From 8acd02097f321969c30e1c34c3fb1002b3b2e8f8 Mon Sep 17 00:00:00 2001 From: Stephen Harris Date: Wed, 21 Dec 2022 14:39:24 +0000 Subject: [PATCH] Support timeout for Terraform A number of teams are switching to using OIDC session tokens for their pipelines. Unlike the previously used IAM credentials these have a short duration (default 1 hour). If Terraform apply takes longer than the duration of the session token it will not be able to update remote state. Although this is rare (typically when starting up a new environment) it is time consuming for teams to recover. This PR adds the option to gracefully terminate Terraform after the specified period, and thus ensuring it does not try to run beyond the lifespan of the session tokens. --- terraform-v2/apply.sh | 8 +++++++- terraform-v2/orb.yml | 6 ++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/terraform-v2/apply.sh b/terraform-v2/apply.sh index 454aa033..a91aac09 100644 --- a/terraform-v2/apply.sh +++ b/terraform-v2/apply.sh @@ -28,7 +28,13 @@ function update_status() { function apply() { set +e - terraform -chdir=${module_path} apply -input=false -no-color -auto-approve -lock-timeout=300s plan.out | $TFMASK + + if [[ "<< parameters.timeout >>" -gt 0 ]]; then + timeout "<< parameters.timeout >>" terraform -chdir=${module_path} apply -input=false -no-color -auto-approve -lock-timeout=300s plan.out | $TFMASK + else + terraform -chdir=${module_path} apply -input=false -no-color -auto-approve -lock-timeout=300s plan.out | $TFMASK + fi + local TF_EXIT=${PIPESTATUS[0]} set -e diff --git a/terraform-v2/orb.yml b/terraform-v2/orb.yml index 77548024..76068995 100644 --- a/terraform-v2/orb.yml +++ b/terraform-v2/orb.yml @@ -81,6 +81,11 @@ aliases: type: "string" description: "Path to the json file to save the output variables to" default: "" + timeout: &timeout + timeout: + type: "integer" + description: "Timeout in seconds applied to terraform apply. Default is 0 (no timeout)" + default: 0 init-parameter-passthrough: &init-parameter-passthrough path: << parameters.path >> @@ -152,6 +157,7 @@ commands: <<: *target <<: *output_path <<: *reuse_plan + <<: *timeout steps: - run: name: "terraform apply << parameters.path >> << parameters.label >>"