Open jantman opened 3 years ago
It turns out that, contrary to what I thought, this can be accomplished via the normal, existing environment variable support.
Using the example in the description of this issue, the desired result can be achieved via:
ParameterStoreBuildWrapperPlugin
.withGlobalParameter(
'/secret/teams/myteam/api_keys/datadog_api_key',
[naming: 'absolute', recursive: true]
)
.withGlobalParameter(
'/secret/teams/myteam/accounts/neustar-ultradns',
[naming: 'absolute', recursive: true]
)
.withGlobalParameter(
'/secret/teams/myteam/apps/foobar/datadog_app_key',
[naming: 'absolute', recursive: true]
)
.init()
TerraformEnvironmentStage
.withGlobalEnv('DD_API_KEY', '$SECRET_TEAMS_MYTEAM_API_KEYS_DATADOG_API_KEY')
.withGlobalEnv('ULTRADNS_USERNAME', '$SECRET_TEAMS_MYTEAM_ACCOUNTS_NEUSTAR_ULTRADNS_ULTRADNS_USERNAME')
.withGlobalEnv('ULTRADNS_PASSWORD, '$SECRET_TEAMS_MYTEAM_ACCOUNTS_NEUSTAR_ULTRADNS_ULTRADNS_PASSWORD')
.withGlobalEnv('DD_APP_KEY', '$SECRET_TEAMS_MYTEAM_APPS_FOOBAR_DATADOG_APP_KEY')
Well, this is rather embarrassing. It appears that my statement about being able to do this with normal environment variable support was wrong... or at least I did something non-obvious that's preventing it from working. In that case, the environment variables are just set to the literal, non-interpolated string.
That being said, the classes for Init, Plan, and Apply commands already have support for prefixes and suffixes on the command. We'd just need a plugin that exposes those.
I'll say right off the bat, that this is really because my team isn't using Parameter Store the "right" way, and we have lots of things in PS that are laid out in a way that's most logical for humans and not for machines... and we also don't duplicate parameters.
So, we currently have a snippet like this:
Note that some of these are hierarchies of parameters, but some are individual parameters. With our PS layout, this results in the following environment variables:
However, these are obviously not the environment variable names that the terraform providers expect. They expect
DD_API_KEY
,ULTRADNS_USERNAME
,ULTRADNS_PASSWORD
, andDD_APP_KEY
, respectively.We don't want to change our PS layout just to make it work the way plugins expect, so right now with our current tooling, we pass in a string
prefix
to prepend to all terraform commands, which results in commands like: