Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature Request]: provider profil parameter #358

Open
fegger-ducksify opened this issue May 23, 2024 · 4 comments
Open

[Feature Request]: provider profil parameter #358

fegger-ducksify opened this issue May 23, 2024 · 4 comments
Labels
feature request

Comments

@fegger-ducksify
Copy link

What feature would you like to have in the provider?

The following provider-level settings are supported, either via HCL parameters or environment variables.

It would be useful to have a profile parameter, similar to what AWS provides.

Using the Exoscale Terraform provider with Atlantis is challenging when managing multiple IAM keys for different environments.
@sauterp
Copy link
Member

sauterp commented May 23, 2024

Hi,
thank you for this request.

Are you only interested in the "profile" parameter?)

I interpret your request to be, that you would like our provider to get credentials from the ~/.config/exoscale/exoscale.toml file when you specify the "account" parameter(as a pendant to "profile"). Did I understand this correctly?

Could you also share more details on the challenges you face when using our provider with Atlantis, please?

@fegger-ducksify
Copy link
Author

Hi Philipp,

Yes, you understood correctly. I need to use the profiles stored in ~/.config/exoscale/exoscale.toml. In Exoscale, we have multiple organizations, each with its own IAM keys. I need to manage resources within the same Terraform plan.

For Atlantis in SKS a way to provide secrets is to set helm values like this

  environmentSecrets:
    - name: EXOSCALE_API_KEY
      secretKeyRef:
        name: providers-secret
        key: EXOSCALE_API_KEY
    - name: EXOSCALE_API_SECRET
      secretKeyRef:
        name: providers-secret
        key: EXOSCALE_API_SECRET

  extraVolumeMounts:
    - name: edgerc
      mountPath: /home/atlantis

terraform offer the possibility to use alias for provider, we can have for example multiple aws ressources with different profile

provider "aws" {
    alias = "exo1"
    region = var.exoscale_zone_default
    profile = "exo1"
    endpoints {
      s3 = "https://sos-${var.exoscale_zone_default}.exo.io"
    }
}

provider "aws" {
    alias = "exo2"
    region = var.exoscale_zone_default
    profile = "exo2"
    endpoints {
      s3 = "https://sos-${var.exoscale_zone_default}.exo.io"
    }
}

Using environment variables restricts us to a single set of credentials

Is that make sense?

@fegger-ducksify
Copy link
Author

fegger-ducksify commented Oct 16, 2024
edited
Loading

Any update, chance to get that implemented?

as you already have ~/Library/Application\ Support/exoscale/exoscale.toml profils file

you can did the same as aws

provider "aws" {
  shared_config_files      = ["/Users/tf_user/.aws/conf"]
  shared_credentials_files = ["/Users/tf_user/.aws/creds"]
  profile                  = "customprofile"
}

rather:

variable "exoscale_api_key" { type = string }
variable "exoscale_api_secret" { type = string }
provider "exoscale" {
  key    = var.exoscale_api_key
  secret = var.exoscale_api_secret
}

@sauterp
Copy link
Member

sauterp commented Oct 16, 2024

Hey, thanks again for your interest in this. We are discussing internally on how to better standardize configurations for our tooling. It's not our highest priority task at the moment, so I can't give an ETA, but this is planned.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sauterp @fegger-ducksify