Hi, I’ve Terraform OD Q:
I want to be able to run the same terraform syntax I’ve written locally in Visual Studio and test via the PowerShell Console to then run this same code in Octopus without changing/refactoring to fit Octopus. So that it’s generic to both ways of deploying it, one from the command line (PS) and the other OD.
So the only thing that should be different between the two types of deployment is that tfvars
file that’s supplied via -var-file="?.tfvars"
My two files are terraform.tfvars
for my local machine in VS and octopus.tfvars
for use in Octopus Deploy
My main issue here is with the variables I’ve set in my local main.tf
file for the provider being AWS, so I have the following vars
#VARIABLES
variable "aws_access_key" {}
variable "aws_secret_key" {}
variable "aws_region" {}
# PROVIDERS
provider "aws" {
access_key = "${var.aws_access_key}"
secret_key = "${var.aws_secret_key}"
region = "${var.aws_region}"
}
If I keep these in my tf
file I get the following errors:
Error: Unassigned variable
August 13th 2019 17:06:49Error
The input variable "aws_access_key" has not been assigned a value. This is a
August 13th 2019 17:06:49Error
bug in Terraform; please report it in a GitHub issue.
Is there a way I can actually set these as project variables and pull the values from the AWS account that was setup under Infrastructure > Accounts? So I can set my project var equal to the location of where account.AccessKey
& account.SecretKey
are stored
Or another method might be to set a value within my octopus.tfvars
file which is the octopus specific vars file in my package, so for example I might have something like:
# octopus.tfvars
aws_access_key = "#{account.AccessKey}"
aws_secret_key = "#{account.SecretKey}"
aws_region = "#{?.region}"
NOTE: I have already setup an Account for AWS under Infra, so this is NOT my problem. As this part is working, I just don’t want to REFACTOR my code to use one deployment process in PowerShell to use a different one in Octopus Deploy
Or I’m I missing something from the documentation? From what I read that the values in the tf & vars files override values set at the step level
As you understand I DON’T want to delete this values as it’ll fail terraform validation
on my client
Hopefully I’ve explained this all clearly and you get what I’m trying to achieve, fingers crossed
I can give you and example of a similar problem I was having earlier with using two types of values for my PEM file, as my client needed a path to a pem on my file system and in Octopus the same PEM value was set to a secret string in a project var. My way to solve this was to use the Ternary Operator condition ? value_if_true : value_if_false
My code looked like this:
#variable
variable "deploy_env" {
default = "local"
}
#Resource
resource "aws_instance" "nginx" {
ami = "${var.aws_ami}"
instance_type = "t2.nano"
key_name = "${var.key_name}"
connection {
host = self.public_ip
type = "ssh"
user = "ec2-user"
private_key = "${var.deploy_env == "octopus" ? "${var.aws_private_key}" : "${file(var.aws_private_key)}"}"
}
octopus.tfvars
:
deploy_env = "octopus"
And the above actually works so I can have local client side way to manage my private_key and an Octopus Deploy way, which I was pretty happy with
But I’m still trying to come up with a way to solve my accessKey & secretKey, any advice you have would be great thanks?
Cheers,
Martin