help! remove later
It's assumed you have access to a Terraform service platform such as Terraform Enterprise (TFE) or Terraform Cloud(TFC).
Vending Machine Pattern (VMP) for creating an organisation, workspaces, and teams on a Terraform service platform (TFC/TFE)
This Terraform root module is based on the concepts of Crawl -> Walk -> Run, so it also includes steps to bootstrap this repo into the initial workspace in your organization.
Access to the TFC || TFE platform with an organization https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/organizations and a user token https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/users#api-tokens
The terraform client installed locally https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli
A git fork or clone of this repository in a publicly source-able project.
Before you can connect a Version Control Service (VCS) based workflow you need a VCS connection in TFC/TFE. https://developer.hashicorp.com/terraform/enterprise/vcs
You may or may not need SSH keys (optional)https://developer.hashicorp.com/terraform/enterprise/vcs/github#step-4-on-terraform-cloud-set-up-ssh-keypair-optional
Once you have a VCS connection configured traverse to the ./modules/bootstrap folder and read the README.md there.
One you have completed the bootstrapping this project provides resources to then build workspaces, policy_sets and further team access.
This project is to facilitate a demonstration of terraform service capabilities allowing for rapid deployment and removal of the resources.
The examples follow the learnings from https://developer.hashicorp.com/terraform/cloud-docs/recommended-practices
Due to the nature of this project the Examples folder contains declarative examples, and some examples for additional usage or illustration.
The example includes dynamic resources for deploying policy_set resources.
The variable configure_policy_set will deploy the initial generic policy set <./policy_sets/generic/sentinel.hcl>
Additionally configuring sentinel_vcs_repo_identifier=<git organization>/<git project> or sentinel_vcs_repo_identifier = $(git config --get remote.origin.url | cut -d : -f2 | cut -d'.' -f1) will then deploy the <./policy_sets/storage_validation/sentinel.hcl> from this repository has source.
These variable should be set in the Terraform service UI (TFC/TFE) https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables/managing-variables
NOTE: The policies referenced are only available over a pubic HTTPS endpoint
The resources listed below are created as part of a standard Version Control Service (VCS) driven workflow during the bootstrapping process.
To destroy the resources you will require sufficient access to the created workspace vmp_workspace. Follow the documentation https://developer.hashicorp.com/terraform/tutorials/cloud-get-started/cloud-destroy?in=terraform%2Fcloud-get-started
Once the resources are destroyed you can run a Terraform client based destroy using the bootstrap folder, or simply remove the workspace.
| Name | Version |
|---|---|
| environment | 1.3.3 |
| http | 3.2.1 |
| tfe | 0.38.0 |
| Name | Version |
|---|---|
| environment | 1.3.3 |
| http | 3.2.1 |
| tfe | 0.38.0 |
| tfe.organization | 0.38.0 |
No modules.
| Name | Type |
|---|---|
| tfe_agent_pool.test-agent-pool | resource |
| tfe_agent_token.test-agent-token | resource |
| tfe_policy_set.generic | resource |
| tfe_policy_set.vmp_vcs_storage_validation | resource |
| tfe_team.component-env | resource |
| tfe_team_access.component-env | resource |
| tfe_workspace.component-env | resource |
| environment_variables.all | data source |
| environment_variables.atlas_slug | data source |
| http_http.tfc_audit_trail | data source |
| tfe_oauth_client.this | data source |
| tfe_slug.generic | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| TFx_org_token | (Optional String) Token for the Terraform server organization level token | string |
n/a | yes |
| agent_pool_set | (Optional Bool) Flag to control of agent pool | bool |
false |
no |
| audit_timestamp | (Optional String) enter the date in timestampe format 'yyyy-mm-ddT00:00:00Z' | string |
"" |
no |
| configure_policy_set | (Optional Bool) Flag to control deployment of policy sets. | bool |
false |
no |
| oauth_name | (Required String) Name of OAuth VCS connection you created | string |
n/a | yes |
| sentinel_branch | (Optional String) VCS repo branch defaults to main | string |
"main" |
no |
| sentinel_vcs_repo_identifier | (Optional String) username/projectname of the VCS project or repository to source policy sets | string |
"" |
no |
| terraform_server | (Optional String) defaults to app.terraform.io, but otherwise the FQDN of your TFE server | string |
"app.terraform.io" |
no |
| Name | Description |
|---|---|
| atlas_workspace_slug | n/a |
| environment_variables_all | n/a |
| test-agent-token | n/a |
| tfc_audit_trail | n/a |