tfwrapper 0.6.1 → 0.6.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 68a638cd8db6246d0a17096f0b8bc125166772ea
-  data.tar.gz: 05301d7bfcc0a75562b8036e657cf610d4aa55a4
+SHA256:
+  metadata.gz: 4a404a81c05bcc07e29ef34eef1d881aa9c47faa1e5ba0ed127a34b8ae1202c5
+  data.tar.gz: f0078c62815fd5d7e49c14d201d9da2154ed91f6c4786a7a7be65914582cd4d8
 SHA512:
-  metadata.gz: 23f2edc392399b115ad02465a1b3b9fad6d6c37b633e4bcc6ea8463799c3af4c641f00828b0eb6879e380abe48ca3c38a8ee21ce8bf96b677f069f0adede586d
-  data.tar.gz: 72af330049aab08bfb69c539985bb9dc0c2ef5b13c57b02ae682c77468410b4880672407d3b84e420d6858248c2f98cdd822fc0fa51d3a23fa77482a3ec0d66c
+  metadata.gz: db129accb7e439c570ca8a8eb2d56a259acb98221a5acf5e451cc4aa44516627abd6e29603574abbf4dcd16c968b58607552bbec3a1b50ce7df44de9659968a7
+  data.tar.gz: f9f99bcc2e51e2aa4cedabd0e1179a1954dbc3e3e4d44149ab2d171218cc6e55a940ef2372869c6cd694c77be0282d5230f7a7d142eaea53479794c78550e810

data/ChangeLog.md

@@ -1,3 +1,7 @@
+Version 0.6.2
+
+  - Add ``tf_sensitive_vars`` option.
+
 Version 0.6.1
 
   - Add ``allowed_empty_vars`` option.

data/README.md

@@ -330,6 +330,26 @@ $ consul kv get terraform/inputs/foo
 {"FOO":"one", "BAR":"two"}
 ```
 
+### Sensitive Environment Variables
+If you wish for certain variables to be marked as "redacted", use the ``tf_sensitive_vars`` option. This is an array of variables that will not be printed.
+
+Note: ``aws_access_key`` and ``aws_secret_key`` will always be redacted without requiring configuration.
+
+
+Example to redact the vaule for ``secret``:
+
+Rakefile:
+
+```ruby
+require 'tfwrapper/raketasks'
+
+TFWrapper::RakeTasks.install_tasks(
+  '.',
+  tf_vars_from_env: {'foo' => 'FOO', 'bar' => 'BAR', 'secret' => 'abc'},
+  tf_sensitive_vars: ['secret']
+)
+```
+
 ## Development
 
 1. ``bundle install --path vendor``

data/lib/tfwrapper/raketasks.rb

@@ -59,6 +59,8 @@ module TFWrapper
     #   names (specified in :tf_vars_from_env) to allow to be empty or missing.
     # @option opts [Hash] :tf_extra_vars hash of Terraform variables to their
     #   values; overrides any same-named keys in ``tf_vars_from_env``
+    # @option opts [Array] :tf_sensitive_vars list of Terraform variables
+    #   which should not be printed
     # @option opts [String] :consul_url URL to access Consul at, for the
     #   ``:consul_env_vars_prefix`` option.
     # @option opts [String] :consul_env_vars_prefix if specified and not nil,
@@ -99,6 +101,7 @@ module TFWrapper
       @consul_env_vars_prefix = opts.fetch(:consul_env_vars_prefix, nil)
       @tf_vars_from_env = opts.fetch(:tf_vars_from_env, {})
       @allowed_empty_vars = opts.fetch(:allowed_empty_vars, [])
+      @tf_sensitive_vars = opts.fetch(:tf_sensitive_vars, [])
       @tf_extra_vars = opts.fetch(:tf_extra_vars, {})
       @backend_config = opts.fetch(:backend_config, {})
       @consul_url = opts.fetch(:consul_url, nil)
@@ -319,7 +322,9 @@ module TFWrapper
           tf_vars = terraform_vars
           puts 'Terraform vars:'
           tf_vars.sort.map do |k, v|
-            if %w[aws_access_key aws_secret_key].include?(k)
+            redacted_list = (%w[aws_access_key aws_secret_key] +
+                             @tf_sensitive_vars)
+            if redacted_list.include?(k)
               puts "#{k} => (redacted)"
             else
               puts "#{k} => #{v}"

data/lib/tfwrapper/version.rb

@@ -4,5 +4,5 @@ module TFWrapper
   # version of the Gem/module; used in the gemspec and in messages.
   # NOTE: When updating this, also update the version in the "Installation"
   # section of README.md
-  VERSION = '0.6.1'
+  VERSION = '0.6.2'
 end

data/spec/unit/raketasks_spec.rb

@@ -60,6 +60,7 @@ describe TFWrapper::RakeTasks do
       expect(cls.instance_variable_get('@consul_env_vars_prefix')).to eq(nil)
       expect(cls.instance_variable_get('@tf_vars_from_env')).to eq({})
       expect(cls.instance_variable_get('@allowed_empty_vars')).to eq([])
+      expect(cls.instance_variable_get('@tf_sensitive_vars')).to eq([])
       expect(cls.instance_variable_get('@tf_extra_vars')).to eq({})
       expect(cls.instance_variable_get('@backend_config')).to eq({})
       expect(cls.instance_variable_get('@consul_url')).to eq(nil)
@@ -89,6 +90,7 @@ describe TFWrapper::RakeTasks do
         consul_env_vars_prefix: 'cvprefix',
         tf_vars_from_env: { 'foo' => 'bar' },
         allowed_empty_vars: %w[bar blam],
+        tf_sensitive_vars: %w[secret],
         tf_extra_vars: { 'baz' => 'blam' },
         consul_url: 'foobar',
         before_proc: bproc,
@@ -104,6 +106,8 @@ describe TFWrapper::RakeTasks do
         .to eq('foo' => 'bar')
       expect(cls.instance_variable_get('@allowed_empty_vars'))
         .to eq(%w[bar blam])
+      expect(cls.instance_variable_get('@tf_sensitive_vars'))
+        .to eq(%w[secret])
       expect(cls.instance_variable_get('@tf_extra_vars'))
         .to eq('baz' => 'blam')
       expect(cls.instance_variable_get('@backend_config')).to eq({})
@@ -832,6 +836,7 @@ describe TFWrapper::RakeTasks do
         Rake.application = rake_application
       end
       before do
+        subject.instance_variable_set('@tf_sensitive_vars', ['secret'])
         subject.install_write_tf_vars
       end
 
@@ -844,7 +849,8 @@ describe TFWrapper::RakeTasks do
         vars = {
           'foo' => 'bar',
           'baz' => 'blam',
-          'aws_access_key' => 'ak'
+          'aws_access_key' => 'ak',
+          'secret' => 'abc'
         }
         allow(subject).to receive(:terraform_vars).and_return(vars)
         allow(subject).to receive(:var_file_path).and_return('file.tfvars.json')
@@ -856,6 +862,8 @@ describe TFWrapper::RakeTasks do
         expect(STDOUT).to receive(:puts).once.with('Terraform vars:')
         expect(STDOUT).to receive(:puts)
           .once.with('aws_access_key => (redacted)')
+        expect(STDOUT).to receive(:puts)
+          .once.with('secret => (redacted)')
         expect(STDOUT).to receive(:puts).once.with('baz => blam')
         expect(STDOUT).to receive(:puts).once.with('foo => bar')
         expect(File).to receive(:open).once.with('file.tfvars.json', 'w')
@@ -917,6 +925,7 @@ describe TFWrapper::RakeTasks do
         Rake.application = rake_application
       end
       before do
+        subject.instance_variable_set('@tf_sensitive_vars', ['secret'])
         subject.instance_variable_set('@ns_prefix', 'foo')
         subject.install_write_tf_vars
       end
@@ -930,7 +939,8 @@ describe TFWrapper::RakeTasks do
         vars = {
           'foo' => 'bar',
           'baz' => 'blam',
-          'aws_access_key' => 'ak'
+          'aws_access_key' => 'ak',
+          'secret' => 'abc'
         }
         allow(subject).to receive(:terraform_vars).and_return(vars)
         allow(subject).to receive(:var_file_path)
@@ -943,6 +953,8 @@ describe TFWrapper::RakeTasks do
         expect(STDOUT).to receive(:puts).once.with('Terraform vars:')
         expect(STDOUT).to receive(:puts)
           .once.with('aws_access_key => (redacted)')
+        expect(STDOUT).to receive(:puts)
+          .once.with('secret => (redacted)')
         expect(STDOUT).to receive(:puts).once.with('baz => blam')
         expect(STDOUT).to receive(:puts).once.with('foo => bar')
         expect(File).to receive(:open).once.with('foo_file.tfvars.json', 'w')

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tfwrapper
 version: !ruby/object:Gem::Version
-  version: 0.6.1
+  version: 0.6.2
 platform: ruby
 authors:
 - jantman
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-03-23 00:00:00.000000000 Z
+date: 2020-09-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: retries
@@ -421,7 +421,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.14
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: Rake tasks for running Hashicorp Terraform sanely