Try SpotterCreate, update, and destroy Terraform workspaces
| "added in version" 0.1.0 of esp.terraform"
Authors: Krzysztof Lewandowski (@klewan)
Install with ansible-galaxy collection install esp.terraform:==0.1.0
collections:
- name: esp.terraform
version: 0.1.0Creates, updates or removes Terraform workspaces.
Workspaces represent running infrastructure managed by Terraform.
- name: Create a Workspace
esp.terraform.tfe_workspace:
url: 'https://terraform.example.com'
token: '{{ token }}'
organization: foo
attributes:
"name": my-workspace
"auto-apply": true
"vcs-repo":
"oauth-token-id": ot-afSmwHZXwLDY1wSs
"identifier": "PROJECT/terraform-project-repo"
"branch": ""
"ingress-submodules": false
"source-name": Ansible
state: present
validate_certs: no
- name: Edit a workspace
esp.terraform.tfe_workspace:
url: 'https://terraform.example.com'
token: '{{ token }}'
organization: foo
workspace: my-workspace
attributes:
"name": new-workspace-name
"auto-apply": false
"working-directory": "/tfe"
state: present
validate_certs: no
- name: Edit and lock a workspace
esp.terraform.tfe_workspace:
url: 'https://terraform.example.com'
token: '{{ token }}'
organization: foo
workspace: my-workspace
attributes:
"auto-apply": false
locked: true
lock_reason: Prevent Terraform runs
state: present
validate_certs: no
- name: Unlock a workspace
esp.terraform.tfe_workspace:
url: 'https://terraform.example.com'
token: '{{ token }}'
organization: foo
workspace: my-workspace
locked: false
state: present
validate_certs: no
- name: Assign an SSH key to a workspace
esp.terraform.tfe_workspace:
url: 'https://terraform.example.com'
token: '{{ token }}'
organization: foo
workspace: my-workspace
ssh_key: my-ssh-key
#ssh_key: sshkey-1nXFmNCq38FDyUqo
state: present
validate_certs: no
- name: Unassign an SSH key from a workspace
esp.terraform.tfe_workspace:
url: 'https://terraform.example.com'
token: '{{ token }}'
organization: foo
workspace: my-workspace
ssh_key: ''
state: present
validate_certs: no
- name: Delete a workspace
esp.terraform.tfe_workspace:
url: 'https://terraform.example.com'
token: '{{ token }}'
organization: foo
workspace: my-workspace
state: absent
validate_certs: no
url:
description:
- Terraform Enterprise URL.
required: false
type: str
sleep:
default: 5
description:
- Number of seconds to sleep between API retries.
type: int
state:
choices:
- absent
- present
default: present
description:
- Whether the workspace should exist or not.
required: true
type: str
token:
description:
- All requests to Terraform Enterprise must be authenticated with a bearer token.
- There are three kinds of token available, i.e. user tokens, team tokens and organization
tokens.
- See L(Authentication,https://www.terraform.io/docs/cloud/api/index.html#authentication).
required: true
type: str
locked:
description:
- C(true) locks the workspace. Optionally, you may provide C(lock_reason).
- C(false) unlocks the workspace.
required: false
type: bool
retries:
default: 3
description:
- Number of retries to call Terraform API URL before failure.
type: int
ssh_key:
description:
- The SSH key to assign to the workspace.
- The SSH key may be referred either by its ID or its name.
- Empty string C("") unassigns the currently assigned SSH key from the workspace.
required: false
type: str
use_proxy:
default: true
description:
- If C(no), it will not use a proxy, even if one is defined in an environment variable
on the target hosts.
type: bool
workspace:
description:
- The workspace to edit or remove.
- The workspace may be referred either by its id or its name.
required: false
type: str
attributes:
description:
- Definition of the workspace properties.
- Required when C(state=present).
required: false
suboptions:
agent-pool-id:
description:
- Required when C(execution-mode=agent). The ID of the agent pool belonging to
the workspace's organization.
- This value must not be specified if C(execution-mode=remote) or C(execution-mode=local)
or if C(operations=true).
required: false
type: str
allow-destroy-plan:
default: true
description:
- Whether destroy plans can be queued on the workspace.
required: false
type: bool
auto-apply:
default: false
description:
- Whether to automatically apply changes when a Terraform plan is successful.
required: false
type: bool
description:
description:
- A description for the workspace.
required: false
type: str
execution-mode:
default: remote
description:
- Which execution mode to use. Valid values are C(remote), C(local), and C(agent).
- When set to C(local), the workspace will be used for state storage only.
- This value must not be specified if C(operations) is specified.
required: false
type: str
file-triggers-enabled:
default: true
description:
- Whether to filter runs based on the changed files in a VCS push.
- If enabled, the C(working-directory) and C(trigger-prefixes) describe a set
of paths which must contain changes for a VCS push to trigger a run.
- If disabled, any push will trigger a run.
required: false
type: bool
global-remote-state:
default: false
description:
- Whether the workspace should allow all workspaces in the organization to access
its state data during runs.
- If C(false), then only specifically approved workspaces can access its state.
required: false
type: bool
name:
description:
- The name of the workspace, which can only include letters, numbers, -, and _.
- This will be used as an identifier and must be unique in the organization.
required: true
type: str
queue-all-runs:
default: false
description:
- Whether runs should be queued immediately after workspace creation.
- When set to C(false), runs triggered by a VCS change will not be queued until
at least one run is manually queued.
required: false
type: bool
source-name:
description:
- A friendly name for the application or client creating this workspace.
- If set, this will be displayed on the workspace as "Created via C(source-name)".
required: false
type: str
source-url:
description:
- A URL for the application or client creating this workspace.
- This can be the URL of a related resource in another app, or a link to documentation
or other info about the client.
required: false
type: str
speculative-enabled:
default: true
description:
- Whether this workspace allows automatic speculative plans.
- Setting this to false prevents Terraform Cloud from running plans on pull requests,
- which can improve security if the VCS repository is public or includes untrusted
contributors.
- It doesn't prevent manual speculative plans via the remote backend or the runs
API.
required: false
type: bool
terraform-version:
description:
- The version of Terraform to use for this workspace.
- Upon creating a workspace, the latest version is selected unless otherwise specified.
required: false
type: str
trigger-prefixes:
description:
- List of repository-root-relative paths which should be tracked for changes,
in addition to the working directory.
required: false
type: list
vcs-repo:
description:
- Settings for the workspace's VCS repository.
- If omitted, the workspace is created without a VCS repo.
- If included, you must specify at least the C(oauth-token-id) and C(identifier)
keys below.
required: false
suboptions:
branch:
description:
- The repository branch that Terraform will execute from.
- If omitted or submitted as an empty string, this defaults to the repository's
default branch.
required: false
type: str
identifier:
description:
- A reference to your VCS repository in the format :org/:repo where :org and
:repo refer to the organization and repository in your VCS provider.
required: false
type: str
ingress-submodules:
default: false
description:
- Whether submodules should be fetched when cloning the VCS repository.
required: false
type: bool
oauth-token-id:
description:
- The VCS Connection (OAuth Connection + Token) to use.
required: true
type: str
type: dict
working-directory:
description:
- A relative path that Terraform will execute within.
- This defaults to the root of your repository and is typically set to a subdirectory
matching the environment
- when multiple environments exist within the same repository.
required: false
type: str
type: dict
lock_reason:
description:
- The reason for locking the workspace.
- Can only be specified together with C(locked=true).
required: false
type: str
organization:
description:
- Organization name.
required: true
type: str
validate_certs:
default: true
description:
- If C(no), SSL certificates will not be validated.
- This should only set to C(no) used on personally controlled sites using self-signed
certificates.
type: bool
json:
contains:
data:
description: Details on workspace.
returned: success
sample:
attributes:
actions:
is-destroyable: true
allow-destroy-plan: true
auto-apply: false
auto-destroy-at: null
created-at: '2021-05-14T19:42:38.472000+00:00'
description: null
environment: default
execution-mode: remote
file-triggers-enabled: true
global-remote-state: true
latest-change-at: '2021-05-14T19:42:38.472000+00:00'
locked: false
name: my-workspace
operations: true
permissions:
can-create-state-versions: true
can-destroy: true
can-force-unlock: true
can-lock: true
can-queue-apply: true
can-queue-destroy: true
can-queue-run: true
can-read-settings: true
can-read-state-versions: true
can-read-variable: true
can-unlock: true
can-update: true
can-update-variable: true
queue-all-runs: false
source: tfe-api
source-name: null
source-url: null
speculative-enabled: true
terraform-version: 0.15.1
trigger-prefixes: []
vcs-repo:
branch: null
display-identifier: PROJECT/terraform-project-repo
identifier: PROJECT/terraform-project-repo
ingress-submodules: false
oauth-token-id: ot-afSmwHZXwLDY1wSs
repository-http-url: null
service-provider: bitbucket_server
vcs-repo-identifier: PROJECT/terraform-project-repo
working-directory: null
id: ws-u6asykQpV8EKthKw
links:
self: /api/v2/organizations/foo/workspaces/my-workspace
relationships:
current-configuration-version:
data:
id: cv-wM6HoLCzt67LPk7p
type: configuration-versions
links:
related: /api/v2/configuration-versions/cv-wM6HoLCzt67LPk7p
current-run:
data: null
current-state-version:
data: null
latest-run:
data: null
organization:
data:
id: foo
type: organizations
remote-state-consumers:
links:
related: /api/v2/workspaces/ws-u6asykQpV8EKthKw/relationships/remote-state-consumers
type: workspaces
type: dict
description: Details on workspace.
returned: success
type: dict
state:
description: Workspace state
returned: always
sample: present
type: str