ATLAS_TOKEN to TFE_TOKEN

rberlind · rberlind · commit 2fef2cab5980 · 2019-07-16T10:51:29.000-04:00
diff --git a/operations/automation-script/README.md b/operations/automation-script/README.md
@@ -75,7 +75,7 @@ Follow these instructions to run the script with with the included main.tf and v
 1. If you are using a private Terraform Enterprise server, edit the script and set the address variable to the address of your server. Otherwise, you would leave the address set to "app.terraform.io" which is the address of the SaaS Terraform Enterprise server.
 1. Edit the script and set the organization variable to the name of your Terraform Enterprise organization.
 1. Generate a [team token](https://www.terraform.io/docs/enterprise/users-teams-organizations/service-accounts.html#team-service-accounts) for the owners team in your organization in the Terraform Enterprise UI by selecting your organization settings, then Teams, then owners, and then clicking the Generate button and saving the token that is displayed.
-1. `export ATLAS_TOKEN=<owners_token>` where \<owners_token\> is the token generated in the previous step.
+1. `export TFE_TOKEN=<owners_token>` where \<owners_token\> is the token generated in the previous step.
 1. If you want, you can also change the name of the workspace that will be created by editing the workspace variable. Note that you can also pass the workspace as the second argument to the script.
 1. If you want, you can change the sleep_duration variable which controls how often the script checks the status of the triggered run (in seconds). Setting a longer value would make sense if using Terraform code that takes longer to apply.
 1. If you are providing a URL to clone a git repository, you can add Terraform and environment variables needed by your Terraform code to [variables.csv](./variables.csv) and remove the "name" variable. You can also add the edited variables.csv file to your repository.
diff --git a/operations/automation-script/loadAndRunWorkspace.sh b/operations/automation-script/loadAndRunWorkspace.sh
@@ -8,7 +8,7 @@
 # If an apply is done, the script waits for it to finish and then
 # downloads the apply log and the before and after state files.
 
-# Make sure ATLAS_TOKEN environment variable is set
+# Make sure TFE_TOKEN environment variable is set
 # to owners team token for organization
 
 # Set address if using private Terraform Enterprise server.
@@ -77,7 +77,7 @@ sed "s/placeholder/${workspace}/" < workspace.template.json > workspace.json
 
 # Check to see if the workspace already exists
 echo "Checking to see if workspace exists"
-check_workspace_result=$(curl -s --header "Authorization: Bearer $ATLAS_TOKEN" --header "Content-Type: application/vnd.api+json" "https://${address}/api/v2/organizations/${organization}/workspaces/${workspace}")
+check_workspace_result=$(curl -s --header "Authorization: Bearer $TFE_TOKEN" --header "Content-Type: application/vnd.api+json" "https://${address}/api/v2/organizations/${organization}/workspaces/${workspace}")
 
 # Parse workspace_id from check_workspace_result
 workspace_id=$(echo $check_workspace_result | python -c "import sys, json; print(json.load(sys.stdin)['data']['id'])")
@@ -86,7 +86,7 @@ echo "Workspace ID: " $workspace_id
 # Create workspace if it does not already exist
 if [ -z "$workspace_id" ]; then
   echo "Workspace did not already exist; will create it."
-  workspace_result=$(curl -s --header "Authorization: Bearer $ATLAS_TOKEN" --header "Content-Type: application/vnd.api+json" --request POST --data @workspace.json "https://${address}/api/v2/organizations/${organization}/workspaces")
+  workspace_result=$(curl -s --header "Authorization: Bearer $TFE_TOKEN" --header "Content-Type: application/vnd.api+json" --request POST --data @workspace.json "https://${address}/api/v2/organizations/${organization}/workspaces")
 
   # Parse workspace_id from workspace_result
   workspace_id=$(echo $workspace_result | python -c "import sys, json; print(json.load(sys.stdin)['data']['id'])")
@@ -97,7 +97,7 @@ fi
 
 # Create configuration version
 echo "Creating configuration version."
-configuration_version_result=$(curl -s --header "Authorization: Bearer $ATLAS_TOKEN" --header "Content-Type: application/vnd.api+json" --data @configversion.json "https://${address}/api/v2/workspaces/${workspace_id}/configuration-versions")
+configuration_version_result=$(curl -s --header "Authorization: Bearer $TFE_TOKEN" --header "Content-Type: application/vnd.api+json" --data @configversion.json "https://${address}/api/v2/workspaces/${workspace_id}/configuration-versions")
 
 # Parse configuration_version_id and upload_url
 config_version_id=$(echo $configuration_version_result | python -c "import sys, json; print(json.load(sys.stdin)['data']['id'])")
@@ -127,17 +127,17 @@ while IFS=',' read -r key value category hcl sensitive
 do
   sed -e "s/my-organization/$organization/" -e "s/my-workspace/${workspace}/" -e "s/my-key/$key/" -e "s/my-value/$value/" -e "s/my-category/$category/" -e "s/my-hcl/$hcl/" -e "s/my-sensitive/$sensitive/" < variable.template.json  > variable.json
   echo "Adding variable $key with value $value in category $category with hcl $hcl and sensitive $sensitive"
-  upload_variable_result=$(curl -s --header "Authorization: Bearer $ATLAS_TOKEN" --header "Content-Type: application/vnd.api+json" --data @variable.json "https://${address}/api/v2/vars?filter%5Borganization%5D%5Bname%5D=${organization}&filter%5Bworkspace%5D%5Bname%5D=${workspace}")
+  upload_variable_result=$(curl -s --header "Authorization: Bearer $TFE_TOKEN" --header "Content-Type: application/vnd.api+json" --data @variable.json "https://${address}/api/v2/vars?filter%5Borganization%5D%5Bname%5D=${organization}&filter%5Bworkspace%5D%5Bname%5D=${workspace}")
 done < ${variables_file}
 
 # List Sentinel Policies
-sentinel_list_result=$(curl -s --header "Authorization: Bearer $ATLAS_TOKEN" --header "Content-Type: application/vnd.api+json" "https://${address}/api/v2/organizations/${organization}/policies")
+sentinel_list_result=$(curl -s --header "Authorization: Bearer $TFE_TOKEN" --header "Content-Type: application/vnd.api+json" "https://${address}/api/v2/organizations/${organization}/policies")
 sentinel_policy_count=$(echo $sentinel_list_result | python -c "import sys, json; print(json.load(sys.stdin)['meta']['pagination']['total-count'])")
 echo "Number of Sentinel policies: " $sentinel_policy_count
 
 # Do a run
 sed "s/workspace_id/$workspace_id/" < run.template.json  > run.json
-run_result=$(curl -s --header "Authorization: Bearer $ATLAS_TOKEN" --header "Content-Type: application/vnd.api+json" --data @run.json https://${address}/api/v2/runs)
+run_result=$(curl -s --header "Authorization: Bearer $TFE_TOKEN" --header "Content-Type: application/vnd.api+json" --data @run.json https://${address}/api/v2/runs)
 
 # Parse run_result
 run_id=$(echo $run_result | python -c "import sys, json; print(json.load(sys.stdin)['data']['id'])")
@@ -151,7 +151,7 @@ while [ $continue -ne 0 ]; do
   echo "Checking run status"
 
   # Check the status of run
-  check_result=$(curl -s --header "Authorization: Bearer $ATLAS_TOKEN" --header "Content-Type: application/vnd.api+json" https://${address}/api/v2/runs/${run_id})
+  check_result=$(curl -s --header "Authorization: Bearer $TFE_TOKEN" --header "Content-Type: application/vnd.api+json" https://${address}/api/v2/runs/${run_id})
 
   # Parse out the run status and is-confirmable
   run_status=$(echo $check_result | python -c "import sys, json; print(json.load(sys.stdin)['data']['attributes']['status'])")
@@ -182,14 +182,14 @@ while [ $continue -ne 0 ]; do
       echo "Since override was set to \"yes\", we are applying."
       # Do the apply
       echo "Doing Apply"
-      apply_result=$(curl -s --header "Authorization: Bearer $ATLAS_TOKEN" --header "Content-Type: application/vnd.api+json" --data @apply.json https://${address}/api/v2/runs/${run_id}/actions/apply)
+      apply_result=$(curl -s --header "Authorization: Bearer $TFE_TOKEN" --header "Content-Type: application/vnd.api+json" --data @apply.json https://${address}/api/v2/runs/${run_id}/actions/apply)
       applied="true"
   # policy_checked means all Sentinel policies passed
   elif [[ "$run_status" == "policy_checked" ]]; then
     continue=0
     # Do the apply
     echo "Policies passed. Doing Apply"
-    apply_result=$(curl -s --header "Authorization: Bearer $ATLAS_TOKEN" --header "Content-Type: application/vnd.api+json" --data @apply.json https://${address}/api/v2/runs/${run_id}/actions/apply)
+    apply_result=$(curl -s --header "Authorization: Bearer $TFE_TOKEN" --header "Content-Type: application/vnd.api+json" --data @apply.json https://${address}/api/v2/runs/${run_id}/actions/apply)
     applied="true"
   # policy_override means at least 1 Sentinel policy failed
   # but since $override is "yes", we will override and then apply
@@ -198,16 +198,16 @@ while [ $continue -ne 0 ]; do
     echo "Some policies failed, but overriding"
     # Get the policy check ID
     echo "Getting policy check ID"
-    policy_result=$(curl -s --header "Authorization: Bearer $ATLAS_TOKEN" https://${address}/api/v2/runs/${run_id}/policy-checks)
+    policy_result=$(curl -s --header "Authorization: Bearer $TFE_TOKEN" https://${address}/api/v2/runs/${run_id}/policy-checks)
     # Parse out the policy check ID
     policy_check_id=$(echo $policy_result | python -c "import sys, json; print(json.load(sys.stdin)['data'][0]['id'])")
     echo "Policy Check ID: " $policy_check_id
     # Override policy
     echo "Overriding policy check"
-    override_result=$(curl -s --header "Authorization: Bearer $ATLAS_TOKEN" --header "Content-Type: application/vnd.api+json" --request POST https://${address}/api/v2/policy-checks/${policy_check_id}/actions/override)
+    override_result=$(curl -s --header "Authorization: Bearer $TFE_TOKEN" --header "Content-Type: application/vnd.api+json" --request POST https://${address}/api/v2/policy-checks/${policy_check_id}/actions/override)
     # Do the apply
     echo "Doing Apply"
-    apply_result=$(curl -s --header "Authorization: Bearer $ATLAS_TOKEN" --header "Content-Type: application/vnd.api+json" --data @apply.json https://${address}/api/v2/runs/${run_id}/actions/apply)
+    apply_result=$(curl -s --header "Authorization: Bearer $TFE_TOKEN" --header "Content-Type: application/vnd.api+json" --data @apply.json https://${address}/api/v2/runs/${run_id}/actions/apply)
     applied="true"
   # policy_override means at least 1 Sentinel policy failed
   # but since $override is "no", we will not override
@@ -231,7 +231,7 @@ done
 # Get the plan log if $save_plan is true
 if [[ "$save_plan" == "true" ]]; then
   echo "Getting the result of the Terraform Plan."
-  plan_result=$(curl -s --header "Authorization: Bearer $ATLAS_TOKEN" --header "Content-Type: application/vnd.api+json" https://${address}/api/v2/runs/${run_id}?include=plan)
+  plan_result=$(curl -s --header "Authorization: Bearer $TFE_TOKEN" --header "Content-Type: application/vnd.api+json" https://${address}/api/v2/runs/${run_id}?include=plan)
   plan_log_url=$(echo $plan_result | python -c "import sys, json; print(json.load(sys.stdin)['included'][0]['attributes']['log-read-url'])")
   echo "Plan Log:"
   # Retrieve Plan Log from the URL
@@ -246,7 +246,7 @@ if [[ "$applied" == "true" ]]; then
   echo "Will download apply log and state file."
 
   # Get run details including apply information
-  check_result=$(curl -s --header "Authorization: Bearer $ATLAS_TOKEN" --header "Content-Type: application/vnd.api+json" https://${address}/api/v2/runs/${run_id}?include=apply)
+  check_result=$(curl -s --header "Authorization: Bearer $TFE_TOKEN" --header "Content-Type: application/vnd.api+json" https://${address}/api/v2/runs/${run_id}?include=apply)
 
   # Get apply ID
   apply_id=$(echo $check_result | python -c "import sys, json; print(json.load(sys.stdin)['included'][0]['id'])")
@@ -260,7 +260,7 @@ if [[ "$applied" == "true" ]]; then
     echo "Checking apply status"
 
     # Check the apply status
-    check_result=$(curl -s --header "Authorization: Bearer $ATLAS_TOKEN" --header "Content-Type: application/vnd.api+json" https://${address}/api/v2/applies/${apply_id})
+    check_result=$(curl -s --header "Authorization: Bearer $TFE_TOKEN" --header "Content-Type: application/vnd.api+json" https://${address}/api/v2/applies/${apply_id})
 
     # Parse out the apply status
     apply_status=$(echo $check_result | python -c "import sys, json; print(json.load(sys.stdin)['data']['attributes']['status'])")
@@ -290,7 +290,7 @@ if [[ "$applied" == "true" ]]; then
   echo "State ID 1:" ${state_id_before}
 
   # Call API to get information about the state version including its URL
-  state_file_before_url_result=$(curl -s --header "Authorization: Bearer $ATLAS_TOKEN" https://${address}/api/v2/state-versions/${state_id_before})
+  state_file_before_url_result=$(curl -s --header "Authorization: Bearer $TFE_TOKEN" https://${address}/api/v2/state-versions/${state_id_before})
 
   # Get state file URL from the result
   state_file_before_url=$(echo $state_file_before_url_result | python -c "import sys, json; print(json.load(sys.stdin)['data']['attributes']['hosted-state-download-url'])")
@@ -307,7 +307,7 @@ if [[ "$applied" == "true" ]]; then
   echo "State ID 0:" ${state_id_after}
 
   # Call API to get information about the state version including its URL
-  state_file_after_url_result=$(curl -s --header "Authorization: Bearer $ATLAS_TOKEN" https://${address}/api/v2/state-versions/${state_id_after})
+  state_file_after_url_result=$(curl -s --header "Authorization: Bearer $TFE_TOKEN" https://${address}/api/v2/state-versions/${state_id_after})
 
   # Get state file URL from the result
   state_file_after_url=$(echo $state_file_after_url_result | python -c "import sys, json; print(json.load(sys.stdin)['data']['attributes']['hosted-state-download-url'])")
diff --git a/operations/sentinel-policies-scripts/README.md b/operations/sentinel-policies-scripts/README.md
@@ -1,6 +1,8 @@
 # Scripts to Export, Import, and Delete Sentinel Policies
 These are scripts that can be used to export and import Sentinel policies between TFE organizations and to delete all policies using the [Terraform Enterprise REST API](https://www.terraform.io/docs/enterprise/api/index.html).
 
+Before using these scripts, you need to export a valid TFE API token with the command `export TFE_TOKEN=<owners_token>` where \<owners_token\> is a team token for the owners team in your organization.
+
 ## Exporting Policies
 The export_policies.sh script exports all the policies from a TFE organization to the directory in which you run the script. It currently is limited to exporting 150 policies since it does not handle multiple pages from the List Policies API that retrieves them.
 
diff --git a/operations/sentinel-policies-scripts/delete_policies.sh b/operations/sentinel-policies-scripts/delete_policies.sh
@@ -2,7 +2,7 @@
 # This script deletes all policies from the specified organization
 # of the specified TFE server 
 
-# Make sure ATLAS_TOKEN environment variable is set
+# Make sure TFE_TOKEN environment variable is set
 # to owners team token for organization
 # or to user token for member of the owners team
 
@@ -16,7 +16,7 @@ echo "Using address: $address"
 echo "Using organization: $organization"
 
 # Retrieve list of all policies in the organization (up to 150)
-policy_list_result=$(curl --header "Authorization: Bearer $ATLAS_TOKEN" "https://${address}/api/v2/organizations/${organization}/policies?page%5Bsize%5D=150")
+policy_list_result=$(curl --header "Authorization: Bearer $TFE_TOKEN" "https://${address}/api/v2/organizations/${organization}/policies?page%5Bsize%5D=150")
 #echo $policy_list_result | jq 
 
 # Extract policy IDs
@@ -28,7 +28,7 @@ printf "Iterate through the policies:\n"
 for ((i=0;i<${#policy_ids_list[@]};++i)); do
   # use curl to delete the policy
   printf "Deleting policy ${policy_ids_list[i]}\n"
-  curl --header "Authorization: Bearer $ATLAS_TOKEN" --request DELETE "https://${address}/api/v2/policies/${policy_ids_list[i]}"
+  curl --header "Authorization: Bearer $TFE_TOKEN" --request DELETE "https://${address}/api/v2/policies/${policy_ids_list[i]}"
 done
 
 printf "\n"
diff --git a/operations/sentinel-policies-scripts/export_policies.sh b/operations/sentinel-policies-scripts/export_policies.sh
@@ -2,7 +2,7 @@
 # This script exports all policies from the specified organization
 # of the specified TFE server to the current directory
 
-# Make sure ATLAS_TOKEN environment variable is set
+# Make sure TFE_TOKEN environment variable is set
 # to owners team token for organization
 # or to user token for member of the owners team
 
@@ -16,7 +16,7 @@ echo "Using address: $address"
 echo "Using organization: $organization"
 
 # Retrieve list of all policies in the organization (up to 150)
-policy_list_result=$(curl --header "Authorization: Bearer $ATLAS_TOKEN" "https://${address}/api/v2/organizations/${organization}/policies?page%5Bsize%5D=150")
+policy_list_result=$(curl --header "Authorization: Bearer $TFE_TOKEN" "https://${address}/api/v2/organizations/${organization}/policies?page%5Bsize%5D=150")
 #echo $policy_list_result | jq 
 
 # Extract policy IDs
@@ -36,7 +36,7 @@ echo "Iterate through the policies:"
 for ((i=0;i<${#policy_names_list[@]};++i)); do
   echo "Name: ${policy_names_list[i]}.sentinel, Mode: ${policy_modes_list[i]}, Link: https://${address}${policy_code_links[i]}"
   # curl policy code
-  policy_code=$(curl -L --header "Authorization: Bearer $ATLAS_TOKEN" "https://${address}/${policy_code_links[i]}")
+  policy_code=$(curl -L --header "Authorization: Bearer $TFE_TOKEN" "https://${address}/${policy_code_links[i]}")
   # Add enforcement mode as a comment
   policy_code="#Enforcement mode: ${policy_modes_list[i]}\n${policy_code}"
   # write code to file
diff --git a/operations/sentinel-policies-scripts/import_policies.sh b/operations/sentinel-policies-scripts/import_policies.sh
@@ -2,7 +2,7 @@
 # This script imports all policies in the current directory into a
 # specific policy set within a specific organization on a TFE server.
 
-# Make sure ATLAS_TOKEN environment variable is set
+# Make sure TFE_TOKEN environment variable is set
 # to owners team token for organization
 # or to user token for member of the owners team
 
@@ -31,14 +31,14 @@ for f in *.sentinel; do
   sed "s/file-name/$f/;s/policy-name/$policy_name/;s/policy-set-id/$policy_set_id/" < create-policy.template.json > create-policy.json
  
   # Create the policy
-  policy_create_result=$(curl --header "Authorization: Bearer $ATLAS_TOKEN" --header "Content-Type: application/vnd.api+json" --request POST --data @create-policy.json "https://${address}/api/v2/organizations/${organization}/policies")
+  policy_create_result=$(curl --header "Authorization: Bearer $TFE_TOKEN" --header "Content-Type: application/vnd.api+json" --request POST --data @create-policy.json "https://${address}/api/v2/organizations/${organization}/policies")
 
   # Extract policy ID
   policy_id=$(echo $policy_create_result | python -c "import sys, json; print(json.load(sys.stdin)['data']['id'])")
   echo "Policy ID: " $policy_id
 
   # Upload policy
-  policy_upload_result=$(curl --header "Authorization: Bearer $ATLAS_TOKEN" --header "Content-Type: application/octet-stream" --request PUT --data-binary @$f "https://${address}/api/v2/policies/$policy_id/upload" )
+  policy_upload_result=$(curl --header "Authorization: Bearer $TFE_TOKEN" --header "Content-Type: application/octet-stream" --request PUT --data-binary @$f "https://${address}/api/v2/policies/$policy_id/upload" )
   echo "Policy Upload Response: " $policy_upload_result
 
 done
