Terraform module to provision and manage Terraform Cloud workspaces
- Definition of a Terraform Cloud Workspace with following available settings, including items in:
- General
- Notifications [*]
- Run Triggers
- Version Control
- Variables
- Variable Set assignments
Warning
For Notifications configuration, only "webhook", "slack" and "microsoft-teams" types are supported at the moment
module "workspace_only_for_remote_state" {
source = "flowingis/workspace/tfe"
version = "0.5.0"
name = "my-workspace-name"
organization = "my-organization"
description = "Simple workspace that only manages the remote state for some resource on AWS"
terraform_version = "1.3.7"
execution_mode = "local"
terraform_variables = {
environment = "dev"
project = "myproject"
}
)
variables_descriptions = merge(
{
environment = "The environment of the project"
region = "The name of the project"
}
)
tag_names = [
"project:myproject",
"environment:dev",
]
}
module "my_workspace" {
source = "flowingis/workspace/tfe"
version = "0.5.0"
name = "my-workspace-name"
organization = "my-organization"
description = "Advanced workspace with remote run mode"
terraform_version = "1.3.7"
queue_all_runs = false
working_directory = "/my/sub/path"
vcs_repository_identifier = "my-github-org/my-repo"
vcs_repository_branch = "main"
oauth_token_id = var.oauth_token_id #NOTE: sensitive value
terraform_variables = {
environment = "core"
project = "core"
region = "eu-west-1"
}
)
environment_sensitive_variables = {
AWS_ACCESS_KEY_ID = var.access_key_id #NOTE: sensitive value
AWS_SECRET_ACCESS_KEY = var.secret_access_key #NOTE: sensitive value
}
variables_descriptions = {
environment = "The environment of the project"
project = "The name of the project"
region = "The AWS region where shared resources are deployed"
AWS_ACCESS_KEY_ID = "Access Key ID to access AWS Account"
AWS_SECRET_ACCESS_KEY = "Secret Access Key to access AWS Account"
}
)
tag_names = [
"project:core",
"environment:core",
"region:eu-west-1"
]
}
It is possible to integrate this module with tfe-variable-set module, in order to assign one or more variable sets to the workspace.
| Name | Version |
|---|---|
| terraform | >= 1.0.0 |
| tfe | >= 0.40.0 |
| Name | Version |
|---|---|
| tfe | >= 0.40.0 |
No modules.
| Name | Type |
|---|---|
| tfe_notification_configuration.microsoft_teams | resource |
| tfe_notification_configuration.slack | resource |
| tfe_notification_configuration.webhook | resource |
| tfe_run_trigger.this | resource |
| tfe_variable.this | resource |
| tfe_workspace.this | resource |
| tfe_workspace_variable_set.this | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| allow_destroy_plan | (Optional) Whether destroy plans can be queued on the workspace | bool |
false |
no |
| assessments_enabled | (Optional) Whether to regularly run health assessments such as drift detection on the workspace | bool |
false |
no |
| auto_apply | (Optional) Whether to automatically apply changes when a Terraform plan is successful | bool |
false |
no |
| description | (Optional) A description for the workspace | string |
"" |
no |
| environment_sensitive_variables | (Optional) Map of sensitive variables of 'environment' category used in the workspace Item syntax: { variable1_name = value1 variable2_name = value2 ... } |
map(any) |
{} |
no |
| environment_variables | (Optional) Map of variables of 'environment' category used in the workspace Item syntax: { variable1_name = value1 variable2_name = value2 ... } |
map(any) |
{} |
no |
| execution_mode | (Optional) Which execution mode to use | string |
"remote" |
no |
| file_triggers_enabled | (Optional) Whether to filter runs based on the changed files in a VCS push | bool |
true |
no |
| force_delete | (Optional) If this attribute is present on a workspace that is being deleted through the provider, it will use the existing force delete API. If this attribute is not present or false it will safe delete the workspace | bool |
false |
no |
| global_remote_state | (Optional) Whether the workspace allows all workspaces in the organization to access its state data during runs | bool |
false |
no |
| name | (Required) Name of the workspace | string |
n/a | yes |
| notification_microsoft_teams_configuration | (Optional) List of notification configuration of 'Microsoft Teams' type Item syntax: [ { name = "webhook_1" enabled = true url = "https://ms1234567890abcde.webhook.office.com" triggers = [ "created", "planning", "needs_attention", "applying", "completed", "errored" ] }, { name = "webhook_2" enabled = false url = "https://ms0987654321edcba.webhook.office.com" }, { ... } ] |
list(object({ |
[] |
no |
| notification_slack_configuration | (Optional) List of notification configuration of 'Slack' type Item syntax: [ { name = "webhook_1" enabled = true url = "https://hooks.slack.com/services/VeryLongHash1" triggers = [ "created", "planning", "needs_attention", "applying", "completed", "errored" ] }, { name = "webhook_2" enabled = false url = "https://hooks.slack.com/services/VeryLongHash2" }, { ... } ] |
list(object({ |
[] |
no |
| notification_webhook_configuration | (Optional) List of notification configuration of 'Webhook' type Item syntax: [ { name = "webhook_1" enabled = true token = "mysupersecrettoken1" url = "https://myendpoint1.domain.ext" triggers = [ "created", "planning", "needs_attention", "applying", "completed", "errored" ] }, { name = "webhook_2" enabled = false token = "mysupersecrettoken2" url = "https://myendpoint2.domain.ext" }, { ... } ] |
list(object({ |
[] |
no |
| oauth_token_id | (Optional) The token ID of the VCS connection to use | string |
"" |
no |
| organization | (Required) Name of the organization | string |
n/a | yes |
| project_id | (Optional) ID of the project where the workspace should be created | string |
"" |
no |
| queue_all_runs | (Optional) Whether the workspace should start automatically performing runs immediately after its creation | bool |
true |
no |
| remote_state_consumer_ids | (Optional) The set of workspace IDs set as explicit remote state consumers for the given workspace | list(string) |
[] |
no |
| run_triggers | List of source workspaces IDs that trigger runs in this workspace | list(string) |
[] |
no |
| speculative_enabled | (Optional) Whether this workspace allows speculative plans | bool |
true |
no |
| ssh_key_id | (Optional) The ID of an SSH key to assign to the workspace | string |
null |
no |
| structured_run_output_enabled | (Optional) Whether this workspace should show output from Terraform runs using the enhanced UI when available | bool |
true |
no |
| tag_names | (Optional) A list of tag names for this workspace | list(string) |
[] |
no |
| terraform_hcl_sensitive_variables | (Optional) Map of sensitive variables in HCL format of 'Terraform' category used in the workspace Item syntax: { variable1_name = value1 variable2_name = value2 ... } NOTE: you can specifies values in HCL format directly, like this: { variable_list = ["item1","item2"] variable_map = { key1 = value1 key2 = value2 } } |
any |
{} |
no |
| terraform_hcl_variables | (Optional) Map of variables in HCL format of 'Terraform' category used in the workspace Item syntax: { variable1_name = value1 variable2_name = value2 ... } NOTE: you can specifies values in HCL format directly, like this: { variable_list = ["item1","item2"] variable_map = { key1 = value1 key2 = value2 } } } |
any |
{} |
no |
| terraform_sensitive_variables | (Optional) Map of sensitive variables of 'Terraform' category used in the workspace Item syntax: { variable1_name = value1 variable2_name = value2 ... } |
map(any) |
{} |
no |
| terraform_variables | (Optional) Map of variables of 'Terraform' category used in the workspace Item syntax: { variable1_name = value1 variable2_name = value2 ... } |
map(any) |
{} |
no |
| terraform_version | (Required) The version of Terraform to use for this workspace | string |
n/a | yes |
| trigger_patterns | (Optional) List of glob patterns that describe the files Terraform Cloud monitors for changes. Trigger patterns are always appended to the root directory of the repository. Mutually exclusive with trigger-prefixes. Only available for Terraform Cloud | list(string) |
null |
no |
| trigger_prefixes | (Optional) List of repository-root-relative paths which describe all locations to be tracked for changes | list(string) |
null |
no |
| variable_set_ids | (Optional) List of variable set ids applied to this workspace | list(string) |
[] |
no |
| variables_descriptions | (Optional) Map of descriptions applied to workspace variables Item syntax: { variable1_name = "description" variable2_name = "description" ... } |
map(string) |
{} |
no |
| vcs_repository_branch | (Optional) The repository branch that Terraform will execute from | string |
"" |
no |
| vcs_repository_identifier | (Optional) A reference to your VCS repository in the format / where and refer to the organization and repository in your VCS provider. The format for Azure DevOps is //_git/ | string |
"" |
no |
| vcs_repository_ingress_submodules | (Optional) Whether submodules should be fetched when cloning the VCS repository | bool |
false |
no |
| vcs_repository_tags_regex | (Optional) (Optional) A regular expression used to trigger a Workspace run for matching Git tags. This option conflicts with trigger_patterns and trigger_prefixes. Should only set this value if the former is not being used | string |
null |
no |
| working_directory | (Optional) A relative path that Terraform will execute within | string |
null |
no |
| Name | Description |
|---|---|
| id | The workspace ID |