-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathterraform_plan.yaml
executable file
·152 lines (139 loc) · 4.5 KB
/
terraform_plan.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
tosca_definitions_version: cloudify_dsl_1_3
description: >
This blueprint creates infrastructure using Terraform.
imports:
- http://cloudify.co/spec/cloudify/6.3.0/types.yaml
- plugin:cloudify-terraform-plugin
labels:
csys-obj-type:
values:
- service
inputs:
module_name:
type: string
module_source:
type: string
module_source_path:
type: string
default: ""
environment_variables:
default: {}
variables:
type: dict
default: {}
use_existing_terraform:
type: boolean
default: false
terraform_config:
type: dict
default:
executable_path: { get_environment_capability: tf_executable_path }
infracost_config:
type: dict
default:
enable: false
description: |
When enable true you mast add api_key (https://www.infracost.io/docs/) and installation source:
Example:
enable: true
api_key: { get_secret: infracost_api_key }
installation_source: 'https://github.com/infracost/infracost/releases/download/v0.10.8/infracost-linux-amd64.tar.gz'
tflint_config:
type: dict
default:
enable: false
description: |
When enable true you must add installation source:
Example:
enable: true
installation_source: 'https://github.com/terraform-linters/tflint/releases/download/v0.34.1/tflint_linux_amd64.zip'
tfsec_config:
type: dict
default:
enable: false
description: |
When enable true you have to add installation source.
Example:
enable: true
flags_override: [soft_fail]
installation_source: 'https://github.com/aquasecurity/tfsec/releases/download/v1.1.3/tfsec-linux-amd64'
terratag_config:
type: dict
default:
enable: false
description: |
When enable true you must add installation source and tags
enable: true
tags:
project: { get_input: project_name }
installation_source: 'https://github.com/env0/terratag/releases/download/v0.1.35/terratag_0.1.35_linux_amd64.tar.gz'
backend:
type: dict
default: {}
description: |
Terraform backend
name: azurerm
options:
resource_group_name: test-rg
storage_account_name: test-sa
container_name: tfstate
key: project/module
provider:
type: list
default:
- name: null
description: |
Terraform provider list with necessary settings
Azure example:
- name: azurerm
options:
features: { }
subscription_id: { concat: [ '"', { get_secret: azure_subscription_id }, '"' ] }
tenant_id: { concat: [ '"', { get_secret: azure_tenant_id }, '"' ] }
client_id: { concat: [ '"', { get_secret: azure_client_id }, '"' ] }
client_secret: { concat: [ '"', { get_secret: azure_client_secret }, '"' ] }
AWS example:
- name: aws
options:
region: { concat: [ '"', { get_secret: aws_region }, '"' ] }
access_key: { concat: [ '"', { get_secret: aws_access_key }, '"' ] }
secret_key: { concat: [ '"', { get_secret: aws_secret_key }, '"' ] }
Null example:
- name: null
node_templates:
terraform:
type: cloudify.nodes.terraform
properties:
resource_config:
use_existing_resource: { get_input: use_existing_terraform }
terraform_config: { get_input: terraform_config }
terraform_plan:
type: cloudify.nodes.terraform.Module
properties:
tflint_config: { get_input: tflint_config }
tfsec_config: { get_input: tfsec_config }
terratag_config: { get_input: terratag_config }
infracost_config: { get_input: infracost_config }
resource_config:
provider:
providers: { get_input: provider }
backend: { get_input: backend }
variables: { get_input: variables }
source:
location: { get_input: module_source }
source_path: { get_input: module_source_path }
interfaces:
cloudify.interfaces.lifecycle:
configure:
implementation: tf.cloudify_tf.tasks.plan
delete: {}
relationships:
- target: terraform
type: cloudify.terraform.relationships.run_on_host
capabilities:
outputs:
value: { get_attribute: [ terraform_plan, outputs] }
infracost:
value: { get_attribute: [ terraform_plan, plain_text_infracost] }
plan:
value: { get_attribute: [ terraform_plan, plain_text_plan] }