将GitLab CI变量注入Terraform变量 [英] Inject GitLab CI Variables into Terraform Variables

问题描述

我有一组Terraform文件，尤其是一个variables.tf文件，其中包含aws访问密钥，aws访问令牌等变量.我现在想使用GitLab CI/自动在AWS上创建资源光盘.

我的计划如下:

1. 编写一个.gitlab-ci-yml文件

2. 在.gitlab-ci.yml文件中具有Terraform调用

我知道我可以在GitLab中拥有秘密的环境变量，但是我不确定如何将这些变量推送到现在看起来像这样的Terraform variables.tf文件中！

 #AWS Config变量"aws_access_key" {默认="YOUR_ADMIN_ACCESS_KEY"}变量"aws_secret_key" {默认="YOUR_ADMIN_SECRET_KEY"}变量"aws_region" {默认="us-west-2"} 

在我的.gitlab-ci.yml中，我可以访问以下机密:

 -'AWS_SECRET_ACCESS_KEY = $ {AWS_SECRET_ACCESS_KEY}'-'AWS_ACCESS_KEY_ID = $ {AWS_ACCESS_KEY_ID}'-'AWS_DEFAULT_REGION = $ {AWS_DEFAULT_REGION}' 

如何将其传输到我的Terraform脚本?有任何想法吗?我需要阅读GitLab环境中的秘密，并将其传递给Terraform脚本！

解决方案

您要为GitLab运行程序使用哪个执行程序?

您不一定需要使用Docker执行程序，而是可以使用安装在裸机或VM中的运行程序.

如果同时在各自的计算机/VM上安装 gettext 软件包，则可以使用与获取Terraform配置中的环境变量吗?

I'm having a set of Terraform files and in particular one variables.tf file which sort of holds my variables like aws access key, aws access token etc. I want to now automate the resource creation on AWS using GitLab CI / CD.

My plan is the following:

1. Write a .gitlab-ci-yml file

2. Have the terraform calls in the .gitlab-ci.yml file

I know that I can have secret environment variables in GitLab, but I'm not sure how I can push those variables into my Terraform variables.tf file which looks like this now!

# AWS Config

variable "aws_access_key" {
  default = "YOUR_ADMIN_ACCESS_KEY"
}

variable "aws_secret_key" {
  default = "YOUR_ADMIN_SECRET_KEY"
}

variable "aws_region" {
  default = "us-west-2"
}

In my .gitlab-ci.yml, I have access to the secrets like this:

- 'AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}' 
- 'AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}' 
- 'AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION}'

How can I pipe it to my Terraform scripts? Any ideas? I would need to read the secrets from GitLab's environment and pass it on to the Terraform scripts!

解决方案

Which executor are you using for your GitLab runners?

You don't necessarily need to use the Docker executor but can use a runner installed on a bare-metal machine or in a VM.

If you install the gettext package on the respective machine/VM as well you can use the same method as I described in Referencing gitlab secrets in Terraform for the Docker executor.

Another possibility could be that you set

job:
    stage: ...
    variables: 
        TF_VAR_SECRET1: ${GITLAB_SECRET}

or

job:
    stage: ...
    script:
        - export TF_VAR_SECRET1=${GITLAB_SECRET}

in your CI job configuration and interpolate these. Please see Getting an Environment Variable in Terraform configuration? as well

这篇关于将GitLab CI变量注入Terraform变量的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！