Code which manages configuration and life-cycle of all the Terraform Cloud module in the private registry. It is designed to be used from a dedicated VCS-Driven Terraform Cloud workspace that would provision and manage the configuration using Terraform code (IaC).
To manage the module in the private registry from that code, provide a token
from an account with manage modules access. Alternatively, you can use a
token from a team with that access instead of a user token.
To manage the GitHub resources, provide a token from an account or a GitHub App with appropriate permissions. It should have:
- Read access to
metadata - Read and write access to
administration,membersandcode
To read secrets from Hashicorp Vault Secrets, provide a client ID and a key
from a service principals with the secret reader role.
The Terraform Cloud provider requires a Terraform Cloud/Enterprise API token in order to manage resources.
- Set the
TFE_TOKENenvironment variable: The provider can read the TFE_TOKEN environment variable and the token stored there to authenticate. Refer to Managing Variables documentation for more details.
The GitHub provider requires a GitHub App installation in order to manage resources.
- Set the
GITHUB_APP_ID,GITHUB_APP_INSTALLATION_ID,GITHUB_APP_PEM_FILE, andGITHUB_OWNERenvironment variables. The provider can read the GITHUB_APP_ID, GITHUB_APP_INSTALLATION_ID, GITHUB_APP_PEM_FILE, and GITHUB_OWNER environment variables to authenticate.
Because strings with new lines is not support:
use "\\n" within thepem_fileargument to replace new line
use "\n" within theGITHUB_APP_PEM_FILEenvironment variables to replace new line
The Hashicorp Vault Secrets provider requires a service principal client ID and a key in order to manage resources.
-
Set the
HCP_CLIENT_IDenvironment variable: The provider can read the HCP_CLIENT_ID environment variable and the client ID stored there to authenticate. Refer to Managing Variables documentation for more details. -
Set the
HCP_CLIENT_SECRETenvironment variable: The provider can read the HCP_CLIENT_SECRET environment variable and the client ID stored there to authenticate. Refer to Managing Variables documentation for more details.
- Manages configuration and life-cycle of GitHub resources:
- Repository
- Branch protection
- Teams
- Secret
- Manages configuration and life-cycle of Terraform Cloud resources:
- Private module registry
- Private module registry test environment variable
The following requirements are needed by this module:
No modules.
The following input variables are required:
Description: (Required) A list of module names to published.
Type: list(string)
Description: (Required) The name of the OAuth client.
Type: string
Description: (Required) The name of the Terraform Cloud organization.
Type: string
Description: (Required) The tfc_api_token is a block with the following:
secret_app : (Optional) The name of the Hashicorp Vault Secrets application where the secret can be found in and can only be used if value is not used.
secret_name : (Optional) The Hashicorp Vault Secrets secret name where the TFC_API_TOKEN with permission to managed modules can be found in and can only be used if value is not used.
value : (Optional) The TFC_API_TOKEN with permission to managed modules and can only be used if secret_app and secret_name are not used.
Type:
object({
secret_app = optional(string, null)
secret_name = optional(string, null)
value = optional(string, null)
})The following input variables are optional (have default values):
Description: (Optional) The github_enviromnent_variables is a list of object block with the following:
name : (Required) The environment variable name required to authenticate with GitHub API.
secret_app : (Optional) The name of the Hashicorp Vault Secrets application where the secret can be found in and can only be used if value is not used.
secret_name : (Optional) The Hashicorp Vault Secrets secret name where the environment variable can be found in and can only be used if value is not used.
value : (Optional) The environment variable value required to authenticate with GitHub API and can only be used if secret_app and secret_name are not used.
Type:
list(object({
name = string
secret_app = optional(string, null)
secret_name = optional(string, null)
value = optional(string, null)
}))Default: null
Description: (Optional) The teams is a list of object block with the following:
name : (Required) The name of the team which will have access to every Terraform module.
create : (Optional) Whether to create the team.
description : (Optional) A description of the team.
permission : (Optional) The permissions of team members regarding the repository. Valid values are pull, triage, push, maintain, admin.
Type:
list(object({
name = string
create = optional(bool, false)
description = optional(string, null)
permission = optional(string, "pull")
}))Default: null
The following resources are used by this module:
- github_actions_secret.tfc_api_token (resource)
- github_branch_protection.this (resource)
- github_repository.this (resource)
- github_team.this (resource)
- github_team_repository.this (resource)
- terraform_data.github_module_variables (resource)
- tfe_registry_module.this (resource)
- github_team.this (data source)
- hcp_vault_secrets_secret.github_module_variables (data source)
- hcp_vault_secrets_secret.tfc_api_token (data source)
- tfe_oauth_client.client (data source)
The following outputs are exported:
Description: A string of the form "orgname/reponame".
Description: URL that can be provided to git clone to clone the repository anonymously via the git protocol.
Description: URL to the repository on the web.
Description: URL that can be provided to git clone to clone the repository via HTTPS.
Description: GraphQL global node id for use with v4 API.
Description: The primary language used in the repository.
Description: GitHub ID for the repository.
Description: Repositories within your GitHub organization.
Description: URL that can be provided to git clone to clone the repository via SSH.
Description: URL that can be provided to svn checkout to check out the repository via GitHub's Subversion protocol emulation.
This GitHub repository is manage through Terraform Code from TerraformCloud-Foundation repository.