Instantly share code, notes, and snippets.

Embed
What would you like to do?
Terraform client git hook
# Redirect output to stderr.
exec 1>&2
# enable user input
exec < /dev/tty
# check if there is a change in the tfstate file
TFSTATE=`git diff --cached --name-status | awk '$1 != "R" { print $2 }' |grep tfstate |wc -l`
if [ $TFSTATE -ne 0 ]
then
#Check if we have set somewhere a password field and show notification that we should change the password
PASSEXISTS=`git diff --cached |grep "\"password\":" |wc -l`;
if [ $PASSEXISTS -ne 0 ]
then
cat <<\EOF
There is and RDS instance in your Terraform plan.
Remeber to change this from the AWS console to a secure password.
If you do not know how to do that please contact Administrators
EOF
fi
#Check if we are going to send sensitive information
if test $(git diff --cached | grep "\"secret\":" | wc -l) != 0
then
exec git diff --cached | grep -ne "\"secret\":"
read -p "You have commited a secret in the git. Are you sure you want to conitnue? (y/n)" yn
echo $yn | grep ^[Yy]$
if [ $? -eq 0 ]
then
exit 0; #THE USER WANTS TO CONTINUE
else
exit 1; # THE USER DONT WANT TO CONTINUE SO ROLLBACK
fi
fi
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment