forked from HariSekhon/DevOps-Bash-tools
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathterraform_cloud_workspace_set_vars.sh
executable file
·153 lines (123 loc) · 4.43 KB
/
terraform_cloud_workspace_set_vars.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
#!/usr/bin/env bash
# vim:ts=4:sts=4:sw=4:et
# args: :workspace haritest=myvalue
#
# Author: Hari Sekhon
# Date: 2021-12-21 13:30:39 +0000 (Tue, 21 Dec 2021)
#
# https://github.com/HariSekhon/DevOps-Bash-tools
#
# License: see accompanying Hari Sekhon LICENSE file
#
# If you're using my code you're welcome to connect with me on LinkedIn and optionally send me feedback to help steer this or other code I publish
#
# https://www.linkedin.com/in/HariSekhon
#
# https://www.terraform.io/cloud-docs/api-docs/workspace-variables
set -euo pipefail
[ -n "${DEBUG:-}" ] && set -x
srcdir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
# shellcheck disable=SC1090,SC1091
. "$srcdir/lib/utils.sh"
# shellcheck disable=SC2034,SC2154
usage_description="
Adds / updates Terraform Cloud workspace variables for a given workspace id from args or stdin
By default, creates variables as Environment Variables and marks them as Sensitive for safety as the primary use case for this code was easy uploading AWS access key credentials from things like aws_csv_creds.sh
If you want to create Terraform variables instead:
export TERRAFORM_VARIABLES=1
export TERRAFORM_VARIABLES_HCL=1 # mark the variables as HCL code (implies TERRAFORM_VARIABLES=1)
If you want to mark the variables as non-sensitive:
export TERRAFORM_VARIABLES_SENSITIVE=false
See terraform_cloud_organizations.sh to get a list of organization IDs
See terraform_cloud_varsets.sh to get a list of workspaces and their IDs
Examples:
${0##*/} {workspace_id} AWS_ACCESS_KEY_ID=AKIA...
echo AWS_ACCESS_KEY_ID=AKIA... | ${0##*/} {workspace_id}
Loads both AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY via stdin:
aws_csv_creds.sh credentials_exported.csv | ${0##*/} {workspace_id}
"
# used by usage() in lib/utils.sh
# shellcheck disable=SC2034
usage_args="<workspace_id> [<key>=<value> <key2>=<value2> ...]"
help_usage "$@"
min_args 1 "$@"
workspace_id="$1"
shift || :
if [ -z "$workspace_id" ]; then
usage "no terraform workspace id given"
fi
if [ -n "${TERRAFORM_VARIABLES_HCL:-}" ]; then
TERRAFORM_VARIABLES=1
hcl=true
else
hcl=false
fi
if [ -n "${TERRAFORM_VARIABLES:-}" ]; then
category="terraform"
else
category="env"
fi
if [ "${TERRAFORM_VARIABLES_SENSITIVE:-}" = false ]; then
sensitive=false
else
sensitive=true
fi
env_vars="$("$srcdir/terraform_cloud_workspace_vars.sh" "$workspace_id")"
add_env_var(){
local env_var="$1"
parse_export_key_value "$env_var"
local id
# shellcheck disable=SC2154
id="$(awk "\$4 == \"$key\" {print \$1}" <<< "$env_vars")"
if [ -n "$id" ]; then
timestamp "updating Terraform environment variable '$key' (id: '$id') in workspace '$workspace_id'"
# shellcheck disable=SC2154
"$srcdir/terraform_cloud_api.sh" "/workspaces/$workspace_id/vars/$id" \
-X PATCH \
-H "Content-Type: application/vnd.api+json" \
-d "{
\"data\": {
\"id\": \"$id\",
\"attributes\": {
\"key\": \"$key\",
\"value\": \"$value\",
\"category\": \"$category\",
\"hcl\": $hcl,
\"sensitive\": $sensitive
},
\"type\":\"vars\"
}
}" |
jq_debug_pipe_dump >/dev/null
#echo # JSON output doesn't end in a newline
else
timestamp "adding Terraform environment variable '$key' in workspace '$workspace_id'"
"$srcdir/terraform_cloud_api.sh" "/workspaces/$workspace_id/vars" \
-X POST \
-H "Content-Type: application/vnd.api+json" \
-d "{
\"data\": {
\"attributes\": {
\"key\": \"$key\",
\"value\": \"$value\",
\"category\": \"$category\",
\"hcl\": $hcl,
\"sensitive\": $sensitive
},
\"type\":\"vars\"
}
}" |
jq_debug_pipe_dump >/dev/null
#echo # JSON output doesn't end in a newline
fi
echo
}
if [ $# -gt 0 ]; then
for arg in "$@"; do
add_env_var "$arg"
done
else
while read -r line; do
add_env_var "$line"
done
fi