#๐ Module arguments always nil or empty...
queen harness
So sorry you're hitting issues right out of the gate.
I suspect it's because your module type is named Platform which is reserved.
I was able to repro the issue, but had no problems when I rename to MyPlatform for example.
package main
import (
"context"
"dagger/my-platform/internal/dagger"
"fmt"
)
type MyPlatform struct {
terraformVersion string
//awsAccessKeyID *dagger.Secret
//awsSecretAccessKey *dagger.Secret
//awsSessionToken *dagger.Secret
}
func New(
// the version of the Terraform image to use
// +default="1.5.7"
terraformVersion string,
// the AWS access key ID
//awsAccessKeyID *dagger.Secret,
// the AWS secret access key
//awsSecretAccessKey *dagger.Secret,
// the AWS session token
//awsSessionToken *dagger.Secret,
) *MyPlatform {
return &MyPlatform{
terraformVersion: terraformVersion,
//awsAccessKeyID: awsAccessKeyID,
//awsSecretAccessKey: awsSecretAccessKey,
//awsSessionToken: awsSessionToken,
}
}
// AwsContainer returns a container with the AWS CLI installed.
func (m *MyPlatform) AwsContainer(
ctx context.Context,
// +default="latest"
awsCliVersion string,
env *dagger.Directory,
) (*dagger.Container, error) {
//slog.Info("AWS CLI version", slog.String("version", awsCliVersion))
return dag.Container().
From(fmt.Sprintf("amazon/aws-cli:%s", awsCliVersion)).
WithEnvVariable("AWS_DEFAULT_REGION", "us-east-1").
WithEnvVariable("TERRAFORM_VERSION", m.terraformVersion).
// WithSecretVariable("AWS_ACCESS_KEY_ID", m.awsAccessKeyID).
// WithSecretVariable("AWS_SECRET_ACCESS_KEY", m.awsSecretAccessKey).
// WithSecretVariable("AWS_SESSION_TOKEN", m.awsSessionToken).
WithMountedDirectory("/env", env).
WithWorkdir("/env"), nil
}
cc @last shuttle
frosty steeple
even with that you will see the terraform version isn't set
or when you uncomment the secrets they are all nil, even though my env exported them
queen harness
Oh, maybe I'm wrong about the Platform clash or did you experience that?
Will test more carefully again.
frosty steeple
No mine isn't named like that either, thought to simplify my problem here, mine is also named with a prefix
queen harness
Haha. Yeah, will be good to reflect that in the GH issue so folks trying to repro won't hit an unrelated problem, but let me check again.
frosty steeple
yeah updated gh issue
queen harness
Looks like it's to do with Public vs private class fields
diff --git a/main.go b/main.go
index a0f51d5..867ab60 100644
--- a/main.go
+++ b/main.go
@@ -7,7 +7,7 @@ import (
)
type MyPlatform struct {
- terraformVersion string
+ TerraformVersion string
//awsAccessKeyID *dagger.Secret
//awsSecretAccessKey *dagger.Secret
//awsSessionToken *dagger.Secret
@@ -25,7 +25,7 @@ func New(
//awsSessionToken *dagger.Secret,
) *MyPlatform {
return &MyPlatform{
- terraformVersion: terraformVersion,
+ TerraformVersion: terraformVersion,
//awsAccessKeyID: awsAccessKeyID,
//awsSecretAccessKey: awsSecretAccessKey,
//awsSessionToken: awsSessionToken,
@@ -44,7 +44,7 @@ func (m *MyPlatform) AwsContainer(
return dag.Container().
From(fmt.Sprintf("amazon/aws-cli:%s", awsCliVersion)).
WithEnvVariable("AWS_DEFAULT_REGION", "us-east-1").
- WithEnvVariable("TERRAFORM_VERSION", m.terraformVersion).
+ WithEnvVariable("TERRAFORM_VERSION", m.TerraformVersion).
// WithSecretVariable("AWS_ACCESS_KEY_ID", m.awsAccessKeyID).
// WithSecretVariable("AWS_SECRET_ACCESS_KEY", m.awsSecretAccessKey).
// WithSecretVariable("AWS_SESSION_TOKEN", m.awsSessionToken).
dagger call aws-container --env . terminal
env
TERM=xterm
TERRAFORM_VERSION=1.5.7
We need to make this more clear
Does that solve it for you @frosty steeple ?
Making your fields Public (Uppercase)
cc @sly wolf
Saw you were in the issue. I'll update there.
sly wolf
good catch @queen harness - missed that when looking at the code
frosty steeple
@queen harness yes that was it
may I ask a followup question?
I have some private terraform modules. referencing the modules using ssh in my main terraform setup.
Now I get following error when terraform init runs in the container.
/usr/bin/git exited with 128: Cloning into '.terraform/modules/tempo'...
โ Host key verification failed.
โ fatal: Could not read from remote repository.
โ
โ Please make sure you have the correct access rights
โ and the repository exists.
https://docs.dagger.io/api/remote-repositories/#ssh-authentication on my shell the SSH_AUTH_SOCK is exported and I have the ssh-agent running
any clue what I could be missing here?
my agent has a single ssh key loaded
$ ssh-add -L
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHWbbkJlHRWwMUS6mpOiyQKF7XXFNzOX0ZEYvpoOtdY3 marco.franssen@macbook-pro-m3
Running same from the hasicorp/terraform container in dagger I get following
$ ssh-add -L
Could not open a connection to your authentication agent.
I'm running colima to have the docker engine available
sly wolf
Do you have multiple SSH Keys by chance? https://docs.dagger.io/api/remote-repositories/#multiple-ssh-keys-may-cause-ssh-forwarding-to-fail
frosty steeple
Nope, see above output. Only single one loaded in the ssh agent
func (m *HspAwsPlatform) TerraformContainer(
ctx context.Context,
// +default="1.5.7"
terraformVersion string,
) *TerraformContainer {
tfCache := dag.CacheVolume(".terraform")
ctr := dag.Container().
From(fmt.Sprintf("hashicorp/terraform:%s", terraformVersion)).
WithMountedCache("/.terraform", tfCache).
WithExec([]string{"apk", "add", "--no-cache", "git", "bash", "ca-certificates", "openssh"})
// WithExec([]string{"mkdir", "-p", "/root/.ssh"}).
// WithExec([]string{"ssh-keygen", "-R", "github.com"})
return &TerraformContainer{ctr}
}
For what it is worth
fringe gust
may I ask a followup question?
I have some private terraform modules. referenci...
hey Marco! this page is for remote repositories for code within the pipeline you need to pass the SSH_AUTH_SOCK socket to your function and mount it within your terraform pipeline. Here's an example:
https://docs.dagger.io/cookbook/?sdk=Go+(SSH)#clone-a-remote-git-repository-into-a-container
Check the Go (ssh) tab. The main difference is that instead of using dag.Git you need to pass the socket to your container with WithUnixSocket("/run/agent.sock", socket) and then WithEnvVariable("SSH_AUTH_SOCK", "/run/agent.sock").
the main reason this need to be explicit is to preserve the sandboxing model to avoid potential rogue modules from accessing your credentials
frosty steeple
I now worked arround it doing following
func (m *HspAwsPlatform) TerraformContainer(
ctx context.Context,
// +default="1.5.7"
terraformVersion string,
githubToken *dagger.Secret,
) (*TerraformContainer, error) {
tfCache := dag.CacheVolume(".terraform")
token, err := githubToken.Plaintext(ctx)
if err != nil {
return nil, fmt.Errorf("failed to get github token: %w", err)
}
githubOauthURL := fmt.Sprintf("https://%s:x-oauth-basic@github.com", token)
ctr := dag.Container().
From(fmt.Sprintf("hashicorp/terraform:%s", terraformVersion)).
WithMountedCache("/.terraform", tfCache).
WithSecretVariable("GHITHUB_TOKEN", githubToken).
WithExec([]string{"apk", "add", "--no-cache", "git", "bash", "ca-certificates", "openssh"}).
WithExec([]string{"git", "config", "--global", fmt.Sprintf("url.%s.insteadOf", githubOauthURL), "ssh://git@github.com"})
return &TerraformContainer{ctr}, nil
}
As it is terraform pulling various repos, how would I use that socket in that case on the terraform container?
trying with following to get the socket usable on the conainer
WithEnvVariable("SSH_AUTH_SOCK", "/.ssh/agent.sock").
WithExec([]string{"mkdir", "-p", "/root/.ssh"}).
WithExec([]string{"bash", "-c", "ssh-keyscan -t rsa github.com >> /root/.ssh/known_hosts"}).
WithExec([]string{"chmod", "600", "/root/.ssh/known_hosts"})
Got it working ๐ฏโโ๏ธ
queen harness
woot! 