ -3,16 +3,36 @@ package main
import ( import (
"os" "os"
"os/exec" "os/exec"
"reflect"
"testing" "testing"
. "github.com/franela/goblin" . "github.com/franela/goblin"
) )
func Test_destroyCommand(t *testing.T) { func TestPlugin(t *testing.T) {
g := Goblin(t)
g.Describe("CopyTfEnv", func() {
g.It("Should create copies of TF_VAR_ to lowercase", func() {
// Set some initial TF_VAR_ that are uppercase
os.Setenv("TF_VAR_SOMETHING", "some value")
os.Setenv("TF_VAR_SOMETHING_ELSE", "some other value")
os.Setenv("TF_VAR_BASE64", "dGVzdA==")
CopyTfEnv()
// Make sure new env vars exist with proper values
g.Assert(os.Getenv("TF_VAR_something")).Equal("some value")
g.Assert(os.Getenv("TF_VAR_something_else")).Equal("some other value")
g.Assert(os.Getenv("TF_VAR_base64")).Equal("dGVzdA==")
})
})
g.Describe("tfApply", func() {
g.It("Should return correct apply commands given the arguments", func() {
type args struct { type args struct {
config Config config Config
} }
tests := []struct { tests := []struct {
name string name string
args args args args
@ -21,32 +41,32 @@ func Test_destroyCommand(t *testing.T) {
{ {
"default", "default",
args{config: Config{}}, args{config: Config{}},
exec.Command("terraform", "destroy", "-force"), exec.Command("terraform", "apply", "plan.tfout"),
}, },
{ {
"with targets", "with targets",
args{config: Config{Targets: []string{"target1", "target2"}}}, args{config: Config{Targets: []string{"target1", "target2"}}},
exec.Command("terraform", "destroy", "-target=target1", "-target=target2", "-force"), exec.Command("terraform", "apply", "--target", "target1", "--target", "target2", "plan.tfout"),
}, },
{ {
"with parallelism", "with parallelism",
args{config: Config{Parallelism: 5}}, args{config: Config{Parallelism: 5}},
exec.Command("terraform", "destroy", "-parallelism=5", "-force"), exec.Command("terraform", "apply", "-parallelism=5", "plan.tfout"),
}, },
} }
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { g.Assert(tfApply(tt.args.config)).Equal(tt.want)
if got := destroyCommand(tt.args.config); !reflect.DeepEqual(got, tt.want) {
t.Errorf("destroyCommand() = %v, want %v", got, tt.want)
} }
}) })
} })
}
func Test_applyCommand(t *testing.T) { g.Describe("tfDestroy", func() {
g.It("Should return correct destroy commands given the arguments", func() {
type args struct { type args struct {
config Config config Config
} }
tests := []struct { tests := []struct {
name string name string
args args args args
@ -55,102 +75,55 @@ func Test_applyCommand(t *testing.T) {
{ {
"default", "default",
args{config: Config{}}, args{config: Config{}},
exec.Command("terraform", "apply", "plan.tfout"), exec.Command("terraform", "destroy", "-force"),
}, },
{ {
"with targets", "with targets",
args{config: Config{Targets: []string{"target1", "target2"}}}, args{config: Config{Targets: []string{"target1", "target2"}}},
exec.Command("terraform", "apply", "--target", "target1", "--target", "target2", "plan.tfout"), exec.Command("terraform", "destroy", "-target=target1", "-target=target2", "-force"),
}, },
{ {
"with parallelism", "with parallelism",
args{config: Config{Parallelism: 5}}, args{config: Config{Parallelism: 5}},
exec.Command("terraform", "apply", "-parallelism=5", "plan.tfout"), exec.Command("terraform", "destroy", "-parallelism=5", "-force"),
}, },
} }
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := applyCommand(tt.args.config); !reflect.DeepEqual(got, tt.want) {
t.Errorf("applyCommand() = %v, want %v", got, tt.want)
}
})
}
}
func Test_terraformCommand(t *testing.T) {
type args struct {
config Config
}
tests := []struct {
name string
args args
want *exec.Cmd
}{
{
"default",
args{config: Config{}},
exec.Command("terraform", "apply", "plan.tfout"),
},
{
"destroy",
args{config: Config{Destroy: true}},
exec.Command("terraform", "destroy", "-force"),
},
}
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { g.Assert(tfDestroy(tt.args.config)).Equal(tt.want)
if got := terraformCommand(tt.args.config); !reflect.DeepEqual(got, tt.want) {
t.Errorf("terraformCommand() = %v, want %v", got, tt.want)
} }
}) })
} })
}
func Test_planCommand(t *testing.T) { g.Describe("tfPlan", func() {
g.It("Should return correct plan commands given the arguments", func() {
type args struct { type args struct {
config Config config Config
} }
tests := []struct { tests := []struct {
name string name string
args args args args
destroy bool
want *exec.Cmd want *exec.Cmd
}{ }{
{ {
"default", "default",
args{config: Config{}}, args{config: Config{}},
false,
exec.Command("terraform", "plan", "-out=plan.tfout"), exec.Command("terraform", "plan", "-out=plan.tfout"),
}, },
{ {
"destroy", "destroy",
args{config: Config{Destroy: true}}, args{config: Config{}},
true,
exec.Command("terraform", "plan", "-destroy"), exec.Command("terraform", "plan", "-destroy"),
}, },
} }
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { g.Assert(tfPlan(tt.args.config, tt.destroy)).Equal(tt.want)
if got := planCommand(tt.args.config); !reflect.DeepEqual(got, tt.want) {
t.Errorf("planCommand() = %v, want %v", got, tt.want)
}
})
} }
}
func TestPlugin(t *testing.T) {
g := Goblin(t)
g.Describe("CopyTfEnv", func() {
g.It("Should create copies of TF_VAR_ to lowercase", func() {
// Set some initial TF_VAR_ that are uppercase
os.Setenv("TF_VAR_SOMETHING", "some value")
os.Setenv("TF_VAR_SOMETHING_ELSE", "some other value")
os.Setenv("TF_VAR_BASE64", "dGVzdA==")
CopyTfEnv()
// Make sure new env vars exist with proper values
g.Assert(os.Getenv("TF_VAR_something")).Equal("some value")
g.Assert(os.Getenv("TF_VAR_something_else")).Equal("some other value")
g.Assert(os.Getenv("TF_VAR_base64")).Equal("dGVzdA==")
}) })
}) })
} }

Loading…
Cancel
Save