search

spacelift-io / terraform-provider-spacelift

Terraform provider to interact with Spacelift
MIT License
76 stars 29 forks source link

Support `VCS Provider` configuration #313

Open tiwood opened 2 years ago

tiwood commented 2 years ago

We're using Azure DevOps and have the requirement to rotate the personal access token used for Spacelift.

It would be great, if we could configure VCS Providers via Terraform.

Example for AzDO:

resource "spacelift_vcs_provider_configuration" "this" {
  azure_devops {
    url = "xxx"
    pat = "xxx"
  }
}
jmfontaine commented 2 years ago

Hi @tiwood !

That is a great suggestion. Let me talk to the engineering team.

wojciech12 commented 2 years ago

Hi @tiwood, we would like to learn more about your use case. Could you sketch the plan how you would like to initially setup the repo and generate the PAT for the credential rotation? My email is wojciechb@spacelift.io. Your input will help us to find the solution and proritize work on the provider.

tiwood commented 2 years ago

@wojciech12, we're currently using Azure DevOps, therefore the configuration on the Spacelift side is pretty minimal.

  1. We're generating a Spacelift service user in Azure AD, this user gets the required roles to access AzDO.
  2. We're generating a Personal Access Token for this user and storing it securely (state, HSM..)
  3. This PAT has to be set/updated in Spacelift
  4. The configuration resource should expose the properties, required to finalise configuration in AzDO (aka Webhook endpoint)

Step 3 and 4 are relevant for the development of this provider.

Our relevant use-cases: