0
0
mirror of https://github.com/thegeeklab/wp-opentofu.git synced 2024-11-25 09:40:39 +00:00

Merge pull request #4 from jmccann/ca_certs

Add ability to inject internal CA Cert
This commit is contained in:
Jack Spirou 2016-02-15 13:23:28 -06:00
commit bd598ef988
2 changed files with 44 additions and 4 deletions

36
DOCS.md
View File

@ -4,7 +4,9 @@ Use the Terraform plugin to apply the infrastructure configuration contained wit
* `remote` - contains the configuration for the Terraform remote state tracking. * `remote` - contains the configuration for the Terraform remote state tracking.
* `backend` - the Terraform remote state backend to use. * `backend` - the Terraform remote state backend to use.
* `config` - a map of configuration parameters for the remote state backend. Each value is passed as a `-backend-config=<key>=<value>` option. * `config` - a map of configuration parameters for the remote state backend. Each value is passed as a `-backend-config=<key>=<value>` option.
* `vars` - a map of variables to pass to the Terraform `plan` and `apply` commands. Each value is passed as a `-var <key>=<value>` option. * `vars` - a map of variables to pass to the Terraform `plan` and `apply` commands. Each value is passed as a `-var
<key>=<value>` option.
* `ca_cert` - ca cert to add to your environment to allow terraform to use internal/private resources
The following is a sample Terraform configuration in your .drone.yml file: The following is a sample Terraform configuration in your .drone.yml file:
@ -18,7 +20,33 @@ deploy:
bucket: my-terraform-config-bucket bucket: my-terraform-config-bucket
key: tf-states/my-project key: tf-states/my-project
region: us-east-1 region: us-east-1
vars: vars:
app_name: my-project app_name: my-project
app_version: 1.0.0 app_version: 1.0.0
```
# Advanced Configuration
## CA Certs
You may want to run terraform against internal resources, like an internal
OpenStack deployment. Usually these resources are signed by an internal
CA Certificate. You can inject your CA Certificate into the plugin by using
`ca_certs` key as described above. Below is an example.
```yaml
deploy:
terraform:
dry_run: false
remote:
backend: swift
config:
path: drone/terraform
vars:
app_name: my-project
app_version: 1.0.0
ca_cert: |
-----BEGIN CERTIFICATE-----
asdfsadf
asdfsadf
-----END CERTIFICATE-----
``` ```

12
main.go
View File

@ -5,6 +5,7 @@ import (
"os" "os"
"os/exec" "os/exec"
"strings" "strings"
"io/ioutil"
"github.com/drone/drone-plugin-go/plugin" "github.com/drone/drone-plugin-go/plugin"
) )
@ -13,6 +14,7 @@ type terraform struct {
Remote remote `json:"remote"` Remote remote `json:"remote"`
Plan bool `json:"plan"` Plan bool `json:"plan"`
Vars map[string]string `json:"vars"` Vars map[string]string `json:"vars"`
Cacert string `json:"ca_cert"`
} }
type remote struct { type remote struct {
@ -31,6 +33,9 @@ func main() {
var commands []*exec.Cmd var commands []*exec.Cmd
remote := vargs.Remote remote := vargs.Remote
if vargs.Cacert != "" {
commands = append(commands, installCaCert(vargs.Cacert))
}
if remote.Backend != "" { if remote.Backend != "" {
commands = append(commands, remoteConfigCommand(remote)) commands = append(commands, remoteConfigCommand(remote))
} }
@ -57,6 +62,13 @@ func main() {
} }
func installCaCert(cacert string) *exec.Cmd {
ioutil.WriteFile("/usr/local/share/ca-certificates/ca_cert.crt", []byte(cacert), 0644)
return exec.Command(
"update-ca-certificates",
)
}
func remoteConfigCommand(config remote) *exec.Cmd { func remoteConfigCommand(config remote) *exec.Cmd {
args := []string{ args := []string{
"remote", "remote",