nomicon/pkgs/applications/networking/cluster/terraform/default.nix

{ stdenv
, lib
, buildEnv
, buildGoPackage
, fetchFromGitHub
, makeWrapper
, runCommand
, writeText
, terraform-providers
}:

let
  goPackagePath = "github.com/hashicorp/terraform";

  generic = { version, sha256, ... }@attrs:
    let attrs' = builtins.removeAttrs attrs ["version" "sha256"]; in
    buildGoPackage ({
      name = "terraform-${version}";

      inherit goPackagePath;

      src = fetchFromGitHub {
        owner  = "hashicorp";
        repo   = "terraform";
        rev    = "v${version}";
        inherit sha256;
      };

      postInstall = ''
        # remove all plugins, they are part of the main binary now
        for i in $bin/bin/*; do
          if [[ $(basename $i) != terraform ]]; then
            rm "$i"
          fi
        done
      '';

      preCheck = ''
        export HOME=$TMP
      '';

      meta = with stdenv.lib; {
        description = "Tool for building, changing, and versioning infrastructure";
        homepage = https://www.terraform.io/;
        license = licenses.mpl20;
        maintainers = with maintainers; [ zimbatm peterhoeg kalbasit marsam ];
      };
    } // attrs');

  pluggable = terraform:
    let
      withPlugins = plugins:
        let
          actualPlugins = plugins terraform.plugins;

          # Wrap PATH of plugins propagatedBuildInputs, plugins may have runtime dependencies on external binaries
          wrapperInputs = lib.unique (lib.flatten (lib.catAttrs "propagatedBuildInputs" (builtins.filter (x: x != null) actualPlugins)));

          passthru = {
            withPlugins = newplugins: withPlugins (x: newplugins x ++ actualPlugins);
            full = withPlugins lib.attrValues;

            # Ouch
            overrideDerivation = f: (pluggable (terraform.overrideDerivation f)).withPlugins plugins;
            overrideAttrs = f: (pluggable (terraform.overrideAttrs f)).withPlugins plugins;
            override = x: (pluggable (terraform.override x)).withPlugins plugins;
          };
        in
          # Don't bother wrapping unless we actually have plugins, since the wrapper will stop automatic downloading
          # of plugins, which might be counterintuitive if someone just wants a vanilla Terraform.
          if actualPlugins == []
            then terraform.overrideAttrs (orig: { passthru = orig.passthru // passthru; })
            else lib.appendToName "with-plugins"(stdenv.mkDerivation {
              inherit (terraform) name;
              buildInputs = [ makeWrapper ];

              buildCommand = ''
                mkdir -p $out/bin/
                makeWrapper "${terraform.bin}/bin/terraform" "$out/bin/terraform" \
                  --set NIX_TERRAFORM_PLUGIN_DIR "${buildEnv { name = "tf-plugin-env"; paths = actualPlugins; }}/bin" \
                  --prefix PATH : "${lib.makeBinPath wrapperInputs}"
              '';

              inherit passthru;
            });
    in withPlugins (_: []);

  plugins = removeAttrs terraform-providers ["override" "overrideDerivation" "recurseForDerivations"];
in rec {
  terraform_0_11 = pluggable (generic {
    version = "0.11.14";
    sha256 = "1bzz5wy13gh8j47mxxp6ij6yh20xmxd9n5lidaln3mf1bil19dmc";
    patches = [ ./provider-path.patch ];
    passthru = { inherit plugins; };
  });

  terraform_0_11-full = terraform_0_11.full;

  terraform_0_12 = pluggable (generic {
    version = "0.12.13";
    sha256 = "11nbr9avw6jx349jdmxgxiawk8i5mpw3p4rrl89yly0wfhg0fh4a";
    patches = [ ./provider-path.patch ];
    passthru = { inherit plugins; };
  });

  # Tests that the plugins are being used. Terraform looks at the specific
  # file pattern and if the plugin is not found it will try to download it
  # from the Internet. With sandboxing enable this test will fail if that is
  # the case.
  terraform_plugins_test = let
    mainTf = writeText "main.tf" ''
      resource "random_id" "test" {}
    '';
    terraform = terraform_0_11.withPlugins (p: [ p.random ]);
    test = runCommand "terraform-plugin-test" { buildInputs = [terraform]; }
      ''
        set -e
        # make it fail outside of sandbox
        export HTTP_PROXY=http://127.0.0.1:0 HTTPS_PROXY=https://127.0.0.1:0
        cp ${mainTf} main.tf
        terraform init
        touch $out
      '';
  in test;

}
terraform: move providers to terraform-providers Before, providers were only built indirectly. Since proviers don't depend on terraform to build they can be moved into their own collection of packages. This also has the advantage that they can be reached directly using an attribute path (Eg: terraform-providers.nixos). Co-authored-by: Wael Nasreddine <wael.nasreddine@gmail.com> 6 years ago			`{ stdenv`
			`, lib`
			`, buildEnv`
			`, buildGoPackage`
			`, fetchFromGitHub`
			`, makeWrapper`
terraform: add plugins tests (#47861) I wasn't sure if the plugins were downloaded from the Internet or not. This makes sure that there is no regression in the plugin detection. 6 years ago			`, runCommand`
			`, writeText`
terraform: move providers to terraform-providers Before, providers were only built indirectly. Since proviers don't depend on terraform to build they can be moved into their own collection of packages. This also has the advantage that they can be reached directly using an attribute path (Eg: terraform-providers.nixos). Co-authored-by: Wael Nasreddine <wael.nasreddine@gmail.com> 6 years ago			`, terraform-providers`
			`}:`
terraform: extracted from goPackages 8 years ago
terraform: use generic builder and add 0.9.0 (#23979) 7 years ago			`let`
terraform: 0.9.1 -> 0.9.2 * makes the generic builder open for extension * upgrades terraform and set the 0_9 series by default 7 years ago			`goPackagePath = "github.com/hashicorp/terraform";`

			`generic = { version, sha256, ... }@attrs:`
			`let attrs' = builtins.removeAttrs attrs ["version" "sha256"]; in`
			`buildGoPackage ({`
			`name = "terraform-${version}";`

			`inherit goPackagePath;`

			`src = fetchFromGitHub {`
			`owner = "hashicorp";`
			`repo = "terraform";`
			`rev = "v${version}";`
			`inherit sha256;`
			`};`

			`postInstall = ''`
			`# remove all plugins, they are part of the main binary now`
			`for i in $bin/bin/*; do`
			`if [[ $(basename $i) != terraform ]]; then`
			`rm "$i"`
			`fi`
			`done`
			`'';`
terraform: use generic builder and add 0.9.0 (#23979) 7 years ago
terraform: 0.9.1 -> 0.9.2 * makes the generic builder open for extension * upgrades terraform and set the 0_9 series by default 7 years ago			`preCheck = ''`
			`export HOME=$TMP`
			`'';`

			`meta = with stdenv.lib; {`
			`description = "Tool for building, changing, and versioning infrastructure";`
			`homepage = https://www.terraform.io/;`
			`license = licenses.mpl20;`
terraform: add marsam as maintainer 5 years ago			`maintainers = with maintainers; [ zimbatm peterhoeg kalbasit marsam ];`
terraform: 0.9.1 -> 0.9.2 * makes the generic builder open for extension * upgrades terraform and set the 0_9 series by default 7 years ago			`};`
			`} // attrs');`
terraform: manage 0.10 plugins with Nix Also add a few starter plugins/providers 7 years ago
			`pluggable = terraform:`
			`let`
terraform: noop 0.10 plugins mechanism when unused 7 years ago			`withPlugins = plugins:`
			`let`
			`actualPlugins = plugins terraform.plugins;`
terraform: manage 0.10 plugins with Nix Also add a few starter plugins/providers 7 years ago
terraform: Wrap PATH of propagatedBuildInputs (#37861) Plugins (namely terraform-provider-libvirt) may have a run time dependency on external binaries. 6 years ago			`# Wrap PATH of plugins propagatedBuildInputs, plugins may have runtime dependencies on external binaries`
			`wrapperInputs = lib.unique (lib.flatten (lib.catAttrs "propagatedBuildInputs" (builtins.filter (x: x != null) actualPlugins)));`

terraform: noop 0.10 plugins mechanism when unused 7 years ago			`passthru = {`
			`withPlugins = newplugins: withPlugins (x: newplugins x ++ actualPlugins);`
terraform: add a "full" passthru providers are already compiled independently so we don't need Hydra to follow terraform_MAJ_MIN_full to have them all compiled. Instead of having to create two aliases per release, add a "full" passthru for that common use-case. Eg: terraform_0_11_full -> terraform_0_11.full 6 years ago			`full = withPlugins lib.attrValues;`
terraform: manage 0.10 plugins with Nix Also add a few starter plugins/providers 7 years ago
terraform: noop 0.10 plugins mechanism when unused 7 years ago			`# Ouch`
			`overrideDerivation = f: (pluggable (terraform.overrideDerivation f)).withPlugins plugins;`
			`overrideAttrs = f: (pluggable (terraform.overrideAttrs f)).withPlugins plugins;`
			`override = x: (pluggable (terraform.override x)).withPlugins plugins;`
			`};`
			`in`
			`# Don't bother wrapping unless we actually have plugins, since the wrapper will stop automatic downloading`
			`# of plugins, which might be counterintuitive if someone just wants a vanilla Terraform.`
			`if actualPlugins == []`
			`then terraform.overrideAttrs (orig: { passthru = orig.passthru // passthru; })`
terraform: remove whitespace from name A `nix-env -iA unstable.terraform-full` gave me `installing 'terraform-with-plugins -0.11.7'` This removes the whitespace which sneaked into its name. 6 years ago			`else lib.appendToName "with-plugins"(stdenv.mkDerivation {`
treewide: use appendToName where appropriate Using appendToName preserves the version at the end of the name. 6 years ago			`inherit (terraform) name;`
terraform: noop 0.10 plugins mechanism when unused 7 years ago			`buildInputs = [ makeWrapper ];`
terraform: manage 0.10 plugins with Nix Also add a few starter plugins/providers 7 years ago
terraform: noop 0.10 plugins mechanism when unused 7 years ago			`buildCommand = ''`
			`mkdir -p $out/bin/`
			`makeWrapper "${terraform.bin}/bin/terraform" "$out/bin/terraform" \`
terraform: Wrap PATH of propagatedBuildInputs (#37861) Plugins (namely terraform-provider-libvirt) may have a run time dependency on external binaries. 6 years ago			`--set NIX_TERRAFORM_PLUGIN_DIR "${buildEnv { name = "tf-plugin-env"; paths = actualPlugins; }}/bin" \`
			`--prefix PATH : "${lib.makeBinPath wrapperInputs}"`
terraform: noop 0.10 plugins mechanism when unused 7 years ago			`'';`

			`inherit passthru;`
treewide: use appendToName where appropriate Using appendToName preserves the version at the end of the name. 6 years ago			`});`
terraform: manage 0.10 plugins with Nix Also add a few starter plugins/providers 7 years ago			`in withPlugins (_: []);`

terraform: move providers to terraform-providers Before, providers were only built indirectly. Since proviers don't depend on terraform to build they can be moved into their own collection of packages. This also has the advantage that they can be reached directly using an attribute path (Eg: terraform-providers.nixos). Co-authored-by: Wael Nasreddine <wael.nasreddine@gmail.com> 6 years ago			`plugins = removeAttrs terraform-providers ["override" "overrideDerivation" "recurseForDerivations"];`
terraform: export full packages with plugins 6 years ago			`in rec {`
terraform: add 0.11 7 years ago			`terraform_0_11 = pluggable (generic {`
terraform_0_11: 0.11.13 -> 0.11.14 5 years ago			`version = "0.11.14";`
			`sha256 = "1bzz5wy13gh8j47mxxp6ij6yh20xmxd9n5lidaln3mf1bil19dmc";`
terraform: add 0.11 7 years ago			`patches = [ ./provider-path.patch ];`
			`passthru = { inherit plugins; };`
			`});`
terraform: export full packages with plugins 6 years ago
terraform: add a "full" passthru providers are already compiled independently so we don't need Hydra to follow terraform_MAJ_MIN_full to have them all compiled. Instead of having to create two aliases per release, add a "full" passthru for that common use-case. Eg: terraform_0_11_full -> terraform_0_11.full 6 years ago			`terraform_0_11-full = terraform_0_11.full;`
terraform: add plugins tests (#47861) I wasn't sure if the plugins were downloaded from the Internet or not. This makes sure that there is no regression in the plugin detection. 6 years ago
terraform_0_12: init at 0.12.0-alpha2 6 years ago			`terraform_0_12 = pluggable (generic {`
terraform: 0.12.12 -> 0.12.13 (#72439) Changelog: https://github.com/hashicorp/terraform/releases/tag/v0.12.13 5 years ago			`version = "0.12.13";`
			`sha256 = "11nbr9avw6jx349jdmxgxiawk8i5mpw3p4rrl89yly0wfhg0fh4a";`
terraform_0_12: init at 0.12.0-alpha2 6 years ago			`patches = [ ./provider-path.patch ];`
			`passthru = { inherit plugins; };`
			`});`

terraform: add plugins tests (#47861) I wasn't sure if the plugins were downloaded from the Internet or not. This makes sure that there is no regression in the plugin detection. 6 years ago			`# Tests that the plugins are being used. Terraform looks at the specific`
			`# file pattern and if the plugin is not found it will try to download it`
			`# from the Internet. With sandboxing enable this test will fail if that is`
			`# the case.`
			`terraform_plugins_test = let`
			`mainTf = writeText "main.tf" ''`
			`resource "random_id" "test" {}`
			`'';`
			`terraform = terraform_0_11.withPlugins (p: [ p.random ]);`
			`test = runCommand "terraform-plugin-test" { buildInputs = [terraform]; }`
			`''`
			`set -e`
			`# make it fail outside of sandbox`
			`export HTTP_PROXY=http://127.0.0.1:0 HTTPS_PROXY=https://127.0.0.1:0`
			`cp ${mainTf} main.tf`
			`terraform init`
			`touch $out`
			`'';`
			`in test;`

terraform: extracted from goPackages 8 years ago			`}`