terraform for harness ff demo env

ff.tf

terraform {
  required_providers {
    harness = {
      source = "harness/harness"
    }
  }
}

data "harness_platform_current_account" "this" {}

data "harness_platform_organization" "this" {
  identifier = "default"
}

resource "harness_platform_project" "this" {
  org_id = data.harness_platform_organization.this.id

  identifier = "ff_demo"
  name       = "ff_demo"
}

resource "harness_platform_environment" "demo" {
  org_id     = data.harness_platform_organization.this.id
  project_id = harness_platform_project.this.id

  identifier = "demo"
  name       = "demo"
  type       = "PreProduction"
}

resource "harness_platform_environment" "not_demo" {
  org_id     = data.harness_platform_organization.this.id
  project_id = harness_platform_project.this.id

  identifier = "not_demo"
  name       = "not_demo"
  type       = "PreProduction"
}

resource "harness_platform_ff_api_key" "demo" {
  org_id     = data.harness_platform_organization.this.id
  project_id = harness_platform_project.this.id

  identifier = "demo"
  name       = "demo"

  env_id = harness_platform_environment.demo.id

  type = "Client"
}

resource "harness_platform_secret_text" "demo" {
  org_id     = data.harness_platform_organization.this.id
  project_id = harness_platform_project.this.id

  identifier = "demo"
  name       = "demo"

  secret_manager_identifier = "harnessSecretManager"
  value_type                = "Inline"
  value                     = harness_platform_ff_api_key.demo.api_key
}

resource "harness_platform_feature_flag" "one" {
  org_id     = data.harness_platform_organization.this.id
  project_id = harness_platform_project.this.id

  kind       = "boolean"
  name       = "one"
  identifier = "one"
  permanent  = false

  default_on_variation  = "Enabled"
  default_off_variation = "Disabled"

  variation {
    identifier  = "Enabled"
    name        = "Enabled"
    description = "The feature is enabled"
    value       = "true"
  }

  variation {
    identifier  = "Disabled"
    name        = "Disabled"
    description = "The feature is disabled"
    value       = "false"
  }

  tags {
    identifier = "purpose"
    name       = "demo"
  }
}

resource "harness_platform_feature_flag_target" "demo" {
  account_id = data.harness_platform_current_account.this.id
  org_id     = data.harness_platform_organization.this.id
  project_id = harness_platform_project.this.id

  identifier = "demo"
  name       = "demo"

  environment = harness_platform_environment.demo.id

  attributes = {
    location : "demo"
  }
}

resource "harness_platform_feature_flag_target_group" "demo" {
  account_id = data.harness_platform_current_account.this.id
  org_id     = data.harness_platform_organization.this.id
  project_id = harness_platform_project.this.id

  identifier = "demo"
  name       = "demo"

  environment = harness_platform_environment.demo.id

  rule {
    attribute = "location"
    op        = "equal"
    values = [
      "demo"
    ]
  }
}

resource "harness_platform_policy" "ff_name" {
  org_id     = data.harness_platform_organization.this.id
  project_id = harness_platform_project.this.id

  identifier = "ff_name"
  name       = "ff_name"
  rego       = <<-REGO
package feature_flags

deny[msg] {
	not regex.match("[FF][-][1-9][0-9]?", input.flag.name)
	msg := sprintf("Flag name '%s' doesn't follow allowed format", [input.flag.name])
}
REGO
}

resource "harness_platform_policy" "ff_type" {
  org_id     = data.harness_platform_organization.this.id
  project_id = harness_platform_project.this.id

  identifier = "ff_type"
  name       = "ff_type"
  rego       = <<-REGO
package feature_flags

deny[msg] {
	input.flag.kind != "boolean"
	msg := sprintf(`Flag '%s' isn't of type "boolean"`, [input.flag.name])
}
REGO
}

resource "harness_platform_policy" "ff_default" {
  org_id     = data.harness_platform_organization.this.id
  project_id = harness_platform_project.this.id

  identifier = "ff_default"
  name       = "ff_default"
  rego       = <<-REGO
package feature_flags

deny[msg] {
	input.flag.defaultOnVariation != "false"
	msg := sprintf("Flag '%s' does not have default 'on' value of false", [input.flag.name])
}

deny[msg] {
	input.flag.defaultOffVariation != "false"
	msg := sprintf("Flag '%s' does not have default 'off' value of false", [input.flag.name])
}
REGO
}

resource "harness_platform_policyset" "demo" {
  org_id     = data.harness_platform_organization.this.id
  project_id = harness_platform_project.this.id

  identifier = "demo"
  name       = "demo"
  action     = "onsave"
  type       = "flag"
  enabled    = true

  dynamic "policies" {
    for_each = [
      harness_platform_policy.ff_name,
      harness_platform_policy.ff_type,
      harness_platform_policy.ff_default
    ]

    content {
      identifier = policies.value.id
      severity   = "warning"
    }
  }

}

resource "harness_platform_pipeline" "demo" {
  org_id     = data.harness_platform_organization.this.id
  project_id = harness_platform_project.this.id

  identifier = "demo"
  name       = "demo"

  yaml = <<-EOT
pipeline:
  name: demo
  identifier: demo
  orgIdentifier: ${data.harness_platform_organization.this.id}
  projectIdentifier: ${harness_platform_project.this.id}
  tags: {}
  stages:
    - stage:
        name: toggle
        identifier: toggle
        description: ""
        type: FeatureFlag
        spec:
          execution:
            steps:
              - step:
                  type: FlagConfiguration
                  name: toggle
                  identifier: toggle
                  spec:
                    feature: <+input>
                    environment: <+input>
                    instructions: <+input>
                  timeout: 10m

EOT
}