This repository has been archived by the owner on Jan 13, 2025. It is now read-only.
generated from bcgov/bcgov-terraform-module-template
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathmain.tf
98 lines (81 loc) · 2.92 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
locals {
project = jsondecode(file(var.project_definition_file_path))
workspaces = merge(
tfe_workspace.workspaces,
tfe_workspace.extra_workspaces
)
}
resource "tfe_team" "team" {
name = "${local.project.name} Team"
organization = var.organization
}
resource "tfe_workspace" "workspaces" {
for_each = { for account in local.project.accounts : account.environment => account }
name = "${local.project.identifier}-${lower(each.value.environment)}"
organization = var.organization
execution_mode = var.execution_mode
lifecycle {
ignore_changes = [
# Ignore changes to name because teams may change workspace names.
name,
]
}
}
resource "tfe_workspace" "extra_workspaces" {
for_each = setunion(flatten([
for account in local.project.accounts : [
for ws in account.extra_tfc_workspaces : lower("${local.project.identifier}-${account.environment}-${ws}")
] if contains(keys(account), "extra_tfc_workspaces")
]))
name = each.key
organization = var.organization
execution_mode = var.execution_mode
lifecycle {
ignore_changes = [
# Ignore changes to name because teams may change workspace names.
name,
]
}
}
resource "tfe_team_access" "team_access" {
for_each = local.workspaces
access = var.team_access_level
team_id = tfe_team.team.id
workspace_id = each.value.id
}
resource "tfe_team_token" "team_token" {
team_id = tfe_team.team.id
}
//@todo handling of workspace variables should refactored so we don't need to have an input variable definition for each one, and so they are not semantically tied to AWS credentials, since we will have workspaces for a variety of purposes, many of which will have nothing to do with AWS.
resource "tfe_variable" "aws_secret_access_key" {
for_each = (var.secret_access_key != null ? local.workspaces : {})
key = "AWS_SECRET_ACCESS_KEY"
value = var.secret_access_key
category = "env"
sensitive = true
workspace_id = each.value.id
description = "AWS secret access key."
}
resource "tfe_variable" "aws_access_key_id" {
for_each = (var.access_key_id != null ? local.workspaces : {})
key = "AWS_ACCESS_KEY_ID"
value = var.access_key_id
category = "env"
sensitive = true
workspace_id = each.value.id
description = "AWS access key id."
}
resource "tfe_variable" "aws_target_account_id" {
for_each = (local.workspaces != null ? local.workspaces : {})
category = "terraform"
key = "target_aws_account_id"
value = var.project_accounts[split("-", each.value.name)[1]].id
workspace_id = local.workspaces[each.key].id
}
resource "tfe_variable" "aws_target_env" {
for_each = (local.workspaces != null ? local.workspaces : {})
category = "terraform"
key = "target_env"
value = split("-", each.value.name)[1]
workspace_id = local.workspaces[each.key].id
}