terraform-provider-cloudhealth's Introduction

Terraform provider plugin for Cloudhealth

Supports Cloudhealth perspectives as a Terraform resource

Install

$ go get github.com/Yelp/terraform-provider-cloudhealth
$ make

Then update ~/.terraformrc:

providers {
  cloudhealth = "/path/to/terraform-provider-cloudhealth/terraform-provider-cloudhealth"
}

Provider Configuration

The plugin requires a Cloudhealth API key. There are two ways you can set it:

Via the environment:

export CHT_API_KEY=<api_key>

Or via provider.tf:

provider "cloudhealth" {
    key = "<api_key>"
}

Simple Perspective Example

The below example defines two groups. The first is called "My Team" who matches against any AwsAsset with tag team=my_team or [email protected]. The second is a dynamic group that categorizes based on Redshift cluster name.

resource "cloudhealth_perspective" "my_perspective" {
    name = "My Perspective"
    include_in_reports = false

    group {
        name = "My Team"
        type = "filter"

        rule {
            asset = "AwsAsset"
            condition {
                tag_field = ["team"]
                val = "my_team"
            }
        }

        rule {
            asset = "AwsAsset"
            condition {
                tag_field = ["team"]
                val = "[email protected]"
            }
        }
    }

    group {
        name = "redshift"
        type = "categorize"

        rule {
            asset = "AwsRedshiftCluster"
            field = ["Cluster Identifier"]
        }
    }

Rules and Groups

Rules have the following structure.

rule {
    asset = <asset>
    [field = ["field1", "field2" ...]]
    [tag_field = ["tagfield1", "tagfield2" ...]

    combine_with = <[OR]|AND>
    condition {
        [field = ["field1", "field2" ...]]
        [tag_field = ["tagfield1", "tagfield2" ...]
        op = <[=]|!=|Contains|Does Not Contain,...]
        val = <val>
    }
}

There are only two permissible values for group type. Static groups have type=filter. This is the default. Dynamic groups have type=categorize. In this case you must also define field or tag_field on the rule.

Important note about rule ordering

There is one main difference between the schema used in Terraform and the actual Cloudhealth Perspective API.

The official API organizes a perspective by the ordering of rules, not the order of groups. It is permissible to interleave the rules for different groups. For example, the first rule send assets to group 1, the second rule to send assets to group 2, then the third rule sends assets to group 1 again. This is quite confusing and not reflected in the Perspective UI.

By comparison, the schema in Terraform groups all rules for a single group together. All rules are ordered by the order of appearance of their groups in the list.

If doing a terraform import of an existing perspective you may encounter ordering differences in how your rules are processed. While this may require you to make some fixes, it is my opinion that this is much more more maintainable. It also will match the UI's presentation of the perspective configuration.

Not supported

Merges are not supported. Nor are dynamic groups that include additional "filter" rules. You may get errors if you attemp to import a perspective that has either of these things.

Tests

To run the tests, use

go test

To run acceptance tests, you must follow the instructions in provider configuration to set the CHT_API_KEY env variable. You must then run

TF_ACC=1 go test -v

Its probably also useful to enable logging by setting the TF_LOG env variable

terraform-provider-cloudhealth's People

Contributors

Stargazers

Watchers

terraform-provider-cloudhealth's Issues

Invalid identifier type for new references?

I'm getting 400 responses when the generated update JSON includes new identifiers being added (e.g., substantial changes to filters or new groups):

curl -v -s -H "Content-Type: application/json" -XPUT "https://chapi.cloudhealthtech.com/v1/perspective_schemas/<perspective_id>?api_key=$CHT_API_KEY" --data-binary @cht_update.json

...returns a 400 with...

{"errors":"Could not verify schema: Constant Reference ID is not a positive integer. ref_id: 910038d7-8a64-96a5-2fe6-d1dbe6475782. Constant Type: Static Group"}

Not sure if this is a result of a change on the API side, but it will make using Terraform to manage Perspectives substantially less useful until fixed.

Re-ordering groups is broken

The ref_id doesn't follow the re-ordering of groups. When you re-order groups currently, the result is that the filters end up assigned to the wrong group. We need to provide a way for the ref_ids to follow the group, if for nothing else, but that reports may be bound to that particular ref.

This is a little tricky because there's no other unique consistent identifier for a group. We'll probably need to use the name, but it'll be virtually impossible to keep ref_ids in sync if we re-order and rename multiple groups in one step.

Add better validation

We can validate against the allowed asset types from here:

curl -H 'Accept: application/json' 'https://chapi.cloudhealthtech.com/api.json?api_key=...'

And to get the set of fields for a given class, just append it in the URL, like so:
curl -H 'Accept: application/json' 'https://chapi.cloudhealthtech.com/api/ChefAccount.json?api_key=...'

Recommend Projects

yelp / terraform-provider-cloudhealth Goto Github PK