added automation-script

Author: rberlind

operations/automation-script/README.md

@@ -0,0 +1,48 @@
+# TFE Automation Script
+Script to automate interactions with Terraform Enterprise, including the creation of a workspace, uploading of Terraform code, setting of a variable, and triggering of plan and apply.
+
+## Introduction
+This script uses curl to interact with Terraform Enterprise via the Terraform Enterprise REST API. The same APIs could be used from Jenkins or other solutions to incorporate Terraform Enterprise into your CI/CD pipeline.
+
+The script does the following steps:
+1. Packages main.tf into the myconfig.tar.gz file.
+1. Creates the workspace.
+1. Creates a new configuration version.
+1. Uploads the myconfig.tar.gz file as a new configuration. (This last step triggers an initial run which will error because we have not yet set the name variable in the workspace.  That is OK.)
+1. Adds a variable called "name" to the workspace and sets it to the name you pass into the script as the first argument
+1. Starts a new run.
+1. Enters a loop to check the run results periodically.
+    - If $run_status is "policy_checked", it does an Apply. In this case, all Sentinel policies passed.
+    - If $run_status is "policy_override" and $override is "yes", it overrides the failed policy checks and does an Apply. In this case, one or more Sentinel policies failed, but they were marked "advisory" or "soft-mandatory" and the script was configured to override the failure.
+    - If $run_status is "policy_override" and $override is "no", it prints out a message indicating that some policies failed and are not being overridden.
+    - If $run_status is "errored", either the plan failed or a Sentinel policy marked "hard-mandatory" failed. The script terminates.
+
+Note that some json template files are included from which other json files are generated so that they can be passed to the curl commands.
+
+In addition to the loadAndRunWorkspace.sh script, this example includes the following files:
+
+1. config/main.tf: the file with some Terraform code that says "Hello" to the person whose name is given and generates a random number.
+1. workspace.template.json which is used to generate workspace.json which is used when creating the workspace.
+1. configversion.json which is used to generate a new configuration version.
+1. variable.template.json which is used to generate variable.json which is used when creating a variable called "name" in the workspace.
+1. run.template.json which is used to generate run.json which is used when triggering a run against the workspace.
+1. apply.json which is used when doing the apply against the workspace.
+
+## Preparation
+Do the following before using this script:
+
+1. `git clone https://github.com/hashicorp/terraform-guides.git`
+1. `cd operations/automation-script`
+
+## Instructions
+Follow these instructions to run the script:
+
+1. Run `./loadAndRunWorkspace.sh <name>` or `./loadAndRunWorkspace.sh <name> <override>` where \<name\> is any name (without spaces) and \<override\> is "yes" or "no". If you do not specify a value for \<override\>, the script will set it to "no".
+
+### Examples
+`./loadAndRunWorkspace Peter` (no override will be done)
+`./loadAndRunWorkspace Paul yes` (override will be done)
+`./loadAndRunWorkspace Mary no` (no override will be done)
+
+## Cleaning Up
+If you want to run the script again, delete the workspace from the Settings tab of the workspace in the TFE UI. You do not need to delete or touch any of the files in the directory containing the script and other files.

operations/automation-script/apply.json

@@ -0,0 +1 @@
+{"comment": "apply via API"}

operations/automation-script/config/main.tf

@@ -0,0 +1,17 @@
+variable "name" {
+}
+
+resource "random_id" "random" {
+  keepers {
+    uuid = "${uuid()}"
+  }
+  byte_length = 32
+}
+
+output "random" {
+  value = "${random_id.random.hex}"
+}
+
+output "hello_world" {
+  value = "Hello, ${var.name}"
+}

operations/automation-script/configversion.json

@@ -0,0 +1,5 @@
+{
+  "data": {
+    "type": "configuration-versions"
+  }
+}

operations/automation-script/loadAndRunWorkspace.sh

@@ -0,0 +1,116 @@
+#!/bin/bash
+
+# Make sure ATLAS_TOKEN environment variable is set
+# to owners team token for organization
+
+# Set PTFE address, organization, and workspace to create. You should edit these before running.
+address="roger-ptfe.hashidemos.io"
+organization="Solutions-Engineering"
+workspace="workspace-from-api"
+
+# You can change sleep duration if desired
+sleep_duration=15
+
+# name of person to set name variable to
+name=$1
+
+# Override soft-mandatory policy checks that fail
+# Set to "yes" or "no"
+# if not specified, then we set to "no"
+if [ ! -z $2 ]; then
+  override=$2
+else
+  override="no"
+fi
+
+# build myconfig.tar.gz
+cd config
+tar -cvf myconfig.tar .
+gzip myconfig.tar
+mv myconfig.tar.gz ../.
+cd ..
+
+#Set name of workspace in workspace.json
+sed "s/placeholder/$workspace/" < workspace.template.json > workspace.json
+
+workspace_result=$(curl --header "Authorization: Bearer $ATLAS_TOKEN" --header "Content-Type: application/vnd.api+json" --request POST --data @workspace.json "https://${address}/api/v2/organizations/${organization}/workspaces")
+
+# Parse workspace_id from workspace_result
+workspace_id=$(echo $workspace_result | python3 -c "import sys, json; print(json.load(sys.stdin)['data']['id'])")
+
+echo "Workspace ID: " $workspace_id
+
+# Create configuration versions
+configuration_version_result=$(curl --header "Authorization: Bearer $ATLAS_TOKEN" --header "Content-Type: application/vnd.api+json" --data @configversion.json "https://${address}/api/v2/workspaces/${workspace_id}/configuration-versions")
+
+# Parse configuration_version_id and upload_url
+config_version_id=$(echo $configuration_version_result | python3 -c "import sys, json; print(json.load(sys.stdin)['data']['id'])")
+upload_url=$(echo $configuration_version_result | python3 -c "import sys, json; print(json.load(sys.stdin)['data']['attributes']['upload-url'])")
+
+echo "Config Version ID: " $config_version_id
+echo "Upload URL: " $upload_url
+
+# Upload configuration
+curl --request PUT -F '[email protected]' "$upload_url"
+
+# Add name variable
+sed -e "s/my-name/$name/" -e "s/my-organization/$organization/" -e "s/my-workspace/$workspace/" < variable.template.json  > variable.json
+
+upload_variable_result=$(curl --header "Authorization: Bearer $ATLAS_TOKEN" --header "Content-Type: application/vnd.api+json" --data @variable.json "https://${address}/api/v2/vars?filter%5Borganization%5D%5Busername%5D=${organization}&filter%5Bworkspace%5D%5Bname%5D=${workspace}")
+
+# Do a run
+sed "s/workspace_id/$workspace_id/" < run.template.json  > run.json
+
+run_result=$(curl --header "Authorization: Bearer $ATLAS_TOKEN" --header "Content-Type: application/vnd.api+json" --data @run.json https://${address}/api/v2/runs)
+
+# Parse run run_result
+run_id=$(echo $run_result | python3 -c "import sys, json; print(json.load(sys.stdin)['data']['id'])")
+echo "Run ID: " $run_id
+
+# Check run run result
+continue=1
+while [ $continue -ne 0 ]; do
+  # Sleep a bit
+  sleep $sleep_duration
+  echo "Checking run status"
+
+  # Check the status
+  check_result=$(curl --header "Authorization: Bearer $ATLAS_TOKEN" --header "Content-Type: application/vnd.api+json" https://${address}/api/v2/runs/${run_id})
+
+  # Parse out the startus
+  run_status=$(echo $check_result | python3 -c "import sys, json; print(json.load(sys.stdin)['data']['attributes']['status'])")
+  echo "Run Status: " $run_status
+
+  # If status is "policy_checked" or "policy_override",
+  # then do Apply.  If "errored", exit loop.
+  # Anything else, continue loop
+  if [[ "$run_status" == "policy_checked" ]] ; then
+    continue=0
+    # Do the apply
+    echo "Policies passed. Doing Apply"
+    apply_result=$(curl --header "Authorization: Bearer $ATLAS_TOKEN" --header "Content-Type: application/vnd.api+json" --data @apply.json https://${address}/api/v2/runs/${run_id}/actions/apply)
+  elif [[ "$run_status" == "policy_override" ]] && [[ "$override" == "yes" ]]; then
+    continue=0
+    echo "Some policies failed, but will override"
+    # Get the policy check ID
+    echo "Getting policy check ID"
+    policy_result=$(curl --header "Authorization: Bearer $ATLAS_TOKEN" https://${address}/api/v2/runs/${run_id}/policy-checks)
+    # Parse out the policy check ID
+    policy_check_id=$(echo $policy_result | python3 -c "import sys, json; print(json.load(sys.stdin)['data'][0]['id'])")
+    echo "Policy Check ID: " $policy_check_id
+    # Override policy
+    echo "Overriding policy check"
+    override_result=$(curl --header "Authorization: Bearer $ATLAS_TOKEN" --header "Content-Type: application/vnd.api+json" --request POST https://${address}/api/v2/policy-checks/${policy_check_id}/actions/override)
+    # Do the apply
+    echo "Doing Apply"
+    apply_result=$(curl --header "Authorization: Bearer $ATLAS_TOKEN" --header "Content-Type: application/vnd.api+json" --data @apply.json https://${address}/api/v2/runs/${run_id}/actions/apply)
+  elif [[ "$run_status" == "policy_override" ]] && [[ "$override" == "no" ]]; then
+    echo "Some policies failed, but will not override. Check run in Terraform Enterprise UI."
+    continue=0
+  elif [[ "$run_status" == "errored" ]]; then
+    echo "Plan errored or hard-mandatory policy failed"
+    continue=0
+  else
+      sleep $sleep_duration
+  fi
+done

operations/automation-script/run.template.json

@@ -0,0 +1,16 @@
+{
+  "data": {
+    "attributes": {
+      "is-destroy":false
+    },
+    "type":"runs",
+    "relationships": {
+      "workspace": {
+        "data": {
+          "type": "workspaces",
+          "id": "workspace_id"
+        }
+      }
+    }
+  }
+}

operations/automation-script/variable.template.json

@@ -0,0 +1,20 @@
+{
+  "data": {
+    "type":"vars",
+    "attributes": {
+      "key":"name",
+      "value":"my-name",
+      "category":"terraform",
+      "hcl":false,
+      "sensitive":false
+    }
+  },
+  "filter": {
+    "organization": {
+      "username":"my-organization"
+    },
+    "workspace": {
+      "name":"my-workspace"
+    }
+  }
+}

operations/automation-script/workspace.template.json

@@ -0,0 +1,9 @@
+{
+  "data":
+  {
+    "attributes": {
+      "name":"placeholder"
+    },
+    "type":"workspaces"
+  }
+}