Terraform
This Driver runs Terraform to provision resources. The Terraform definition can be provided in-line or reference a Terraform module in a Git repository.
Property
| Property | Description |
|---|---|
| Resource Type | Any |
| Account Type | None |
Inputs
Values
| Name | Type | Description |
|---|---|---|
files |
object | [Optional] A Map of filenames to their content to create in the directory before terraform is executed. |
source |
object | [Optional] A Git repository to use for the Terraform definition. |
script |
string | [Optional] An inline terraform definition in HCL format. If specified with source, it works as override.tf |
variables |
object | A Map of variable names that are used as inputs to the Terraform definition and their values. |
At least one of source or script must be specified.
Source object
The source object defines how the Driver will use Terraform definitions that are stored in Git. In order for the Driver to use the source based Terraform definitions, the repository must be accessible to the Driver and credentials must be supplied if necessary.
| Property | Type | Description |
|---|---|---|
path |
string | [Optional] Relative path to the scripts: path/to/scripts. |
rev |
string | [Optional] Branch name, tag, or commit SHAFor example, /refs/heads/main |
url |
object | Repository URLFor example, github.com:my-org/project.git for SSH or https://github.com/my-org/project.git for HTTPS. |
username |
object | [Optional] User Name to authenticate. Default is git. |
Secrets
| Name | Type | Description |
|---|---|---|
files |
object | [Optional] A Map of filenames to their content to create in the directory before terraform is executed. |
source |
object | [Optional] Credentials for the git repo. |
variables |
object | A Map of variable names that are used as sensitive inputs to the Terraform definition. |
Source object
Credentials to be used to access the git repository. The choice of credentials depends on the url format.
| Property | Type | Description |
|---|---|---|
password |
string | [Optional] Password or Personal Account Token - for HTTPS. |
ssh_key |
string | [Optional] SSH Private key - for connections over SSH. |
Notes
Interaction with Humanitec Resources
Resource Types in Humanitec have a specified Resource Output Schema. In order for a resource to be usable in Humanitec, the Terraform definition must specify output variables that exactly match this schema.
For example, the s3 resource type has the following output schema:
| Name | Type | Description |
|---|---|---|
aws_access_key_id |
string, secret | [Optional] Credentials for the git repo. |
aws_secret_access_key |
string, secret | A Map of variable names that are used as sensitive inputs to the Terraform definition. |
bucket |
string | The bucket name. |
region |
string | The region the bucket is hosted in. |
Therefore, the Terraform definition should have outputs defined similar to:
output "region" {
value = module.aws_s3.s3_bucket_region
}
output "bucket" {
value = module.aws_s3.s3_bucket_bucket_domain_name
}
output "aws_access_key_id" {
value = var.credentials.access_key
sensitive = true
}
output "aws_secret_access_key" {
value = var.credentials.secret_key
sensitive = true
}
Example
Here is an example of using the Terraform Driver to provision an S3 bucket using a public git repository:
curl "https://api.humanitec.io/orgs/${HUMANITEC_ORG}/resources/defs" \
-H "Authorization: Bearer ${HUMANITEC_TOKEN}" \
-H "Content-Type: application/json" \
--data-binary '{
"id": "s3-terraform",
"name": "s3-terraform",
"type": "s3",
"driver_type": "angus-demo/terraform",
"driver_inputs": {
"values": {
"files": {
"example.txt": "Hello world!"
},
"source": {
"path": "s3",
"rev": "refs/heads/main",
"url": "https://github.com/chrishumanitec/terraform-demo.git"
},
"variables": {
"bucket": "humanitec-terraform-demo-${context.app.id}-${context.env.id}",
"region": "eu-west-3"
}
},
"secrets": {
"variables": {
"credentials": {
"access_key": "...",
"secret_key": "..."
}
}
}
},
"criteria": [
{"env_type":"test-envs"}
]
}'