Skip to content

Commit

Permalink
feat: Allow env vars expansion in --args section for all hooks (#363)
Browse files Browse the repository at this point in the history
  • Loading branch information
MaxymVlasov authored Apr 26, 2022
1 parent 95ca356 commit caa01c3
Show file tree
Hide file tree
Showing 14 changed files with 68 additions and 0 deletions.
19 changes: 19 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ If you are using `pre-commit-terraform` already or want to support its developme
* [4. Run](#4-run)
* [Available Hooks](#available-hooks)
* [Hooks usage notes and examples](#hooks-usage-notes-and-examples)
* [All hooks: Usage of environment variables in `--args`](#all-hooks-usage-of-environment-variables-in---args)
* [checkov (deprecated) and terraform_checkov](#checkov-deprecated-and-terraform_checkov)
* [infracost_breakdown](#infracost_breakdown)
* [terraform_docs](#terraform_docs)
Expand Down Expand Up @@ -238,6 +239,24 @@ Check the [source file](https://github.com/antonbabenko/pre-commit-terraform/blo

## Hooks usage notes and examples

### All hooks: Usage of environment variables in `--args`

> All, except deprecated hooks: `checkov`, `terraform_docs_replace`
You can use environment variables for the `--args` section.
Note: You _must_ use the `${ENV_VAR}` definition, `$ENV_VAR` will not expand.

Config example:

```yaml
- id: terraform_tflint
args:
- --args=--config=${CONFIG_NAME}.${CONFIG_EXT}
- --args=--module
```
If for config above set up `export CONFIG_NAME=.tflint; export CONFIG_EXT=hcl` before `pre-commit run`, args will be expanded to `--config=.tflint.hcl --module`.

### checkov (deprecated) and terraform_checkov

> `checkov` hook is deprecated, please use `terraform_checkov`.
Expand Down
37 changes: 37 additions & 0 deletions hooks/_common.sh
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,43 @@ function common::parse_cmdline {
done
}

#######################################################################
# Expand environment variables definition into their values in '--args'.
# Support expansion only for ${ENV_VAR} vars, not $ENV_VAR.
# Globals (modify):
# ARGS (array) arguments that configure wrapped tool behavior
#######################################################################
function common::parse_and_export_env_vars {
local arg_idx

for arg_idx in "${!ARGS[@]}"; do
local arg="${ARGS[$arg_idx]}"

# Repeat until all env vars will be expanded
while true; do
# Check if at least 1 env var exists in `$arg`
# shellcheck disable=SC2016 # '${' should not be expanded
if [[ "$arg" =~ .*'${'[A-Z_][A-Z0-9_]+?'}'.* ]]; then
# Get `ENV_VAR` from `.*${ENV_VAR}.*`
local env_var_name=${arg#*$\{}
env_var_name=${env_var_name%%\}*}
local env_var_value="${!env_var_name}"
# shellcheck disable=SC2016 # '${' should not be expanded
common::colorify "green" 'Found ${'"$env_var_name"'} in: '"'$arg'"
# Replace env var name with its value.
# `$arg` will be checked in `if` conditional, `$ARGS` will be used in the next functions.
# shellcheck disable=SC2016 # '${' should not be expanded
arg=${arg/'${'$env_var_name'}'/$env_var_value}
ARGS[$arg_idx]=$arg
# shellcheck disable=SC2016 # '${' should not be expanded
common::colorify "green" 'After ${'"$env_var_name"'} expansion: '"'$arg'\n"
continue
fi
break
done
done
}

#######################################################################
# This is a workaround to improve performance when all files are passed
# See: https://github.com/antonbabenko/pre-commit-terraform/issues/309
Expand Down
1 change: 1 addition & 0 deletions hooks/infracost_breakdown.sh
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
function main {
common::initialize "$SCRIPT_DIR"
common::parse_cmdline "$@"
common::parse_and_export_env_vars
# shellcheck disable=SC2153 # False positive
infracost_breakdown_ "${HOOK_CONFIG[*]}" "${ARGS[*]}"
}
Expand Down
1 change: 1 addition & 0 deletions hooks/terraform_checkov.sh
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
function main {
common::initialize "$SCRIPT_DIR"
common::parse_cmdline "$@"
common::parse_and_export_env_vars
# shellcheck disable=SC2153 # False positive
common::per_dir_hook "${ARGS[*]}" "$HOOK_ID" "${FILES[@]}"
}
Expand Down
1 change: 1 addition & 0 deletions hooks/terraform_docs.sh
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
function main {
common::initialize "$SCRIPT_DIR"
common::parse_cmdline "$@"
common::parse_and_export_env_vars
# Support for setting relative PATH to .terraform-docs.yml config.
# shellcheck disable=SC2178 # It's the simplest syntax for that case
ARGS=${ARGS[*]/--config=/--config=$(pwd)\/}
Expand Down
1 change: 1 addition & 0 deletions hooks/terraform_fmt.sh
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
function main {
common::initialize "$SCRIPT_DIR"
common::parse_cmdline "$@"
common::parse_and_export_env_vars
# shellcheck disable=SC2153 # False positive
terraform_fmt_ "${ARGS[*]}" "${FILES[@]}"
}
Expand Down
1 change: 1 addition & 0 deletions hooks/terraform_providers_lock.sh
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
function main {
common::initialize "$SCRIPT_DIR"
common::parse_cmdline "$@"
common::parse_and_export_env_vars
# shellcheck disable=SC2153 # False positive
common::per_dir_hook "${ARGS[*]}" "$HOOK_ID" "${FILES[@]}"
}
Expand Down
1 change: 1 addition & 0 deletions hooks/terraform_tflint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
function main {
common::initialize "$SCRIPT_DIR"
common::parse_cmdline "$@"
common::parse_and_export_env_vars
# Support for setting PATH to repo root.
# shellcheck disable=SC2178 # It's the simplest syntax for that case
ARGS=${ARGS[*]/__GIT_WORKING_DIR__/$(pwd)\/}
Expand Down
1 change: 1 addition & 0 deletions hooks/terraform_tfsec.sh
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
function main {
common::initialize "$SCRIPT_DIR"
common::parse_cmdline "$@"
common::parse_and_export_env_vars
# Support for setting PATH to repo root.
# shellcheck disable=SC2178 # It's the simplest syntax for that case
ARGS=${ARGS[*]/__GIT_WORKING_DIR__/$(pwd)\/}
Expand Down
1 change: 1 addition & 0 deletions hooks/terraform_validate.sh
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ export AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION:-us-east-1}
function main {
common::initialize "$SCRIPT_DIR"
parse_cmdline_ "$@"
common::parse_and_export_env_vars
terraform_validate_
}

Expand Down
1 change: 1 addition & 0 deletions hooks/terragrunt_fmt.sh
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
function main {
common::initialize "$SCRIPT_DIR"
common::parse_cmdline "$@"
common::parse_and_export_env_vars
# shellcheck disable=SC2153 # False positive
common::per_dir_hook "${ARGS[*]}" "$HOOK_ID" "${FILES[@]}"
}
Expand Down
1 change: 1 addition & 0 deletions hooks/terragrunt_validate.sh
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
function main {
common::initialize "$SCRIPT_DIR"
common::parse_cmdline "$@"
common::parse_and_export_env_vars
# shellcheck disable=SC2153 # False positive
common::per_dir_hook "${ARGS[*]}" "$HOOK_ID" "${FILES[@]}"
}
Expand Down
1 change: 1 addition & 0 deletions hooks/terrascan.sh
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
function main {
common::initialize "$SCRIPT_DIR"
common::parse_cmdline "$@"
common::parse_and_export_env_vars
# shellcheck disable=SC2153 # False positive
common::per_dir_hook "${ARGS[*]}" "$HOOK_ID" "${FILES[@]}"
}
Expand Down
1 change: 1 addition & 0 deletions hooks/tfupdate.sh
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
function main {
common::initialize "$SCRIPT_DIR"
common::parse_cmdline "$@"
common::parse_and_export_env_vars
# shellcheck disable=SC2153 # False positive
common::per_dir_hook "${ARGS[*]}" "$HOOK_ID" "${FILES[@]}"
}
Expand Down

0 comments on commit caa01c3

Please sign in to comment.