Code which manages configuration and life-cycle of all the HCP Terraform private registry factory. It is designed to be used from a dedicated API-Driven HCP Terraform workspace that would provision and manage the configuration using Terraform code (IaC).
Module publication to the private registry is facilitated through a no-code module. Each no-code module must be provisioned within the dedicated project to ensure proper variable input configuration and management.
To manage the resources, provide a user token from an account with
appropriate permissions. This user should have the Manage Modules, Manage Projects,
Manage Workspaces, Manage Teams, Manage Membership, and Manage Organization Access
permission. Alternatively, you can use a token from a team instead of a user token.
To manage the GitHub resources, provide a token from an account or a GitHub App with appropriate permissions. It should have:
- Read access to
metadata - Read and write access to
administration,code,secrets, andmembers.
The HCP Terraform provider requires a HCP Terraform/Terraform Enterprise API token in order to manage resources.
There are several ways to provide the required token:
- Set the
tokenargument in the provider configuration. You can set the token argument in the provider configuration. Use an input variable for the token. - Set the
TFE_TOKENenvironment variable. The provider can read the TFE\_TOKEN environment variable and the token stored there to authenticate.
The GitHub provider requires a GitHub token or GitHub App installation in order to manage resources.
There are several ways to provide the required token:
- Set the
tokenargument in the provider configuration. You can set thetokenargument in the provider configuration. Use an input variable for the token. - Set the
GITHUB_TOKENenvironment variable. The provider can read theGITHUB_TOKENenvironment variable and the token stored there to authenticate.
There are several ways to provide the required GitHub App installation:
- Set the
app_authargument in the provider configuration. You can set the app\_auth argument with the id, installation\_id and pem\_file in the provider configuration. The owner parameter is also required in this situation. - Set the
GITHUB_APP_ID,GITHUB_APP_INSTALLATION_IDandGITHUB_APP_PEM_FILEenvironment variables. The provider can read the GITHUB\_APP\_ID, GITHUB\_APP\_INSTALLATION\_ID and GITHUB\_APP\_PEM\_FILE environment variables to authenticate.
Because strings with new lines is not support:
use "\\n" within thepem_fileargument to replace new line
use "\n" within theGITHUB_APP_PEM_FILEenvironment variables to replace new line
- Manages configuration and life-cycle of GitHub resources for Terraform no-code module repository:
- Repository
- Branch protection
- Teams
- Secret
- Manages configuration and life-cycle of HCP Terraform resources:
- Project
- Variable Set
- Variables
- Teams
- Team token
- Private module registry
- No-code feature
- Private module registry test environment variable
The following requirements are needed by this module:
The following Modules are called:
Source: ./modules/git_repository
Version:
Source: ./modules/tfe_team
Version:
Source: ./modules/tfe_team
Version:
Source: ./modules/git_team
Version:
The following input variables are required:
Description: (Required) ID of the GitHub App used to authenticate.
Type: string
Description: (Required) ID of the GitHub App installation used to authenticate.
Type: string
Description: (Required) Content of the GitHub App private key PEM file used to authenticate.
Type: string
Description: (Required) The target GitHub organization or individual user account to manage.
Type: string
Description: (Required) Name of the organization.
Type: string
The following input variables are optional (have default values):
Description: (Optional) The github_teams block supports the following:
name : (Required) The name of the team.
description : (Optional) A description of the team.
permission : (Optional) The permissions of team members regarding the repository. Must be one of pull, triage, push, maintain, admin or the name of an existing custom repository role within the organisation.
Type:
list(object({
name = string
description = optional(string)
permission = optional(string, "pull")
}))Default:
[
{
"description": "This group grant admin access to the Terraform Modules repository.",
"name": "Terraform-Modules-Owners",
"permission": "admin"
},
{
"description": "This group grant write access to the Terraform Modules repository.",
"name": "Terraform-Modules-Contributors",
"permission": "push"
}
]Description: (Optional) The GitHub repository to use as a template when creating new repositories. The repository must be a template repository. If not provided, the default template provided by the module will be used.
Type: string
Default: null
Description: (Optional) Name of the terraform module used by the modules factory.
Type: string
Default: "terraform-tfe-modulesfactory"
Description: (Optional) Name of the OAuth client.
Type: string
Default: "GitHub"
Description: (Optional) A description for the project.
Type: string
Default: null
Description: (Optional) Name of the project.
Type: string
Default: "Terraform Modules Factory"
Description: (Optional) A map of key-value tags to add to the project.
Type: map(string)
Default: null
The following resources are used by this module:
- github_actions_secret.tfe_token (resource)
- tfe_no_code_module.this (resource)
- tfe_project.this (resource)
- tfe_registry_module.this (resource)
- tfe_test_variable.github_app_id (resource)
- tfe_test_variable.github_app_installation_id (resource)
- tfe_test_variable.github_app_pem_file (resource)
- tfe_test_variable.github_owner (resource)
- tfe_test_variable.oauth_client_name (resource)
- tfe_test_variable.organization (resource)
- tfe_test_variable.tfe_token (resource)
- tfe_variable.git_tfe_token (resource)
- tfe_variable.github_app_id (resource)
- tfe_variable.github_app_installation_id (resource)
- tfe_variable.github_app_pem_file (resource)
- tfe_variable.github_owner (resource)
- tfe_variable.github_teams (resource)
- tfe_variable.oauth_client_name (resource)
- tfe_variable.organization (resource)
- tfe_variable.template (resource)
- tfe_variable.tfe_token (resource)
- tfe_variable_set.this (resource)
- tfe_oauth_client.client (data source)
No outputs.