nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-20 04:33:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
e7dbfd7ece
nixpkgs/pkgs/applications/networking/cluster/terraform/default.nix
Jonas Chevalier e7dbfd7ece
terraform.withPlugins: clean and remove 0.12 support (#155477) 
Now that the terraform 0.12 compatibility is not needed anymore, the
`terraform.withPlugins` and `terraform-providers.mkProvider`
implementations can be simplified.

Instead of building a bunch of bin wrappers on instantiation, the
providers are now stored in
`$out/libexec/terraform-providers/<registry>/<owner>/<name>/<version>/<os>_<arch>/terraform-provider-<name>_v<version>`
and then a simple `buildEnv` can be used to merge them.

This breaks back-compat so it's not possible to mix-and-match with
previous versions of nixpkgs. In exchange, it now becomes possible to
use the providers from
[nixpkgs-terraform-providers-bin](https://github.com/numtide/nixpkgs-terraform-providers-bin)
directly.
2022-01-24 12:53:05 +01:00

183 lines
5.5 KiB
Nix
Raw Blame History

{ stdenv
, lib
, buildEnv
, buildGoModule
, fetchFromGitHub
, makeWrapper
, coreutils
, runCommand
, runtimeShell
, writeText
, terraform-providers
, fetchpatch
}:
let
generic = { version, sha256, vendorSha256 ? null, ... }@attrs:
let attrs' = builtins.removeAttrs attrs [ "version" "sha256" "vendorSha256" ];
in
buildGoModule ({
name = "terraform-${version}";
inherit vendorSha256;
src = fetchFromGitHub {
owner = "hashicorp";
repo = "terraform";
rev = "v${version}";
inherit sha256;
};
ldflags = [ "-s" "-w" ];
postConfigure = ''
# speakeasy hardcodes /bin/stty https://github.com/bgentry/speakeasy/issues/22
substituteInPlace vendor/github.com/bgentry/speakeasy/speakeasy_unix.go \
--replace "/bin/stty" "${coreutils}/bin/stty"
'';
postInstall = ''
# remove all plugins, they are part of the main binary now
for i in $out/bin/*; do
if [[ $(basename $i) != terraform ]]; then
rm "$i"
fi
done
'';
preCheck = ''
export HOME=$TMPDIR
export TF_SKIP_REMOTE_TESTS=1
'';
subPackages = [ "." ];
meta = with lib; {
description =
"Tool for building, changing, and versioning infrastructure";
homepage = "https://www.terraform.io/";
changelog = "https://github.com/hashicorp/terraform/blob/v${version}/CHANGELOG.md";
license = licenses.mpl20;
maintainers = with maintainers; [
Chili-Man
babariviere
kalbasit
marsam
maxeaubrey
timstott
zimbatm
zowoq
];
};
} // attrs');
pluggable = terraform:
let
withPlugins = plugins:
let
actualPlugins = plugins terraform.plugins;
# Wrap PATH of plugins propagatedBuildInputs, plugins may have runtime dependencies on external binaries
wrapperInputs = lib.unique (lib.flatten
(lib.catAttrs "propagatedBuildInputs"
(builtins.filter (x: x != null) actualPlugins)));
passthru = {
withPlugins = newplugins:
withPlugins (x: newplugins x ++ actualPlugins);
full = withPlugins (p: lib.filter lib.isDerivation (lib.attrValues p));
# Ouch
overrideDerivation = f:
(pluggable (terraform.overrideDerivation f)).withPlugins plugins;
overrideAttrs = f:
(pluggable (terraform.overrideAttrs f)).withPlugins plugins;
override = x:
(pluggable (terraform.override x)).withPlugins plugins;
};
# Don't bother wrapping unless we actually have plugins, since the wrapper will stop automatic downloading
# of plugins, which might be counterintuitive if someone just wants a vanilla Terraform.
in
if actualPlugins == [ ] then
terraform.overrideAttrs
(orig: { passthru = orig.passthru // passthru; })
else
lib.appendToName "with-plugins" (buildEnv {
inherit (terraform) name meta;
paths = actualPlugins;
nativeBuildInputs = [ makeWrapper ];
postBuild = ''
mkdir -p $out/bin
makeWrapper "${terraform}/bin/terraform" "$out/bin/terraform" \
--set NIX_TERRAFORM_PLUGIN_DIR $out/libexec/terraform-providers \
--prefix PATH : "${lib.makeBinPath wrapperInputs}"
'';
});
in
withPlugins (_: [ ]);
plugins = removeAttrs terraform-providers [
"override"
"overrideDerivation"
"recurseForDerivations"
];
in
rec {
# Constructor for other terraform versions
mkTerraform = attrs: pluggable (generic attrs);
terraform_0_13 = mkTerraform {
version = "0.13.7";
sha256 = "1cahnmp66dk21g7ga6454yfhaqrxff7hpwpdgc87cswyq823fgjn";
patches = [ ./provider-path.patch ];
passthru = { inherit plugins; };
};
terraform_0_14 = mkTerraform {
version = "0.14.11";
sha256 = "1yi1jj3n61g1kn8klw6l78shd23q79llb7qqwigqrx3ki2mp279j";
vendorSha256 = "sha256-tWrSr6JCS9s+I0T1o3jgZ395u8IBmh73XGrnJidWI7U=";
patches = [ ./provider-path.patch ];
passthru = { inherit plugins; };
};
terraform_0_15 = mkTerraform {
version = "0.15.5";
sha256 = "18f4a6l24s3cym7gk40agxikd90i56q84wziskw1spy9rgv2yx6d";
vendorSha256 = "sha256-oFvoEsDunJR4IULdGwS6nHBKWEgUehgT+nNM41W/GYo=";
patches = [ ./provider-path-0_15.patch ];
passthru = { inherit plugins; };
};
terraform_1 = mkTerraform {
version = "1.1.4";
sha256 = "sha256-PzBdo4zqWB9ma+uYFGmZtJNCXlRnAHxQmzWxZFPzHH0=";
vendorSha256 = "sha256-Rk2hHtJfaS553MJIea6n51irMas3qcBrWAD+adzTi1Y=";
patches = [ ./provider-path-0_15.patch ];
passthru = { inherit plugins; };
};
# Tests that the plugins are being used. Terraform looks at the specific
# file pattern and if the plugin is not found it will try to download it
# from the Internet. With sandboxing enable this test will fail if that is
# the case.
terraform_plugins_test =
let
mainTf = writeText "main.tf" ''
resource "random_id" "test" {}
'';
terraform = terraform_1.withPlugins (p: [ p.random ]);
test =
runCommand "terraform-plugin-test" { buildInputs = [ terraform ]; } ''
set -e
# make it fail outside of sandbox
export HTTP_PROXY=http://127.0.0.1:0 HTTPS_PROXY=https://127.0.0.1:0
cp ${mainTf} main.tf
terraform init
touch $out
'';
in
test;
}
Reference in New Issue View Git Blame Copy Permalink