Terraform provider cache support (#181)

* mount the tf cache directory if you have set it

* mount in the same path than the host

* test

Author: Franr

leverage/container.py

@@ -1,8 +1,7 @@
 import json
+import os
 from pathlib import Path
 from datetime import datetime
-from datetime import timedelta
-import os
 
 import hcl2
 from click.exceptions import Exit
@@ -421,15 +420,24 @@ def __init__(self, client):
             "AWS_CACHE_DIR": f"{self.guest_aws_credentials_dir}/cache",
             "SSO_CACHE_DIR": f"{self.guest_aws_credentials_dir}/sso/cache",
             "SCRIPT_LOG_LEVEL": get_script_log_level(),
-            "MFA_SCRIPT_LOG_LEVEL": get_script_log_level(), # Legacy
-            "SSH_AUTH_SOCK": '' if SSH_AUTH_SOCK is None else '/ssh-agent'
+            "MFA_SCRIPT_LOG_LEVEL": get_script_log_level(),  # Legacy
+            "SSH_AUTH_SOCK": '' if SSH_AUTH_SOCK is None else '/ssh-agent',
         }
         self.entrypoint = self.TF_BINARY
         self.mounts = [
             Mount(source=self.root_dir.as_posix(), target=self.guest_base_path, type="bind"),
             Mount(source=self.host_aws_credentials_dir.as_posix(), target=self.guest_aws_credentials_dir, type="bind"),
-            Mount(source=(self.home / ".gitconfig").as_posix(), target="/etc/gitconfig", type="bind")
+            Mount(source=(self.home / ".gitconfig").as_posix(), target="/etc/gitconfig", type="bind"),
         ]
+        # if you have set the tf plugin cache locally
+        if tf_cache_dir := os.getenv("TF_PLUGIN_CACHE_DIR"):
+            # then mount it too into the container
+            self.environment["TF_PLUGIN_CACHE_DIR"] = tf_cache_dir
+            # given that terraform use symlinks to point from the .terraform folder into the plugin folder
+            # we need to use the same directory inside the container
+            # otherwise symlinks will be broken once outside the container
+            # which will break terraform usage outside Leverage
+            self.mounts.append(Mount(source=tf_cache_dir, target=tf_cache_dir, type="bind"))
         if SSH_AUTH_SOCK is not None:
             self.mounts.append(Mount(source=SSH_AUTH_SOCK, target="/ssh-agent", type="bind"))
 
@@ -533,7 +541,6 @@ def _prepare_container(self):
                 "AWS_CONFIG_FILE": self.environment.get("AWS_CONFIG_FILE").replace("tmp", ".aws"),
             })
 
-
         logger.debug(f"[bold cyan]Running with entrypoint:[/bold cyan] {self.entrypoint}")
 
     def check_for_layer_location(self):

tests/test_containers/test_terraform.py

@@ -0,0 +1,33 @@
+from unittest.mock import MagicMock, Mock, patch
+
+from leverage.container import TerraformContainer
+
+FAKE_ENV = {"TERRAFORM_IMAGE_TAG": "test", "PROJECT": "test"}
+FAKE_HOST_CONFIG = {
+    "NetworkMode": "default",
+    "SecurityOpt": ["label:disable"],
+    "Mounts": [],
+}
+
+
+@patch("os.getenv", Mock(return_value="/home/testing/.terraform/cache"))
+def test_tf_plugin_cache_dir(muted_click_context):
+    """
+    Given `TF_PLUGIN_CACHE_DIR` is set as an env var on the host
+    we expect it to be on the container too, and also as a mounted folder.
+    """
+    mocked_client = MagicMock()
+    mocked_client.api.create_host_config.return_value = FAKE_HOST_CONFIG
+    with patch("leverage.container.load_env", return_value=FAKE_ENV):
+        container = TerraformContainer(mocked_client)
+        container._run = Mock()
+
+    # call any command to trigger a container creation
+    container.start_shell()
+    container_args = container.client.api.create_container.call_args[1]
+
+    # make sure the env var is on place
+    assert container_args["environment"]["TF_PLUGIN_CACHE_DIR"] == "/home/testing/.terraform/cache"
+
+    # and the cache folder mounted
+    assert next(m for m in container_args["host_config"]["Mounts"] if m["Target"] == "/home/testing/.terraform/cache")