Workflow Step
StackGuardian's Workflow Engine supports Terraform templates, allowing for efficient infrastructure management and streamlined automation directly within your workflows.
Motivation​
Following reasons behind bringing down this as a feature:
- Flexible: Users can enhance their workflows with IAC tools such as Terraform for specialized needs.
- Productive: This integration aligns with users' existing IAC expertise, reducing the learning curve.
- Resourceful: It allows users to make the most of their current infrastructure code and the unique features of their chosen IAC tools. For example, organizations with substantial infrastructure code in Ansible can easily incorporate it into their workflows.
Leverage the flexibility​
When working with workflow templates, here are a few things to expect:
Workflow Steps Template Creation​
This guide outlines the creation of workflow steps templates, enabling the integration of personalized automation steps. Follow the instructions below to configure your template.
Step 1: Select Template Type​
- Go to the Marketplace > select the
Your-Org Template
tab on the left navigation bar, and then click on the Create Template button. - Choose "Workflow Steps (Preview)" for creating a workflow step template.
Step 2: Input Template Details​
- Template Name: Provide a unique name for the template (e.g.,
Terraform-Cloud-Setup
). - Owner Org: Specify the owning organization (e.g.,
demo-org
). - Description and Template: You have the option to include these.
Step 3: Configure Workflow Steps​
- Source Config Kind: Select the kind of source configuration (e.g.,
DOCKER_IMAGE
). - Source Destination Kind: Choose the destination type (e.g.,
CONTAINER_REGISTRY
).
Step 4: Docker Image Configuration​
- Docker Image: Enter the URI of the Docker image.
- Private Registry: Specify if the Docker registry is private.
- Docker Image Username: Provide the Docker registry username.
- Authentication Method: Choose a method for private registry authentication, like
/secrets/some-vault-secret
.
Step 5: Template Inputs​
- Specify template inputs using either a FORM or JSON format.
- For a No-Code approach, implement inputs with a Form JSON Schema.
- Example This schema specifies inputs for running Terraform, including configuration and variables file paths.
{
{
"type": "object",
"required": ["configPath", "variableFile"],
"properties": {
"configPath": {
"type": "string",
"title": "Terraform Config Path",
"default": "main.tf",
"description": "Path to the Terraform configuration file."
},
"variableFile": {
"type": "string",
"title": "Terraform Variables File",
"default": "terraform.tfvars",
"description": "Path to the Terraform variables file."
},
"terraformOptions": {
"type": "string",
"title": "Terraform Options",
"description": "Additional options for Terraform command."
}
}
}
}
- After configuring the inputs, click the Create button to save the template.
- Subscribe to use the workflow step template in your organization.
Fig: Creating a Workflow Steps
After the template has been created, the user must Subscribe to it before they can begin utilizing it.
Accessing Workflow Step Configuration Data​
In workflow steps, the no-code form's configuration data is key for customizing the behavior of the step. This data is encoded and made accessible within the workflow step's Docker container.
Decoding Configuration Data​
The workflow step configuration data is encoded in Base64 format and stored in an environment variable BASE64_WORKFLOW_STEP_INPUT_VARIABLES
. To access and utilize this data within your Docker container, you need to decode it using the following shell command:
workflowStepInputParams=$(echo "${BASE64_WORKFLOW_STEP_INPUT_VARIABLES}" | base64 -d -i)
Decode the Base64 string in BASE64_WORKFLOW_STEP_INPUT_VARIABLES
to access JSON in workflowStepInputParams
. Use this for your workflow logic.
Ensure your Docker environment supports Base64 decoding and JSON parsing.
For a complete list of StackGuardian environment variables, refer to Environment Variables.
Persist data between workflow steps and workflows​
The structure and purpose of different directories involved when your workflow is run is outlined below. Only artifact dir content are persisted across workflow run, all other contents of the workspace root directory are cleaned after and before starting a new workflow run.
-
StackGuardian Workspace Root Directory:
- Path:
/mnt/sg_workspace
- The root directory serves as the base directory for workflow files, like the code fetched from your git repo, generated artifact in the runtime (e.g. terraform plans, state files etc.).
- Path:
-
User Directory:
- Path:
/mnt/sg_workspace/user/{repository-name}
- The user directory contains the version control system (VCS) repository of the user, named after the repository's name. This directory includes all the files from the user's repository.
- Since we create a new container for each workflow step, you can mount this directory across workflow steps to use the facts generated in one step inside another.
- Path:
-
Artifacts Directory:
- Path:
/mnt/sg_workspace/artifacts
- The artifacts directory is the location where all artifacts generated by the workflow steps are stored. The contents of this directory are persisted between workflow runs. For example, Terraform workflow uses this artifacts directory to persist state files between workflow runs.
- Placing a file named
sg.outputs.json
at the following path/mnt/sg_workspace/artifacts/sg.outputs.json
will allow you to see its JSON content in the Outputs tab of that workflow which also makes that json available to be referenced across workflows.
- Path:
cmdOverrides
: Use Command Overrides to specify custom instructions that will execute when the user job begins, overriding the default commands of the Docker image in the workflow step. The syntax can be a simple string or an array format, like"executable parameter1 parameter2"
or["executable", "parameter1", "parameter2"]
.