From 557aa3e7e00e98247ee37bbb5647b286624097e1 Mon Sep 17 00:00:00 2001 From: Andrzej Pielasa Date: Fri, 31 Mar 2023 12:55:54 +0200 Subject: [PATCH 1/7] Added env_variable_dict parameter Parameter is set as sensitive (secret flag is enabled), so values are masked in the UI and logs. Use cases: - setting sensitive terraform values using TF_VAR_{varname} syntax - using private git repositories in more secure way eg. setting git token as an env variable --- CHANGES.md | 2 ++ actions/apply.py | 5 ++++- actions/apply.yaml | 5 +++++ actions/destroy.py | 5 ++++- actions/destroy.yaml | 5 +++++ actions/init.py | 7 +++++-- actions/init.yaml | 5 +++++ actions/lib/action.py | 7 +++++++ actions/plan.py | 5 ++++- actions/plan.yaml | 5 +++++ pack.yaml | 2 +- 11 files changed, 47 insertions(+), 6 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 494633f..1a6149d 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,4 +1,6 @@ # Change Log +## 2.1.0 +* Added: 'env_variable_dict' dedicated for sensitive environment variables ## 2.0.2 * Fixed: removed 'os.chdir' calls that were causing os.chdir errors diff --git a/actions/apply.py b/actions/apply.py index f835c72..0bf121a 100644 --- a/actions/apply.py +++ b/actions/apply.py @@ -1,10 +1,11 @@ +import os from lib import action from dda_python_terraform import IsFlagged class Apply(action.TerraformBaseAction): def run(self, plan_path, state_file_path, target_resources, terraform_exec, - variable_dict, variable_files): + variable_dict, variable_files, env_variable_dict): """ Apply the changes required to reach the desired state of the configuration. @@ -16,10 +17,12 @@ def run(self, plan_path, state_file_path, target_resources, terraform_exec, - variable_dict: dictionary of Terraform variables that will overwrite the variable files if both are declared - variable_files: array of Terraform variable files + - env_variable_dict: array dedicated for sensitive environment variables Returns: - dict: Terraform output command output """ + self.set_env_variable_dict(env_variable_dict) self.terraform.working_dir = plan_path self.terraform.state = state_file_path self.terraform.targets = target_resources diff --git a/actions/apply.yaml b/actions/apply.yaml index 6b66c72..650253b 100644 --- a/actions/apply.yaml +++ b/actions/apply.yaml @@ -30,3 +30,8 @@ parameters: type: "array" description: "Terraform variable files" required: false + env_variable_dict: + type: "object" + description: "Key-Value pairs of sensitive environment variables." + required: false + secret: true diff --git a/actions/destroy.py b/actions/destroy.py index a169e17..cb00b9a 100644 --- a/actions/destroy.py +++ b/actions/destroy.py @@ -1,10 +1,11 @@ +import os from lib import action from dda_python_terraform import IsFlagged class Destroy(action.TerraformBaseAction): def run(self, plan_path, state_file_path, target_resources, terraform_exec, - variable_dict, variable_files): + variable_dict, variable_files, env_variable_dict): """ Destroy Terraform managed infrastructure @@ -16,10 +17,12 @@ def run(self, plan_path, state_file_path, target_resources, terraform_exec, - variable_dict: dictionary of Terraform variables that will overwrite the variable files if both are declared - variable_files: array of Terraform variable files + - env_variable_dict: array dedicated for sensitive environment variables Returns: - dict: Terraform destroy command output """ + self.set_env_variable_dict(env_variable_dict) self.terraform.working_dir = plan_path self.terraform.terraform_bin_path = terraform_exec self.set_semantic_version() diff --git a/actions/destroy.yaml b/actions/destroy.yaml index cae177b..cbba403 100644 --- a/actions/destroy.yaml +++ b/actions/destroy.yaml @@ -30,3 +30,8 @@ parameters: type: "array" description: "Terraform variable files" required: false + env_variable_dict: + type: "object" + description: "Key-Value pairs of sensitive environment variables." + required: false + secret: true diff --git a/actions/init.py b/actions/init.py index a3b6c7c..074d9cc 100644 --- a/actions/init.py +++ b/actions/init.py @@ -1,9 +1,10 @@ +import os from lib import action from dda_python_terraform import IsFlagged, IsNotFlagged class Init(action.TerraformBaseAction): - def run(self, plan_path, terraform_exec, backend, upgrade): + def run(self, plan_path, terraform_exec, backend, upgrade, env_variable_dict): """ Initialize a working directory containing Terraform configuration files @@ -12,10 +13,12 @@ def run(self, plan_path, terraform_exec, backend, upgrade): - terraform_exec: path of the Terraform bin - backend: backend configuration variable file - upgrade: Run init with -upgrade option + - env_variable_dict: array dedicated for sensitive environment variables Returns: - dict: Terraform init command output """ + self.set_env_variable_dict(env_variable_dict) self.terraform.working_dir = plan_path self.terraform.terraform_bin_path = terraform_exec self.set_semantic_version() @@ -27,4 +30,4 @@ def run(self, plan_path, terraform_exec, backend, upgrade): raise_on_error=False ) - return self.check_result(return_code, stdout, stderr) + return self.check_result(return_code, stdout, stderr) \ No newline at end of file diff --git a/actions/init.yaml b/actions/init.yaml index 98d1fee..a8a5d85 100644 --- a/actions/init.yaml +++ b/actions/init.yaml @@ -22,3 +22,8 @@ parameters: type: "boolean" description: "Run init with -upgrade option" required: false + env_variable_dict: + type: "object" + description: "Key-Value pairs of sensitive environment variables." + required: false + secret: true diff --git a/actions/lib/action.py b/actions/lib/action.py index db27e1e..861b932 100644 --- a/actions/lib/action.py +++ b/actions/lib/action.py @@ -1,6 +1,7 @@ from st2common.runners.base_action import Action from dda_python_terraform import Terraform import json +import os class TerraformBaseAction(Action): @@ -70,3 +71,9 @@ def concat_std_output(stdout, stderr): output += stderr return output + + def set_env_variable_dict(self, env_variable_dict=None): + if env_variable_dict: + for env_var_name in env_variable_dict.keys(): + value = str(env_variable_dict.get(env_var_name)) + os.environ[str(env_var_name)] = f"{value}" diff --git a/actions/plan.py b/actions/plan.py index 74418fd..8b790ce 100644 --- a/actions/plan.py +++ b/actions/plan.py @@ -1,9 +1,10 @@ +import os from lib import action class Plan(action.TerraformBaseAction): def run(self, plan_path, state_file_path, target_resources, terraform_exec, - variable_dict, variable_files): + variable_dict, variable_files, env_variable_dict): """ Plan the changes required to reach the desired state of the configuration @@ -15,10 +16,12 @@ def run(self, plan_path, state_file_path, target_resources, terraform_exec, - variable_dict: dictionary of Terraform variables that will overwrite the variable files if both are declared - variable_files: array of Terraform variable files + - env_variable_dict: array dedicated for sensitive environment variables Returns: - dict: Terraform output command output """ + self.set_env_variable_dict(env_variable_dict) self.terraform.working_dir = plan_path self.terraform.state = state_file_path self.terraform.targets = target_resources diff --git a/actions/plan.yaml b/actions/plan.yaml index 8876d87..1661495 100644 --- a/actions/plan.yaml +++ b/actions/plan.yaml @@ -30,3 +30,8 @@ parameters: type: "array" description: "Terraform variable files" required: false + env_variable_dict: + type: "object" + description: "Key-Value pairs of sensitive environment variables." + required: false + secret: true diff --git a/pack.yaml b/pack.yaml index 6baee25..eaff97d 100644 --- a/pack.yaml +++ b/pack.yaml @@ -5,7 +5,7 @@ runner_type: "python-script" description: Terraform integrations keywords: - terraform -version: 2.0.2 +version: 2.1.0 author: Martez Reed email: martez.reed@greenreedtech.com python_versions: From 5901d24eb11022bc123d58de2cf3cbbe1d7cd672 Mon Sep 17 00:00:00 2001 From: Andrzej Pielasa Date: Fri, 31 Mar 2023 14:13:01 +0200 Subject: [PATCH 2/7] Added env_variable_dict parameter Parameter is set as sensitive (secret flag is enabled), so values are masked in the UI and logs. Use cases: - setting sensitive terraform values using TF_VAR_{varname} syntax - using private git repositories in more secure way eg. setting git token as an env variable --- actions/init.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/init.py b/actions/init.py index 074d9cc..eebc714 100644 --- a/actions/init.py +++ b/actions/init.py @@ -30,4 +30,4 @@ def run(self, plan_path, terraform_exec, backend, upgrade, env_variable_dict): raise_on_error=False ) - return self.check_result(return_code, stdout, stderr) \ No newline at end of file + return self.check_result(return_code, stdout, stderr) From 43315988fa9ec70244dc88e4ae0436e03f3f36e1 Mon Sep 17 00:00:00 2001 From: Andrzej Pielasa Date: Fri, 31 Mar 2023 14:29:18 +0200 Subject: [PATCH 3/7] Added env_variable_dict parameter Parameter is set as sensitive (secret flag is enabled), so values are masked in the UI and logs. Use cases: - setting sensitive terraform values using TF_VAR_{varname} syntax - using private git repositories in more secure way eg. setting git token as an env variable --- actions/apply.py | 1 - actions/destroy.py | 1 - actions/init.py | 1 - actions/plan.py | 1 - 4 files changed, 4 deletions(-) diff --git a/actions/apply.py b/actions/apply.py index 0bf121a..82f5dea 100644 --- a/actions/apply.py +++ b/actions/apply.py @@ -1,4 +1,3 @@ -import os from lib import action from dda_python_terraform import IsFlagged diff --git a/actions/destroy.py b/actions/destroy.py index cb00b9a..1c971a5 100644 --- a/actions/destroy.py +++ b/actions/destroy.py @@ -1,4 +1,3 @@ -import os from lib import action from dda_python_terraform import IsFlagged diff --git a/actions/init.py b/actions/init.py index eebc714..e7d8800 100644 --- a/actions/init.py +++ b/actions/init.py @@ -1,4 +1,3 @@ -import os from lib import action from dda_python_terraform import IsFlagged, IsNotFlagged diff --git a/actions/plan.py b/actions/plan.py index 8b790ce..680fb56 100644 --- a/actions/plan.py +++ b/actions/plan.py @@ -1,4 +1,3 @@ -import os from lib import action From 4235fd52c3877f864b535fd0c4b49ea1a316478f Mon Sep 17 00:00:00 2001 From: Andrzej Pielasa Date: Fri, 31 Mar 2023 15:03:49 +0200 Subject: [PATCH 4/7] Added env_variable_dict parameter Parameter is set as sensitive (secret flag is enabled), so values are masked in the UI and logs. Use cases: - setting sensitive terraform values using TF_VAR_{varname} syntax - using private git repositories in more secure way eg. setting git token as an env variable --- tests/test_action_apply.py | 3 ++- tests/test_action_destroy.py | 3 ++- tests/test_action_init.py | 9 ++++++--- tests/test_action_plan.py | 3 ++- 4 files changed, 12 insertions(+), 6 deletions(-) diff --git a/tests/test_action_apply.py b/tests/test_action_apply.py index e77857f..a7691fc 100644 --- a/tests/test_action_apply.py +++ b/tests/test_action_apply.py @@ -24,6 +24,7 @@ def test_run(self, mock_apply, mock_check_result, mock_version): test_terraform_exec = "/usr/bin/terraform" test_variable_dict = {'key1': 'value1', 'key2': 'value2'} test_variable_files = ["/terraform/test.tfvars"] + test_env_variable_dict = {'key1': 'value1', 'key2': 'value2'} # Declare test Terraform.plan return values test_return_code = 0 @@ -38,7 +39,7 @@ def test_run(self, mock_apply, mock_check_result, mock_version): # Execute the run function result = action.run(test_plan_path, test_state_file, test_target_resources, - test_terraform_exec, test_variable_dict, test_variable_files) + test_terraform_exec, test_variable_dict, test_variable_files, test_env_variable_dict) # Verify the results self.assertEqual(result, expected_result) diff --git a/tests/test_action_destroy.py b/tests/test_action_destroy.py index 853e342..19cc7b7 100644 --- a/tests/test_action_destroy.py +++ b/tests/test_action_destroy.py @@ -24,6 +24,7 @@ def test_run(self, mock_destroy, mock_check_result, mock_version): test_terraform_exec = "/usr/bin/terraform" test_variable_dict = {'key1': 'value1', 'key2': 'value2'} test_variable_files = ["/terraform/test.tfvars"] + test_env_variable_dict = {'key1': 'value1', 'key2': 'value2'} # Declare test Terraform.plan return values test_return_code = 0 @@ -38,7 +39,7 @@ def test_run(self, mock_destroy, mock_check_result, mock_version): # Execute the run function result = action.run(test_plan_path, test_state_file, test_target_resources, - test_terraform_exec, test_variable_dict, test_variable_files) + test_terraform_exec, test_variable_dict, test_env_variable_dict) # Verify the results self.assertEqual(result, expected_result) diff --git a/tests/test_action_init.py b/tests/test_action_init.py index efac2fc..2a07352 100644 --- a/tests/test_action_init.py +++ b/tests/test_action_init.py @@ -22,6 +22,7 @@ def test_run_upgrade_false(self, mock_init, mock_check_result, mock_version): test_terraform_exec = "/usr/bin/terraform" test_backend = {'path': '/terraform/terraform.tfstate'} test_upgrade = False + test_env_variable_dict = {'key1': 'value1', 'key2': 'value2'} # Declare test Terraform.init return values test_return_code = 0 @@ -35,7 +36,7 @@ def test_run_upgrade_false(self, mock_init, mock_check_result, mock_version): mock_check_result.return_value = expected_result # Execute the run function - result = action.run(test_plan_path, test_terraform_exec, test_backend, test_upgrade) + result = action.run(test_plan_path, test_terraform_exec, test_backend, test_upgrade, test_env_variable_dict) # Verify the results self.assertEqual(result, expected_result) @@ -57,6 +58,7 @@ def test_run_upgrade_true(self, mock_init, mock_check_result, mock_version): test_plan_path = "/terraform" test_terraform_exec = "/usr/bin/terraform" test_backend = {'path': '/terraform/terraform.tfstate'} + test_env_variable_dict = {'key1': 'value1', 'key2': 'value2'} test_upgrade = True # Declare test Terraform.init return values @@ -82,7 +84,7 @@ def test_run_upgrade_true(self, mock_init, mock_check_result, mock_version): upgrade=IsFlagged, raise_on_error=False ) - mock_check_result.assert_called_with(test_return_code, test_stdout, test_stderr) + mock_check_result.assert_called_with(test_return_code, test_stdout, test_stderr, test_env_variable_dict) @mock.patch("lib.action.TerraformBaseAction.set_semantic_version") @mock.patch("lib.action.TerraformBaseAction.check_result") @@ -93,6 +95,7 @@ def test_run_upgrade_none(self, mock_init, mock_check_result, mock_version): test_plan_path = "/terraform" test_terraform_exec = "/usr/bin/terraform" test_backend = {'path': '/terraform/terraform.tfstate'} + test_env_variable_dict = {'key1': 'value1', 'key2': 'value2'} test_upgrade = None # Declare test Terraform.init return values @@ -107,7 +110,7 @@ def test_run_upgrade_none(self, mock_init, mock_check_result, mock_version): mock_check_result.return_value = expected_result # Execute the run function - result = action.run(test_plan_path, test_terraform_exec, test_backend, test_upgrade) + result = action.run(test_plan_path, test_terraform_exec, test_backend, test_upgrade, test_env_variable_dict) # Verify the results self.assertEqual(result, expected_result) diff --git a/tests/test_action_plan.py b/tests/test_action_plan.py index 919628c..afa369c 100644 --- a/tests/test_action_plan.py +++ b/tests/test_action_plan.py @@ -23,6 +23,7 @@ def test_run(self, mock_plan, mock_check_result, mock_version): test_terraform_exec = "/usr/bin/terraform" test_variable_dict = {'key1': 'value1', 'key2': 'value2'} test_variable_files = ["/terraform/test.tfvars"] + test_env_variable_dict = {'key1': 'value1', 'key2': 'value2'} # Declare test Terraform.plan return values test_return_code = 0 @@ -37,7 +38,7 @@ def test_run(self, mock_plan, mock_check_result, mock_version): # Execute the run function result = action.run(test_plan_path, test_state_file, test_target_resources, - test_terraform_exec, test_variable_dict, test_variable_files) + test_terraform_exec, test_variable_dict, test_variable_files, test_env_variable_dict) # Verify the results self.assertEqual(result, expected_result) From ff96356b14b2079ec41a43ec996bbc3eb1763bd3 Mon Sep 17 00:00:00 2001 From: Andrzej Pielasa Date: Fri, 31 Mar 2023 15:21:11 +0200 Subject: [PATCH 5/7] Added env_variable_dict parameter Parameter is set as sensitive (secret flag is enabled), so values are masked in the UI and logs. Use cases: - setting sensitive terraform values using TF_VAR_{varname} syntax - using private git repositories in more secure way eg. setting git token as an env variable --- tests/test_action_init.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/tests/test_action_init.py b/tests/test_action_init.py index 2a07352..5d87dd1 100644 --- a/tests/test_action_init.py +++ b/tests/test_action_init.py @@ -36,7 +36,8 @@ def test_run_upgrade_false(self, mock_init, mock_check_result, mock_version): mock_check_result.return_value = expected_result # Execute the run function - result = action.run(test_plan_path, test_terraform_exec, test_backend, test_upgrade, test_env_variable_dict) + result = action.run(test_plan_path, test_terraform_exec, test_backend, test_upgrade, + test_env_variable_dict) # Verify the results self.assertEqual(result, expected_result) @@ -84,7 +85,8 @@ def test_run_upgrade_true(self, mock_init, mock_check_result, mock_version): upgrade=IsFlagged, raise_on_error=False ) - mock_check_result.assert_called_with(test_return_code, test_stdout, test_stderr, test_env_variable_dict) + mock_check_result.assert_called_with(test_return_code, test_stdout, test_stderr, + test_env_variable_dict) @mock.patch("lib.action.TerraformBaseAction.set_semantic_version") @mock.patch("lib.action.TerraformBaseAction.check_result") @@ -110,7 +112,8 @@ def test_run_upgrade_none(self, mock_init, mock_check_result, mock_version): mock_check_result.return_value = expected_result # Execute the run function - result = action.run(test_plan_path, test_terraform_exec, test_backend, test_upgrade, test_env_variable_dict) + result = action.run(test_plan_path, test_terraform_exec, test_backend, test_upgrade, + test_env_variable_dict) # Verify the results self.assertEqual(result, expected_result) From 607d3cc030af277a8b260eca8ce0b582ea74abfc Mon Sep 17 00:00:00 2001 From: Andrzej Pielasa Date: Fri, 31 Mar 2023 15:29:33 +0200 Subject: [PATCH 6/7] Added env_variable_dict parameter Parameter is set as sensitive (secret flag is enabled), so values are masked in the UI and logs. Use cases: - setting sensitive terraform values using TF_VAR_{varname} syntax - using private git repositories in more secure way eg. setting git token as an env variable --- tests/test_action_apply.py | 3 ++- tests/test_action_plan.py | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/test_action_apply.py b/tests/test_action_apply.py index a7691fc..d2be518 100644 --- a/tests/test_action_apply.py +++ b/tests/test_action_apply.py @@ -39,7 +39,8 @@ def test_run(self, mock_apply, mock_check_result, mock_version): # Execute the run function result = action.run(test_plan_path, test_state_file, test_target_resources, - test_terraform_exec, test_variable_dict, test_variable_files, test_env_variable_dict) + test_terraform_exec, test_variable_dict, test_variable_files, + test_env_variable_dict) # Verify the results self.assertEqual(result, expected_result) diff --git a/tests/test_action_plan.py b/tests/test_action_plan.py index afa369c..c39e6ca 100644 --- a/tests/test_action_plan.py +++ b/tests/test_action_plan.py @@ -38,7 +38,8 @@ def test_run(self, mock_plan, mock_check_result, mock_version): # Execute the run function result = action.run(test_plan_path, test_state_file, test_target_resources, - test_terraform_exec, test_variable_dict, test_variable_files, test_env_variable_dict) + test_terraform_exec, test_variable_dict, test_variable_files, + test_env_variable_dict) # Verify the results self.assertEqual(result, expected_result) From 692f054f83bc43f3980f53bbb9c981f10608352d Mon Sep 17 00:00:00 2001 From: Andrzej Pielasa Date: Mon, 3 Apr 2023 12:15:02 +0200 Subject: [PATCH 7/7] Added env_variable_dict parameter Parameter is set as sensitive (secret flag is enabled), so values are masked in the UI and logs. Use cases: - setting sensitive terraform values using TF_VAR_{varname} syntax - using private git repositories in more secure way eg. setting git token as an env variable --- actions/lib/action.py | 12 ++++++++---- tests/test_action_apply.py | 1 + tests/test_action_destroy.py | 4 +++- tests/test_action_init.py | 9 ++++++--- tests/test_action_plan.py | 6 +++++- 5 files changed, 23 insertions(+), 9 deletions(-) diff --git a/actions/lib/action.py b/actions/lib/action.py index 861b932..4b4706a 100644 --- a/actions/lib/action.py +++ b/actions/lib/action.py @@ -73,7 +73,11 @@ def concat_std_output(stdout, stderr): return output def set_env_variable_dict(self, env_variable_dict=None): - if env_variable_dict: - for env_var_name in env_variable_dict.keys(): - value = str(env_variable_dict.get(env_var_name)) - os.environ[str(env_var_name)] = f"{value}" + try: + if env_variable_dict: + for env_var_name in env_variable_dict.keys(): + value = str(env_variable_dict.get(env_var_name)) + os.environ[str(env_var_name)] = f"{value}" + return True + except: + return False diff --git a/tests/test_action_apply.py b/tests/test_action_apply.py index d2be518..56dea1e 100644 --- a/tests/test_action_apply.py +++ b/tests/test_action_apply.py @@ -49,6 +49,7 @@ def test_run(self, mock_apply, mock_check_result, mock_version): self.assertEqual(action.terraform.terraform_bin_path, test_terraform_exec) self.assertEqual(action.terraform.var_file, test_variable_files) self.assertEqual(action.terraform.variables, test_variable_dict) + self.assertEqual(action.set_env_variable_dict(test_env_variable_dict), True) mock_apply.assert_called_with( skip_plan=True, auto_approve=IsFlagged, diff --git a/tests/test_action_destroy.py b/tests/test_action_destroy.py index 19cc7b7..20bdb9d 100644 --- a/tests/test_action_destroy.py +++ b/tests/test_action_destroy.py @@ -39,12 +39,14 @@ def test_run(self, mock_destroy, mock_check_result, mock_version): # Execute the run function result = action.run(test_plan_path, test_state_file, test_target_resources, - test_terraform_exec, test_variable_dict, test_env_variable_dict) + test_terraform_exec, test_variable_dict, test_variable_files, + test_env_variable_dict) # Verify the results self.assertEqual(result, expected_result) self.assertEqual(action.terraform.targets, test_target_resources) self.assertEqual(action.terraform.terraform_bin_path, test_terraform_exec) + self.assertEqual(action.set_env_variable_dict(test_env_variable_dict), True) mock_destroy.assert_called_with( var_file=test_variable_files, var=test_variable_dict, diff --git a/tests/test_action_init.py b/tests/test_action_init.py index 5d87dd1..b401337 100644 --- a/tests/test_action_init.py +++ b/tests/test_action_init.py @@ -42,6 +42,7 @@ def test_run_upgrade_false(self, mock_init, mock_check_result, mock_version): # Verify the results self.assertEqual(result, expected_result) self.assertEqual(action.terraform.terraform_bin_path, test_terraform_exec) + self.assertEqual(action.set_env_variable_dict(test_env_variable_dict), True) mock_init.assert_called_with( backend_config=test_backend, capture_output=False, @@ -74,19 +75,20 @@ def test_run_upgrade_true(self, mock_init, mock_check_result, mock_version): mock_check_result.return_value = expected_result # Execute the run function - result = action.run(test_plan_path, test_terraform_exec, test_backend, test_upgrade) + result = action.run(test_plan_path, test_terraform_exec, test_backend, test_upgrade, + test_env_variable_dict) # Verify the results self.assertEqual(result, expected_result) self.assertEqual(action.terraform.terraform_bin_path, test_terraform_exec) + self.assertEqual(action.set_env_variable_dict(test_env_variable_dict), True) mock_init.assert_called_with( backend_config=test_backend, capture_output=False, upgrade=IsFlagged, raise_on_error=False ) - mock_check_result.assert_called_with(test_return_code, test_stdout, test_stderr, - test_env_variable_dict) + mock_check_result.assert_called_with(test_return_code, test_stdout, test_stderr) @mock.patch("lib.action.TerraformBaseAction.set_semantic_version") @mock.patch("lib.action.TerraformBaseAction.check_result") @@ -118,6 +120,7 @@ def test_run_upgrade_none(self, mock_init, mock_check_result, mock_version): # Verify the results self.assertEqual(result, expected_result) self.assertEqual(action.terraform.terraform_bin_path, test_terraform_exec) + self.assertEqual(action.set_env_variable_dict(test_env_variable_dict), True) mock_init.assert_called_with( backend_config=test_backend, capture_output=False, diff --git a/tests/test_action_plan.py b/tests/test_action_plan.py index c39e6ca..70de480 100644 --- a/tests/test_action_plan.py +++ b/tests/test_action_plan.py @@ -48,6 +48,7 @@ def test_run(self, mock_plan, mock_check_result, mock_version): self.assertEqual(action.terraform.terraform_bin_path, test_terraform_exec) self.assertEqual(action.terraform.var_file, test_variable_files) self.assertEqual(action.terraform.variables, test_variable_dict) + self.assertEqual(action.set_env_variable_dict(test_env_variable_dict), True) mock_plan.assert_called_with(capture_output=False, raise_on_error=False) mock_check_result.assert_called_with( test_return_code, @@ -69,6 +70,7 @@ def test_run_exit_code_2(self, mock_plan, mock_check_result, mock_version): test_terraform_exec = "/usr/bin/terraform" test_variable_dict = {'key1': 'value1', 'key2': 'value2'} test_variable_files = ["/terraform/test.tfvars"] + test_env_variable_dict = {'key1': 'value1', 'key2': 'value2'} # Declare test Terraform.plan return values test_return_code = 2 @@ -83,7 +85,8 @@ def test_run_exit_code_2(self, mock_plan, mock_check_result, mock_version): # Execute the run function result = action.run(test_plan_path, test_state_file, test_target_resources, - test_terraform_exec, test_variable_dict, test_variable_files) + test_terraform_exec, test_variable_dict, test_variable_files, + test_env_variable_dict) # Verify the results self.assertEqual(result, expected_result) @@ -92,6 +95,7 @@ def test_run_exit_code_2(self, mock_plan, mock_check_result, mock_version): self.assertEqual(action.terraform.terraform_bin_path, test_terraform_exec) self.assertEqual(action.terraform.var_file, test_variable_files) self.assertEqual(action.terraform.variables, test_variable_dict) + self.assertEqual(action.set_env_variable_dict(test_env_variable_dict), True) mock_plan.assert_called_with(capture_output=False, raise_on_error=False) mock_check_result.assert_called_with( test_return_code,