Skip to content

Commit

Permalink
Merge pull request #64 from schubergphilis/github-app
Browse files Browse the repository at this point in the history 
feature: Support GitHub app for VCS connections, solve deprecation warnings
  • Loading branch information
@marwinbaumannsbp
marwinbaumannsbp authored Jan 10, 2025
2 parents 7256ef0 + 2b712c9 commit d9c7c4f
Show file tree
Hide file tree
Showing 4 changed files with 14 additions and 10 deletions.
12 changes: 6 additions & 6 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -202,24 +202,24 @@ module "aws_account" {
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.9.0 |
| <a name="requirement_mcaf"></a> [mcaf](#requirement\_mcaf) | >= 0.4.2 |
| <a name="requirement_tfe"></a> [tfe](#requirement\_tfe) | >= 0.51.0 |
| <a name="requirement_tfe"></a> [tfe](#requirement\_tfe) | >= 0.61.0 |
| <a name="requirement_tls"></a> [tls](#requirement\_tls) | >= 4.0.4 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws.account"></a> [aws.account](#provider\_aws.account) | >= 4.9.0 |
| <a name="provider_tfe"></a> [tfe](#provider\_tfe) | >= 0.51.0 |
| <a name="provider_tfe"></a> [tfe](#provider\_tfe) | >= 0.61.0 |
| <a name="provider_tls"></a> [tls](#provider\_tls) | >= 4.0.4 |

## Modules

| Name | Source | Version |
|------|--------|---------|
| <a name="module_account"></a> [account](#module\_account) | schubergphilis/mcaf-account/aws | ~> 0.5.1 |
| <a name="module_additional_tfe_workspaces"></a> [additional\_tfe\_workspaces](#module\_additional\_tfe\_workspaces) | schubergphilis/mcaf-workspace/aws | ~> 2.1.1 |
| <a name="module_tfe_workspace"></a> [tfe\_workspace](#module\_tfe\_workspace) | schubergphilis/mcaf-workspace/aws | ~> 2.1.1 |
| <a name="module_additional_tfe_workspaces"></a> [additional\_tfe\_workspaces](#module\_additional\_tfe\_workspaces) | schubergphilis/mcaf-workspace/aws | ~> 2.2.0 |
| <a name="module_tfe_workspace"></a> [tfe\_workspace](#module\_tfe\_workspace) | schubergphilis/mcaf-workspace/aws | ~> 2.2.0 |

## Resources

Expand All @@ -244,9 +244,9 @@ module "aws_account" {
|------|-------------|------|---------|:--------:|
| <a name="input_account"></a> [account](#input\_account) | AWS account settings | <pre>object({<br> alias_prefix = optional(string)<br> contact_billing = optional(object({<br> email_address = string<br> name = string<br> phone_number = string<br> title = string<br> }), null)<br> contact_operations = optional(object({<br> email_address = string<br> name = string<br> phone_number = string<br> title = string<br> }), null)<br> contact_security = optional(object({<br> email_address = string<br> name = string<br> phone_number = string<br> title = string<br> }), null)<br> email = string<br> environment = optional(string)<br> organizational_unit = string<br> provisioned_product_name = optional(string)<br> sso_email = string<br> sso_firstname = optional(string, "AWS Control Tower")<br> sso_lastname = optional(string, "Admin")<br> })</pre> | n/a | yes |
| <a name="input_name"></a> [name](#input\_name) | Name of the account and default TFE workspace | `string` | n/a | yes |
| <a name="input_tfe_workspace"></a> [tfe\_workspace](#input\_tfe\_workspace) | TFE workspace settings | <pre>object({<br> add_permissions_boundary = optional(bool, false)<br> agent_pool_id = optional(string)<br> agent_role_arns = optional(list(string))<br> allow_destroy_plan = optional(bool, true)<br> assessments_enabled = optional(bool, true)<br> auth_method = optional(string, "iam_role_oidc")<br> auto_apply = optional(bool, false)<br> auto_apply_run_trigger = optional(bool, false)<br> branch = optional(string, "main")<br> clear_text_env_variables = optional(map(string), {})<br> clear_text_hcl_variables = optional(map(string), {})<br> clear_text_terraform_variables = optional(map(string), {})<br> connect_vcs_repo = optional(bool, true)<br> default_region = string<br> description = optional(string)<br> execution_mode = optional(string, "remote")<br> file_triggers_enabled = optional(bool, true)<br> global_remote_state = optional(bool, false)<br> name = optional(string)<br> organization = string<br> policy = optional(string)<br> policy_arns = optional(list(string), ["arn:aws:iam::aws:policy/AdministratorAccess"])<br> project_id = optional(string)<br> queue_all_runs = optional(bool)<br> remote_state_consumer_ids = optional(set(string))<br> repository_identifier = optional(string)<br> role_name = optional(string, "TFEPipeline")<br> sensitive_env_variables = optional(map(string), {})<br> sensitive_hcl_variables = optional(map(object({ sensitive = string })), {})<br> sensitive_terraform_variables = optional(map(string), {})<br> ssh_key_id = optional(string)<br> terraform_version = optional(string)<br> trigger_patterns = optional(list(string))<br> trigger_prefixes = optional(list(string), ["modules"])<br> username = optional(string, "TFEPipeline")<br> vcs_oauth_token_id = string<br> variable_set_ids = optional(map(string), {})<br> working_directory = optional(string)<br> workspace_tags = optional(list(string))<br><br> notification_configuration = optional(map(object({<br> destination_type = string<br> enabled = optional(bool, true)<br> url = string<br> triggers = optional(list(string), [<br> "run:created",<br> "run:planning",<br> "run:needs_attention",<br> "run:applying",<br> "run:completed",<br> "run:errored",<br> ])<br> })), {})<br><br> team_access = optional(map(object({<br> access = optional(string, null),<br> permissions = optional(object({<br> run_tasks = bool<br> runs = string<br> sentinel_mocks = string<br> state_versions = string<br> variables = string<br> workspace_locking = bool<br> }), null)<br> })), {})<br> })</pre> | n/a | yes |
| <a name="input_tfe_workspace"></a> [tfe\_workspace](#input\_tfe\_workspace) | TFE workspace settings | <pre>object({<br> add_permissions_boundary = optional(bool, false)<br> agent_pool_id = optional(string)<br> agent_role_arns = optional(list(string))<br> allow_destroy_plan = optional(bool, true)<br> assessments_enabled = optional(bool, true)<br> auth_method = optional(string, "iam_role_oidc")<br> auto_apply = optional(bool, false)<br> auto_apply_run_trigger = optional(bool, false)<br> branch = optional(string, "main")<br> clear_text_env_variables = optional(map(string), {})<br> clear_text_hcl_variables = optional(map(string), {})<br> clear_text_terraform_variables = optional(map(string), {})<br> connect_vcs_repo = optional(bool, true)<br> default_region = string<br> description = optional(string)<br> execution_mode = optional(string, "remote")<br> file_triggers_enabled = optional(bool, true)<br> global_remote_state = optional(bool, false)<br> name = optional(string)<br> organization = string<br> policy = optional(string)<br> policy_arns = optional(list(string), ["arn:aws:iam::aws:policy/AdministratorAccess"])<br> project_id = optional(string)<br> queue_all_runs = optional(bool)<br> remote_state_consumer_ids = optional(set(string))<br> repository_identifier = optional(string)<br> role_name = optional(string, "TFEPipeline")<br> sensitive_env_variables = optional(map(string), {})<br> sensitive_hcl_variables = optional(map(object({ sensitive = string })), {})<br> sensitive_terraform_variables = optional(map(string), {})<br> ssh_key_id = optional(string)<br> terraform_version = optional(string)<br> trigger_patterns = optional(list(string))<br> trigger_prefixes = optional(list(string), ["modules"])<br> username = optional(string, "TFEPipeline")<br> vcs_oauth_token_id = optional(string)<br> vcs_github_app_installation_id = optional(string)<br> variable_set_ids = optional(map(string), {})<br> working_directory = optional(string)<br> workspace_tags = optional(list(string))<br><br> notification_configuration = optional(map(object({<br> destination_type = string<br> enabled = optional(bool, true)<br> url = string<br> triggers = optional(list(string), [<br> "run:created",<br> "run:planning",<br> "run:needs_attention",<br> "run:applying",<br> "run:completed",<br> "run:errored",<br> ])<br> })), {})<br><br> team_access = optional(map(object({<br> access = optional(string, null),<br> permissions = optional(object({<br> run_tasks = bool<br> runs = string<br> sentinel_mocks = string<br> state_versions = string<br> variables = string<br> workspace_locking = bool<br> }), null)<br> })), {})<br> })</pre> | n/a | yes |
| <a name="input_account_variable_set"></a> [account\_variable\_set](#input\_account\_variable\_set) | Settings of variable set that is attached to each workspace | <pre>object({<br> name = optional(string)<br> clear_text_env_variables = optional(map(string), {})<br> clear_text_hcl_variables = optional(map(string), {})<br> clear_text_terraform_variables = optional(map(string), {})<br> })</pre> | `{}` | no |
| <a name="input_additional_tfe_workspaces"></a> [additional\_tfe\_workspaces](#input\_additional\_tfe\_workspaces) | Additional TFE workspaces | <pre>map(object({<br> add_permissions_boundary = optional(bool, false)<br> agent_pool_id = optional(string)<br> agent_role_arns = optional(list(string))<br> allow_destroy_plan = optional(bool)<br> assessments_enabled = optional(bool)<br> auth_method = optional(string)<br> auto_apply = optional(bool, false)<br> auto_apply_run_trigger = optional(bool, false)<br> branch = optional(string)<br> clear_text_env_variables = optional(map(string), {})<br> clear_text_hcl_variables = optional(map(string), {})<br> clear_text_terraform_variables = optional(map(string), {})<br> connect_vcs_repo = optional(bool, true)<br> default_region = optional(string)<br> description = optional(string)<br> execution_mode = optional(string)<br> file_triggers_enabled = optional(bool, true)<br> global_remote_state = optional(bool, false)<br> name = optional(string)<br> policy = optional(string)<br> policy_arns = optional(list(string), ["arn:aws:iam::aws:policy/AdministratorAccess"])<br> project_id = optional(string)<br> queue_all_runs = optional(bool)<br> remote_state_consumer_ids = optional(set(string))<br> repository_identifier = optional(string)<br> role_name = optional(string)<br> sensitive_env_variables = optional(map(string), {})<br> sensitive_hcl_variables = optional(map(object({ sensitive = string })), {})<br> sensitive_terraform_variables = optional(map(string), {})<br> ssh_key_id = optional(string)<br> terraform_version = optional(string)<br> trigger_patterns = optional(list(string))<br> trigger_prefixes = optional(list(string))<br> username = optional(string)<br> vcs_oauth_token_id = optional(string)<br> variable_set_ids = optional(map(string), {})<br> working_directory = optional(string)<br> workspace_tags = optional(list(string))<br><br> notification_configuration = optional(map(object({<br> destination_type = string<br> enabled = optional(bool, true)<br> url = string<br> triggers = optional(list(string), [<br> "run:created",<br> "run:planning",<br> "run:needs_attention",<br> "run:applying",<br> "run:completed",<br> "run:errored",<br> ])<br> })), null)<br><br> team_access = optional(map(object({<br> access = optional(string, null),<br> permissions = optional(object({<br> run_tasks = bool<br> runs = string<br> sentinel_mocks = string<br> state_versions = string<br> variables = string<br> workspace_locking = bool<br> }), null)<br> })), null)<br> }))</pre> | `{}` | no |
| <a name="input_additional_tfe_workspaces"></a> [additional\_tfe\_workspaces](#input\_additional\_tfe\_workspaces) | Additional TFE workspaces | <pre>map(object({<br> add_permissions_boundary = optional(bool, false)<br> agent_pool_id = optional(string)<br> agent_role_arns = optional(list(string))<br> allow_destroy_plan = optional(bool)<br> assessments_enabled = optional(bool)<br> auth_method = optional(string)<br> auto_apply = optional(bool, false)<br> auto_apply_run_trigger = optional(bool, false)<br> branch = optional(string)<br> clear_text_env_variables = optional(map(string), {})<br> clear_text_hcl_variables = optional(map(string), {})<br> clear_text_terraform_variables = optional(map(string), {})<br> connect_vcs_repo = optional(bool, true)<br> default_region = optional(string)<br> description = optional(string)<br> execution_mode = optional(string)<br> file_triggers_enabled = optional(bool, true)<br> global_remote_state = optional(bool, false)<br> name = optional(string)<br> policy = optional(string)<br> policy_arns = optional(list(string), ["arn:aws:iam::aws:policy/AdministratorAccess"])<br> project_id = optional(string)<br> queue_all_runs = optional(bool)<br> remote_state_consumer_ids = optional(set(string))<br> repository_identifier = optional(string)<br> role_name = optional(string)<br> sensitive_env_variables = optional(map(string), {})<br> sensitive_hcl_variables = optional(map(object({ sensitive = string })), {})<br> sensitive_terraform_variables = optional(map(string), {})<br> ssh_key_id = optional(string)<br> terraform_version = optional(string)<br> trigger_patterns = optional(list(string))<br> trigger_prefixes = optional(list(string))<br> username = optional(string)<br> vcs_oauth_token_id = optional(string)<br> vcs_github_app_installation_id = optional(string)<br> variable_set_ids = optional(map(string), {})<br> working_directory = optional(string)<br> workspace_tags = optional(list(string))<br><br> notification_configuration = optional(map(object({<br> destination_type = string<br> enabled = optional(bool, true)<br> url = string<br> triggers = optional(list(string), [<br> "run:created",<br> "run:planning",<br> "run:needs_attention",<br> "run:applying",<br> "run:completed",<br> "run:errored",<br> ])<br> })), null)<br><br> team_access = optional(map(object({<br> access = optional(string, null),<br> permissions = optional(object({<br> run_tasks = bool<br> runs = string<br> sentinel_mocks = string<br> state_versions = string<br> variables = string<br> workspace_locking = bool<br> }), null)<br> })), null)<br> }))</pre> | `{}` | no |
| <a name="input_create_default_workspace"></a> [create\_default\_workspace](#input\_create\_default\_workspace) | Set to false to skip creating default workspace | `bool` | `true` | no |
| <a name="input_path"></a> [path](#input\_path) | Optional path for all IAM users, user groups, roles, and customer managed policies created by this module | `string` | `"/"` | no |
| <a name="input_permissions_boundaries"></a> [permissions\_boundaries](#input\_permissions\_boundaries) | n/a | <pre>object({<br> workspace_boundary = optional(string)<br> workspace_boundary_name = optional(string)<br> workload_boundary = optional(string)<br> workload_boundary_name = optional(string)<br> })</pre> | `{}` | no |
Expand Down
6 changes: 4 additions & 2 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -176,7 +176,7 @@ module "tfe_workspace" {
providers = { aws = aws.account }

source = "schubergphilis/mcaf-workspace/aws"
version = "~> 2.1.1"
version = "~> 2.2.0"

agent_pool_id = var.tfe_workspace.agent_pool_id
agent_role_arns = var.tfe_workspace.agent_role_arns
Expand All @@ -192,6 +192,7 @@ module "tfe_workspace" {
description = var.tfe_workspace.description
execution_mode = var.tfe_workspace.execution_mode
file_triggers_enabled = var.tfe_workspace.connect_vcs_repo != false ? var.tfe_workspace.file_triggers_enabled : null
github_app_installation_id = var.tfe_workspace.connect_vcs_repo != false ? var.tfe_workspace.vcs_github_app_installation_id : null
global_remote_state = var.tfe_workspace.global_remote_state
name = coalesce(var.tfe_workspace.name, var.name)
notification_configuration = var.tfe_workspace.notification_configuration
Expand Down Expand Up @@ -227,7 +228,7 @@ module "additional_tfe_workspaces" {
providers = { aws = aws.account }

source = "schubergphilis/mcaf-workspace/aws"
version = "~> 2.1.1"
version = "~> 2.2.0"

agent_pool_id = each.value.agent_pool_id != null ? each.value.agent_pool_id : var.tfe_workspace.agent_pool_id
agent_role_arns = each.value.agent_role_arns != null ? each.value.agent_role_arns : var.tfe_workspace.agent_role_arns
Expand All @@ -243,6 +244,7 @@ module "additional_tfe_workspaces" {
description = each.value.description
execution_mode = coalesce(each.value.execution_mode, var.tfe_workspace.execution_mode)
file_triggers_enabled = each.value.connect_vcs_repo != false ? each.value.file_triggers_enabled : null
github_app_installation_id = each.value.connect_vcs_repo != false ? coalesce(each.value.vcs_github_app_installation_id, var.tfe_workspace.vcs_github_app_installation_id) : null
global_remote_state = each.value.global_remote_state
name = coalesce(each.value.name, each.key)
notification_configuration = each.value.notification_configuration != null ? each.value.notification_configuration : var.tfe_workspace.notification_configuration
Expand Down
Loading

0 comments on commit d9c7c4f

Please sign in to comment.