Get ARGOCD_AUTH_TOKEN and KUBECONFIG from terraform outputs

camptocamp · Nov 23, 2020 · 75d5f8b · 75d5f8b
1 parent d728680
commit 75d5f8b
Show file tree

Hide file tree

Showing 12 changed files with 67 additions and 48 deletions.
diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
@@ -25,12 +25,9 @@ jobs:
           TF_VAR_repo_url=$GITHUB_SERVER_URL/${{ github.actor }}/camptocamp-devops-stack.git \
           TF_VAR_target_revision=${{ github.head_ref }} \
           ../../scripts/provision.sh
-          . ../../scripts/get-argocd-auth-token.sh
-          while ! argocd app wait apps --health --timeout 30; do argocd app list -owide; done
+          ../../scripts/wait-for-app-of-apps.sh
         env:
           CLUSTER_NAME: default
-          ARGOCD_OPTS: "--plaintext --port-forward --port-forward-namespace argocd"
-          KUBECONFIG: terraform/kubeconfig.yaml
       - name: Destroy cluster
         run: |
           TF_VAR_repo_url=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY.git \
@@ -60,12 +57,9 @@ jobs:
           TF_VAR_repo_url=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY.git \
           TF_VAR_target_revision=${{ github.base_ref }} \
           ../../scripts/provision.sh
-          . ../../scripts/get-argocd-auth-token.sh
-          while ! argocd app wait apps --health --timeout 30; do argocd app list -owide; done
+          ../../scripts/wait-for-app-of-apps.sh
         env:
           CLUSTER_NAME: default
-          ARGOCD_OPTS: "--plaintext --port-forward --port-forward-namespace argocd"
-          KUBECONFIG: terraform/kubeconfig.yaml
       - uses: actions/checkout@v2
         with:
           ref: ${{ github.ref }}
@@ -80,25 +74,18 @@ jobs:
       - name: App-diff on ref
         run: |
           export PATH="$HOME/bin:$PATH"
-          . ../../scripts/get-argocd-auth-token.sh
-          chmod 0600 "$KUBECONFIG"
           ../../scripts/app-diff.sh
         env:
           CLUSTER_NAME: default
-          ARGOCD_OPTS: "--plaintext --port-forward --port-forward-namespace argocd"
-          KUBECONFIG: terraform/kubeconfig.yaml
       - name: Update cluster
         run: |
           export PATH="$HOME/bin:$PATH"
           TF_VAR_repo_url=$GITHUB_SERVER_URL/${{ github.actor }}/camptocamp-devops-stack.git \
           TF_VAR_target_revision=${{ github.head_ref }} \
           ../../scripts/provision.sh
-          . ../../scripts/get-argocd-auth-token.sh
-          while ! argocd app wait apps --health --timeout 30; do argocd app list -owide; done
+          ../../scripts/wait-for-app-of-apps.sh
         env:
           CLUSTER_NAME: default
-          ARGOCD_OPTS: "--plaintext --port-forward --port-forward-namespace argocd"
-          KUBECONFIG: terraform/kubeconfig.yaml
       - name: Destroy cluster
         run: |
           TF_VAR_repo_url=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY.git \

diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
@@ -25,12 +25,9 @@ jobs:
           TF_VAR_repo_url=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY.git \
           TF_VAR_target_revision=${GITHUB_REF##*/} \
           ../../scripts/provision.sh
-          . ../../scripts/get-argocd-auth-token.sh
-          while ! argocd app wait apps --health --timeout 30; do argocd app list -owide; done
+          ../../scripts/wait-for-app-of-apps.sh
         env:
           CLUSTER_NAME: default
-          ARGOCD_OPTS: "--plaintext --port-forward --port-forward-namespace argocd"
-          KUBECONFIG: terraform/kubeconfig.yaml
       - name: Destroy cluster
         run: |
           TF_VAR_repo_url=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY.git \

diff --git a/modules/eks-aws/outputs.tf b/modules/eks-aws/outputs.tf
@@ -1,3 +1,8 @@
+output "argocd_auth_token" {
+  description = "The token to set in ARGOCD_AUTH_TOKEN environment variable."
+  value       = module.argocd.argocd_auth_token
+}
+
 output "cluster_id" {
   description = "The name/id of the EKS cluster. Will block on cluster creation until the cluster is really ready"
   value       = module.cluster.cluster_id

diff --git a/modules/k3os-libvirt/outputs.tf b/modules/k3os-libvirt/outputs.tf
@@ -1,3 +1,8 @@
+output "argocd_auth_token" {
+  description = "The token to set in ARGOCD_AUTH_TOKEN environment variable."
+  value       = module.argocd.argocd_auth_token
+}
+
 output "base_domain" {
   value = local.base_domain
 }

diff --git a/modules/k3s-docker/outputs.tf b/modules/k3s-docker/outputs.tf
@@ -1,3 +1,8 @@
+output "argocd_auth_token" {
+  description = "The token to set in ARGOCD_AUTH_TOKEN environment variable."
+  value       = module.argocd.argocd_auth_token
+}
+
 output "base_domain" {
   value = local.base_domain
 }

diff --git a/scripts/app-diff.sh b/scripts/app-diff.sh
@@ -1,10 +1,19 @@
-#!/bin/sh -e
+#!/bin/bash -e
+
+ARGOCD_AUTH_TOKEN=$(jq -r '.ARGOCD_AUTH_TOKEN.value' terraform/outputs.json)
+export ARGOCD_AUTH_TOKEN
+
+ARGOCD_OPTS="--plaintext --port-forward --port-forward-namespace argocd"
+export ARGOCD_OPTS
+
+KUBECONFIG_CONTENT=$(jq -r '.KUBECONFIG_CONTENT.value' terraform/outputs.json)
+export KUBECONFIG_CONTENT
 
 export KUBECTL_EXTERNAL_DIFF="diff -u"
 
 for app_dir in ../../argocd/*;
 do
 	app=${app_dir#../../argocd/}
 	test -f "$app_dir/Chart.yaml" && helm dependency update "$app_dir"
-	argocd app diff "$app" --local "$app_dir" || true
+	KUBECONFIG=<(echo "$KUBECONFIG_CONTENT") argocd app diff "$app" --local "$app_dir" || true
 done
diff --git a/scripts/get-argocd-auth-token.sh b/scripts/get-argocd-auth-token.sh
diff --git a/scripts/plan.sh b/scripts/plan.sh
@@ -5,4 +5,5 @@ export TF_WORKSPACE="$CLUSTER_NAME"
 cd terraform || exit
 terraform init -upgrade
 terraform plan
+terraform output -json > outputs.json
 cd - || exit
diff --git a/scripts/provision.sh b/scripts/provision.sh
@@ -11,4 +11,5 @@ helm dependency update "$(jq -r '.Modules[]|select(.Key == "cluster").Dir + "/..
 
 terraform apply --auto-approve
 terraform plan --detailed-exitcode
+terraform output -json > outputs.json
 cd - || exit
diff --git a/scripts/wait-for-app-of-apps.sh b/scripts/wait-for-app-of-apps.sh
@@ -0,0 +1,15 @@
+#!/bin/bash -e
+
+ARGOCD_AUTH_TOKEN=$(jq -r '.ARGOCD_AUTH_TOKEN.value' terraform/outputs.json)
+export ARGOCD_AUTH_TOKEN
+
+ARGOCD_OPTS="--plaintext --port-forward --port-forward-namespace argocd"
+export ARGOCD_OPTS
+
+KUBECONFIG_CONTENT=$(jq -r '.KUBECONFIG_CONTENT.value' terraform/outputs.json)
+export KUBECONFIG_CONTENT
+
+while ! KUBECONFIG=<(echo "$KUBECONFIG_CONTENT") argocd app wait apps --health --timeout 30
+do
+	KUBECONFIG=<(echo "$KUBECONFIG_CONTENT") argocd app list -owide
+done
diff --git a/tests/k3os-libvirt/terraform/outputs.tf b/tests/k3os-libvirt/terraform/outputs.tf
@@ -2,6 +2,16 @@ output "base_domain" {
   value = module.cluster.base_domain
 }
 
+output "ARGOCD_AUTH_TOKEN" {
+  sensitive = true
+  value     = module.cluster.argocd_auth_token
+}
+
+output "KUBECONFIG_CONTENT" {
+  sensitive = true
+  value     = module.cluster.kubeconfig
+}
+
 output "argocd_url" {
   value = format("https://argocd.apps.%s", module.cluster.base_domain)
 }

diff --git a/tests/k3s-docker/terraform/outputs.tf b/tests/k3s-docker/terraform/outputs.tf
@@ -2,6 +2,16 @@ output "base_domain" {
   value = module.cluster.base_domain
 }
 
+output "ARGOCD_AUTH_TOKEN" {
+  sensitive = true
+  value     = module.cluster.argocd_auth_token
+}
+
+output "KUBECONFIG_CONTENT" {
+  sensitive = true
+  value     = module.cluster.kubeconfig
+}
+
 output "argocd_url" {
   value = format("https://argocd.apps.%s", module.cluster.base_domain)
 }