fix: add ability to specify your own TF_TOKEN

598b0739 · Tobias · Tiger Watson · 61614c3a · 598b0739 · 598b0739
Commit 598b0739 authored 2 years ago by Tobias Committed by Tiger Watson 2 years ago
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -269,6 +269,57 @@ test-init-with-reconfigure:
      EOF
    - gitlab-terraform init

+test-init-with-prepared-registry-token:
+  extends:
+    - .test
+  stage: test-init
+  variables:
+    TERRAFORM_VERSION: $STABLE_VERSION
+  script:
+    - apk add --update $PKG
+    - |
+      cat <<'EOF' > test.sh
+      set -x
+      export TF_TOKEN_gitlab_com=mysecrettoken
+      . $(which gitlab-terraform)
+      terraform_authenticate_private_registry
+      test "$TF_TOKEN_gitlab_com" = "mysecrettoken"
+      EOF
+    - $SHELL test.sh
+  parallel:
+    matrix:
+      - SHELL: "bash"
+        PKG: "bash"
+      - SHELL: "zsh"
+        PKG: "zsh"
+      - SHELL: "ksh"
+        PKG: "loksh"
+
+test-init-without-prepared-registry-token:
+  extends:
+    - .test
+  stage: test-init
+  variables:
+    TERRAFORM_VERSION: $STABLE_VERSION
+  script:
+    - apk add --update $PKG
+    - |
+      cat <<'EOF' > test.sh
+      set -x
+      . $(which gitlab-terraform)
+      terraform_authenticate_private_registry
+      test -n "$TF_TOKEN_gitlab_com"
+      EOF
+    - $SHELL test.sh
+  parallel:
+    matrix:
+      - SHELL: "bash"
+        PKG: "bash"
+      - SHELL: "zsh"
+        PKG: "zsh"
+      - SHELL: "ksh"
+        PKG: "loksh"
+
 test-fmt:
  extends:
    - .test

--- a/src/bin/gitlab-terraform.sh
+++ b/src/bin/gitlab-terraform.sh
@@ -13,13 +13,13 @@ terraform_is_at_least() {
 # Evaluate if this script is being sourced or executed directly.
 # See https://stackoverflow.com/a/28776166
 sourced=0
-if [ -n "$ZSH_VERSION" ]; then 
+if [ -n "$ZSH_VERSION" ]; then
  case $ZSH_EVAL_CONTEXT in *:file) sourced=1;; esac
 elif [ -n "$KSH_VERSION" ]; then
  # shellcheck disable=SC2296
  [ "$(cd -- "$(dirname -- "$0")" && pwd -P)/$(basename -- "$0")" != "$(cd -- "$(dirname -- "${.sh.file}")" && pwd -P)/$(basename -- "${.sh.file}")" ] && sourced=1
 elif [ -n "$BASH_VERSION" ]; then
-  (return 0 2>/dev/null) && sourced=1 
+  (return 0 2>/dev/null) && sourced=1
 else # All other shells: examine $0 for known shell binary filenames.
     # Detects `sh` and `dash`; add additional shell filenames as needed.
  case ${0##*/} in sh|-sh|dash|-dash) sourced=1;; esac
@@ -108,7 +108,10 @@ terraform_authenticate_private_registry() {
    # For more info, see https://www.terraform.io/cli/config/config-file#environment-variable-credentials
    if [ "${CI_SERVER_PROTOCOL}" = "https" ] && [ -n "${CI_SERVER_HOST}" ]; then
      tf_token_var_name=TF_TOKEN_$(idn2 "${CI_SERVER_HOST}" | sed 's/\./_/g' | sed 's/-/__/g')
-      export "${tf_token_var_name}"="${CI_JOB_TOKEN}"
+      # If TF_TOKEN_ for the Gitlab domain is not set then use the CI_JOB_TOKEN
+      if [ -z "$(eval "echo \${${tf_token_var_name}:-}")" ]; then
+        export "${tf_token_var_name}"="${CI_JOB_TOKEN}"
+      fi
    fi
  else
    # If we have a version older than 1.2.0, we use the credentials file.
@@ -189,4 +192,4 @@ else
  # This variable can be used if the script is sourced
  # shellcheck disable=SC2034
  TF_GITLAB_SOURCED=true
-fi
\ No newline at end of file
+fi