Skip to content

Instantly share code, notes, and snippets.

@WhatsARanjit
Created December 18, 2018 01:29
Show Gist options
  • Save WhatsARanjit/046a28ddfb9faaaa0421df02f1d59d4f to your computer and use it in GitHub Desktop.
Save WhatsARanjit/046a28ddfb9faaaa0421df02f1d59d4f to your computer and use it in GitHub Desktop.
TFE remote enhanced backend
# Random number generator
resource "random_id" "random" {
keepers {
uuid = "${uuid()}"
}
byte_length = 8
}
# Dummy resource with attributes
resource "null_resource" "Bret" {
provisioner "local-exec" {
command = "echo '${random_id.random.dec}'"
}
}
# Output random number
output "random_number" {
value = "${random_id.random.dec}"
}
# PLAN
➜ remote_backend git:(master) ✗ terraform plan
Running plan in the remote backend. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.
To view this run in a browser, visit:
https://app.terraform.io/app/hashijit/remote_backend/runs/run-BCGsYESFxtJ4SoYh
Waiting for the plan to start...
Terraform v0.11.11
Configuring remote state backend...
Initializing Terraform configuration...
2018/12/18 01:18:23 [DEBUG] Using modified User-Agent: Terraform/0.11.11 TFE/ff12238
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
random_id.random: Refreshing state... (ID: OREDip-vtdM)
null_resource.Bret: Refreshing state... (ID: 5063232700454766390)
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement
Terraform will perform the following actions:
-/+ random_id.random (new resource required)
id: "OREDip-vtdM" => <computed> (forces new resource)
b64: "OREDip-vtdM" => <computed>
b64_std: "OREDip+vtdM=" => <computed>
b64_url: "OREDip-vtdM" => <computed>
byte_length: "8" => "8"
dec: "4112071828685436371" => <computed>
hex: "3911038a9fafb5d3" => <computed>
keepers.%: "1" => "1"
keepers.uuid: "99140c95-e9a5-6c10-b529-143fdd0a0f13" => "a00e6817-0fb4-f7cf-45f5-67d614a824e8" (forces new resource)
Plan: 1 to add, 0 to change, 1 to destroy.
------------------------------------------------------------------------
Organization policy check:
Sentinel Result: true
This result means that Sentinel policies returned true and the protected
behavior is allowed by Sentinel policies.
6 policies evaluated.
## Policy 1: vmware-restrict-vm-disk-size.sentinel (soft-mandatory)
Result: true
TRUE - vmware-restrict-vm-disk-size.sentinel:24:1 - Rule "main"
TRUE - vmware-restrict-vm-disk-size.sentinel:15:3 - all vms as _, instances {
all instances as index, r {
all r.applied.disk as disk {
disk.size < 100
}
}
}
TRUE - vmware-restrict-vm-disk-size.sentinel:14:1 - Rule "disk_size_limit"
## Policy 2: gcp-restrict-machine-type.sentinel (soft-mandatory)
Result: true
TRUE - gcp-restrict-machine-type.sentinel:27:1 - Rule "main"
TRUE - gcp-restrict-machine-type.sentinel:20:5 - all vms as _, instances {
all instances as index, r {
r.applied.machine_type in allowed_machine_types
}
}
TRUE - gcp-restrict-machine-type.sentinel:19:1 - Rule "machine_type_allowed"
## Policy 3: aws-restrict-instance-type.sentinel (soft-mandatory)
Result: true
TRUE - aws-restrict-instance-type.sentinel:32:1 - Rule "main"
TRUE - aws-restrict-instance-type.sentinel:24:5 - all aws_instances as _, instances {
all instances as index, r {
r.applied.instance_type in allowed_types
}
}
TRUE - aws-restrict-instance-type.sentinel:23:1 - Rule "instance_type_allowed"
## Policy 4: aws-restrict-s3-buckets.sentinel (hard-mandatory)
Result: true
TRUE - aws-restrict-s3-buckets.sentinel:20:1 - Rule "main"
TRUE - aws-restrict-s3-buckets.sentinel:16:3 - length(s3_buckets) < 1
TRUE - aws-restrict-s3-buckets.sentinel:15:1 - Rule "no_s3"
## Policy 5: azure-restrict-vm-size.sentinel (soft-mandatory)
Result: true
TRUE - azure-restrict-vm-size.sentinel:38:1 - Rule "main"
TRUE - azure-restrict-vm-size.sentinel:31:5 - all vms as _, instances {
all instances as index, r {
r.applied.vm_size in allowed_vm_sizes
}
}
TRUE - azure-restrict-vm-size.sentinel:30:1 - Rule "vm_size_allowed"
## Policy 6: aws-restrict-cidr-blocks.sentinel (hard-mandatory)
Result: true
TRUE - aws-restrict-cidr-blocks.sentinel:7:1 - Rule "main"
# APPLY
➜ remote_backend git:(master) ✗ terraform apply
Running apply in the remote backend. Output will stream here. Pressing Ctrl-C
will cancel the remote apply if its still pending. If the apply started it
will stop streaming the logs, but will not stop the apply running remotely.
To view this run in a browser, visit:
https://app.terraform.io/app/hashijit/remote_backend/runs/run-n2LzitYMgHAG9rAT
Waiting for the plan to start...
Terraform v0.11.11
Configuring remote state backend...
Initializing Terraform configuration...
2018/12/18 01:20:30 [DEBUG] Using modified User-Agent: Terraform/0.11.11 TFE/ff12238
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
random_id.random: Refreshing state... (ID: OREDip-vtdM)
null_resource.Bret: Refreshing state... (ID: 5063232700454766390)
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement
Terraform will perform the following actions:
-/+ random_id.random (new resource required)
id: "OREDip-vtdM" => <computed> (forces new resource)
b64: "OREDip-vtdM" => <computed>
b64_std: "OREDip+vtdM=" => <computed>
b64_url: "OREDip-vtdM" => <computed>
byte_length: "8" => "8"
dec: "4112071828685436371" => <computed>
hex: "3911038a9fafb5d3" => <computed>
keepers.%: "1" => "1"
keepers.uuid: "99140c95-e9a5-6c10-b529-143fdd0a0f13" => "5c84a628-2a6d-927c-9954-c418ce3626fa" (forces new resource)
Plan: 1 to add, 0 to change, 1 to destroy.
------------------------------------------------------------------------
Organization policy check:
Sentinel Result: true
This result means that Sentinel policies returned true and the protected
behavior is allowed by Sentinel policies.
6 policies evaluated.
## Policy 1: vmware-restrict-vm-disk-size.sentinel (soft-mandatory)
Result: true
TRUE - vmware-restrict-vm-disk-size.sentinel:24:1 - Rule "main"
TRUE - vmware-restrict-vm-disk-size.sentinel:15:3 - all vms as _, instances {
all instances as index, r {
all r.applied.disk as disk {
disk.size < 100
}
}
}
TRUE - vmware-restrict-vm-disk-size.sentinel:14:1 - Rule "disk_size_limit"
## Policy 2: gcp-restrict-machine-type.sentinel (soft-mandatory)
Result: true
TRUE - gcp-restrict-machine-type.sentinel:27:1 - Rule "main"
TRUE - gcp-restrict-machine-type.sentinel:20:5 - all vms as _, instances {
all instances as index, r {
r.applied.machine_type in allowed_machine_types
}
}
TRUE - gcp-restrict-machine-type.sentinel:19:1 - Rule "machine_type_allowed"
## Policy 3: aws-restrict-instance-type.sentinel (soft-mandatory)
Result: true
TRUE - aws-restrict-instance-type.sentinel:32:1 - Rule "main"
TRUE - aws-restrict-instance-type.sentinel:24:5 - all aws_instances as _, instances {
all instances as index, r {
r.applied.instance_type in allowed_types
}
}
TRUE - aws-restrict-instance-type.sentinel:23:1 - Rule "instance_type_allowed"
## Policy 4: aws-restrict-s3-buckets.sentinel (hard-mandatory)
Result: true
TRUE - aws-restrict-s3-buckets.sentinel:20:1 - Rule "main"
TRUE - aws-restrict-s3-buckets.sentinel:16:3 - length(s3_buckets) < 1
TRUE - aws-restrict-s3-buckets.sentinel:15:1 - Rule "no_s3"
## Policy 5: azure-restrict-vm-size.sentinel (soft-mandatory)
Result: true
TRUE - azure-restrict-vm-size.sentinel:38:1 - Rule "main"
TRUE - azure-restrict-vm-size.sentinel:31:5 - all vms as _, instances {
all instances as index, r {
r.applied.vm_size in allowed_vm_sizes
}
}
TRUE - azure-restrict-vm-size.sentinel:30:1 - Rule "vm_size_allowed"
## Policy 6: aws-restrict-cidr-blocks.sentinel (hard-mandatory)
Result: true
TRUE - aws-restrict-cidr-blocks.sentinel:7:1 - Rule "main"
------------------------------------------------------------------------
Do you want to perform these actions in workspace "remote_backend"?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
2018/12/18 01:20:49 [DEBUG] Using modified User-Agent: Terraform/0.11.11 TFE/ff12238
random_id.random: Destroying... (ID: OREDip-vtdM)
random_id.random: Destruction complete after 0s
random_id.random: Creating...
b64: "" => "<computed>"
b64_std: "" => "<computed>"
b64_url: "" => "<computed>"
byte_length: "" => "8"
dec: "" => "<computed>"
hex: "" => "<computed>"
keepers.%: "" => "1"
keepers.uuid: "" => "863fb81b-ae70-4873-df37-903406d9b727"
random_id.random: Creation complete after 0s (ID: 8wwHd1FXzTQ)
Apply complete! Resources: 1 added, 0 changed, 1 destroyed.
Outputs:
random_number = 17513381259984227636
# OUTPUT
➜ remote_backend git:(master) ✗ terraform output -json
{
"random_number": {
"sensitive": false,
"type": "string",
"value": "17513381259984227636"
}
}
terraform {
backend "remote" {
hostname = "app.terraform.io"
organization = "hashijit"
workspaces {
name = "remote_backend"
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment