feat: [IAC-613]: IACM env/tf vars are now in individual plugin vars to support secrets (#48417)

Author: scottyw-harness

310-iacm-manager/app/src/main/java/io/harness/iacm/plan/creator/filter/IACMStageFilterJsonCreator.java

@@ -18,7 +18,6 @@
 import io.harness.beans.steps.IACMStepSpecTypeConstants;
 import io.harness.beans.yaml.extended.cache.Caching;
 import io.harness.beans.yaml.extended.infrastrucutre.Infrastructure;
-import io.harness.beans.yaml.extended.runtime.Runtime;
 import io.harness.ci.integrationstage.IntegrationStageUtils;
 import io.harness.cimanager.stages.IntegrationStageConfig;
 import io.harness.eventsframework.schemas.entity.EntityDetailProtoDTO;
@@ -72,13 +71,6 @@ public PipelineFilter getFilter(FilterCreationContext filterCreationContext, IAC
     return null;
   }
 
-  private void validateRuntime(IntegrationStageConfig integrationStageConfig) {
-    Runtime runtime = integrationStageConfig.getRuntime();
-    if (runtime != null && (runtime.getType() != Runtime.Type.CLOUD)) {
-      throw new CIStageExecutionException("Runtime only supports field with type Cloud");
-    }
-  }
-
   private void validateInfrastructure(IntegrationStageConfig integrationStageConfig) {
     Infrastructure infrastructure = integrationStageConfig.getInfrastructure();
     if (infrastructure != null) {
@@ -102,8 +94,6 @@ private void validateCache(IntegrationStageConfig integrationStageConfig) {
 
   private void validateStage(IACMStageNode stageNode) {
     IntegrationStageConfig integrationStageConfig = (IntegrationStageConfig) stageNode.getStageInfoConfig();
-
-    validateRuntime(integrationStageConfig);
     validateInfrastructure(integrationStageConfig);
     validateExecution(integrationStageConfig);
     validateCache(integrationStageConfig);

332-ci-manager/service/src/main/java/io/harness/iacm/execution/IACMStepsUtils.java

@@ -8,7 +8,6 @@
 package io.harness.iacm.execution;
 
 import static io.harness.ci.commonconstants.CIExecutionConstants.WORKSPACE_ID;
-import static io.harness.data.structure.EmptyPredicate.isEmpty;
 
 import io.harness.beans.entities.Workspace;
 import io.harness.beans.entities.WorkspaceVariables;
@@ -54,57 +53,44 @@ public void createExecution(Ambiance ambiance, String workspaceId) {
 
   private Map<String, String> getWorkspaceVariables(Ambiance ambiance, String org, String projectId, String accountId,
       String workspaceID, String command, Workspace workspaceInfo) {
-    String pluginEnvPrefix = "PLUGIN_";
-
     WorkspaceVariables[] variables = getIACMWorkspaceVariables(org, projectId, accountId, workspaceID);
     HashMap<String, String> pluginEnvs = new HashMap<>();
 
-    HashMap<String, String> env = new HashMap<>();
-    HashMap<String, String> tfInputEnvs = new HashMap<>();
+    // Plugin system env variables
+    pluginEnvs.put("PLUGIN_ROOT_DIR", workspaceInfo.getRepository_path());
+    pluginEnvs.put("PLUGIN_TF_VERSION", workspaceInfo.getProvisioner_version());
+    pluginEnvs.put("PLUGIN_ENDPOINT_VARIABLES", getTerraformEndpointsInfo(ambiance, workspaceID));
+
+    if (!Objects.equals(command, "")) {
+      pluginEnvs.put("PLUGIN_COMMAND", command);
+    }
 
     for (WorkspaceVariables variable : variables) {
       switch (variable.getKind()) {
         case "env":
           if (Objects.equals(variable.getValue_type(), "secret")) {
-            env.put(variable.getKey(), "${ngSecretManager.obtain(\"" + variable.getKey() + "\", -871314908)}");
+            pluginEnvs.put("PLUGIN_WS_ENV_VAR_" + variable.getKey(),
+                "${ngSecretManager.obtain(\"" + variable.getValue() + "\", " + ambiance.getExpressionFunctorToken()
+                    + ")}");
           } else {
-            env.put(variable.getKey(), variable.getValue());
+            pluginEnvs.put("PLUGIN_WS_ENV_VAR_" + variable.getKey(), variable.getValue());
           }
           break;
         case "tf":
           if (Objects.equals(variable.getValue_type(), "secret")) {
-            tfInputEnvs.put(variable.getKey(), "${ngSecretManager.obtain(\"" + variable.getKey() + "\", -871314908)}");
+            pluginEnvs.put("PLUGIN_WS_TF_VAR_" + variable.getKey(),
+                "${ngSecretManager.obtain(\"" + variable.getValue() + "\", " + ambiance.getExpressionFunctorToken()
+                    + ")}");
           } else {
-            tfInputEnvs.put(variable.getKey(), variable.getValue());
+            pluginEnvs.put("PLUGIN_WS_TF_VAR_" + variable.getKey(), variable.getValue());
           }
           break;
         default:
           break;
       }
     }
 
-    // Plugin system env variables
-    pluginEnvs.put("ROOT_DIR", workspaceInfo.getRepository_path());
-    pluginEnvs.put("TF_VERSION", workspaceInfo.getProvisioner_version());
-    pluginEnvs.put("ENDPOINT_VARIABLES", getTerraformEndpointsInfo(ambiance, workspaceID));
-    pluginEnvs.put("VARS", transformMapToString(tfInputEnvs));
-    pluginEnvs.put("ENV_VARS", transformMapToString(env));
-
-    if (!Objects.equals(command, "")) {
-      pluginEnvs.put("COMMAND", command);
-    }
-    return prepareEnvsMaps(pluginEnvs, pluginEnvPrefix);
-  }
-
-  private Map<String, String> prepareEnvsMaps(Map<String, String> envs, String prefix) {
-    Map<String, String> envVars = new HashMap<>();
-    if (!isEmpty(envs)) {
-      for (Map.Entry<String, String> entry : envs.entrySet()) {
-        String key = prefix + entry.getKey();
-        envVars.put(key, entry.getValue());
-      }
-    }
-    return envVars;
+    return pluginEnvs;
   }
 
   private WorkspaceVariables[] getIACMWorkspaceVariables(
@@ -128,6 +114,7 @@ public Map<String, String> getIACMEnvVariables(Ambiance ambiance, PluginStepInfo
     String command = extractOperation(stepInfo);
     return buildIACMEnvVariables(ambiance, workspaceId, command);
   }
+
   private Map<String, String> buildIACMEnvVariables(Ambiance ambiance, String workspaceId, String command) {
     NGAccess ngAccess = AmbianceUtils.getNgAccess(ambiance);
 

332-ci-manager/service/src/test/java/io/harness/ci/execution/utils/IACMStepUtilTest.java

@@ -105,7 +105,7 @@ public void testIACMGetConnectorRef() {
         .thenReturn(ConnectorDetails.builder().connectorType(ConnectorType.AWS).build());
 
     Map<String, String> envVariables = iacmStepsUtils.getIACMEnvVariables(ambiance, stepInfo);
-    assertThat(envVariables).hasSize(6);
+    assertThat(envVariables).hasSize(4);
     assertThat(envVariables.get("PLUGIN_ROOT_DIR")).isEqualTo("root");
     assertThat(envVariables.get("PLUGIN_TF_VERSION")).isEqualTo("1.2.3");
     ConnectorDetails connector = iacmStepsUtils.retrieveIACMConnectorDetails(ambiance, stepInfo);
@@ -152,7 +152,7 @@ public void testDifferentStepsInputs() {
                                     .settings(ParameterField.createValueField(setting))
                                     .build();
       Map<String, String> vmPluginStep = iacmStepsUtils.getIACMEnvVariables(ambiance, stepInfo);
-      assertThat(vmPluginStep.size()).isEqualTo(6);
+      assertThat(vmPluginStep.size()).isEqualTo(4);
       assertThat(vmPluginStep.get("PLUGIN_COMMAND")).isEqualTo(commands.get(i));
     }
   }
@@ -192,15 +192,30 @@ public void testIACMEnvVarsTransformation() {
     when(connectorUtils.getConnectorDetails(any(), any()))
         .thenReturn(ConnectorDetails.builder().connectorType(ConnectorType.AWS).build());
 
-    String[][] expectedResults = new String[][] {
-        {"{\"keytest2\":\"keyValue2\",\"keytest1\":\"keyValue1\"}",
-            "{\"keytest4\":\"keyValue4\",\"keytest3\":\"keyValue3\"}"},
-        {"{\"keytest2\":\"keyValue2\",\"keytest1\":\"${ngSecretManager.obtain(\"keytest1\", -871314908)}\"}",
-            "{\"keytest4\":\"keyValue4\",\"keytest3\":\"${ngSecretManager.obtain(\"keytest3\", -871314908)}\"}"},
-        {"{}", "{}"},
+    Map<String, String> expected1 = new HashMap<String, String>() {
+      {
+        put("PLUGIN_WS_ENV_VAR_keytest1", "keyValue1");
+        put("PLUGIN_WS_ENV_VAR_keytest2", "keyValue2");
+        put("PLUGIN_WS_TF_VAR_keytest3", "keyValue3");
+        put("PLUGIN_WS_TF_VAR_keytest4", "keyValue4");
+      }
+    };
+
+    Map<String, String> expected2 = new HashMap<String, String>() {
+      {
+        put("PLUGIN_WS_ENV_VAR_keytest1", "${ngSecretManager.obtain(\"keyValue1\", 0)}");
+        put("PLUGIN_WS_ENV_VAR_keytest2", "keyValue2");
+        put("PLUGIN_WS_TF_VAR_keytest3", "${ngSecretManager.obtain(\"keyValue3\", 0)}");
+        put("PLUGIN_WS_TF_VAR_keytest4", "keyValue4");
+      }
+    };
 
+    Map<String, String> expected3 = new HashMap<String, String>() {
+      {}
     };
 
+    Map<String, String>[] expectedResults = (Map<String, String>[]) new Map[] {expected1, expected2, expected3};
+
     WorkspaceVariables[][] testCases = {
         {WorkspaceVariables.builder()
                 .stack("123")
@@ -274,8 +289,9 @@ public void testIACMEnvVarsTransformation() {
     for (int i = 0; i < testCases.length; i++) {
       when(iacmServiceUtils.getIacmWorkspaceEnvs(any(), any(), any(), any())).thenReturn(testCases[i]);
       Map<String, String> vmPluginStep = iacmStepsUtils.getIACMEnvVariables(ambiance, stepInfo);
-      assertThat(vmPluginStep.get("PLUGIN_ENV_VARS")).isEqualTo(expectedResults[i][0]);
-      assertThat(vmPluginStep.get("PLUGIN_VARS")).isEqualTo(expectedResults[i][1]);
+      for (Map.Entry<String, String> entry : expectedResults[i].entrySet()) {
+        assertThat(entry.getValue()).isEqualTo(vmPluginStep.get(entry.getKey()));
+      }
     }
   }