Support for HashiCorp Terraform Cloud / HashiCorp Terraform Enterprise Run Tasks

[benemon]

Please confirm the following

• [X] I agree to follow this project's code of conduct.
• [X] I have checked the current issues for duplicates.
• [X] I understand that AWX is open source software provided for free and that I might not receive a timely response.

Feature type

New Feature

Feature Summary

HashiCorp's Enterprise Terraform Platforms (Terraform Cloud and Terraform Enterprise) support the creation of Run Tasks. Run Tasks are a mechanism by which 3rd party tools and services can be integrated into the Enterprise Terraform run lifecycle, outside of relying on codified triggers.

Many organisations will utilise an Enterprise Terraform platform in conjunction with AWX / Ansible Automation Platform as part of an end-to-end provisioning and configuration management workflow. Having the ability to drive AWX / Ansible Automation Platform workflows and jobs in response to events within the Enterprise Terraform Platform would ease the current burden of integration between the two Enterprise Products by moving the integration point out of code (i.e. out of playbooks or terraform configurations), and allow for more complex workflow patterns to be created in a simple, scalable fashion.

Select the relevant components

• [x] UI
• [X] API
• [x] Docs
• [ ] Collection
• [ ] CLI
• [ ] Other

Steps to reproduce

N/A - Feature doesn't currently exist.

Current results

Integration must currently be done either within Ansible Playbooks to trigger Terraform Cloud / Terraform Enterprise APIs, or using the recently released Ansible Provider for Terraform as a means to run Ansible Plays within the scope of a Terraform Configuration.

Sugested feature result

A Platform-level integration between AWX/AAP and Terraform Cloud / Terraform Enterprise would enable:

• no-code integration between the two enterprise platforms
• improves the security posture - responsibility for securing the integration becomes the responsibility of the platforms, rather than the developer. No credential handling required at the Terraform Configuration / Ansible Playbook level to enable the integration
• DRY: Doing this at the platform removes the need to constantly repeat the integration in code for every developer team who requires it
• seamless hand-off from infrastructure provisioning to configuration management during e2e workflows
• supports the 'better together' narrative currently being touted across Red Hat blogs 😄

Additional information

This Feature Request is being raised on the AWX project as the Feature Request would involve the AWX development team providing an endpoint and allowing the generation of an HMAC key that Terraform Cloud / Terraform Enterprise could then send a request to in order to trigger an AWX/AAP Job or Workflow. When the Workflow or Job completes, AWX/AAP would callback to Terraform Cloud / Terraform Enterprise with the status of the Workflow or Job.

[benemon]

I have built a small shim to act as a PoC for this integration. It takes an outbound Run Task Request from the enterprise Terraform platform, and ETL's the payload into something that AWX/AAP could interpret and work with.

It currently supports launching Job Templates / Workflow Job Templates, and the groundwork is done for the creation of Inventories based on the output of Terraform Runs.

Ansible Run Task Shim

[fosterseth]

@ffirg you may be interested in taking a look at this

[benemon]

Hi @ffirg @fosterseth - is there any way we can look at moving this forward? Is there any further information I can provide? Happy to help in any capacity I can.