CPG's Terraform Connector
ITOM Cloud Provisioning and Governance (formerly CMP) offers automated request process for template based iaas/paas deployments to clouds. Terraform support was introduced more than 2 years back supporting Terraform open-source, later we added the Terraform Enterprise / Terraform cloud support too.
With this, development and DevOps teams can focus on their app code and leave the provisioning and governance, as well as things like approvals, updating cmdb, and other policies in hands of CPG's automated request process. Using the REST API for ordering CPG catalog items, this can be easily called from CI-CD pipeline scripts.
From an IT / CCoE perspective this gives the central team the ability to govern and setup "enterprise-compliant" deployment for IaaS, PaaS with integrated story to call IPAM, Monitoring etc - via custom platform orchestration flows.
CPG's ability to discover the Terraform configs right out of the repositories (Github, Gitlabs, Azure DevOps repositories) and provide these for automated creation of catalog items (including mapping catalog variables to cmdb queries) is an "automagic" experience saving time from otherwise painstaking work. When the IaC code is changed, the CPG's discovery picks up the changes and brings in these for a review and approval, and in 1-click the catalog item can be updated with the changes.
New capabilities
With this latest release we support the following capabilities -
- Support for Terraform versions (1.1, 1.2) - existing catalogs built to work with Terraform 0.11 and 0.12 continue to work
- Support for complex variable types (map, list, json object and tuples)
- Support for ADO repositories in addition to Github and Gitlab repositories with Terraform cloud/ Terraform enterprise
With support for terraform 1x versions we are making the solution more future proof to work with the latest providers and capabilities from Terraform.
One of the striking new features we introduced is support for complex variables - DevOps teams use this to deploy profiles of options for server, app and network deployments. Complex variables are of various types such as list, tuple, map, object form as well as a combination of these. e.g. list of maps.
example of complex variable below -
variable "vms" {
type = map(object({
size = string
disks = list(number)
}))
default = {
azurevm1 = {
size = "Standard_DS1_v2"
disks = [30, 70]
}
}
}
The above is an example of a complex var definition for a VM of a particular t-shirt size, with variable number of disks of various sizes.
With CPG a complex variable definitions translates into a catalog item form input that looks like this -
Using this a server farm deployment can also be done with different VMs of varied configuration settings.
Here's a sample template that can be used for trying out the new capabilities.
#File =main.tf
provider "aws" {
access_key = var.access_key
secret_key = var.secret_key
region = var.region
version = ">= 3.0"
}
resource "aws_instance" "app_server" {
ami = var.ami
instance_type = var.instance_type
tags = var.dtags
}
variable "access_key" {}
variable "secret_key" {}
variable "region" {
type = string
default = "us-east-1"
}
variable "ami" {
type = string
default = "ami-830c94e3"
}
variable "instance_type" {
type = string
default = "t1.small"
}
variable dtags {
type = map(string)
default = { environment = "dev-test" }
}
We are planning to provide more of these working templates via public github. Watch this space for updates.
I would like to leave you with the interesting information about new capabilities to support various Terraform version control systems. We now support Github, GitLab, Azure DevOps repositories - in both the on-prem and cloud versions. with this customers can work with the repository of their choice. we will support additional repositories (e.g. bitbucket) in next releases if there's demand for this.
Usage approach
The recommendation from our side is to use this as a mechanism to enhance your app pipeline process using agile, sprint oriented approaches for the infrastructure / platform requirements. DevOps team feeds the templates based on the app dev teams needs and the ServiceNow cloud service designer role helps to convert these templates with review and adding additional governance (e.g. check for approved images, vm sizes, settings like encryption, approvals).
Using this approach, the app teams do not have to bother about the audit, change, policy etc and instead focus on their app code only.
With tagging used in the workflow CPG can enable service mapping capabilities also via tag-based service mapping. I will talk more on this in another article.
Call to action
Dear friends both customers and partners try out the new terraform app. More details here.
Link to the store app https://store.servicenow.com/sn_appstore_store.do#!/store/application/9b04ffc20b1323002530a387b6673a...
Docs
Thank you
Ram and the CPG engineering team
