Created
December 18, 2018 01:29
-
-
Save WhatsARanjit/046a28ddfb9faaaa0421df02f1d59d4f to your computer and use it in GitHub Desktop.
TFE remote enhanced backend
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Random number generator | |
resource "random_id" "random" { | |
keepers { | |
uuid = "${uuid()}" | |
} | |
byte_length = 8 | |
} | |
# Dummy resource with attributes | |
resource "null_resource" "Bret" { | |
provisioner "local-exec" { | |
command = "echo '${random_id.random.dec}'" | |
} | |
} | |
# Output random number | |
output "random_number" { | |
value = "${random_id.random.dec}" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# PLAN | |
➜ remote_backend git:(master) ✗ terraform plan | |
Running plan in the remote backend. Output will stream here. Pressing Ctrl-C | |
will stop streaming the logs, but will not stop the plan running remotely. | |
To view this run in a browser, visit: | |
https://app.terraform.io/app/hashijit/remote_backend/runs/run-BCGsYESFxtJ4SoYh | |
Waiting for the plan to start... | |
Terraform v0.11.11 | |
Configuring remote state backend... | |
Initializing Terraform configuration... | |
2018/12/18 01:18:23 [DEBUG] Using modified User-Agent: Terraform/0.11.11 TFE/ff12238 | |
Refreshing Terraform state in-memory prior to plan... | |
The refreshed state will be used to calculate this plan, but will not be | |
persisted to local or remote state storage. | |
random_id.random: Refreshing state... (ID: OREDip-vtdM) | |
null_resource.Bret: Refreshing state... (ID: 5063232700454766390) | |
------------------------------------------------------------------------ | |
An execution plan has been generated and is shown below. | |
Resource actions are indicated with the following symbols: | |
-/+ destroy and then create replacement | |
Terraform will perform the following actions: | |
-/+ random_id.random (new resource required) | |
id: "OREDip-vtdM" => <computed> (forces new resource) | |
b64: "OREDip-vtdM" => <computed> | |
b64_std: "OREDip+vtdM=" => <computed> | |
b64_url: "OREDip-vtdM" => <computed> | |
byte_length: "8" => "8" | |
dec: "4112071828685436371" => <computed> | |
hex: "3911038a9fafb5d3" => <computed> | |
keepers.%: "1" => "1" | |
keepers.uuid: "99140c95-e9a5-6c10-b529-143fdd0a0f13" => "a00e6817-0fb4-f7cf-45f5-67d614a824e8" (forces new resource) | |
Plan: 1 to add, 0 to change, 1 to destroy. | |
------------------------------------------------------------------------ | |
Organization policy check: | |
Sentinel Result: true | |
This result means that Sentinel policies returned true and the protected | |
behavior is allowed by Sentinel policies. | |
6 policies evaluated. | |
## Policy 1: vmware-restrict-vm-disk-size.sentinel (soft-mandatory) | |
Result: true | |
TRUE - vmware-restrict-vm-disk-size.sentinel:24:1 - Rule "main" | |
TRUE - vmware-restrict-vm-disk-size.sentinel:15:3 - all vms as _, instances { | |
all instances as index, r { | |
all r.applied.disk as disk { | |
disk.size < 100 | |
} | |
} | |
} | |
TRUE - vmware-restrict-vm-disk-size.sentinel:14:1 - Rule "disk_size_limit" | |
## Policy 2: gcp-restrict-machine-type.sentinel (soft-mandatory) | |
Result: true | |
TRUE - gcp-restrict-machine-type.sentinel:27:1 - Rule "main" | |
TRUE - gcp-restrict-machine-type.sentinel:20:5 - all vms as _, instances { | |
all instances as index, r { | |
r.applied.machine_type in allowed_machine_types | |
} | |
} | |
TRUE - gcp-restrict-machine-type.sentinel:19:1 - Rule "machine_type_allowed" | |
## Policy 3: aws-restrict-instance-type.sentinel (soft-mandatory) | |
Result: true | |
TRUE - aws-restrict-instance-type.sentinel:32:1 - Rule "main" | |
TRUE - aws-restrict-instance-type.sentinel:24:5 - all aws_instances as _, instances { | |
all instances as index, r { | |
r.applied.instance_type in allowed_types | |
} | |
} | |
TRUE - aws-restrict-instance-type.sentinel:23:1 - Rule "instance_type_allowed" | |
## Policy 4: aws-restrict-s3-buckets.sentinel (hard-mandatory) | |
Result: true | |
TRUE - aws-restrict-s3-buckets.sentinel:20:1 - Rule "main" | |
TRUE - aws-restrict-s3-buckets.sentinel:16:3 - length(s3_buckets) < 1 | |
TRUE - aws-restrict-s3-buckets.sentinel:15:1 - Rule "no_s3" | |
## Policy 5: azure-restrict-vm-size.sentinel (soft-mandatory) | |
Result: true | |
TRUE - azure-restrict-vm-size.sentinel:38:1 - Rule "main" | |
TRUE - azure-restrict-vm-size.sentinel:31:5 - all vms as _, instances { | |
all instances as index, r { | |
r.applied.vm_size in allowed_vm_sizes | |
} | |
} | |
TRUE - azure-restrict-vm-size.sentinel:30:1 - Rule "vm_size_allowed" | |
## Policy 6: aws-restrict-cidr-blocks.sentinel (hard-mandatory) | |
Result: true | |
TRUE - aws-restrict-cidr-blocks.sentinel:7:1 - Rule "main" | |
# APPLY | |
➜ remote_backend git:(master) ✗ terraform apply | |
Running apply in the remote backend. Output will stream here. Pressing Ctrl-C | |
will cancel the remote apply if its still pending. If the apply started it | |
will stop streaming the logs, but will not stop the apply running remotely. | |
To view this run in a browser, visit: | |
https://app.terraform.io/app/hashijit/remote_backend/runs/run-n2LzitYMgHAG9rAT | |
Waiting for the plan to start... | |
Terraform v0.11.11 | |
Configuring remote state backend... | |
Initializing Terraform configuration... | |
2018/12/18 01:20:30 [DEBUG] Using modified User-Agent: Terraform/0.11.11 TFE/ff12238 | |
Refreshing Terraform state in-memory prior to plan... | |
The refreshed state will be used to calculate this plan, but will not be | |
persisted to local or remote state storage. | |
random_id.random: Refreshing state... (ID: OREDip-vtdM) | |
null_resource.Bret: Refreshing state... (ID: 5063232700454766390) | |
------------------------------------------------------------------------ | |
An execution plan has been generated and is shown below. | |
Resource actions are indicated with the following symbols: | |
-/+ destroy and then create replacement | |
Terraform will perform the following actions: | |
-/+ random_id.random (new resource required) | |
id: "OREDip-vtdM" => <computed> (forces new resource) | |
b64: "OREDip-vtdM" => <computed> | |
b64_std: "OREDip+vtdM=" => <computed> | |
b64_url: "OREDip-vtdM" => <computed> | |
byte_length: "8" => "8" | |
dec: "4112071828685436371" => <computed> | |
hex: "3911038a9fafb5d3" => <computed> | |
keepers.%: "1" => "1" | |
keepers.uuid: "99140c95-e9a5-6c10-b529-143fdd0a0f13" => "5c84a628-2a6d-927c-9954-c418ce3626fa" (forces new resource) | |
Plan: 1 to add, 0 to change, 1 to destroy. | |
------------------------------------------------------------------------ | |
Organization policy check: | |
Sentinel Result: true | |
This result means that Sentinel policies returned true and the protected | |
behavior is allowed by Sentinel policies. | |
6 policies evaluated. | |
## Policy 1: vmware-restrict-vm-disk-size.sentinel (soft-mandatory) | |
Result: true | |
TRUE - vmware-restrict-vm-disk-size.sentinel:24:1 - Rule "main" | |
TRUE - vmware-restrict-vm-disk-size.sentinel:15:3 - all vms as _, instances { | |
all instances as index, r { | |
all r.applied.disk as disk { | |
disk.size < 100 | |
} | |
} | |
} | |
TRUE - vmware-restrict-vm-disk-size.sentinel:14:1 - Rule "disk_size_limit" | |
## Policy 2: gcp-restrict-machine-type.sentinel (soft-mandatory) | |
Result: true | |
TRUE - gcp-restrict-machine-type.sentinel:27:1 - Rule "main" | |
TRUE - gcp-restrict-machine-type.sentinel:20:5 - all vms as _, instances { | |
all instances as index, r { | |
r.applied.machine_type in allowed_machine_types | |
} | |
} | |
TRUE - gcp-restrict-machine-type.sentinel:19:1 - Rule "machine_type_allowed" | |
## Policy 3: aws-restrict-instance-type.sentinel (soft-mandatory) | |
Result: true | |
TRUE - aws-restrict-instance-type.sentinel:32:1 - Rule "main" | |
TRUE - aws-restrict-instance-type.sentinel:24:5 - all aws_instances as _, instances { | |
all instances as index, r { | |
r.applied.instance_type in allowed_types | |
} | |
} | |
TRUE - aws-restrict-instance-type.sentinel:23:1 - Rule "instance_type_allowed" | |
## Policy 4: aws-restrict-s3-buckets.sentinel (hard-mandatory) | |
Result: true | |
TRUE - aws-restrict-s3-buckets.sentinel:20:1 - Rule "main" | |
TRUE - aws-restrict-s3-buckets.sentinel:16:3 - length(s3_buckets) < 1 | |
TRUE - aws-restrict-s3-buckets.sentinel:15:1 - Rule "no_s3" | |
## Policy 5: azure-restrict-vm-size.sentinel (soft-mandatory) | |
Result: true | |
TRUE - azure-restrict-vm-size.sentinel:38:1 - Rule "main" | |
TRUE - azure-restrict-vm-size.sentinel:31:5 - all vms as _, instances { | |
all instances as index, r { | |
r.applied.vm_size in allowed_vm_sizes | |
} | |
} | |
TRUE - azure-restrict-vm-size.sentinel:30:1 - Rule "vm_size_allowed" | |
## Policy 6: aws-restrict-cidr-blocks.sentinel (hard-mandatory) | |
Result: true | |
TRUE - aws-restrict-cidr-blocks.sentinel:7:1 - Rule "main" | |
------------------------------------------------------------------------ | |
Do you want to perform these actions in workspace "remote_backend"? | |
Terraform will perform the actions described above. | |
Only 'yes' will be accepted to approve. | |
Enter a value: yes | |
2018/12/18 01:20:49 [DEBUG] Using modified User-Agent: Terraform/0.11.11 TFE/ff12238 | |
random_id.random: Destroying... (ID: OREDip-vtdM) | |
random_id.random: Destruction complete after 0s | |
random_id.random: Creating... | |
b64: "" => "<computed>" | |
b64_std: "" => "<computed>" | |
b64_url: "" => "<computed>" | |
byte_length: "" => "8" | |
dec: "" => "<computed>" | |
hex: "" => "<computed>" | |
keepers.%: "" => "1" | |
keepers.uuid: "" => "863fb81b-ae70-4873-df37-903406d9b727" | |
random_id.random: Creation complete after 0s (ID: 8wwHd1FXzTQ) | |
Apply complete! Resources: 1 added, 0 changed, 1 destroyed. | |
Outputs: | |
random_number = 17513381259984227636 | |
# OUTPUT | |
➜ remote_backend git:(master) ✗ terraform output -json | |
{ | |
"random_number": { | |
"sensitive": false, | |
"type": "string", | |
"value": "17513381259984227636" | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
terraform { | |
backend "remote" { | |
hostname = "app.terraform.io" | |
organization = "hashijit" | |
workspaces { | |
name = "remote_backend" | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment