feat(terraformExecute): fetch CLI config from vault or jenkins (#3225)

* feat(terraformExecute): run init prior to command * Docs & fmt * cleanup * feat(terraformExecute): fetch cli config from vault or jenkins * fix * cleanup * cleanup * Update resources/metadata/terraformExecute.yaml * rename config param from terraformConfigFile to cliConfigFile * rename credential params * cleanup * fix Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2025-11-06 09:09:19 +02:00 · 2021-10-29 13:58:34 +02:00
parent b1cbc0bcc7
commit 7517873b62
4 changed files with 70 additions and 12 deletions
--- a/cmd/terraformExecute.go
+++ b/cmd/terraformExecute.go
@@ -40,6 +40,10 @@ func terraformExecute(config terraformExecuteOptions, telemetryData *telemetry.C
 }

 func runTerraformExecute(config *terraformExecuteOptions, telemetryData *telemetry.CustomData, utils terraformExecuteUtils) error {
+	if len(config.CliConfigFile) > 0 {
+		utils.AppendEnv([]string{fmt.Sprintf("TF_CLI_CONFIG_FILE=%s", config.CliConfigFile)})
+	}
+
 	args := []string{}

 	if config.Command == "apply" {
--- a/cmd/terraformExecute_generated.go
+++ b/cmd/terraformExecute_generated.go
@@ -21,6 +21,7 @@ type terraformExecuteOptions struct {
 	GlobalOptions    []string `json:"globalOptions,omitempty"`
 	AdditionalArgs   []string `json:"additionalArgs,omitempty"`
 	Init             bool     `json:"init,omitempty"`
+	CliConfigFile    string   `json:"cliConfigFile,omitempty"`
 }

 // TerraformExecuteCommand Executes Terraform
@@ -52,6 +53,7 @@ func TerraformExecuteCommand() *cobra.Command {
 				log.SetErrorCategory(log.ErrorConfiguration)
 				return err
 			}
+			log.RegisterSecret(stepConfig.CliConfigFile)

 			if len(GeneralConfig.HookConfig.SentryConfig.Dsn) > 0 {
 				sentryHook := log.NewSentryHook(GeneralConfig.HookConfig.SentryConfig.Dsn, GeneralConfig.CorrelationID)
@@ -112,6 +114,7 @@ func addTerraformExecuteFlags(cmd *cobra.Command, stepConfig *terraformExecuteOp
 	cmd.Flags().StringSliceVar(&stepConfig.GlobalOptions, "globalOptions", []string{}, "")
 	cmd.Flags().StringSliceVar(&stepConfig.AdditionalArgs, "additionalArgs", []string{}, "")
 	cmd.Flags().BoolVar(&stepConfig.Init, "init", false, "")
+	cmd.Flags().StringVar(&stepConfig.CliConfigFile, "cliConfigFile", os.Getenv("PIPER_cliConfigFile"), "Path to the terraform CLI configuration file (https://www.terraform.io/docs/cli/config/config-file.html#credentials).")

 }

@@ -125,6 +128,9 @@ func terraformExecuteMetadata() config.StepData {
 		},
 		Spec: config.StepSpec{
 			Inputs: config.StepInputs{
+				Secrets: []config.StepSecrets{
+					{Name: "cliConfigFileCredentialsId", Description: "Jenkins 'Secret file' credentials ID containing terraform CLI configuration. You can find more details about it in the [Terraform documentation](https://www.terraform.io/docs/cli/config/config-file.html#credentials).", Type: "jenkins"},
+				},
 				Parameters: []config.StepParameters{
 					{
 						Name:        "command",
@@ -141,7 +147,7 @@ func terraformExecuteMetadata() config.StepData {
 							{
 								Name:    "terraformExecuteFileVaultSecret",
 								Type:    "vaultSecretFile",
-								Default: "terraformExecute",
+								Default: "terraform",
 							},
 						},
 						Scope:     []string{"PARAMETERS", "STAGES", "STEPS"},
@@ -177,6 +183,26 @@ func terraformExecuteMetadata() config.StepData {
 						Aliases:     []config.Alias{},
 						Default:     false,
 					},
+					{
+						Name: "cliConfigFile",
+						ResourceRef: []config.ResourceReference{
+							{
+								Name: "cliConfigFileCredentialsId",
+								Type: "secret",
+							},
+
+							{
+								Name:    "cliConfigFileVaultSecretName",
+								Type:    "vaultSecretFile",
+								Default: "terraform",
+							},
+						},
+						Scope:     []string{"PARAMETERS", "STAGES", "STEPS"},
+						Type:      "string",
+						Mandatory: false,
+						Aliases:   []config.Alias{},
+						Default:   os.Getenv("PIPER_cliConfigFile"),
+					},
 				},
 			},
 			Containers: []config.Container{
--- a/cmd/terraformExecute_test.go
+++ b/cmd/terraformExecute_test.go
@@ -25,43 +25,44 @@ func TestRunTerraformExecute(t *testing.T) {

 	tt := []struct {
 		terraformExecuteOptions
-		expectedArgs []string
+		expectedArgs    []string
+		expectedEnvVars []string
 	}{
 		{
 			terraformExecuteOptions{
 				Command: "apply",
-			}, []string{"apply", "-auto-approve"},
+			}, []string{"apply", "-auto-approve"}, []string{},
 		},
 		{
 			terraformExecuteOptions{
 				Command:          "apply",
 				TerraformSecrets: "/tmp/test",
-			}, []string{"apply", "-auto-approve", "-var-file=/tmp/test"},
+			}, []string{"apply", "-auto-approve", "-var-file=/tmp/test"}, []string{},
 		},
 		{
 			terraformExecuteOptions{
 				Command: "plan",
-			}, []string{"plan"},
+			}, []string{"plan"}, []string{},
 		},
 		{
 			terraformExecuteOptions{
 				Command:          "plan",
 				TerraformSecrets: "/tmp/test",
-			}, []string{"plan", "-var-file=/tmp/test"},
+			}, []string{"plan", "-var-file=/tmp/test"}, []string{},
 		},
 		{
 			terraformExecuteOptions{
 				Command:          "plan",
 				TerraformSecrets: "/tmp/test",
 				AdditionalArgs:   []string{"-arg1"},
-			}, []string{"plan", "-var-file=/tmp/test", "-arg1"},
+			}, []string{"plan", "-var-file=/tmp/test", "-arg1"}, []string{},
 		},
 		{
 			terraformExecuteOptions{
 				Command:          "apply",
 				TerraformSecrets: "/tmp/test",
 				AdditionalArgs:   []string{"-arg1"},
-			}, []string{"apply", "-auto-approve", "-var-file=/tmp/test", "-arg1"},
+			}, []string{"apply", "-auto-approve", "-var-file=/tmp/test", "-arg1"}, []string{},
 		},
 		{
 			terraformExecuteOptions{
@@ -69,20 +70,26 @@ func TestRunTerraformExecute(t *testing.T) {
 				TerraformSecrets: "/tmp/test",
 				AdditionalArgs:   []string{"-arg1"},
 				GlobalOptions:    []string{"-chgdir=src"},
-			}, []string{"-chgdir=src", "apply", "-auto-approve", "-var-file=/tmp/test", "-arg1"},
+			}, []string{"-chgdir=src", "apply", "-auto-approve", "-var-file=/tmp/test", "-arg1"}, []string{},
 		},
 		{
 			terraformExecuteOptions{
 				Command: "apply",
 				Init:    true,
-			}, []string{"apply", "-auto-approve"},
+			}, []string{"apply", "-auto-approve"}, []string{},
 		},
 		{
 			terraformExecuteOptions{
 				Command:       "apply",
 				GlobalOptions: []string{"-chgdir=src"},
 				Init:          true,
-			}, []string{"-chgdir=src", "apply", "-auto-approve"},
+			}, []string{"-chgdir=src", "apply", "-auto-approve"}, []string{},
+		},
+		{
+			terraformExecuteOptions{
+				Command:       "apply",
+				CliConfigFile: ".pipeline/.terraformrc",
+			}, []string{"apply", "-auto-approve"}, []string{"TF_CLI_CONFIG_FILE=.pipeline/.terraformrc"},
 		},
 	}

@@ -92,6 +99,7 @@ func TestRunTerraformExecute(t *testing.T) {
 			// init
 			config := test.terraformExecuteOptions
 			utils := newTerraformExecuteTestsUtils()
+			runner := utils.ExecMockRunner

 			// test
 			err := runTerraformExecute(&config, nil, utils)
@@ -105,6 +113,8 @@ func TestRunTerraformExecute(t *testing.T) {
 			} else {
 				assert.Equal(t, mock.ExecCall{Exec: "terraform", Params: test.expectedArgs}, utils.Calls[0])
 			}
+
+			assert.Subset(t, runner.Env, test.expectedEnvVars)
 		})
 	}
 }