save terraform outputs to secret

cmd/terraform-operator/statePodRunning.go

@@ -7,6 +7,7 @@ import (
 
 	tftype "github.com/danisla/terraform-operator/pkg/types"
 	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 func statePodRunning(parentType ParentType, parent *tftype.Terraform, status *tftype.TerraformOperatorStatus, children *TerraformOperatorRequestChildren, desiredChildren *[]interface{}) (tftype.TerraformOperatorState, error) {
@@ -92,6 +93,16 @@ func statePodRunning(parentType ParentType, parent *tftype.Terraform, status *tf
 
 						myLog(parent, "INFO", fmt.Sprintf("Extracted %d output variables.", len(outputVars)))
 
+						// Create Secret with output var map
+						secretName := fmt.Sprintf("%s-tfapply-outputs", parent.GetName())
+						secret := makeOutputVarsSecret(secretName, parent.GetNamespace(), outputVars)
+
+						myLog(parent, "INFO", fmt.Sprintf("Created output var secret: %s", secret.GetName()))
+
+						status.TFOutputSecret = secret.GetName()
+
+						*desiredChildren = append(*desiredChildren, secret)
+
 					} else {
 						myLog(parent, "ERROR", fmt.Sprintf("terraform-plan annotation not found on successful pod completion: %s", pod.Name))
 					}
@@ -174,6 +185,30 @@ func makeOutputVars(data string) (map[string]tftype.TerraformOutputVar, error) {
 	return outputVars, err
 }
 
+func makeOutputVarsSecret(name string, namespace string, vars map[string]tftype.TerraformOutputVar) corev1.Secret {
+	var secret corev1.Secret
+
+	data := make(map[string]string, 0)
+
+	for k, v := range vars {
+		data[k] = v.Value
+	}
+
+	secret = corev1.Secret{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: "v1",
+			Kind:       "Secret",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      name,
+			Namespace: namespace,
+		},
+		StringData: data,
+	}
+
+	return secret
+}
+
 func setFinalPodStatus(parent *tftype.Terraform, status *tftype.TerraformOperatorStatus, cStatus corev1.ContainerStatus, pod corev1.Pod) {
 	status.FinishedAt = cStatus.State.Terminated.FinishedAt.Format(time.RFC3339)
 

cmd/terraform-operator/status.go

@@ -78,6 +78,10 @@ func makeStatus(parent *tftype.Terraform, children *TerraformOperatorRequestChil
 		status.TFOutput = parent.Status.TFOutput
 	}
 
+	if parent.Status.TFOutputSecret != "" && changed == false {
+		status.TFOutputSecret = parent.Status.TFOutputSecret
+	}
+
 	if parent.Status.TFPlanDiff != nil && changed == false {
 		status.TFPlanDiff = parent.Status.TFPlanDiff
 	}

cmd/terraform-operator/sync.go

@@ -39,6 +39,11 @@ func sync(parentType ParentType, parent *tftype.Terraform, children *TerraformOp
 		desiredChildren = append(desiredChildren, o)
 	}
 
+	// Claim the Secrets.
+	for _, o := range children.Secrets {
+		desiredChildren = append(desiredChildren, o)
+	}
+
 	// Advance the state
 	if status.StateCurrent != nextState {
 		myLog(parent, "INFO", fmt.Sprintf("State %s -> %s", status.StateCurrent, nextState))

cmd/terraform-operator/types.go

@@ -71,6 +71,7 @@ type SyncResponse struct {
 type TerraformOperatorRequestChildren struct {
 	Pods       map[string]corev1.Pod       `json:"Pod.v1"`
 	ConfigMaps map[string]corev1.ConfigMap `json:"ConfigMap.v1"`
+	Secrets    map[string]corev1.Secret    `json:"Secret.v1"`
 }
 
 // TerraformInputVars is a map of output var names from TerraformApply Objects.

pkg/types/types.go

@@ -84,6 +84,7 @@ type TerraformOperatorStatus struct {
 	TFPlan         string                         `json:"planFile"`
 	TFPlanDiff     *TerraformPlanFileSummary      `json"planDiff"`
 	TFOutput       map[string]TerraformOutputVar  `json:"outputs"`
+	TFOutputSecret string                         `json:"outputsSecret"`
 	RetryCount     int                            `json:"retryCount"`
 	RetryNextAt    string                         `json:"retryNextAt"`
 	Workspace      string                         `json:"workspace"`