mirror of
https://github.com/thegeeklab/wp-opentofu.git
synced 2024-11-25 09:40:39 +00:00
Merge pull request #4 from jmccann/ca_certs
Add ability to inject internal CA Cert
This commit is contained in:
commit
bd598ef988
36
DOCS.md
36
DOCS.md
@ -4,7 +4,9 @@ Use the Terraform plugin to apply the infrastructure configuration contained wit
|
|||||||
* `remote` - contains the configuration for the Terraform remote state tracking.
|
* `remote` - contains the configuration for the Terraform remote state tracking.
|
||||||
* `backend` - the Terraform remote state backend to use.
|
* `backend` - the Terraform remote state backend to use.
|
||||||
* `config` - a map of configuration parameters for the remote state backend. Each value is passed as a `-backend-config=<key>=<value>` option.
|
* `config` - a map of configuration parameters for the remote state backend. Each value is passed as a `-backend-config=<key>=<value>` option.
|
||||||
* `vars` - a map of variables to pass to the Terraform `plan` and `apply` commands. Each value is passed as a `-var <key>=<value>` option.
|
* `vars` - a map of variables to pass to the Terraform `plan` and `apply` commands. Each value is passed as a `-var
|
||||||
|
<key>=<value>` option.
|
||||||
|
* `ca_cert` - ca cert to add to your environment to allow terraform to use internal/private resources
|
||||||
|
|
||||||
The following is a sample Terraform configuration in your .drone.yml file:
|
The following is a sample Terraform configuration in your .drone.yml file:
|
||||||
|
|
||||||
@ -18,7 +20,33 @@ deploy:
|
|||||||
bucket: my-terraform-config-bucket
|
bucket: my-terraform-config-bucket
|
||||||
key: tf-states/my-project
|
key: tf-states/my-project
|
||||||
region: us-east-1
|
region: us-east-1
|
||||||
vars:
|
vars:
|
||||||
app_name: my-project
|
app_name: my-project
|
||||||
app_version: 1.0.0
|
app_version: 1.0.0
|
||||||
|
```
|
||||||
|
|
||||||
|
# Advanced Configuration
|
||||||
|
|
||||||
|
## CA Certs
|
||||||
|
You may want to run terraform against internal resources, like an internal
|
||||||
|
OpenStack deployment. Usually these resources are signed by an internal
|
||||||
|
CA Certificate. You can inject your CA Certificate into the plugin by using
|
||||||
|
`ca_certs` key as described above. Below is an example.
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
deploy:
|
||||||
|
terraform:
|
||||||
|
dry_run: false
|
||||||
|
remote:
|
||||||
|
backend: swift
|
||||||
|
config:
|
||||||
|
path: drone/terraform
|
||||||
|
vars:
|
||||||
|
app_name: my-project
|
||||||
|
app_version: 1.0.0
|
||||||
|
ca_cert: |
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
asdfsadf
|
||||||
|
asdfsadf
|
||||||
|
-----END CERTIFICATE-----
|
||||||
```
|
```
|
||||||
|
12
main.go
12
main.go
@ -5,6 +5,7 @@ import (
|
|||||||
"os"
|
"os"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
"strings"
|
"strings"
|
||||||
|
"io/ioutil"
|
||||||
|
|
||||||
"github.com/drone/drone-plugin-go/plugin"
|
"github.com/drone/drone-plugin-go/plugin"
|
||||||
)
|
)
|
||||||
@ -13,6 +14,7 @@ type terraform struct {
|
|||||||
Remote remote `json:"remote"`
|
Remote remote `json:"remote"`
|
||||||
Plan bool `json:"plan"`
|
Plan bool `json:"plan"`
|
||||||
Vars map[string]string `json:"vars"`
|
Vars map[string]string `json:"vars"`
|
||||||
|
Cacert string `json:"ca_cert"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type remote struct {
|
type remote struct {
|
||||||
@ -31,6 +33,9 @@ func main() {
|
|||||||
|
|
||||||
var commands []*exec.Cmd
|
var commands []*exec.Cmd
|
||||||
remote := vargs.Remote
|
remote := vargs.Remote
|
||||||
|
if vargs.Cacert != "" {
|
||||||
|
commands = append(commands, installCaCert(vargs.Cacert))
|
||||||
|
}
|
||||||
if remote.Backend != "" {
|
if remote.Backend != "" {
|
||||||
commands = append(commands, remoteConfigCommand(remote))
|
commands = append(commands, remoteConfigCommand(remote))
|
||||||
}
|
}
|
||||||
@ -57,6 +62,13 @@ func main() {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func installCaCert(cacert string) *exec.Cmd {
|
||||||
|
ioutil.WriteFile("/usr/local/share/ca-certificates/ca_cert.crt", []byte(cacert), 0644)
|
||||||
|
return exec.Command(
|
||||||
|
"update-ca-certificates",
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
func remoteConfigCommand(config remote) *exec.Cmd {
|
func remoteConfigCommand(config remote) *exec.Cmd {
|
||||||
args := []string{
|
args := []string{
|
||||||
"remote",
|
"remote",
|
||||||
|
Loading…
Reference in New Issue
Block a user