feat: Allow env vars expansion in --args section for all hooks (#363)

2022-04-26 13:33:58 +03:00 · 2022-04-26 13:33:58 +03:00 · caa01c30b3
commit caa01c30b3
parent 95ca35646c
14 changed files with 68 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -36,6 +36,7 @@ If you are using `pre-commit-terraform` already or want to support its developme
  * [4. Run](#4-run)
 * [Available Hooks](#available-hooks)
 * [Hooks usage notes and examples](#hooks-usage-notes-and-examples)
+  * [All hooks: Usage of environment variables in `--args`](#all-hooks-usage-of-environment-variables-in---args)
  * [checkov (deprecated) and terraform_checkov](#checkov-deprecated-and-terraform_checkov)
  * [infracost_breakdown](#infracost_breakdown)
  * [terraform_docs](#terraform_docs)
@ -238,6 +239,24 @@ Check the [source file](https://github.com/antonbabenko/pre-commit-terraform/blo

 ## Hooks usage notes and examples

+### All hooks: Usage of environment variables in `--args`
+
+> All, except deprecated hooks: `checkov`, `terraform_docs_replace`
+
+You can use environment variables for the `--args` section.  
+Note: You _must_ use the `${ENV_VAR}` definition, `$ENV_VAR` will not expand.
+
+Config example:
+
+```yaml
+- id: terraform_tflint
+  args:
+  - --args=--config=${CONFIG_NAME}.${CONFIG_EXT}
+  - --args=--module
+```
+
+If for config above set up `export CONFIG_NAME=.tflint; export CONFIG_EXT=hcl` before `pre-commit run`, args will be expanded to `--config=.tflint.hcl --module`.
+
 ### checkov (deprecated) and terraform_checkov

 > `checkov` hook is deprecated, please use `terraform_checkov`.
--- a/hooks/_common.sh
+++ b/hooks/_common.sh
@ -55,6 +55,43 @@ function common::parse_cmdline {
  done
 }

+#######################################################################
+# Expand environment variables definition into their values in '--args'.
+# Support expansion only for ${ENV_VAR} vars, not $ENV_VAR.
+# Globals (modify):
+#   ARGS (array) arguments that configure wrapped tool behavior
+#######################################################################
+function common::parse_and_export_env_vars {
+  local arg_idx
+
+  for arg_idx in "${!ARGS[@]}"; do
+    local arg="${ARGS[$arg_idx]}"
+
+    # Repeat until all env vars will be expanded
+    while true; do
+      # Check if at least 1 env var exists in `$arg`
+      # shellcheck disable=SC2016 # '${' should not be expanded
+      if [[ "$arg" =~ .*'${'[A-Z_][A-Z0-9_]+?'}'.* ]]; then
+        # Get `ENV_VAR` from `.*${ENV_VAR}.*`
+        local env_var_name=${arg#*$\{}
+        env_var_name=${env_var_name%%\}*}
+        local env_var_value="${!env_var_name}"
+        # shellcheck disable=SC2016 # '${' should not be expanded
+        common::colorify "green" 'Found ${'"$env_var_name"'} in:        '"'$arg'"
+        # Replace env var name with its value.
+        # `$arg` will be checked in `if` conditional, `$ARGS` will be used in the next functions.
+        # shellcheck disable=SC2016 # '${' should not be expanded
+        arg=${arg/'${'$env_var_name'}'/$env_var_value}
+        ARGS[$arg_idx]=$arg
+        # shellcheck disable=SC2016 # '${' should not be expanded
+        common::colorify "green" 'After ${'"$env_var_name"'} expansion: '"'$arg'\n"
+        continue
+      fi
+      break
+    done
+  done
+}
+
 #######################################################################
 # This is a workaround to improve performance when all files are passed
 # See: https://github.com/antonbabenko/pre-commit-terraform/issues/309
--- a/hooks/infracost_breakdown.sh
+++ b/hooks/infracost_breakdown.sh
@ -13,6 +13,7 @@ readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
 function main {
  common::initialize "$SCRIPT_DIR"
  common::parse_cmdline "$@"
+  common::parse_and_export_env_vars
  # shellcheck disable=SC2153 # False positive
  infracost_breakdown_ "${HOOK_CONFIG[*]}" "${ARGS[*]}"
 }
--- a/hooks/terraform_checkov.sh
+++ b/hooks/terraform_checkov.sh
@ -13,6 +13,7 @@ readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
 function main {
  common::initialize "$SCRIPT_DIR"
  common::parse_cmdline "$@"
+  common::parse_and_export_env_vars
  # shellcheck disable=SC2153 # False positive
  common::per_dir_hook "${ARGS[*]}" "$HOOK_ID" "${FILES[@]}"
 }
--- a/hooks/terraform_docs.sh
+++ b/hooks/terraform_docs.sh
@ -13,6 +13,7 @@ readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
 function main {
  common::initialize "$SCRIPT_DIR"
  common::parse_cmdline "$@"
+  common::parse_and_export_env_vars
  # Support for setting relative PATH to .terraform-docs.yml config.
  # shellcheck disable=SC2178 # It's the simplest syntax for that case
  ARGS=${ARGS[*]/--config=/--config=$(pwd)\/}
--- a/hooks/terraform_fmt.sh
+++ b/hooks/terraform_fmt.sh
@ -13,6 +13,7 @@ readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
 function main {
  common::initialize "$SCRIPT_DIR"
  common::parse_cmdline "$@"
+  common::parse_and_export_env_vars
  # shellcheck disable=SC2153 # False positive
  terraform_fmt_ "${ARGS[*]}" "${FILES[@]}"
 }
--- a/hooks/terraform_providers_lock.sh
+++ b/hooks/terraform_providers_lock.sh
@ -13,6 +13,7 @@ readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
 function main {
  common::initialize "$SCRIPT_DIR"
  common::parse_cmdline "$@"
+  common::parse_and_export_env_vars
  # shellcheck disable=SC2153 # False positive
  common::per_dir_hook "${ARGS[*]}" "$HOOK_ID" "${FILES[@]}"
 }
--- a/hooks/terraform_tflint.sh
+++ b/hooks/terraform_tflint.sh
@ -13,6 +13,7 @@ readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
 function main {
  common::initialize "$SCRIPT_DIR"
  common::parse_cmdline "$@"
+  common::parse_and_export_env_vars
  # Support for setting PATH to repo root.
  # shellcheck disable=SC2178 # It's the simplest syntax for that case
  ARGS=${ARGS[*]/__GIT_WORKING_DIR__/$(pwd)\/}
--- a/hooks/terraform_tfsec.sh
+++ b/hooks/terraform_tfsec.sh
@ -12,6 +12,7 @@ readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
 function main {
  common::initialize "$SCRIPT_DIR"
  common::parse_cmdline "$@"
+  common::parse_and_export_env_vars
  # Support for setting PATH to repo root.
  # shellcheck disable=SC2178 # It's the simplest syntax for that case
  ARGS=${ARGS[*]/__GIT_WORKING_DIR__/$(pwd)\/}
--- a/hooks/terraform_validate.sh
+++ b/hooks/terraform_validate.sh
@ -16,6 +16,7 @@ export AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION:-us-east-1}
 function main {
  common::initialize "$SCRIPT_DIR"
  parse_cmdline_ "$@"
+  common::parse_and_export_env_vars
  terraform_validate_
 }

--- a/hooks/terragrunt_fmt.sh
+++ b/hooks/terragrunt_fmt.sh
@ -12,6 +12,7 @@ readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
 function main {
  common::initialize "$SCRIPT_DIR"
  common::parse_cmdline "$@"
+  common::parse_and_export_env_vars
  # shellcheck disable=SC2153 # False positive
  common::per_dir_hook "${ARGS[*]}" "$HOOK_ID" "${FILES[@]}"
 }
--- a/hooks/terragrunt_validate.sh
+++ b/hooks/terragrunt_validate.sh
@ -12,6 +12,7 @@ readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
 function main {
  common::initialize "$SCRIPT_DIR"
  common::parse_cmdline "$@"
+  common::parse_and_export_env_vars
  # shellcheck disable=SC2153 # False positive
  common::per_dir_hook "${ARGS[*]}" "$HOOK_ID" "${FILES[@]}"
 }
--- a/hooks/terrascan.sh
+++ b/hooks/terrascan.sh
@ -12,6 +12,7 @@ readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
 function main {
  common::initialize "$SCRIPT_DIR"
  common::parse_cmdline "$@"
+  common::parse_and_export_env_vars
  # shellcheck disable=SC2153 # False positive
  common::per_dir_hook "${ARGS[*]}" "$HOOK_ID" "${FILES[@]}"
 }
--- a/hooks/tfupdate.sh
+++ b/hooks/tfupdate.sh
@ -12,6 +12,7 @@ readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
 function main {
  common::initialize "$SCRIPT_DIR"
  common::parse_cmdline "$@"
+  common::parse_and_export_env_vars
  # shellcheck disable=SC2153 # False positive
  common::per_dir_hook "${ARGS[*]}" "$HOOK_ID" "${FILES[@]}"
 }