From b9439c48eb80d034cfa71220dfcc87f2a504789c Mon Sep 17 00:00:00 2001 From: Marc Pomfret Date: Thu, 2 Nov 2023 17:16:06 +0000 Subject: [PATCH] Project and Workspace setup --- .../deployments/tfc-configuration/main.tf | 25 ++ .../deployments/tfc-configuration/provider.tf | 24 ++ .../deployments/tfc-configuration/remote.tf | 4 + .../tfc-configuration/tfc-projects/main.tf | 5 + .../tfc-projects/provider.tf | 23 ++ .../tfc-projects/variables.tf | 17 ++ .../tfc-configuration/variables.tf | 288 ++++++++++++++++++ 7 files changed, 386 insertions(+) create mode 100644 terraform/deployments/tfc-configuration/main.tf create mode 100644 terraform/deployments/tfc-configuration/provider.tf create mode 100644 terraform/deployments/tfc-configuration/remote.tf create mode 100644 terraform/deployments/tfc-configuration/tfc-projects/main.tf create mode 100644 terraform/deployments/tfc-configuration/tfc-projects/provider.tf create mode 100644 terraform/deployments/tfc-configuration/tfc-projects/variables.tf create mode 100644 terraform/deployments/tfc-configuration/variables.tf diff --git a/terraform/deployments/tfc-configuration/main.tf b/terraform/deployments/tfc-configuration/main.tf new file mode 100644 index 000000000..bac551f2f --- /dev/null +++ b/terraform/deployments/tfc-configuration/main.tf @@ -0,0 +1,25 @@ +resource "tfe_project" "tfe_projects" { + for_each = toset(var.project_names) + name = each.value + organization = var.organization +} + +module "culster-infrastructure-integration" { + source = "alexbasista/workspacer/tfe" + version = "0.9.0" + + organization = var.organization + workspace_name = "culster-infrastructure-integration" + workspace_desc = "The cluster-infrastructure module is responsible for the AWS resources which constitute the EKS cluster." + workspace_tags = ["integration", "eks", "aws"] + + working_directory = "/terraform/deployments/cluster-infrastructure/" + trigger_patterns = ["/terraform/deployments/cluster-infrastructure/**/*"] + + project_name = "govuk-infrastructure" + + vcs_repo = { + identifier = "alphagov/govuk-infrastructure" + oauth_token_id = data.tfe_oauth_client.github.oauth_token_id + } +} diff --git a/terraform/deployments/tfc-configuration/provider.tf b/terraform/deployments/tfc-configuration/provider.tf new file mode 100644 index 000000000..038baa13e --- /dev/null +++ b/terraform/deployments/tfc-configuration/provider.tf @@ -0,0 +1,24 @@ +terraform { + cloud { + organization = "govuk" + workspaces { + tags = ["tfc", "configuration"] + } + } + + required_version = "~> 1.5" + + required_providers { + tfe = { + source = "hashicorp/tfe" + version = "0.49.2" + } + } +} + +provider "tfe" { + hostname = var.tfc_hostname + organization = var.organization + token = var.token +} + diff --git a/terraform/deployments/tfc-configuration/remote.tf b/terraform/deployments/tfc-configuration/remote.tf new file mode 100644 index 000000000..e511c42d9 --- /dev/null +++ b/terraform/deployments/tfc-configuration/remote.tf @@ -0,0 +1,4 @@ +data "tfe_oauth_client" "github" { + organization = var.organization + service_provider = "github" +} diff --git a/terraform/deployments/tfc-configuration/tfc-projects/main.tf b/terraform/deployments/tfc-configuration/tfc-projects/main.tf new file mode 100644 index 000000000..1255256d0 --- /dev/null +++ b/terraform/deployments/tfc-configuration/tfc-projects/main.tf @@ -0,0 +1,5 @@ +resource "tfe_project" "tfe_projects" { + for_each = toset(var.project_names) + name = each.value + organization = var.tfc_organization_name +} diff --git a/terraform/deployments/tfc-configuration/tfc-projects/provider.tf b/terraform/deployments/tfc-configuration/tfc-projects/provider.tf new file mode 100644 index 000000000..c9343f56d --- /dev/null +++ b/terraform/deployments/tfc-configuration/tfc-projects/provider.tf @@ -0,0 +1,23 @@ +terraform { + cloud { + organization = "govuk" + workspaces { + tags = ["tfc", "configuration"] + } + } + + required_version = "~> 1.5" + + required_providers { + tfe = { + source = "hashicorp/tfe" + version = "0.49.2" + } + } +} + +provider "tfe" { + hostname = var.tfc_hostname + organization = var.tfc_organization_name +} + diff --git a/terraform/deployments/tfc-configuration/tfc-projects/variables.tf b/terraform/deployments/tfc-configuration/tfc-projects/variables.tf new file mode 100644 index 000000000..deae038e1 --- /dev/null +++ b/terraform/deployments/tfc-configuration/tfc-projects/variables.tf @@ -0,0 +1,17 @@ +variable "tfc_hostname" { + type = string + default = "app.terraform.io" + description = "The hostname of the TFC or TFE to use with AWS" +} + +variable "tfc_organization_name" { + type = string + default = "govuk" + description = "The name of the Terraform Cloud organization" +} + +variable "project_names" { + description = "List of project names" + type = list(string) + default = ["govuk-infrastructure", "govuk-test-project"] +} diff --git a/terraform/deployments/tfc-configuration/variables.tf b/terraform/deployments/tfc-configuration/variables.tf new file mode 100644 index 000000000..af6254494 --- /dev/null +++ b/terraform/deployments/tfc-configuration/variables.tf @@ -0,0 +1,288 @@ +#------------------------------------------------------------------------------ +# Organisation +#------------------------------------------------------------------------------ +variable "tfc_hostname" { + type = string + default = "app.terraform.io" + description = "The hostname of the TFC or TFE to use with AWS" +} + +variable "organization" { + type = string + description = "Name of Organization to create Workspace in." + default = "govuk" +} + +variable "token" { + type = string + description = "Account token" +} + +#------------------------------------------------------------------------------ +# Projects +#------------------------------------------------------------------------------ +variable "project_names" { + description = "List of project names" + type = list(string) + default = ["govuk-infrastructure"] +} + +#------------------------------------------------------------------------------ +# Workspace +#------------------------------------------------------------------------------ + +# variable "workspace_name" { +# type = string +# description = "Name of Workspace." +# } + +# variable "workspace_desc" { +# type = string +# description = "Description of Workspace." +# default = "Created by Terraform Workspacer module." +# } + +# variable "agent_pool_id" { +# type = string +# description = "ID of existing Agent Pool to assign to Workspace. Only use if `execution_mode` is set to `agent`." +# default = null +# } + +# variable "allow_destroy_plan" { +# type = bool +# description = "Boolean setting to allow destroy plans on Workspace." +# default = true +# } + +# variable "auto_apply" { +# type = bool +# description = "Boolean to automatically run Terraform Apply when a Terraform Plan with changes is successful." +# default = false +# } + +# variable "execution_mode" { +# type = string +# description = "Execution mode of Workspace. Valid values are `remote`, `local`, or `agent`." +# default = "remote" + +# validation { +# condition = contains(["remote", "local", "agent"], var.execution_mode) +# error_message = "Valid values are `remote`, `local`, or `agent`." +# } +# } + +# variable "assessments_enabled" { +# type = bool +# description = "Boolean to enable Health Assessments such as Drift Detection on Workspace." +# default = false +# } + +# variable "file_triggers_enabled" { +# type = bool +# description = "Boolean to filter Runs triggered via webhook (VCS push) based on `working_directory` and `trigger_prefixes`." +# default = true +# } + +# variable "global_remote_state" { +# type = bool +# description = "Boolean to allow all Workspaces within the Organization to remotely access the State of this Workspace." +# default = false +# } + +# variable "remote_state_consumer_ids" { +# type = list(string) +# description = "List of existing Workspace IDs allowed to remotely access the State of Workspace." +# default = null +# } + +# variable "queue_all_runs" { +# type = bool +# description = "Boolean setting for Workspace to automatically queue all Runs after creation." +# default = true +# } + +# variable "speculative_enabled" { +# type = bool +# description = "Boolean to allow Speculative Plans on Workspace." +# default = true +# } + +# variable "structured_run_output_enabled" { +# type = bool +# description = "Boolean to enable the advanced Run UI. Set to `false` for the traditional console-based Run output." +# default = true +# } + +# variable "ssh_key_id" { +# type = string +# description = "SSH private key the Workspace will use for downloading Terraform modules from Git-based module sources. Key must exist in Organization first." +# default = null +# } + +# variable "workspace_tags" { +# type = list(string) +# description = "List of tag names to apply to Workspace. Tags must only contain letters, numbers, or colons." +# default = [] +# } + +# variable "terraform_version" { +# type = string +# description = "Version of Terraform to use for this Workspace." +# default = null +# } + +# variable "trigger_prefixes" { +# type = list(string) +# description = "List of paths relative to the root of the VCS repo to filter on when `file_triggers_enabled` is `true`." +# default = null +# } + +# variable "trigger_patterns" { +# type = list(string) +# description = "List of glob patterns that describe the files monitored for changes to trigger Runs in Workspace. Mutually exclusive with `trigger_prefixes`. Only available with TFC." +# default = null +# } + +# variable "working_directory" { +# type = string +# description = "The relative path that Terraform will execute within. Defaults to the root of the repo." +# default = null +# } + +# variable "vcs_repo" { +# type = map(string) +# description = "Map of settings to connect Workspace to VCS repository." +# default = {} +# } + +# variable "tags_regex" { +# type = string +# description = "A regular expression used to trigger a Run in Workspace for matching Git tags. This option conflicts with `trigger_patterns` and `trigger_prefixes`. Should only set this value if the former is not being used." +# default = null +# } + +# variable "force_delete" { +# type = bool +# description = "Boolean to allow deletion of the Workspace if there is a Terraform state that contains resources." +# default = null +# } + +# variable "project_name" { +# type = string +# description = "Name of existing Project to place Workspace in." +# default = null +# } + +# #------------------------------------------------------------------------------ +# # Workspace Variables +# #------------------------------------------------------------------------------ +# variable "tfvars" { +# type = any +# description = "Map of Terraform variables to add to Workspace." +# default = {} +# } + +# variable "tfvars_sensitive" { +# type = any +# description = "Map of sensitive Terraform variables to add to Workspace." +# default = {} +# } + +# variable "tfvars_ignore_changes" { +# type = any +# description = "Map of Terraform variables to add to Workspace whereby changes made outside of Terraform will be ignored." +# default = {} +# } + +# variable "envvars" { +# type = map(string) +# description = "Map of Environment variables to add to Workspace." +# default = {} +# } + +# variable "envvars_sensitive" { +# type = map(string) +# description = "Map of sensitive Environment variables to add to Workspace." +# default = {} +# } + +# variable "envvars_ignore_changes" { +# type = map(string) +# description = "Map of sensitive Environment variables to add to Workspace whereby changes made outside of Terraform will be ignored." +# default = {} +# } + +# #------------------------------------------------------------------------------ +# # Team Access +# #------------------------------------------------------------------------------ +# variable "team_access" { +# type = map(string) +# description = "Map of existing Team(s) and built-in permissions to grant on Workspace." +# default = {} +# } + +# variable "custom_team_access" { +# type = map( +# object( +# { +# runs = string +# variables = string +# state_versions = string +# sentinel_mocks = string +# workspace_locking = bool +# run_tasks = bool +# } +# ) +# ) +# description = "Map of existing Team(s) and custom permissions to grant on Workspace. If used, all keys in the object must be specified." +# default = {} +# } + +# #------------------------------------------------------------------------------ +# # Notifications +# #------------------------------------------------------------------------------ +# variable "notifications" { +# type = list( +# object( +# { +# name = string +# destination_type = string +# url = optional(string) +# token = optional(string) +# email_addresses = optional(list(string)) +# email_user_ids = optional(list(string)) +# triggers = list(string) +# enabled = bool +# } +# ) +# ) +# description = "List of Notification objects to configure on Workspace." +# default = [] +# } + +# #------------------------------------------------------------------------------ +# # Run Triggers +# #------------------------------------------------------------------------------ +# variable "run_trigger_source_workspaces" { +# type = list(string) +# description = "List of existing Workspace names that will trigger runs on Workspace." +# default = [] +# } + +# #------------------------------------------------------------------------------ +# # Workspace Variable Sets +# #------------------------------------------------------------------------------ +# variable "variable_set_names" { +# type = list(string) +# description = "List of names of existing Variable Sets to add this Workspace into." +# default = [] +# } + +# #------------------------------------------------------------------------------ +# # Workspace Policy Sets +# #------------------------------------------------------------------------------ +# variable "policy_set_names" { +# type = list(string) +# description = "List of names of existing Policy Sets to add this Workspace into." +# default = [] +# }