shalomb · September 6, 2021 19:20 · shalomb · Sep 6, 2021
diff --git a/main.tf b/main.tf
 # Demo of the external data source
 # https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/data_source
 data "external" "passwd_field" {
  program = [ "./passwd_field.sh" ]
  query   = {
    user  = var.user
    field = var.field
    file  = local.target_file
  }
  depends_on = [
    null_resource.copy
  ]
 }

 # Demo of the null_resource provider
 # https://stackoverflow.com/a/68052896/742600
 resource "null_resource" "copy" {
  provisioner "local-exec" {
    command = "cp ${var.source_file} ${local.target_file}"
  }

  # because we rm target_file, we need to ensure this step always runs
  triggers     = {
    always_run = timestamp()
  }
 }

 # Demo of the null_resource provider
 resource "null_resource" "remove" {
  provisioner "local-exec" {
    command = "rm ${local.target_file}"
  }
  depends_on = [
    data.external.passwd_field
  ]

  # because we rm target_file, we need to ensure this step always runs
  triggers     = {
    always_run = timestamp()
  }
 }

 output "passwd_field" {
  value       = data.external.passwd_field.result
  description = "Value of the field extracted from /etc/paswd"
  sensitive   = false
  depends_on  = [
    data.external.passwd_field
  ]
 }

 variable "source_file" {
  type    = string
  default = "/etc/passwd"
 }

 resource "random_string" "mktemp" {
  length           = 10
  special          = false
 }

 locals {
  target_file = "${random_string.mktemp.result}-${replace(timestamp(), "/[^0-9]/", "")}.tmp"
 }


 variable "user" {
  type    = string
  default = "root"
  validation {
    condition = can(regex("^.{4}$", var.user))
    error_message = "Invalid user specified, must be 4 chars long!"
  }
 }

 variable "field" {
  type    = string
  default = 7
  validation {
    condition = var.field > 0 && var.field < 8
    error_message = "Invalid field range, must be >0 and <8!"
  }
 }
diff --git a/output.json b/output.json
 090190720 f - Σ terraform output -json
 {
  "passwd_field": {
    "sensitive": false,
    "type": [
      "map",
      "string"
    ],
    "value": {
      "field": "7",
      "file": "OsrUKa6yYw-20210906190455.tmp",
      "value": "/bin/bash"
    }
  }
 }
diff --git a/passwd_field.sh b/passwd_field.sh
 #!/bin/bash

 # Exit with an error if any commands fail
 set -eu -o pipefail

 tmpfile="$(mktemp)"
 trap "rm '$tmpfile'" EXIT

 # Extract the input parameters
 jq -r '@sh "
  user=\(.user)
  field=\(.field)
  file=\(.file)
 "'  > "$tmpfile"
 source "$tmpfile"

 # Do some processing
 value=$( awk -vuser="$user" -F: '$1 == user{ print $'"$field"' }' "$file")

 # Construct a return object
 jq -n \
  --arg field "$field" \
  --arg value "$value" \
  --arg file "$file" \
  '{  field: $field,
      value: $value,
      file: $file
  }'
	# Demo of the external data source
	# https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/data_source
	data "external" "passwd_field" {
	program = [ "./passwd_field.sh" ]
	query = {
	user = var.user
	field = var.field
	file = local.target_file
	}
	depends_on = [
	null_resource.copy
	]
	}

	# Demo of the null_resource provider
	# https://stackoverflow.com/a/68052896/742600
	resource "null_resource" "copy" {
	provisioner "local-exec" {
	command = "cp ${var.source_file} ${local.target_file}"
	}

	# because we rm target_file, we need to ensure this step always runs
	triggers = {
	always_run = timestamp()
	}
	}

	# Demo of the null_resource provider
	resource "null_resource" "remove" {
	provisioner "local-exec" {
	command = "rm ${local.target_file}"
	}
	depends_on = [
	data.external.passwd_field
	]

	# because we rm target_file, we need to ensure this step always runs
	triggers = {
	always_run = timestamp()
	}
	}

	output "passwd_field" {
	value = data.external.passwd_field.result
	description = "Value of the field extracted from /etc/paswd"
	sensitive = false
	depends_on = [
	data.external.passwd_field
	]
	}

	variable "source_file" {
	type = string
	default = "/etc/passwd"
	}

	resource "random_string" "mktemp" {
	length = 10
	special = false
	}

	locals {
	target_file = "${random_string.mktemp.result}-${replace(timestamp(), "/[^0-9]/", "")}.tmp"
	}


	variable "user" {
	type = string
	default = "root"
	validation {
	condition = can(regex("^.{4}$", var.user))
	error_message = "Invalid user specified, must be 4 chars long!"
	}
	}

	variable "field" {
	type = string
	default = 7
	validation {
	condition = var.field > 0 && var.field < 8
	error_message = "Invalid field range, must be >0 and <8!"
	}
	}
	090190720 f - Σ terraform output -json
	{
	"passwd_field": {
	"sensitive": false,
	"type": [
	"map",
	"string"
	],
	"value": {
	"field": "7",
	"file": "OsrUKa6yYw-20210906190455.tmp",
	"value": "/bin/bash"
	}
	}
	}
	#!/bin/bash

	# Exit with an error if any commands fail
	set -eu -o pipefail

	tmpfile="$(mktemp)"
	trap "rm '$tmpfile'" EXIT

	# Extract the input parameters
	jq -r '@sh "
	user=\(.user)
	field=\(.field)
	file=\(.file)
	"' > "$tmpfile"
	source "$tmpfile"

	# Do some processing
	value=$( awk -vuser="$user" -F: '$1 == user{ print $'"$field"' }' "$file")

	# Construct a return object
	jq -n \
	--arg field "$field" \
	--arg value "$value" \
	--arg file "$file" \
	'{ field: $field,
	value: $value,
	file: $file
	}'