Commit 2c5b66dd authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

Merge branch 'feat/auto-workspace' into 'master' 

feat(workspace): select or create & support automatic naming

See merge request to-be-continuous/terraform!71
parents b4972aa4 f333ce5f

README.md

+17 −3
Original line number Diff line number Diff line 
# GitLab CI template for Terraform



This project implements a GitLab CI/CD template to manage your infrastructure with [Terraform](https://www.terraform.io/).

This project implements a GitLab CI/CD template to manage your infrastructure with [Terraform](https://www.terraform.io).



## Usage
@@ -132,7 +132,7 @@ Part of this complexity can be handled by using [Terraform variables](https://de 
    * `environment_type`: the current deployment environment type (`review`, `integration`, `staging` or `production`)

    * `environment_name` (equals `$CI_ENVIRONMENT_NAME`): the full environment name (ex: `review/fix-prometheus-configuration`, `integration`, `staging` or `production`)

    * `environment_slug` (equals `$CI_ENVIRONMENT_SLUG`): the [sluggified](https://en.wikipedia.org/wiki/Clean_URL#Slug) environment name (ex: `review-fix-promet-r13zmu`, `integration`, `staging` or `production`)

2. use [`tfvars` files](https://www.terraform.io/language/values/variables#variable-definitions-tfvars-files) for non-secret configuration:

2. use [`tfvars` files](https://developer.hashicorp.com/terraform/language/values/variables#variable-definitions-tfvars-files) for non-secret configuration:

    * default `terraform.tfvars[.json]` and `*.auto.tfvars[.json]` files are obviously supported by Terraform,

    * the template also auto-detects any file named `$environment_type.env.tfvars[.json]` (ex: `staging.env.tfvars` for staging environment) and uses it with all related `terraform` commands.

3. any [predefined GitLab CI variable](https://docs.gitlab.com/ee/ci/variables/predefined_variables.html) may be freedly used in your hook scripts or extra options variables (ex: `TF_EXTRA_OPTS: "-var project_name=$CI_PROJECT_NAME"`)
@@ -275,13 +275,27 @@ terraform init \ 
#### Implicit Backend configuration support



If you disabled the GitLab-managed Terraform state (by setting `$TF_GITLAB_BACKEND_DISABLED` to `true`),

the template supports an implicit [backend configuration](https://www.terraform.io/language/settings/backends/configuration#file) mechanism:

the template supports an implicit [backend configuration](https://developer.hashicorp.com/terraform/language/settings/backends/configuration#file) mechanism:



1. Looks for a `$environment_type.tfbackend` file (ex: `staging.tfbackend` for staging environment),

2. Fallbacks to `default.tfbackend` file.



If one of those files are found, it is automatically used by the template in the `terraform init` command (using the `-backend-config` CLI option).



#### Workspace management



You may want to make use of [Terraform Workspace](https://developer.hashicorp.com/terraform/language/state/workspaces) 

to ease segregating you multiple environments (tfstate management) by setting variables:



* `$TF_WORKSPACE` to set default workspace,

* `$TF_REVIEW_WORKSPACE`, `$TF_INTEG_WORKSPACE`, `$TF_STAGING_WORKSPACE`, `$TF_PROD_WORKSPACE` to override per environment.



Be aware of the following:



* each of those variables support the value `auto`: in that case, the template will use the dynamic [`$environment_slug` value](#deployment-context-variables) as workspace name,

* if the specified workspace doesn't exist, the template will create it,

* HTTP backend (default) doesn't support Workspaces. [See supported backends here](https://developer.hashicorp.com/terraform/language/state/workspaces#backends-supporting-multiple-workspaces).



## Configuration reference



### Secrets management

kicker.json

+1 −1
Original line number Diff line number Diff line 
{

  "name": "Terraform",

  "description": "Manage your infrastructure with [Terraform](https://www.terraform.io/)",

  "description": "Manage your infrastructure with [Terraform](https://www.terraform.io)",

  "template_path": "templates/gitlab-ci-terraform.yml",

  "kind": "infrastructure",

  "variables": [

templates/gitlab-ci-terraform.yml

+9 −4
Original line number Diff line number Diff line
@@ -383,7 +383,7 @@ stages: 
      TF_ADDRESS="${TF_ADDRESS:-${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/${environment_slug}}"



      # Set variables for the HTTP backend to default to TF_* values

      # see: https://www.terraform.io/docs/language/settings/backends/http.html

      # see: https://developer.hashicorp.com/terraform/language/settings/backends/http

      export TF_HTTP_ADDRESS="${TF_HTTP_ADDRESS:-${TF_ADDRESS}}"

      export TF_HTTP_LOCK_ADDRESS="${TF_HTTP_LOCK_ADDRESS:-${TF_ADDRESS}/lock}"

      export TF_HTTP_LOCK_METHOD="${TF_HTTP_LOCK_METHOD:-POST}"
@@ -423,9 +423,14 @@ stages: 
    # select workspace if configured

    if [[ -n "$workspace" ]]

    then

      log_info "--- Terraform workspace \\e[33;1m${workspace}\\e[0m: select"

      terraform workspace select "$workspace"

      log_info "--- Terraform workspace \\e[33;1m${workspace}\\e[0m: selected"

      log_info "--- use workspace: \\e[33;1m${workspace}\\e[0m"

      if [[ "$workspace" == "auto" ]]

      then

        workspace="$environment_slug"

        log_info "   ... auto workspace: \\e[33;1m${workspace}\\e[0m"

      fi

      unset TF_WORKSPACE

      terraform workspace select "${workspace}" 2> /dev/null || terraform workspace new "${workspace}"

    fi

  }