Terraform client git hook
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Redirect output to stderr. | |
exec 1>&2 | |
# enable user input | |
exec < /dev/tty | |
# check if there is a change in the tfstate file | |
TFSTATE=`git diff --cached --name-status | awk '$1 != "R" { print $2 }' |grep tfstate |wc -l` | |
if [ $TFSTATE -ne 0 ] | |
then | |
#Check if we have set somewhere a password field and show notification that we should change the password | |
PASSEXISTS=`git diff --cached |grep "\"password\":" |wc -l`; | |
if [ $PASSEXISTS -ne 0 ] | |
then | |
cat <<\EOF | |
There is and RDS instance in your Terraform plan. | |
Remeber to change this from the AWS console to a secure password. | |
If you do not know how to do that please contact Administrators | |
EOF | |
fi | |
#Check if we are going to send sensitive information | |
if test $(git diff --cached | grep "\"secret\":" | wc -l) != 0 | |
then | |
exec git diff --cached | grep -ne "\"secret\":" | |
read -p "You have commited a secret in the git. Are you sure you want to conitnue? (y/n)" yn | |
echo $yn | grep ^[Yy]$ | |
if [ $? -eq 0 ] | |
then | |
exit 0; #THE USER WANTS TO CONTINUE | |
else | |
exit 1; # THE USER DONT WANT TO CONTINUE SO ROLLBACK | |
fi | |
fi | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment