Add

Author: craigthackerx

.azuredevops/templates/jobs/terraform-free-form.yaml

@@ -0,0 +1,304 @@
+parameters:
+  - name: JobName
+    type: string
+    default: TerraformInitPlanJob
+    displayName: 'Custom Job Name'
+
+  - name: JobDisplayName
+    type: string
+    default: "Terraform Init & Terraform Plan"
+    displayName: 'Custom Job Display Name'
+
+  - name: TerraformCodeLocation
+    type: string
+    default: 'terraform'
+    displayName: 'Terraform Code Path'
+
+  - name: TerraformStackToRunJson
+    type: string
+    default: '["all"]'
+    displayName: 'Terraform Stacks to Run'
+
+  - name: TerraformWorkspace
+    type: string
+    default: ''
+    displayName: 'Terraform Workspace'
+
+  - name: RunTerraformInit
+    type: string
+    values: [ "true", "false" ]
+    default: "true"
+    displayName: 'Run Terraform Init'
+
+  - name: RunTerraformValidate
+    type: string
+    values: [ "true", "false" ]
+    default: "true"
+    displayName: 'Run Terraform Init'
+
+  - name: RunTerraformPlan
+    type: string
+    values: [ "true", "false" ]
+    default: "true"
+    displayName: 'Run Terraform Plan'
+
+  - name: RunTerraformPlanDestroy
+    type: string
+    values: [ "true", "false" ]
+    default: "false"
+    displayName: 'Run Terraform Plan Destroy'
+
+  - name: RunTerraformApply
+    type: string
+    values: [ "true", "false" ]
+    default: "false"
+    displayName: 'Run Terraform Apply'
+
+  - name: RunTerraformDestroy
+    type: string
+    values: [ "true", "false" ]
+    default: "false"
+    displayName: 'Run Terraform Destroy'
+
+  - name: TerraformInitCreateBackendStateFileName
+    type: string
+    values: [ "true", "false" ]
+    default: "true"
+    displayName: 'Whether the script should attempt to make a state file based on stack name'
+
+  - name: TerraformInitCreateBackendStateFilePrefix
+    type: string
+    default: ""
+    displayName: 'Backend prefix'
+
+  - name: TerraformInitCreateBackendStateFileSuffix
+    type: string
+    default: ""
+    displayName: 'Backend suffix'
+
+  - name: TerraformInitExtraArgsJson
+    type: string
+    default: '[ ]'
+    displayName: 'Extra Args for terraform init'
+
+  - name: TerraformPlanExtraArgsJson
+    type: string
+    default: '[ ]'
+    displayName: 'Extra Args for terraform plan'
+
+  - name: TerraformPlanDestroyExtraArgsJson
+    type: string
+    default: '[ ]'
+    displayName: 'Extra Args for terraform plan -destroy'
+
+  - name: TerraformApplyExtraArgsJson
+    type: string
+    default: '[ ]'
+    displayName: 'Extra Args for terraform apply'
+
+  - name: TerraformDestroyExtraArgsJson
+    type: string
+    default: '[ ]'
+    displayName: 'Extra Args for terraform destroy'
+
+  - name: DebugMode
+    type: string
+    values: [ "true", "false" ]
+    default: "false"
+    displayName: 'Enable Debug Logging'
+
+  - name: DeletePlanFiles
+    type: string
+    values: [ "true", "false" ]
+    default: "true"
+    displayName: 'Delete Plan Files After Execution'
+
+  - name: TerraformVersion
+    type: string
+    default: 'latest'
+    displayName: 'Terraform Version'
+
+  - name: RunCheckov
+    type: string
+    values: [ "true", "false" ]
+    default: "true"
+    displayName: 'Run Checkov Scan'
+
+  - name: CheckovSkipCheck
+    type: string
+    default: ''
+    displayName: 'Checkov Skip Checks (Comma-Separated)'
+
+  - name: CheckovSoftfail
+    type: string
+    values: [ "true", "false" ]
+    default: "false"
+    displayName: 'Soft-Fail Checkov Scan'
+
+  - name: CheckovExtraArgsJson
+    type: string
+    default: '[ ]'
+    displayName: 'ExtraArgs for CheckOv as JSON'
+
+  - name: TerraformPlanFileName
+    type: string
+    default: 'tfplan.plan'
+    displayName: 'Terraform Plan File Name'
+
+  - name: TerraformDestroyPlanFileName
+    type: string
+    default: 'tfplan-destroy.plan'
+    displayName: 'Terraform Destroy Plan File Name'
+
+  - name: CreateTerraformWorkspace
+    type: string
+    values: [ "true", "false" ]
+    default: "true"
+    displayName: 'Create or Select Terraform Workspace'
+
+  - name: UseAzureClientSecretLogin
+    type: string
+    values: [ "true", "false" ]
+    default: "false"
+    displayName: 'Use Azure Client Secret Login'
+
+  - name: UseAzureOidcLogin
+    type: string
+    values: [ "true", "false" ]
+    default: "true"
+    displayName: 'Use Azure OIDC Login'
+
+  - name: UseAzureUserLogin
+    type: string
+    values: [ "true", "false" ]
+    default: "false"
+    displayName: 'Use Azure User (Device Code) Login'
+
+  - name: UseAzureManagedIdentityLogin
+    type: string
+    values: [ "true", "false" ]
+    default: "false"
+    displayName: 'Use Azure Managed Identity Login'
+
+  - name: UseAzureServiceConnection
+    type: string
+    values: [ "true", "false" ]
+    default: "true"
+    displayName: 'Use Azure DevOps Service Connection'
+
+  - name: InstallTenvTerraform
+    type: string
+    values: [ "true", "false" ]
+    default: "false"
+    displayName: 'Install Tenv and Terraform'
+
+  - name: InstallAzureCli
+    type: string
+    values: [ "true", "false" ]
+    default: "false"
+    displayName: 'Install Azure CLI'
+
+  - name: AttemptAzureLogin
+    type: string
+    values: [ "true", "false" ]
+    default: "false"
+    displayName: 'Attempt Azure Login in Script'
+
+  - name: InstallCheckov
+    type: string
+    values: [ "true", "false" ]
+    default: "false"
+    displayName: 'Install Checkov'
+
+  - name: ServiceConnection
+    type: string
+    displayName: 'Azure DevOps Service Connection Name'
+
+  - name: additionalEnvVars
+    type: object
+    default: { }
+    displayName: 'Additional Environment Variables to Export'
+
+  - name: additionalJobVars
+    type: object
+    default: { }
+    displayName: 'Additional Job Variables'
+
+  - name: BackendUseAzureADAuth
+    type: string
+    values: [ "true", "false" ]
+    default: "true"
+    displayName: 'Backend Authentication via Azure AD'
+
+  - name: TargetSubscriptionId
+    type: string
+    default: ''
+    displayName: 'Target Azure Subscription ID (Overrides Default)'
+
+  - name: AzureDevOpsPoolName
+    type: string
+    default: ''
+    displayName: 'The Pool Name for the Job to run on'
+
+  - name: AzurePipelinesVmImage
+    type: string
+    default: 'ubuntu-latest'
+    displayName: 'If Azure Pipelines is selected, which vmImage to run'
+
+  - name: dependsOnJobs
+    displayName: "Depends On"
+    type: object
+    default: [ ]
+
+  - name: WorkspaceClean
+    displayName: "Workspace clean"
+    type: string
+    default: "all"
+    values:
+      - "all"
+      - "outputs"
+      - "resources"
+
+  - name: EnableGitLongPaths
+    values: [ "true", "false" ]
+    default: "true"
+    displayName: 'Run Git Long paths enablement'
+
+  - name: ConfigureAzureDevOpsGitUrl
+    values: [ "true", "false" ]
+    default: "false"
+    displayName: 'Configure the Git Azure DevOps URL with insteadof for System.AccessToken injection'
+
+jobs:
+  - job: ${{ parameters.JobName }}
+    displayName: ${{ parameters.JobDisplayName }}
+    pool:
+      name: ${{ parameters.AzureDevOpsPoolName }}
+      ${{ if eq(parameters.AzureDevOpsPoolName, 'Azure Pipelines') }}:
+        vmImage: ${{ parameters.AzurePipelinesVmImage }}
+    dependsOn: ${{ parameters.dependsOnJobs }}
+    workspace:
+      clean: ${{ parameters.WorkspaceClean }}
+
+    ${{ if ne(length(parameters.additionalJobVars), 0) }}:
+      variables:
+        ${{ each jobVar in parameters.additionalJobVars }}:
+          ${{ jobVar.Key }}: ${{ jobVar.Value }}
+
+    steps:
+      - template: ../steps/terraform-free-form.yaml
+        parameters:
+          TerraformCodeLocation: ${{ parameters.TerraformCodeLocation }}
+          TerraformArguments: ${{ parameters.TerraformArguements }}
+          UseAzureClientSecretLogin: ${{ parameters.UseAzureClientSecretLogin }}
+          UseAzureOidcLogin: ${{ parameters.UseAzureOidcLogin }}
+          UseAzureUserLogin: ${{ parameters.UseAzureUserLogin }}
+          UseAzureManagedIdentityLogin: ${{ parameters.UseAzureManagedIdentityLogin }}
+          UseAzureServiceConnection: ${{ parameters.UseAzureServiceConnection }}
+          AttemptAzureLogin: ${{ parameters.AttemptAzureLogin }}
+          ServiceConnection: ${{ parameters.ServiceConnection }}
+          additionalEnvVars: ${{ parameters.additionalEnvVars }}
+          BackendUseAzureADAuth: ${{ parameters.BackendUseAzureADAuth }}
+          TargetSubscriptionId: ${{ parameters.TargetSubscriptionId }}
+          EnableGitLongPaths: ${{ parameters.EnableGitLongPaths }}
+          ConfigureAzureDevOpsGitUrl: ${{ parameters.ConfigureAzureDevOpsGitUrl }}