Our great sponsors
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
name: Check for Subaccount Drift via Terraform on: workflow_dispatch: inputs: PROJECT_NAME: description: "Name of the project" required: true default: "sample-proj-drift" REGION: description: "Region for the sub account" required: true default: "eu10" COST_CENTER: description: "Cost center for the project" required: true default: "1234567890" STAGE: description: "Stage for the project" required: true default: "DEV" ORGANIZATION: description: "Organization for the project" required: true default: "B2B" env: PATH_TO_TFSCRIPT: 'infra' jobs: execute_base_setuup: name: BTP Subaccount Drift Check runs-on: ubuntu-latest steps: - name: Check out Git repository id: checkout_repo uses: actions/checkout@v4 - name: Setup Terraform id : setup_terraform uses: hashicorp/setup-terraform@v3 with: terraform_wrapper: false terraform_version: latest - name: Terraform Init id: terraform_init shell: bash run: | export export ARM_ACCESS_KEY=${{ secrets.ARM_ACCESS_KEY }} terraform -chdir=${{ env.PATH_TO_TFSCRIPT }} init -no-color - name: Terraform Plan id: terraform_plan shell: bash continue-on-error: true run: | export ARM_ACCESS_KEY=${{ secrets.ARM_ACCESS_KEY }} export BTP_USERNAME=${{ secrets.BTP_USERNAME }} export BTP_PASSWORD=${{ secrets.BTP_PASSWORD }} terraform -chdir=${{ env.PATH_TO_TFSCRIPT }} plan -var globalaccount=${{ secrets.GLOBALACCOUNT }} -var region=${{ github.event.inputs.REGION }} -var project_name=${{ github.event.inputs.PROJECT_NAME }} -var stage=${{ github.event.inputs.STAGE }} -var costcenter=${{ github.event.inputs.COST_CENTER }} -var org_name=${{ github.event.inputs.ORGANIZATION }} -no-color -detailed-exitcode - name: Create issue if: steps.terraform_plan.outcome == 'failure' uses: actions/github-script@v7 env: PROJECT_NAME: ${{ github.event.inputs.PROJECT_NAME }} REGION: ${{ github.event.inputs.REGION }} STAGE: ${{ github.event.inputs.STAGE }} COST_CENTER: ${{ github.event.inputs.COST_CENTER }} RUN_ID : ${{ github.run_id }} with: script: | const issueTitle = `Configuration Drift Detected for ${process.env.PROJECT_NAME}` const issueBody = `A drift has been detected for ${process.env.PROJECT_NAME} in ${process.env.REGION} region. Stage is ${process.env.STAGE} and cost center is ${process.env.COST_CENTER}. Find more information in the run https://github.com/btp-automation-scenarios/btp-terraform-drift/actions/runs/${process.env.RUN_ID}` github.rest.issues.create({ owner: context.repo.owner, repo: context.repo.repo, labels: [ 'automated issue', 'drift detected' ], title: issueTitle, body: issueBody }) - name: State deviation - Set run to failed if: steps.terraform_plan.outcome == 'failure' uses: actions/github-script@v7 with: script: | core.setFailed('A configuration drift was detected!')
Another aspect worth to discuss is the integration into existing processes especially on the SAP side of the house. We implemented the flow and the "handling" (namely the creation of a GitHub issue) in an isolated fashion. However, we also received the ask to integrate the flow into the SAP solutions that might already deal with such governance tasks like SAP Cloud ALM. based on that we have a feature request open (link) in the repository of the Terraform Provider for SAP BTP. If you would like to share your point of view or vote for it, this is the place to go.
Related posts
- Stack Grafana deployed on AWS ECS -Part 1 - Create a Cluster
- Terraform Starter Boilerplate for GCP using Terragrunt
- Authorization and Amazon Verified Permissions - A New Way to Manage Permissions Part XIV: AVP Getting Started
- Despliega una Infraestructura de Red AWS Robusta con Terraform
- Terraform-AWS-Nuke-Bomber