Configure Terraform provider auth through env vars (#290)

## Changes Auth relied on setting a profile. In this change we enumerate all configuration properties and export all non-empty ones as a map with environment variables. We then pass this map to the Terraform execution wrapper. This results in Terraform using the bundle's authentication configuration. This change is needed to make #287 work. ## Tests Manually.
2023-03-29 20:46:09 +02:00 · 2023-03-29 20:46:09 +02:00 · 87207bba78
parent cfd32c9602
commit 87207bba78
3 changed files with 46 additions and 1 deletions
--- a/bundle/bundle.go
+++ b/bundle/bundle.go
@ -17,6 +17,7 @@ import (
 	"github.com/databricks/bricks/libs/git"
 	"github.com/databricks/bricks/libs/locker"
 	"github.com/databricks/databricks-sdk-go"
 	sdkconfig "github.com/databricks/databricks-sdk-go/config"
 	"github.com/hashicorp/terraform-exec/tfexec"
 )
@ -127,3 +128,34 @@ func (b *Bundle) GitRepository() (*git.Repository, error) {
 	return git.NewRepository(rootPath)
 }
 // AuthEnv returns a map with environment variables and their values
 // derived from the workspace client configuration that was resolved
 // in the context of this bundle.
 //
 // This map can be used to configure authentication for tools that
 // we call into from this bundle context.
 func (b *Bundle) AuthEnv() (map[string]string, error) {
 	if b.client == nil {
 		return nil, fmt.Errorf("workspace client not initialized yet")
 	}
 	cfg := b.client.Config
 	out := make(map[string]string)
 	for _, attr := range sdkconfig.ConfigAttributes {
 		// Ignore profile so that downstream tools don't try and reload
 		// the profile even though we know the current configuration is valid.
 		if attr.Name == "profile" {
 			continue
 		}
 		if len(attr.EnvVars) == 0 {
 			continue
 		}
 		if attr.IsZero(cfg) {
 			continue
 		}
 		out[attr.EnvVars[0]] = attr.GetString(cfg)
 	}
 	return out, nil
 }
--- a/bundle/deploy/terraform/convert.go
+++ b/bundle/deploy/terraform/convert.go
@ -52,7 +52,6 @@ func convPermission(ac resources.Permission) schema.ResourcePermissionsAccessCon
 func BundleToTerraform(config *config.Root) *schema.Root {
 	tfroot := schema.NewRoot()
 	tfroot.Provider = schema.NewProviders()
 	tfroot.Provider.Databricks.Profile = config.Workspace.Profile
 	tfroot.Resource = schema.NewResources()
 	for k, src := range config.Resources.Jobs {
--- a/bundle/deploy/terraform/init.go
+++ b/bundle/deploy/terraform/init.go
@ -6,6 +6,7 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
 	"strings"
 	"github.com/databricks/bricks/bundle"
 	"github.com/databricks/bricks/bundle/config"
@ -14,6 +15,7 @@ import (
 	"github.com/hashicorp/hc-install/product"
 	"github.com/hashicorp/hc-install/releases"
 	"github.com/hashicorp/terraform-exec/tfexec"
 	"golang.org/x/exp/maps"
 )
 type initialize struct{}
@ -89,6 +91,18 @@ func (m *initialize) Apply(ctx context.Context, b *bundle.Bundle) ([]bundle.Muta
 		return nil, err
 	}
 	env, err := b.AuthEnv()
 	if err != nil {
 		return nil, err
 	}
 	// Configure environment variables for auth for Terraform to use.
 	log.Debugf(ctx, "Environment variables for Terraform: %s", strings.Join(maps.Keys(env), ", "))
 	err = tf.SetEnv(env)
 	if err != nil {
 		return nil, err
 	}
 	b.Terraform = tf
 	return nil, nil
 }