From f9a510783c4495a15244f9c3303ba929654499fe Mon Sep 17 00:00:00 2001 From: Sebastian Trebitz Date: Fri, 30 Aug 2024 12:36:43 +0200 Subject: [PATCH] move variable-set variables into a submodule (#1) --- CHANGELOG.md | 8 +++- README.md | 7 ++-- main.tf | 34 ++++------------ modules/variable/README.md | 64 ++++++++++++++++++++++++++++++ modules/variable/main.tf | 37 +++++++++++++++++ modules/variable/outputs.tf | 25 ++++++++++++ modules/variable/variables.tf | 75 +++++++++++++++++++++++++++++++++++ modules/variable/versions.tf | 26 ++++++++++++ variables.tf | 8 ---- 9 files changed, 244 insertions(+), 40 deletions(-) create mode 100644 modules/variable/README.md create mode 100644 modules/variable/main.tf create mode 100644 modules/variable/outputs.tf create mode 100644 modules/variable/variables.tf create mode 100644 modules/variable/versions.tf diff --git a/CHANGELOG.md b/CHANGELOG.md index 94c2444..9427399 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,9 +4,15 @@ All notable changes to this project will be documented in this file. ## [Unreleased] +## [2.0.0] - 2024-08-30 + +BREAKING CHANGES: +* move variable-set variables into a submodule + ## [1.0.0] - 2023-12-20 Initial release -[Unreleased]: https://github.com/nephosolutions/terraform-tfe-variable-set/compare/v1.0.0...HEAD +[Unreleased]: https://github.com/nephosolutions/terraform-tfe-variable-set/compare/v2.0.0...HEAD +[2.0.0]: https://github.com/nephosolutions/terraform-tfe-variable-set/releases/tag/v2.0.0 [1.0.0]: https://github.com/nephosolutions/terraform-tfe-variable-set/releases/tag/v1.0.0 diff --git a/README.md b/README.md index 57bb2ab..2545f28 100644 --- a/README.md +++ b/README.md @@ -32,18 +32,17 @@ limitations under the License. ## Modules -No modules. +| Name | Source | Version | +|------|--------|---------| +| [variable\_set\_variable](#module\_variable\_set\_variable) | ./modules/variable | n/a | ## Resources | Name | Type | |------|------| | [tfe_project_variable_set.project](https://registry.terraform.io/providers/hashicorp/tfe/latest/docs/resources/project_variable_set) | resource | -| [tfe_variable.nonsensitive](https://registry.terraform.io/providers/hashicorp/tfe/latest/docs/resources/variable) | resource | -| [tfe_variable.sensitive](https://registry.terraform.io/providers/hashicorp/tfe/latest/docs/resources/variable) | resource | | [tfe_variable_set.variable_set](https://registry.terraform.io/providers/hashicorp/tfe/latest/docs/resources/variable_set) | resource | | [tfe_workspace_variable_set.workspace](https://registry.terraform.io/providers/hashicorp/tfe/latest/docs/resources/workspace_variable_set) | resource | -| [tfe_outputs.variable_set_variable](https://registry.terraform.io/providers/hashicorp/tfe/latest/docs/data-sources/outputs) | data source | | [tfe_project.project](https://registry.terraform.io/providers/hashicorp/tfe/latest/docs/data-sources/project) | data source | | [tfe_workspace_ids.variable_set](https://registry.terraform.io/providers/hashicorp/tfe/latest/docs/data-sources/workspace_ids) | data source | diff --git a/main.tf b/main.tf index be5b318..c17c2d6 100644 --- a/main.tf +++ b/main.tf @@ -48,38 +48,18 @@ resource "tfe_workspace_variable_set" "workspace" { workspace_id = each.value } -data "tfe_outputs" "variable_set_variable" { - for_each = { for k, v in var.variables : format("%s/%s", v.key, v.category) => v } - - organization = var.organization - workspace = each.value.workspace -} +module "variable_set_variable" { + source = "./modules/variable" -resource "tfe_variable" "sensitive" { - for_each = { - for k, v in var.variables : format("%s/%s", v.key, v.category) => v - if v.sensitive == true - } - - category = each.value.category - description = each.value.description - hcl = each.value.hcl - key = each.value.key - sensitive = true - value = data.tfe_outputs.variable_set_variable[each.key].values[each.value.value] - variable_set_id = tfe_variable_set.variable_set.id -} - -resource "tfe_variable" "nonsensitive" { - for_each = { - for k, v in var.variables : format("%s/%s", v.key, v.category) => v - if v.sensitive != true - } + for_each = { for k, v in var.variables : format("%s/%s", v.key, v.category) => v } category = each.value.category description = each.value.description hcl = each.value.hcl key = each.value.key - value = data.tfe_outputs.variable_set_variable[each.key].nonsensitive_values[each.value.value] + organization = var.organization + sensitive = each.value.sensitive + value = each.value.value variable_set_id = tfe_variable_set.variable_set.id + workspace = each.value.workspace } diff --git a/modules/variable/README.md b/modules/variable/README.md new file mode 100644 index 0000000..6281ad5 --- /dev/null +++ b/modules/variable/README.md @@ -0,0 +1,64 @@ +# Terraform Cloud Variable-Set Variable + +This module provisions a variable in a variable set reading the value from a workspace output. + + +Copyright 2019-2024 NephoSolutions srl, Sebastian Trebitz + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.1.0 | +| [tfe](#requirement\_tfe) | >= 0.51 | + +## Providers + +| Name | Version | +|------|---------| +| [tfe](#provider\_tfe) | 0.58.1 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [tfe_variable.variable_set_variable](https://registry.terraform.io/providers/hashicorp/tfe/latest/docs/resources/variable) | resource | +| [tfe_outputs.variable_set_variable](https://registry.terraform.io/providers/hashicorp/tfe/latest/docs/data-sources/outputs) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [category](#input\_category) | Whether this is a Terraform or environment variable. Valid values are `terraform` or `env`. | `string` | n/a | yes | +| [description](#input\_description) | Description of the variable. | `string` | `null` | no | +| [hcl](#input\_hcl) | Whether to evaluate the value of the variable as a string of HCL code. | `bool` | `false` | no | +| [key](#input\_key) | Name of the variable. | `string` | n/a | yes | +| [organization](#input\_organization) | The name of the organization. | `string` | n/a | yes | +| [sensitive](#input\_sensitive) | Whether the value is sensitive. If true then the variable is written once and not visible thereafter. | `bool` | `false` | no | +| [value](#input\_value) | The workspace output to read the variable value from. | `string` | n/a | yes | +| [variable\_set\_id](#input\_variable\_set\_id) | ID of the variable set that owns the variable. | `string` | n/a | yes | +| [workspace](#input\_workspace) | The name of the workspace from which to read outputs. | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [id](#output\_id) | The variable identifier. | +| [name](#output\_name) | The variable name. | + diff --git a/modules/variable/main.tf b/modules/variable/main.tf new file mode 100644 index 0000000..2f8a18b --- /dev/null +++ b/modules/variable/main.tf @@ -0,0 +1,37 @@ +/** + * Copyright 2019-2024 NephoSolutions srl, Sebastian Trebitz + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +data "tfe_outputs" "variable_set_variable" { + organization = var.organization + workspace = var.workspace +} + +locals { + nonsensitive_values = data.tfe_outputs.variable_set_variable.nonsensitive_values + sensitive_values = data.tfe_outputs.variable_set_variable.values +} + +resource "tfe_variable" "variable_set_variable" { + category = var.category + description = var.description + hcl = var.hcl + key = var.key + sensitive = var.sensitive + variable_set_id = var.variable_set_id + + # ensure that values from sensitive outputs are not written into nonsensitive variables + value = var.sensitive ? local.sensitive_values[var.value] : local.nonsensitive_values[var.value] +} diff --git a/modules/variable/outputs.tf b/modules/variable/outputs.tf new file mode 100644 index 0000000..f441d48 --- /dev/null +++ b/modules/variable/outputs.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019-2024 NephoSolutions srl, Sebastian Trebitz + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "id" { + description = "The variable identifier." + value = tfe_variable.variable_set_variable.id +} + +output "name" { + description = "The variable name." + value = tfe_variable.variable_set_variable.key +} diff --git a/modules/variable/variables.tf b/modules/variable/variables.tf new file mode 100644 index 0000000..aa8115a --- /dev/null +++ b/modules/variable/variables.tf @@ -0,0 +1,75 @@ +/** + * Copyright 2019-2024 NephoSolutions srl, Sebastian Trebitz + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "category" { + description = "Whether this is a Terraform or environment variable. Valid values are `terraform` or `env`." + type = string + nullable = false + + validation { + condition = contains(["env", "terraform"], var.category) + error_message = "Invalid variable category. Valid values are terraform or env." + } +} + +variable "description" { + description = "Description of the variable." + type = string + default = null +} + +variable "hcl" { + description = "Whether to evaluate the value of the variable as a string of HCL code." + type = bool + default = false +} + +variable "key" { + description = "Name of the variable." + type = string + nullable = false +} + +variable "organization" { + description = "The name of the organization." + type = string + nullable = false +} + +variable "sensitive" { + description = "Whether the value is sensitive. If true then the variable is written once and not visible thereafter." + type = bool + nullable = false + default = false +} + +variable "value" { + description = "The workspace output to read the variable value from." + type = string + nullable = false +} + +variable "variable_set_id" { + description = "ID of the variable set that owns the variable." + type = string + nullable = false +} + +variable "workspace" { + description = "The name of the workspace from which to read outputs." + type = string + nullable = false +} diff --git a/modules/variable/versions.tf b/modules/variable/versions.tf new file mode 100644 index 0000000..e572c90 --- /dev/null +++ b/modules/variable/versions.tf @@ -0,0 +1,26 @@ +/** + * Copyright 2019-2024 NephoSolutions srl, Sebastian Trebitz + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = ">= 1.1.0" + + required_providers { + tfe = { + source = "hashicorp/tfe" + version = ">= 0.51" + } + } +} diff --git a/variables.tf b/variables.tf index 85d9fe7..fcab3c3 100644 --- a/variables.tf +++ b/variables.tf @@ -66,14 +66,6 @@ variable "variables" { nullable = false default = [] - - validation { - condition = alltrue([ - for variable in var.variables : contains(["env", "terraform"], variable.category) - ]) - - error_message = "Invalid variable category. Valid values are terraform or env." - } } variable "workspaces" {