将 GitLab CI 变量注入 Terraform 变量 [英] Inject GitLab CI Variables into Terraform Variables

问题描述

我有一组 Terraform 文件，特别是一个 variables.tf 文件，其中包含我的变量，如 aws 访问密钥、aws 访问令牌等.我现在想使用 GitLab CI 在 AWS 上自动创建资源/光盘.

我的计划如下:

1. 写一个 .gitlab-ci-yml 文件

2. 在 .gitlab-ci.yml 文件中有 terraform 调用

我知道我可以在 GitLab 中拥有秘密环境变量，但我不确定如何将这些变量推送到现在看起来像这样的 Terraform variables.tf 文件中！

# AWS 配置变量aws_access_key"{默认 = "YOUR_ADMIN_ACCESS_KEY"}变量aws_secret_key"{默认 = "YOUR_ADMIN_SECRET_KEY"}变量aws_region"{默认=us-west-2"}

在我的 .gitlab-ci.yml 中，我可以像这样访问秘密:

-'AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}'- 'AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}'- 'AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION}'

如何将它通过管道传输到我的 Terraform 脚本?有任何想法吗?我需要阅读 GitLab 环境中的秘密并将其传递给 Terraform 脚本！

解决方案

您为 GitLab 运行器使用哪个执行器?

您不一定需要使用 Docker 执行程序，但可以使用安装在裸机或虚拟机中的运行程序.

如果您也在相应的机器/VM 上安装 gettext 包，您可以使用我在 在 Terraform 中引用 gitlab 机密 用于 Docker 执行器.

另一种可能是你设置了

工作:阶段: ...变量:TF_VAR_SECRET1:${GITLAB_SECRET}

或

工作:阶段: ...脚本:- 导出 TF_VAR_SECRET1=${GITLAB_SECRET}

在您的 CI 作业配置中并插入这些内容.另请参阅在 Terraform 配置中获取环境变量?p>

I'm having a set of Terraform files and in particular one variables.tf file which sort of holds my variables like aws access key, aws access token etc. I want to now automate the resource creation on AWS using GitLab CI / CD.

My plan is the following:

1. Write a .gitlab-ci-yml file

2. Have the terraform calls in the .gitlab-ci.yml file

I know that I can have secret environment variables in GitLab, but I'm not sure how I can push those variables into my Terraform variables.tf file which looks like this now!

# AWS Config

variable "aws_access_key" {
  default = "YOUR_ADMIN_ACCESS_KEY"
}

variable "aws_secret_key" {
  default = "YOUR_ADMIN_SECRET_KEY"
}

variable "aws_region" {
  default = "us-west-2"
}

In my .gitlab-ci.yml, I have access to the secrets like this:

- 'AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}' 
- 'AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}' 
- 'AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION}'

How can I pipe it to my Terraform scripts? Any ideas? I would need to read the secrets from GitLab's environment and pass it on to the Terraform scripts!

解决方案

Which executor are you using for your GitLab runners?

You don't necessarily need to use the Docker executor but can use a runner installed on a bare-metal machine or in a VM.

If you install the gettext package on the respective machine/VM as well you can use the same method as I described in Referencing gitlab secrets in Terraform for the Docker executor.

Another possibility could be that you set

job:
    stage: ...
    variables: 
        TF_VAR_SECRET1: ${GITLAB_SECRET}

or

job:
    stage: ...
    script:
        - export TF_VAR_SECRET1=${GITLAB_SECRET}

in your CI job configuration and interpolate these. Please see Getting an Environment Variable in Terraform configuration? as well

这篇关于将 GitLab CI 变量注入 Terraform 变量的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！