Add support for setting env variables in a workspace

[bdwyertech]

Description of your changes

Goal of this was to pass through env vars for TFEnv. This would allow me to pin or constrain Terraform versions in my versioned XRs. Perhaps it could be used for something else, such as specifying the terraform source, or provider-specific debug flags.

I have:

• Run make reviewable to ensure this PR is ready for review.

How has this code been tested

[Upbound-CLA]

All committers have signed the CLA.

[bobh66]

Thanks for the contribution! Looks good overall, a couple of comments inline. Can you also add some documentation in the README and maybe an example in examples/ ?

[bdwyertech]

Thanks for the contribution! Looks good overall, a couple of comments inline. Can you also add some documentation in the README and maybe an example in examples/ ?

Sure, I'll fix the tests and get an example into the README

[bobh66]

@bdwyertech I'm concerned that this is now two features in one PR - the original ENV support and the addition of tfenv. I'd prefer to keep them separate - the tfenv change is much more significant and I'd like to be able to validate it separately.

[bdwyertech]

OK, I can break that out separately, however this is a prereq to use tfenv.

[bobh66]

Thanks - I think the env var support is fine, and could even be extended to support valueFrom and secrets at some point. That would enable credentials to be loaded into the environment from a Secret, which I know some terraform providers might need.

Can you open an issue with some more background/details for the tfenv support? It would be good to get some specifics and discussion around the topic. It's a significant change to support multiple versions of terraform. Thanks!

[bdwyertech]

Thanks - I think the env var support is fine, and could even be extended to support valueFrom and secrets at some point. That would enable credentials to be loaded into the environment from a Secret, which I know some terraform providers might need.

Can you open an issue with some more background/details for the tfenv support? It would be good to get some specifics and discussion around the topic. It's a significant change to support multiple versions of terraform. Thanks!

OK, I've broken tfenv into its branch and will create a subsequent PR. For now, this is MR just adds env var support.

[bdwyertech]

Added support for ConfigMap/Secret reference.

[nakamume]

@bobh66 @bdwyertech Though not a blocker but this feature would greatly improve our workflows. I'd like continue with these changes. I guess, I'll have to fork and open a new PR. Please let me know if there's some way to contribute to this same PR.

[addisonj]

It looks like some the changes were split out and the requested changes were made.

Is this ready for another review? Is there anything else preventing this from making progress?

This would be super useful to me and would be happy to help contribute, but just need clear direction from the maintainers (@bobh66) on what is missing to get this over the line.

[bobh66]

Is this ready for another review? Is there anything else preventing this from making progress?

There are lint errors blocking the CI pipeline

[ytsarev]

Suggested change

	cmd.Env = append(cmd.Env, "TF_CLI_CONFIG_FILE=./.terraformrc")
	cmd.Env = append(cmd.Env, h.Envs...)
	cmd.Env = append(cmd.Env, "TF_CLI_CONFIG_FILE=./.terraformrc", h.Envs...)

[bdwyertech]

You cant do that.

21:47:07 [ .. ] go build linux_amd64
github.com/upbound/provider-terraform/apis/v1beta1
github.com/upbound/provider-terraform/internal/terraform
# github.com/upbound/provider-terraform/internal/terraform
internal/terraform/terraform.go:177:65: too many arguments in call to append
        have ([]string, string, []string)
        want ([]string, ...string)

[ytsarev]

/test-examples="examples/workspace-inline-aws.yaml"

[addisonj]

@bobh66 it looks like all requested changes have been made?

[rrs-celonis]

Eagerly waiting for this to get merged

[ytsarev]

/test-examples="examples/workspace-inline-aws.yaml"

[ytsarev]

/test-examples="examples/workspace-inline-aws.yaml"

[ytsarev]

/test-examples="examples/workspace-inline-aws.yaml"

[senare]

Any update on this ?
What can I do t to help this move along ?

[ytsarev]

@senare Ideally we need to

• extend the unit tests at https://github.com/upbound/provider-terraform/pull/74/files#diff-d690cfcf16b477fcc4546470aa24e791e2593cc110ff377297c2be8db1aad88c to cover the env variable control,
• provide e2e example for uptest
• Extend documentation as it currently does not mention the possibility of referencing Secret
  Thanks in advance for your help!

[ytsarev]

/test-examples="examples/workspace-inline-aws.yaml"

[ytsarev]

• I've rebased this PR with the recent state of the main branch and resolved some conflicts
• Added e2e example to examples/environment to test environment propagation
• Performed exploratory e2e test, everything works as expected

k get workspace
NAME                     SYNCED   READY   AGE
sample-inline-with-env   True     True    19m

• The environment data was properly propagated to the AWS tags as expected

Everything looks good to me.

@bobh66 As I've made additions to this PR could you please make another review from your side before we merge it? Thanks!

@bdwyertech thank you so much for this great contribution!

[bobh66]

A couple of minor comments and one question, but otherwise it LGTM.

[bobh66]

Will this be confusing since you can't really change the version of terraform that we run?

[ytsarev]

I've renamed the env var to a more neutral version

[bobh66]

nit: I think it flows better to have the env definition before the module definition, but it's not critical to change

[ytsarev]

Agree, example amended

[bobh66]

This line appends h.Envs... unconditionally, where all of the other usages check the length and only append if the length is non-zero. Is there a reason to check the length in the other places and not check it here? Or does it not need to be checked at all?

[ytsarev]

Good catch, it is probably harmless from the way how append behaves, but let's make it cleaner, I've added the conditional

[bdwyertech]

So just for solidarity, the reason I did not add the check here was because the line above already appended. My reasoning behind checking in the other cases was because I'd rather inherit the default behavior of cmd.Env. If you notice, I pick up os.Environ() which is the default if you do not set cmd.Env. Should the Go upstream behavior change or whatever, my goal was to avoid interfering... if that makes sense. That said, there is no harm here in adding the check, probably some picosecond of compute or something.

[ytsarev]

@bobh66 thanks a lot for the review. I've addressed the PR feedback. Please take another look

[bobh66]

Looks good - thanks @bdwyertech and @ytsarev !

[bdwyertech]

Better late than never... Thanks guys, I can finally stop using my fork :-)