Get secret value from Azure key vault in YAML script - bash

I tried to use the variable directly which was downloaded through AzureKeyVault task. But while trying to fetch it, I am using an intermediary common variable which points to variable in keyvalult like this - $($(DBUserName)). Variable DBUserName has value to key vault secret name i.e.
variables:
DBUserName: sqlServerAdminUsername
But this does not return value from key vault but returns - $(sqlServerAdminUsername) which is not the expected result. Can you help on this?

We could add the task bash and enter the script printenv to check all variable. We need to get the variable via $(DBUserName) or $($env:DBUSERNAME) instead of $($(DBUserName)). If the DBUserName value is xxx, it will also return $(xxx). Check this doc and this blog for more details.

Related

Golang use bash environment variables in Buffalo database.yml

I'm new to Go and Buffalo, and am attempting use my bash environment variables in my database.yaml
I attempted to do the following in my database.yaml, but it fails to interpret the value of my bash environment var localUser
user: ${localUser}
I set the localUser with the following bash
export localUser="username"
echo $localUser
username
Thanks for any help!!
Buffalo Pop's configuration, database.yml, supports the following syntax.
production:
host: "localhost"
user: {{ envOr "localUser" "defaultuser" }}
test:
dialect: "mysql"
url: {{ envOr "TEST_DATABASE_URL" "mysql://user:pass#(localhost:3306)/test" }}
The key is the envOr directive.
As you can imagine, the production.user will be set as the value from the environment variable localUser if the value exists, but it will fall back to its default value "defaultuser" if there is no environment variable.
With this syntax, you can configure environment-specific values dynamically.
This is good for many situations such as container images that could be used in multiple different configurations. You can distribute (or publish) your application "image" with the default value, then you can run your "container" with specific environmental variables with the real values.

Taking output of terraform to bash script as input variable

I am writing a script that takes care of running a terraform file and create infra. I have requirement where I need to take output from the terraform into the same script to create schema for DB. I need to take Endpoint, username, Password and DB name and take it as an input into the script to login to the db and create schema. I need to take the output from aws_db_instance from terraform which is already created and push that as an input into the bash script.
Any help would be really appreciated as to how can we achieve this. thanks in advance. Below is the schema code that I would be using in script and would need those inputs from terraform.
RDS_MYSQL_USER="Username";
RDS_MYSQL_PASS="password";
RDS_MYSQL_BASE="DB-Name";
mysql -h $RDS_MYSQL_ENDPOINT -P $PORT -u $RDS_MYSQL_USER -p $RDS_MYSQL_PASS -D $RDS_MYSQL_BASE -e 'quit';```
The usual way to export particular values from a Terraform configuration is to declare Output Values.
In your case it seems like you want to export several of the result attributes from aws_db_instance, which you could do with declarations like the following in your root module:
output "mysql_host" {
value = aws_db_instance.example.address
}
output "mysql_port" {
value = aws_db_instance.example.port
}
output "mysql_username" {
value = aws_db_instance.example.username
}
output "mysql_password" {
value = aws_db_instance.example.password
sensitive = true
}
output "mysql_database_name" {
value = aws_db_instance.example.name
}
After you run terraform apply you should see Terraform report the final values for each of these, with the password hidden behind (sensitive value) because I declared it with sensitive = true.
Once that's worked, you can use the terraform output command with its -raw option to retrieve these values in a way that's more convenient to use in a shell script. For example, if you are using a Bash-like shell:
MYSQL_HOST="$(terraform output -raw mysql_host)"
MYSQL_PORT="$(terraform output -raw mysql_port)"
MYSQL_USERNAME="$(terraform output -raw mysql_username)"
MYSQL_PASSWORD="$(terraform output -raw mysql_password)"
MYSQL_DB_NAME="$(terraform output -raw mysql_database_name)"
Each run of terraform output will need to retrieve the latest state snapshot from your configured backend, so running it five times might be slow if your chosen backend has a long round-trip time. You could potentially optimize this by installing separate software like jq to parse the terraform output -json result to retrieve all of the values from a single command. There are some further examples in terraform output: Use in Automation.

Terraform to read variables from environment

I have written a terraform configuration with variable definition like:
variable "GOOGLE_CLOUD_REGION" {
type = string
}
When I run terraform plan I am asked to fill in this variable even though this variable is set within my environment.
Is there a way to tell terraform to work with current env vars? Or do I have to export them and pass them somehow manually one-by-one?
You can define the environment variable TF_VAR_GOOGLE_CLOUD_REGION to set that variable.
If you are using bash, it might look like this:
export TF_VAR_GOOGLE_CLOUD_REGION="$GOOGLE_CLOUD_REGION"
terraform apply ...
From Environment Variables under Configuration Language: Input Variables.
As a fallback for the other ways of defining variables, Terraform searches the environment of its own process for environment variables named TF_VAR_ followed by the name of a declared variable.
This can be useful when running Terraform in automation, or when running a sequence of Terraform commands in succession with the same variables. For example, at a bash prompt on a Unix system:
$ export TF_VAR_image_id=ami-abc123
$ terraform plan
...
You can create a file that ends with .tfvars or .tfvars.json and then when you run a plan you specify that file:
terraform apply -var-file="example.tfvars"
If you name the file terraform.tfvars or terraform.tfvars.json or have a file with names ending in .auto.tfvars or .auto.tfvars.json
then Terraform automatically loads the variable definition file and you don't have to manually specify it when you run a plan.
An example of what the terraform.tfvars file will look like:
first_env_var = "environment_variable_one"
second_env_var = "environment_variable_two"
An example of what the terraform.tfvars.json file will look like:
{
"image_id": "ami-abc123",
"availability_zone_names": ["us-west-1a", "us-west-1c"]
}
I would approach this by creating a variables.tf file, within the project directory. with the required variable block you can specify a default:
variable "GOOGLE_CLOUD_REGION" {
type = string
default = "us-west1"
}
this will then be used as the default value during each run, and you will not be prompted.

google deployment manager access nested properties with --properties argument

If Im using a jinja template I can override properties via command line like this:
--properties zone:us-central1-a,machineType:n1-standard-1,image:debian-9
But I see no documentation or examples for doing this with nested properties like labels or environmentVariables for example:
resources:
- name: resource-name
type: 'gcp-types/cloudfunctions-v1:projects.locations.functions'
properties:
labels:
testlabel1: testlabel1value
testlabel2: testlabel2value
environmentVariables:
TEST: 'zzzzzzzzz'
How do set properties like these? this does not work: --properties labels:testlabel1:newvalue
The short answer here is that the --properties flag is not meant to pass property values to the template. A template cannot run without a configuration file, the --properties flag is meant to replace the config file. Each parameter you pass is the same as listing them in a config file.
Essentially using --template my-template.py --properties zone:us-central1-f is the equivalent of running --config myConfig.yaml where the YAML is defined as such:
imports:
- path: my-template.py
resources:
- name: some-resource
type: my-temaplte.py
properties:
zone: us-central1-f
The --properties flag is not meant to pass raw data to replace non-variables.
Although this does not directly answer your question, you shouldn't normally need to define nested values in the flag. Your template will generally call on direct variables taken from the object properties.
despite this, I did try some tests, and as far as I can tell, you can't do this.
After some trial and error I managed to pass an object via command line like this:
--properties ^~^labels:{'testlabel1: testlabel1value','testlabel2: testlabel2value'}~environmentVariables:{'TEST: zzzzzzzzz'}
This sequence of symbols ^~^ is how you can change delimiter. You have to put it at the beginning of your properties. More info about escaping you can find here.
I put single apostrophe over single key value pair because we need that space between key and value. Otherwise it's interpereted as key with null value.
If you're using Bash shell you should also escape {,} symbols.

Ansible nested variables in inventory

I've been using Ansible for a while now, and in general have no trouble with variables in inventories. However, for the first time I have to override a nested variable in the inventory, and the I'd expect it to work... doesn't.
The default/main.yml of the role looks like this:
archiver_config:
archiver_folder: "/opt/archiver"
source_folder: "/var/tmp/images"
archive_folder: "/var/tmp/imagearchive"
min_diskspace: 1e6
logfile: "/var/log/archiver.log"
I need to override the default archive folder for some hosts because some of them have an external filesystem attached for this purpose, so I did this in the inventory:
[tdevices]
10.8.0.38 adeploy_name=16014c archiver_config.archive_folder=/media/ext
I have also tried putting the value in double and single quotes, like e.g.
archiver_config.archive_folder='/media/ext'
But it doesn't work. Ansible doesn't throw any errors, but the default value does not get overridden. What's the correct syntax to do this?
There are no "nested variables" in your example. There is only one variable archiver_config which is a dictionary (hash).
You cannot assign a value to a dictionary key in the inventory file.
What you can do is add a variable in the defaults/main.yml, use it as a value for the key (now, this can be called a nested variable):
archive_folder: "/var/tmp/imagearchive"
archiver_config:
archiver_folder: "/opt/archiver"
source_folder: "/var/tmp/images"
archive_folder: "{{archive_folder}}"
min_diskspace: 1e6
logfile: "/var/log/archiver.log"
and assign value to it in the inventory file:
[tdevices]
10.8.0.38 adeploy_name=16014c archive_folder=/media/ext

Resources