forked from hashicorp/hcp-terraform-operator
-
Notifications
You must be signed in to change notification settings - Fork 0
/
app.terraform.io_workspaces.yaml
659 lines (659 loc) · 34 KB
/
app.terraform.io_workspaces.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: workspaces.app.terraform.io
spec:
group: app.terraform.io
names:
kind: Workspace
listKind: WorkspaceList
plural: workspaces
singular: workspace
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.workspaceID
name: Workspace ID
type: string
name: v1alpha2
schema:
openAPIV3Schema:
description: Workspace is the Schema for the workspaces API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: WorkspaceSpec defines the desired state of Workspace.
properties:
agentPool:
description: 'Terraform Cloud Agents allow Terraform Cloud to communicate
with isolated, private, or on-premises infrastructure. More information:
- https://developer.hashicorp.com/terraform/cloud-docs/agents'
properties:
id:
description: 'Agent Pool ID. Must match pattern: ^apool-[a-zA-Z0-9]+$'
pattern: ^apool-[a-zA-Z0-9]+$
type: string
name:
description: Agent Pool name.
minLength: 1
type: string
type: object
allowDestroyPlan:
default: true
description: 'Allows a destroy plan to be created and applied. Default:
`true`. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings#destruction-and-deletion'
type: boolean
applyMethod:
default: manual
description: 'Define either change will be applied automatically(auto)
or require an operator to confirm(manual). Must be one of the following
values: `auto`, `manual`. Default: `manual`. More information: -
https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings#auto-apply-and-manual-apply'
pattern: ^(auto|manual)$
type: string
description:
description: Workspace description.
minLength: 1
type: string
environmentVariables:
description: 'Terraform Environment variables for all plans and applies
in this workspace. Variables defined within a workspace always overwrite
variables from variable sets that have the same type and the same
key. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables
- https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables#environment-variables'
items:
description: 'Variables let you customize configurations, modify
Terraform''s behavior, and store information like provider credentials.
More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables'
properties:
description:
description: Description of the variable.
minLength: 1
type: string
hcl:
default: false
description: 'Parse this field as HashiCorp Configuration Language
(HCL). This allows you to interpolate values at runtime. Default:
`false`.'
type: boolean
name:
description: Name of the variable.
minLength: 1
type: string
sensitive:
default: false
description: 'Sensitive variables are never shown in the UI
or API. They may appear in Terraform logs if your configuration
is designed to output them. Default: `false`.'
type: boolean
value:
description: Value of the variable.
minLength: 1
type: string
valueFrom:
description: Source for the variable's value. Cannot be used
if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap or its key
must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a Secret.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
required:
- name
type: object
minItems: 1
type: array
executionMode:
default: remote
description: 'Define where the Terraform code will be executed. Must
be one of the following values: `agent`, `local`, `remote`. Default:
`remote`. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings#execution-mode'
pattern: ^(agent|local|remote)$
type: string
name:
description: Workspace name.
minLength: 1
type: string
notifications:
description: 'Notifications allow you to send messages to other applications
based on run and workspace events. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/notifications'
items:
description: 'Notifications allow you to send messages to other
applications based on run and workspace events. More information:
- https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/notifications'
properties:
emailAddresses:
description: The list of email addresses that will receive notification
emails. It is only available for Terraform Enterprise users.
It is not available in Terraform Cloud.
items:
type: string
minItems: 1
type: array
emailUsers:
description: The list of users belonging to the organization
that will receive notification emails.
items:
type: string
minItems: 1
type: array
enabled:
default: true
description: 'Whether the notification configuration should
be enabled or not. Default: `true`.'
type: boolean
name:
description: Notification name.
minLength: 1
type: string
token:
description: The token of the notification.
minLength: 1
type: string
triggers:
description: 'The list of run events that will trigger notifications.
Trigger represents the different TFC notifications that can
be sent as a run''s progress transitions between different
states. There are two categories of triggers: - Health Events:
`assessment:check_failure`, `assessment:drifted`, `assessment:failed`.
- Run Events: `run:applying`, `run:completed`, `run:created`,
`run:errored`, `run:needs_attention`, `run:planning`.'
items:
description: 'NotificationTrigger represents the different
TFC notifications that can be sent as a run''s progress
transitions between different states. This must be aligned
with go-tfe type `NotificationTriggerType`. Must be one
of the following values: `run:applying`, `assessment:check_failure`,
`run:completed`, `run:created`, `assessment:drifted`, `run:errored`,
`assessment:failed`, `run:needs_attention`, `run:planning`.'
enum:
- run:applying
- assessment:check_failure
- run:completed
- run:created
- assessment:drifted
- run:errored
- assessment:failed
- run:needs_attention
- run:planning
type: string
minItems: 1
type: array
type:
description: 'The type of the notification. Must be one of the
following values: `email`, `generic`, `microsoft-teams`, `slack`.'
enum:
- email
- generic
- microsoft-teams
- slack
type: string
url:
description: 'The URL of the notification. Must match pattern:
^https?://.*'
pattern: ^https?://.*
type: string
required:
- name
- type
type: object
minItems: 1
type: array
organization:
description: 'Organization name where the Workspace will be created.
More information: - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/organizations'
minLength: 1
type: string
project:
description: 'Projects let you organize your workspaces into groups.
Default: default organization project. More information: - https://developer.hashicorp.com/terraform/tutorials/cloud/projects'
properties:
id:
description: 'Project ID. Must match pattern: ^prj-[a-zA-Z0-9]+$'
pattern: ^prj-[a-zA-Z0-9]+$
type: string
name:
description: Project name.
minLength: 1
type: string
type: object
remoteStateSharing:
description: 'Remote state access between workspaces. By default,
new workspaces in Terraform Cloud do not allow other workspaces
to access their state. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/state#accessing-state-from-other-workspaces'
properties:
allWorkspaces:
default: false
description: 'Allow access to the state for all workspaces within
the same organization. Default: `false`.'
type: boolean
workspaces:
description: Allow access to the state for specific workspaces
within the same organization.
items:
description: 'ConsumerWorkspace allows access to the state for
specific workspaces within the same organization. Only one
of the fields `ID` or `Name` is allowed. At least one of the
fields `ID` or `Name` is mandatory. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/state#remote-state-access-controls'
properties:
id:
description: 'Consumer Workspace ID. Must match pattern:
^ws-[a-zA-Z0-9]+$'
pattern: ^ws-[a-zA-Z0-9]+$
type: string
name:
description: Consumer Workspace name.
minLength: 1
type: string
type: object
minItems: 1
type: array
type: object
runTasks:
description: 'Run tasks allow Terraform Cloud to interact with external
systems at specific points in the Terraform Cloud run lifecycle.
More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/run-tasks'
items:
description: 'Run tasks allow Terraform Cloud to interact with external
systems at specific points in the Terraform Cloud run lifecycle.
Only one of the fields `ID` or `Name` is allowed. At least one
of the fields `ID` or `Name` is mandatory. More information: -
https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/run-tasks'
properties:
enforcementLevel:
default: advisory
description: 'Run Task Enforcement Level. Can be one of `advisory`
or `mandatory`. Default: `advisory`. Must be one of the following
values: `advisory`, `mandatory` Default: `advisory`.'
pattern: ^(advisory|mandatory)$
type: string
id:
description: 'Run Task ID. Must match pattern: ^task-[a-zA-Z0-9]+$'
pattern: ^task-[a-zA-Z0-9]+$
type: string
name:
description: Run Task Name.
minLength: 1
type: string
stage:
default: post_plan
description: 'Run Task Stage. Must be one of the following values:
`pre_apply`, `pre_plan`, `post_plan`. Default: `post_plan`.'
pattern: ^(pre_apply|pre_plan|post_plan)$
type: string
type: object
minItems: 1
type: array
runTriggers:
description: 'Run triggers allow you to connect this workspace to
one or more source workspaces. These connections allow runs to queue
automatically in this workspace on successful apply of runs in any
of the source workspaces. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/run-triggers'
items:
description: 'RunTrigger allows you to connect this workspace to
one or more source workspaces. These connections allow runs to
queue automatically in this workspace on successful apply of runs
in any of the source workspaces. Only one of the fields `ID` or
`Name` is allowed. At least one of the fields `ID` or `Name` is
mandatory. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/run-triggers'
properties:
id:
description: 'Source Workspace ID. Must match pattern: ^ws-[a-zA-Z0-9]+$'
pattern: ^ws-[a-zA-Z0-9]+$
type: string
name:
description: Source Workspace Name.
minLength: 1
type: string
type: object
minItems: 1
type: array
sshKey:
description: 'SSH key used to clone Terraform modules. More information:
- https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/ssh-keys'
properties:
id:
description: 'SSH key ID. Must match pattern: ^sshkey-[a-zA-Z0-9]+$'
pattern: ^sshkey-[a-zA-Z0-9]+$
type: string
name:
description: SSH key name.
minLength: 1
type: string
type: object
tags:
description: Workspace tags are used to help identify and group together
workspaces. Tags must be one or more characters; can include letters,
numbers, colons, hyphens, and underscores; and must begin and end
with a letter or number.
items:
description: 'Tags allows you to correlate, organize, and even filter
workspaces based on the assigned tags. Tags must be one or more
characters; can include letters, numbers, colons, hyphens, and
underscores; and must begin and end with a letter or number. Must
match pattern: ^[A-Za-z0-9][A-Za-z0-9:_-]*$'
pattern: ^[A-Za-z0-9][A-Za-z0-9:_-]*$
type: string
minItems: 1
type: array
teamAccess:
description: 'Terraform Cloud workspaces can only be accessed by users
with the correct permissions. You can manage permissions for a workspace
on a per-team basis. When a workspace is created, only the owners
team and teams with the "manage workspaces" permission can access
it, with full admin permissions. These teams'' access can''t be
removed from a workspace. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/access'
items:
description: 'Terraform Cloud workspaces can only be accessed by
users with the correct permissions. You can manage permissions
for a workspace on a per-team basis. When a workspace is created,
only the owners team and teams with the "manage workspaces" permission
can access it, with full admin permissions. These teams'' access
can''t be removed from a workspace. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/access'
properties:
access:
description: 'There are two ways to choose which permissions
a given team has on a workspace: fixed permission sets, and
custom permissions. Must be one of the following values: `admin`,
`custom`, `plan`, `read`, `write`. More information: - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/permissions#workspace-permissions'
pattern: ^(admin|custom|plan|read|write)$
type: string
custom:
description: 'Custom permissions let you assign specific, finer-grained
permissions to a team than the broader fixed permission sets
provide. More information: - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/permissions#custom-workspace-permissions'
properties:
runTasks:
description: 'Manage Workspace Run Tasks. Default: `false`.'
type: boolean
runs:
default: read
description: 'Run access. Must be one of the following values:
`apply`, `plan`, `read`. Default: `read`.'
pattern: ^(apply|plan|read)$
type: string
sentinel:
default: none
description: 'Download Sentinel mocks. Must be one of the
following values: `none`, `read`. Default: `none`.'
pattern: ^(none|read)$
type: string
stateVersions:
default: none
description: 'State access. Must be one of the following
values: `none`, `read`, `read-outputs`, `write`. Default:
`none`.'
pattern: ^(none|read|read-outputs|write)$
type: string
variables:
default: none
description: 'Variable access. Must be one of the following
values: `none`, `read`, `write`. Default: `none`.'
pattern: ^(none|read|write)$
type: string
workspaceLocking:
default: false
description: 'Lock/unlock workspace. Default: `false`.'
type: boolean
type: object
team:
description: 'Team to grant access. More information: - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/teams'
properties:
id:
description: 'Team ID. Must match pattern: ^team-[a-zA-Z0-9]+$'
pattern: ^team-[a-zA-Z0-9]+$
type: string
name:
description: Team name.
minLength: 1
type: string
type: object
required:
- access
- team
type: object
minItems: 1
type: array
terraformVariables:
description: 'Terraform variables for all plans and applies in this
workspace. Variables defined within a workspace always overwrite
variables from variable sets that have the same type and the same
key. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables
- https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables#terraform-variables'
items:
description: 'Variables let you customize configurations, modify
Terraform''s behavior, and store information like provider credentials.
More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables'
properties:
description:
description: Description of the variable.
minLength: 1
type: string
hcl:
default: false
description: 'Parse this field as HashiCorp Configuration Language
(HCL). This allows you to interpolate values at runtime. Default:
`false`.'
type: boolean
name:
description: Name of the variable.
minLength: 1
type: string
sensitive:
default: false
description: 'Sensitive variables are never shown in the UI
or API. They may appear in Terraform logs if your configuration
is designed to output them. Default: `false`.'
type: boolean
value:
description: Value of the variable.
minLength: 1
type: string
valueFrom:
description: Source for the variable's value. Cannot be used
if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap or its key
must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a Secret.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
required:
- name
type: object
minItems: 1
type: array
terraformVersion:
description: 'The version of Terraform to use for this workspace.
If not specified, the latest available version will be used. Must
match pattern: ^\\d{1}\\.\\d{1,2}\\.\\d{1,2}$ More information:
- https://www.terraform.io/cloud-docs/workspaces/settings#terraform-version'
pattern: ^\d{1}\.\d{1,2}\.\d{1,2}$
type: string
token:
description: API Token to be used for API calls.
properties:
secretKeyRef:
description: Selects a key of a secret in the workspace's namespace
properties:
key:
description: The key of the secret to select from. Must be
a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be
defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
required:
- secretKeyRef
type: object
versionControl:
description: 'Settings for the workspace''s VCS repository, enabling
the UI/VCS-driven run workflow. Omit this argument to utilize the
CLI-driven and API-driven workflows, where runs are not driven by
webhooks on your VCS provider. More information: - https://www.terraform.io/cloud-docs/run/ui
- https://www.terraform.io/cloud-docs/vcs'
properties:
branch:
description: The repository branch that Run will execute from.
This defaults to the repository's default branch (e.g. main).
minLength: 1
type: string
oAuthTokenID:
description: 'The VCS Connection (OAuth Connection + Token) to
use. Must match pattern: ^ot-[a-zA-Z0-9]+$'
pattern: ^ot-[a-zA-Z0-9]+$
type: string
repository:
description: A reference to your VCS repository in the format
<organization>/<repository> where <organization> and <repository>
refer to the organization and repository in your VCS provider.
minLength: 1
type: string
type: object
workingDirectory:
description: 'The directory where Terraform will execute, specified
as a relative path from the root of the configuration directory.
More information: - https://www.terraform.io/cloud-docs/workspaces/settings#terraform-working-directory'
minLength: 1
type: string
required:
- name
- organization
- token
type: object
status:
description: WorkspaceStatus defines the observed state of Workspace.
properties:
observedGeneration:
description: Real world state generation.
format: int64
type: integer
runStatus:
description: Workspace Runs status.
properties:
configurationVersion:
type: string
id:
description: Current(both active and finished) Terraform Cloud
run ID.
type: string
outputRunID:
description: Run ID of the latest run that could update the outputs.
type: string
status:
description: Current(both active and finished) Terraform Cloud
run status.
type: string
type: object
terraformVersion:
description: Workspace Terraform version.
pattern: ^\d{1}\.\d{1,2}\.\d{1,2}$
type: string
updateAt:
description: Workspace last update timestamp.
format: int64
type: integer
workspaceID:
description: Workspace ID that is managed by the controller.
type: string
required:
- workspaceID
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}