Skip to content

schubergphilis/terraform-tfe-mcaf-workspace

Repository files navigation

terraform-tfe-mcaf-workspace

MCAF Terraform module to create and manage a Terraform Cloud workspace.

With default options Terraform will also create and manage a GitHub repository and attach it to the Terraform Cloud workspace. If the create_repository option is set to false, the GitHub repository should already exist or the Terraform run will fail.

Requirements

Name Version
terraform >= 1.3.0
tfe >= 0.61.0

Providers

Name Version
tfe >= 0.61.0

Modules

No modules.

Resources

Name Type
tfe_notification_configuration.default resource
tfe_team_access.default resource
tfe_variable.clear_text_env_variables resource
tfe_variable.clear_text_hcl_variables resource
tfe_variable.clear_text_terraform_variables resource
tfe_variable.sensitive_env_variables resource
tfe_variable.sensitive_hcl_variables resource
tfe_variable.sensitive_terraform_variables resource
tfe_workspace.default resource
tfe_workspace_settings.default resource
tfe_workspace_variable_set.default resource
tfe_team.default data source

Inputs

Name Description Type Default Required
name A name for the Terraform workspace string n/a yes
terraform_organization The Terraform Enterprise organization to create the workspace in string n/a yes
agent_pool_id Agent pool ID, requires "execution_mode" to be set to agent string null no
allow_destroy_plan Whether destroy plans can be queued on the workspace bool true no
assessments_enabled Whether to regularly run health assessments such as drift detection on the workspace bool true no
auto_apply Whether to automatically apply changes when a Terraform plan is successful bool false no
auto_apply_run_trigger Whether to automatically apply changes for runs that were created by run triggers from another workspace bool false no
branch The git branch to trigger the TFE workspace for string "main" no
clear_text_env_variables An optional map with clear text environment variables map(string) {} no
clear_text_hcl_variables An optional map with clear text HCL Terraform variables map(string) {} no
clear_text_terraform_variables An optional map with clear text Terraform variables map(string) {} no
description A description for the workspace string null no
execution_mode Which execution mode to use string "remote" no
file_triggers_enabled Whether to filter runs based on the changed files in a VCS push bool true no
github_app_installation_id The GitHub App installation ID to use string null no
global_remote_state Allow all workspaces in the organization to read the state of this workspace bool null no
notification_configuration Notification configuration, using name as key and config as value
map(object({
destination_type = string
enabled = optional(bool, true)
url = string
triggers = optional(list(string), [
"run:created",
"run:planning",
"run:needs_attention",
"run:applying",
"run:completed",
"run:errored",
])
}))
{} no
oauth_token_id The OAuth token ID of the VCS provider string null no
project_id ID of the project where the workspace should be created string null no
queue_all_runs When set to false no initial run is queued and all runs triggered by a webhook will not be queued, necessary if you need to set variable sets after creation. bool true no
remote_state_consumer_ids A set of workspace IDs set as explicit remote state consumers for this workspace set(string) null no
repository_identifier The repository identifier to connect the workspace to string null no
sensitive_env_variables An optional map with sensitive environment variables map(string) {} no
sensitive_hcl_variables An optional map with sensitive HCL Terraform variables
map(object({
sensitive = string
}))
{} no
sensitive_terraform_variables An optional map with sensitive Terraform variables map(string) {} no
speculative_enabled Enables or disables speculative plans on PR/MR, enabled by default bool true no
ssh_key_id The SSH key ID to assign to the workspace string null no
team_access Map of team names and either type of fixed access or custom permissions to assign
map(object({
access = optional(string, null),
permissions = optional(object({
run_tasks = bool
runs = string
sentinel_mocks = string
state_versions = string
variables = string
workspace_locking = bool
}), null)
}))
{} no
terraform_version The version of Terraform to use for this workspace string "latest" no
trigger_patterns List of glob patterns that describe the files Terraform Cloud monitors for changes. Trigger patterns are always appended to the root directory of the repository. Mutually exclusive with trigger-prefixes list(string) null no
trigger_prefixes List of repository-root-relative paths which should be tracked for changes list(string)
[
"modules"
]
no
variable_set_ids Map of variable set ids to attach to the workspace map(string) {} no
working_directory A relative path that Terraform will execute within string "terraform" no
workspace_tags A list of tag names for this workspace. Note that tags must only contain lowercase letters, numbers, colons, or hyphens list(string) null no

Outputs

Name Description
workspace_id The Terraform Cloud workspace ID
workspace_name The Terraform Cloud workspace name

License

Copyright: Schuberg Philis

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.