tfwrapper 0.6.1 → 0.6.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/ChangeLog.md +4 -0
- data/README.md +20 -0
- data/lib/tfwrapper/raketasks.rb +6 -1
- data/lib/tfwrapper/version.rb +1 -1
- data/spec/unit/raketasks_spec.rb +14 -2
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 4a404a81c05bcc07e29ef34eef1d881aa9c47faa1e5ba0ed127a34b8ae1202c5
|
4
|
+
data.tar.gz: f0078c62815fd5d7e49c14d201d9da2154ed91f6c4786a7a7be65914582cd4d8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: db129accb7e439c570ca8a8eb2d56a259acb98221a5acf5e451cc4aa44516627abd6e29603574abbf4dcd16c968b58607552bbec3a1b50ce7df44de9659968a7
|
7
|
+
data.tar.gz: f9f99bcc2e51e2aa4cedabd0e1179a1954dbc3e3e4d44149ab2d171218cc6e55a940ef2372869c6cd694c77be0282d5230f7a7d142eaea53479794c78550e810
|
data/ChangeLog.md
CHANGED
data/README.md
CHANGED
@@ -330,6 +330,26 @@ $ consul kv get terraform/inputs/foo
|
|
330
330
|
{"FOO":"one", "BAR":"two"}
|
331
331
|
```
|
332
332
|
|
333
|
+
### Sensitive Environment Variables
|
334
|
+
If you wish for certain variables to be marked as "redacted", use the ``tf_sensitive_vars`` option. This is an array of variables that will not be printed.
|
335
|
+
|
336
|
+
Note: ``aws_access_key`` and ``aws_secret_key`` will always be redacted without requiring configuration.
|
337
|
+
|
338
|
+
|
339
|
+
Example to redact the vaule for ``secret``:
|
340
|
+
|
341
|
+
Rakefile:
|
342
|
+
|
343
|
+
```ruby
|
344
|
+
require 'tfwrapper/raketasks'
|
345
|
+
|
346
|
+
TFWrapper::RakeTasks.install_tasks(
|
347
|
+
'.',
|
348
|
+
tf_vars_from_env: {'foo' => 'FOO', 'bar' => 'BAR', 'secret' => 'abc'},
|
349
|
+
tf_sensitive_vars: ['secret']
|
350
|
+
)
|
351
|
+
```
|
352
|
+
|
333
353
|
## Development
|
334
354
|
|
335
355
|
1. ``bundle install --path vendor``
|
data/lib/tfwrapper/raketasks.rb
CHANGED
@@ -59,6 +59,8 @@ module TFWrapper
|
|
59
59
|
# names (specified in :tf_vars_from_env) to allow to be empty or missing.
|
60
60
|
# @option opts [Hash] :tf_extra_vars hash of Terraform variables to their
|
61
61
|
# values; overrides any same-named keys in ``tf_vars_from_env``
|
62
|
+
# @option opts [Array] :tf_sensitive_vars list of Terraform variables
|
63
|
+
# which should not be printed
|
62
64
|
# @option opts [String] :consul_url URL to access Consul at, for the
|
63
65
|
# ``:consul_env_vars_prefix`` option.
|
64
66
|
# @option opts [String] :consul_env_vars_prefix if specified and not nil,
|
@@ -99,6 +101,7 @@ module TFWrapper
|
|
99
101
|
@consul_env_vars_prefix = opts.fetch(:consul_env_vars_prefix, nil)
|
100
102
|
@tf_vars_from_env = opts.fetch(:tf_vars_from_env, {})
|
101
103
|
@allowed_empty_vars = opts.fetch(:allowed_empty_vars, [])
|
104
|
+
@tf_sensitive_vars = opts.fetch(:tf_sensitive_vars, [])
|
102
105
|
@tf_extra_vars = opts.fetch(:tf_extra_vars, {})
|
103
106
|
@backend_config = opts.fetch(:backend_config, {})
|
104
107
|
@consul_url = opts.fetch(:consul_url, nil)
|
@@ -319,7 +322,9 @@ module TFWrapper
|
|
319
322
|
tf_vars = terraform_vars
|
320
323
|
puts 'Terraform vars:'
|
321
324
|
tf_vars.sort.map do |k, v|
|
322
|
-
|
325
|
+
redacted_list = (%w[aws_access_key aws_secret_key] +
|
326
|
+
@tf_sensitive_vars)
|
327
|
+
if redacted_list.include?(k)
|
323
328
|
puts "#{k} => (redacted)"
|
324
329
|
else
|
325
330
|
puts "#{k} => #{v}"
|
data/lib/tfwrapper/version.rb
CHANGED
data/spec/unit/raketasks_spec.rb
CHANGED
@@ -60,6 +60,7 @@ describe TFWrapper::RakeTasks do
|
|
60
60
|
expect(cls.instance_variable_get('@consul_env_vars_prefix')).to eq(nil)
|
61
61
|
expect(cls.instance_variable_get('@tf_vars_from_env')).to eq({})
|
62
62
|
expect(cls.instance_variable_get('@allowed_empty_vars')).to eq([])
|
63
|
+
expect(cls.instance_variable_get('@tf_sensitive_vars')).to eq([])
|
63
64
|
expect(cls.instance_variable_get('@tf_extra_vars')).to eq({})
|
64
65
|
expect(cls.instance_variable_get('@backend_config')).to eq({})
|
65
66
|
expect(cls.instance_variable_get('@consul_url')).to eq(nil)
|
@@ -89,6 +90,7 @@ describe TFWrapper::RakeTasks do
|
|
89
90
|
consul_env_vars_prefix: 'cvprefix',
|
90
91
|
tf_vars_from_env: { 'foo' => 'bar' },
|
91
92
|
allowed_empty_vars: %w[bar blam],
|
93
|
+
tf_sensitive_vars: %w[secret],
|
92
94
|
tf_extra_vars: { 'baz' => 'blam' },
|
93
95
|
consul_url: 'foobar',
|
94
96
|
before_proc: bproc,
|
@@ -104,6 +106,8 @@ describe TFWrapper::RakeTasks do
|
|
104
106
|
.to eq('foo' => 'bar')
|
105
107
|
expect(cls.instance_variable_get('@allowed_empty_vars'))
|
106
108
|
.to eq(%w[bar blam])
|
109
|
+
expect(cls.instance_variable_get('@tf_sensitive_vars'))
|
110
|
+
.to eq(%w[secret])
|
107
111
|
expect(cls.instance_variable_get('@tf_extra_vars'))
|
108
112
|
.to eq('baz' => 'blam')
|
109
113
|
expect(cls.instance_variable_get('@backend_config')).to eq({})
|
@@ -832,6 +836,7 @@ describe TFWrapper::RakeTasks do
|
|
832
836
|
Rake.application = rake_application
|
833
837
|
end
|
834
838
|
before do
|
839
|
+
subject.instance_variable_set('@tf_sensitive_vars', ['secret'])
|
835
840
|
subject.install_write_tf_vars
|
836
841
|
end
|
837
842
|
|
@@ -844,7 +849,8 @@ describe TFWrapper::RakeTasks do
|
|
844
849
|
vars = {
|
845
850
|
'foo' => 'bar',
|
846
851
|
'baz' => 'blam',
|
847
|
-
'aws_access_key' => 'ak'
|
852
|
+
'aws_access_key' => 'ak',
|
853
|
+
'secret' => 'abc'
|
848
854
|
}
|
849
855
|
allow(subject).to receive(:terraform_vars).and_return(vars)
|
850
856
|
allow(subject).to receive(:var_file_path).and_return('file.tfvars.json')
|
@@ -856,6 +862,8 @@ describe TFWrapper::RakeTasks do
|
|
856
862
|
expect(STDOUT).to receive(:puts).once.with('Terraform vars:')
|
857
863
|
expect(STDOUT).to receive(:puts)
|
858
864
|
.once.with('aws_access_key => (redacted)')
|
865
|
+
expect(STDOUT).to receive(:puts)
|
866
|
+
.once.with('secret => (redacted)')
|
859
867
|
expect(STDOUT).to receive(:puts).once.with('baz => blam')
|
860
868
|
expect(STDOUT).to receive(:puts).once.with('foo => bar')
|
861
869
|
expect(File).to receive(:open).once.with('file.tfvars.json', 'w')
|
@@ -917,6 +925,7 @@ describe TFWrapper::RakeTasks do
|
|
917
925
|
Rake.application = rake_application
|
918
926
|
end
|
919
927
|
before do
|
928
|
+
subject.instance_variable_set('@tf_sensitive_vars', ['secret'])
|
920
929
|
subject.instance_variable_set('@ns_prefix', 'foo')
|
921
930
|
subject.install_write_tf_vars
|
922
931
|
end
|
@@ -930,7 +939,8 @@ describe TFWrapper::RakeTasks do
|
|
930
939
|
vars = {
|
931
940
|
'foo' => 'bar',
|
932
941
|
'baz' => 'blam',
|
933
|
-
'aws_access_key' => 'ak'
|
942
|
+
'aws_access_key' => 'ak',
|
943
|
+
'secret' => 'abc'
|
934
944
|
}
|
935
945
|
allow(subject).to receive(:terraform_vars).and_return(vars)
|
936
946
|
allow(subject).to receive(:var_file_path)
|
@@ -943,6 +953,8 @@ describe TFWrapper::RakeTasks do
|
|
943
953
|
expect(STDOUT).to receive(:puts).once.with('Terraform vars:')
|
944
954
|
expect(STDOUT).to receive(:puts)
|
945
955
|
.once.with('aws_access_key => (redacted)')
|
956
|
+
expect(STDOUT).to receive(:puts)
|
957
|
+
.once.with('secret => (redacted)')
|
946
958
|
expect(STDOUT).to receive(:puts).once.with('baz => blam')
|
947
959
|
expect(STDOUT).to receive(:puts).once.with('foo => bar')
|
948
960
|
expect(File).to receive(:open).once.with('foo_file.tfvars.json', 'w')
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: tfwrapper
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.6.
|
4
|
+
version: 0.6.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- jantman
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-09-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: retries
|
@@ -421,7 +421,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
421
421
|
version: '0'
|
422
422
|
requirements: []
|
423
423
|
rubyforge_project:
|
424
|
-
rubygems_version: 2.6
|
424
|
+
rubygems_version: 2.7.6
|
425
425
|
signing_key:
|
426
426
|
specification_version: 4
|
427
427
|
summary: Rake tasks for running Hashicorp Terraform sanely
|