terraform-provider-spacelift icon indicating copy to clipboard operation
terraform-provider-spacelift copied to clipboard

Published 20 hours ago verified publisher icon spacelift-io

Support `VCS Provider` configuration

Open tiwood opened this issue 3 years ago • 3 comments

We're using Azure DevOps and have the requirement to rotate the personal access token used for Spacelift.

It would be great, if we could configure VCS Providers via Terraform.

Example for AzDO:

resource "spacelift_vcs_provider_configuration" "this" {
  azure_devops {
    url = "xxx"
    pat = "xxx"
  }
}

tiwood avatar Jul 11 '22 13:07 tiwood

Hi @tiwood !

That is a great suggestion. Let me talk to the engineering team.

jmfontaine avatar Jul 28 '22 21:07 jmfontaine

Hi @tiwood, we would like to learn more about your use case. Could you sketch the plan how you would like to initially setup the repo and generate the PAT for the credential rotation? My email is [email protected]. Your input will help us to find the solution and proritize work on the provider.

wojciech12 avatar Aug 16 '22 07:08 wojciech12

@wojciech12, we're currently using Azure DevOps, therefore the configuration on the Spacelift side is pretty minimal.

  1. We're generating a Spacelift service user in Azure AD, this user gets the required roles to access AzDO.
  2. We're generating a Personal Access Token for this user and storing it securely (state, HSM..)
  3. This PAT has to be set/updated in Spacelift
  4. The configuration resource should expose the properties, required to finalise configuration in AzDO (aka Webhook endpoint)

Step 3 and 4 are relevant for the development of this provider.

Our relevant use-cases:

  • Configuring Spacelift and connected systems immutable with IaC
  • Rotating credentials if required with IaC

tiwood avatar Aug 24 '22 07:08 tiwood