Merge pull request #182 from dflook/remote-workspace-validate

dflook · web-flow · commit 62ade841945d · 2022-05-02T17:22:35.000+01:00
Use correct value for terraform.workspace when validating with remote backend
diff --git a/.github/workflows/test-http.yaml b/.github/workflows/test-http.yaml
@@ -87,7 +87,7 @@ jobs:
 
   git_no_credentials:
     runs-on: ubuntu-latest
-    name: git_http no creds
+    name: git+http no creds
     steps:
       - name: Checkout
         uses: actions/checkout@v2
diff --git a/.github/workflows/test-validate.yaml b/.github/workflows/test-validate.yaml
@@ -52,7 +52,7 @@ jobs:
 
   validate_workspace:
     runs-on: ubuntu-latest
-    name: Use workspace name during validationg
+    name: Use workspace name during validation
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -87,3 +87,16 @@ jobs:
             echo "::error:: failure-reason not set correctly"
             exit 1
           fi
+
+  validate_remote_workspace:
+    runs-on: ubuntu-latest
+    name: Use workspace name during validation
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: validate prod
+        uses: ./terraform-validate
+        with:
+          path: tests/workflows/test-validate/workspace_eval_remote
+          workspace: prod
diff --git a/image/entrypoints/validate.sh b/image/entrypoints/validate.sh
@@ -11,12 +11,18 @@ setup
 # How do you get a full validation report? You can't.
 
 # terraform.workspace will be evaluated during a validate, but it is not initialized properly.
-# Pass through the workspace input, even if it doesn't make sense for some backends.
+# Pass through the workspace input, except for remote backend where it should be 'default'
+
+if [[ "$TERRAFORM_BACKEND_TYPE" == "remote" ]]; then
+  TF_WORKSPACE="default"
+else
+  TF_WORKSPACE="$INPUT_WORKSPACE"
+fi
 
 init || true
 
-if ! (cd "$INPUT_PATH" && TF_WORKSPACE="$INPUT_WORKSPACE" terraform validate -json | convert_validate_report "$INPUT_PATH"); then
-    (cd "$INPUT_PATH" && TF_WORKSPACE="$INPUT_WORKSPACE" terraform validate)
+if ! (cd "$INPUT_PATH" && TF_WORKSPACE="$TF_WORKSPACE" terraform validate -json | convert_validate_report "$INPUT_PATH"); then
+    (cd "$INPUT_PATH" && TF_WORKSPACE="$TF_WORKSPACE" terraform validate)
 else
     echo -e "\033[1;32mSuccess!\033[0m The configuration is valid"
 fi
diff --git a/tests/workflows/test-validate/workspace_eval/main.tf b/tests/workflows/test-validate/workspace_eval/main.tf
@@ -22,15 +22,3 @@ provider "aws" {
 resource "aws_s3_bucket" "bucket" {
   bucket = "hello"
 }
-
-terraform {
-  backend "remote" {
-    hostname = "app.terraform.io"
-    organization = "flooktech"
-
-    workspaces {
-        name = "banana"
-    }
-  }
-}
-
diff --git a/tests/workflows/test-validate/workspace_eval_remote/main.tf b/tests/workflows/test-validate/workspace_eval_remote/main.tf
@@ -0,0 +1,31 @@
+locals {
+  aws_provider_config = {
+    default = {
+      region     = "..."
+      account_id = "..."
+      profile    = "..."
+    }
+  }
+}
+
+provider "aws" {
+  region              = local.aws_provider_config[terraform.workspace].region
+  profile             = local.aws_provider_config[terraform.workspace].profile
+  allowed_account_ids = [local.aws_provider_config[terraform.workspace].account_id]
+}
+
+resource "aws_s3_bucket" "bucket" {
+  bucket = "hello"
+}
+
+terraform {
+  backend "remote" {
+    hostname = "app.terraform.io"
+    organization = "flooktech"
+
+    workspaces {
+        name = "banana"
+    }
+  }
+}
+
