0
0
mirror of https://github.com/thegeeklab/wp-opentofu.git synced 2024-11-22 00:30:40 +00:00

Merge pull request #4 from jmccann/ca_certs

Add ability to inject internal CA Cert
This commit is contained in:
Jack Spirou 2016-02-15 13:23:28 -06:00
commit bd598ef988
2 changed files with 44 additions and 4 deletions

30
DOCS.md
View File

@ -4,7 +4,9 @@ Use the Terraform plugin to apply the infrastructure configuration contained wit
* `remote` - contains the configuration for the Terraform remote state tracking.
* `backend` - the Terraform remote state backend to use.
* `config` - a map of configuration parameters for the remote state backend. Each value is passed as a `-backend-config=<key>=<value>` option.
* `vars` - a map of variables to pass to the Terraform `plan` and `apply` commands. Each value is passed as a `-var <key>=<value>` option.
* `vars` - a map of variables to pass to the Terraform `plan` and `apply` commands. Each value is passed as a `-var
<key>=<value>` option.
* `ca_cert` - ca cert to add to your environment to allow terraform to use internal/private resources
The following is a sample Terraform configuration in your .drone.yml file:
@ -22,3 +24,29 @@ deploy:
app_name: my-project
app_version: 1.0.0
```
# Advanced Configuration
## CA Certs
You may want to run terraform against internal resources, like an internal
OpenStack deployment. Usually these resources are signed by an internal
CA Certificate. You can inject your CA Certificate into the plugin by using
`ca_certs` key as described above. Below is an example.
```yaml
deploy:
terraform:
dry_run: false
remote:
backend: swift
config:
path: drone/terraform
vars:
app_name: my-project
app_version: 1.0.0
ca_cert: |
-----BEGIN CERTIFICATE-----
asdfsadf
asdfsadf
-----END CERTIFICATE-----
```

12
main.go
View File

@ -5,6 +5,7 @@ import (
"os"
"os/exec"
"strings"
"io/ioutil"
"github.com/drone/drone-plugin-go/plugin"
)
@ -13,6 +14,7 @@ type terraform struct {
Remote remote `json:"remote"`
Plan bool `json:"plan"`
Vars map[string]string `json:"vars"`
Cacert string `json:"ca_cert"`
}
type remote struct {
@ -31,6 +33,9 @@ func main() {
var commands []*exec.Cmd
remote := vargs.Remote
if vargs.Cacert != "" {
commands = append(commands, installCaCert(vargs.Cacert))
}
if remote.Backend != "" {
commands = append(commands, remoteConfigCommand(remote))
}
@ -57,6 +62,13 @@ func main() {
}
func installCaCert(cacert string) *exec.Cmd {
ioutil.WriteFile("/usr/local/share/ca-certificates/ca_cert.crt", []byte(cacert), 0644)
return exec.Command(
"update-ca-certificates",
)
}
func remoteConfigCommand(config remote) *exec.Cmd {
args := []string{
"remote",