professional-service-best-practices/terraform-nested-folders
14
0
Fork 0
generated from professional-service-best-practices/best-practice-template
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request 'Initial commit' (#1) from dev into main
All checks were successful
CI / Check License Header (push) Successful in 4s
Details
CI / TruffleHog Secrets Scan (push) Successful in 4s
Details
CI / Terraform CI (push) Successful in 8s
Details

Browse source 
Reviewed-on: #1
This commit is contained in:
Mauritz_Uphoff 2025-11-12 08:19:29 +00:00
commit 7f8759f981
Signed by: professional-service.git.onstackit.cloud
GPG key ID: 004207B7C5DED9F7
7 changed files with 51 additions and 124 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
00-backend.tf
View file

@ -1,4 +1,4 @@
/*Copyright 2025 STACKIT GmbH & Co. KG <maintainer.email@stackit.cloud>
/*Copyright 2025 STACKIT GmbH & Co. KG <mauritz.uphoff@stackit.cloud>
Use of this source code is governed by an MIT-style
license that can be found in the LICENSE file or at

6
00-provider.tf
View file

@ -1,4 +1,4 @@
/*Copyright 2025 STACKIT GmbH & Co. KG <maintainer.email@stackit.cloud>
/*Copyright 2025 STACKIT GmbH & Co. KG <mauritz.uphoff@stackit.cloud>
Use of this source code is governed by an MIT-style
license that can be found in the LICENSE file or at
@ -9,7 +9,7 @@ terraform {
required_providers {
stackit = {
source = "stackitcloud/stackit"
version = "0.69.0"
version = "~>0.69.0"
}
random = {
source = "hashicorp/random"
@ -21,6 +21,6 @@ terraform {
provider "stackit" {
default_region = var.stackit_region
service_account_key_path = var.stackit_service_account_key_path
experiments = ["routing-tables", "network"]
experiments = ["routing-tables", "network", "iam"]
enable_beta_resources = true
}

11
01-variables.tf
View file

@ -1,4 +1,4 @@
/*Copyright 2025 STACKIT GmbH & Co. KG <maintainer.email@stackit.cloud>
/*Copyright 2025 STACKIT GmbH & Co. KG <mauritz.uphoff@stackit.cloud>
Use of this source code is governed by an MIT-style
license that can be found in the LICENSE file or at
@ -14,7 +14,12 @@ variable "stackit_service_account_key_path" {
default = "keys/sa-key.json"
}
variable "stackit_project_id" {
variable "stackit_org_id" {
type = string
default = "XXXX-XXXX-XXXX-XXXX"
default = "03a34540-3c1a-4794-b2c6-7111ecf824ef"
}
variable "owner_email" {
type = string
default = "mauritz.uphoff@stackit.cloud"
}

10
02-example.tf
View file

@ -1,10 +0,0 @@
/*Copyright 2025 STACKIT GmbH & Co. KG <maintainer.email@stackit.cloud>
Use of this source code is governed by an MIT-style
license that can be found in the LICENSE file or at
https://opensource.org/licenses/MIT.*/
resource "stackit_network" "example" {
project_id = var.stackit_project_id
name = "example"
}

36
02-folder.tf Normal file
View file

@ -0,0 +1,36 @@
/*Copyright 2025 STACKIT GmbH & Co. KG <mauritz.uphoff@stackit.cloud>
Use of this source code is governed by an MIT-style
license that can be found in the LICENSE file or at
https://opensource.org/licenses/MIT.*/
resource "stackit_resourcemanager_folder" "folder_lvl_1" {
name = "folder_lvl_1"
owner_email = var.owner_email
parent_container_id = var.stackit_org_id
}
resource "stackit_resourcemanager_folder" "folder_lvl_2" {
name = "folder_lvl_2"
owner_email = var.owner_email
parent_container_id = stackit_resourcemanager_folder.folder_lvl_1.container_id
}
resource "stackit_resourcemanager_project" "proj_folder_1" {
parent_container_id = stackit_resourcemanager_folder.folder_lvl_1.container_id
name = "proj-folder1"
owner_email = var.owner_email
}
resource "stackit_resourcemanager_project" "proj_folder_2" {
parent_container_id = stackit_resourcemanager_folder.folder_lvl_2.container_id
name = "proj-folder2"
owner_email = var.owner_email
}
resource "stackit_authorization_project_role_assignment" "editor_folder_1" {
resource_id = stackit_resourcemanager_project.proj_folder_2.project_id
role = "editor"
subject = "markus.brunsch@stackit.cloud"
}

2
MAINTAINERS.md
View file

@ -1,7 +1,7 @@
# Maintainers
General maintainers:
* Foo Bar (foo.bar@stackit.cloud)
* Mauritz Uphoff (mauritz.uphoff@stackit.cloud)
This BP is actively maintained. The owner is responsible for reviewing and updating dependencies and functionalities on a monthly basis.
For questions, issues, or feature requests, please email general maintainers.

108
README.md
View file

@ -1,112 +1,8 @@
# [Name of the Best Practice Template]
# Terraform Nested Folder
## Overview
This repository provides a standardized template to solve [specific problem or use case]. It is designed to ensure quality, maintainability, and security for [mention the technology, e.g., Terraform module, CI/CD pipeline, etc.] on **STACKIT**.
The main goal of this Best Practice (BP) is to [briefly describe the primary benefit, e.g., "deploy a secure and cost-effective Kubernetes cluster on STACKIT"].
## License Header
```console
/*
Copyright 2025 STACKIT GmbH & Co. KG <maintainer.email@stackit.cloud>
Use of this source code is governed by an MIT-style
license that can be found in the LICENSE file or at
https://opensource.org/licenses/MIT.
*/
```
## Setup Git GPG Key
1. Generate GPG Key
```console
gpg --full-generate-key
```
1. Configure Git to use the Key
```console
git config --global user.signingkey <GPG KEY ID>
git config --global commit.gpgsign true
```
1. Read GPG Key and add it to STACKIT Git
```console
gpg --armor --export <GPG KEY ID>
```
Copy the Public Key block and add it into your Profile settings on the STACKIT Git instance.
https://docs.codeberg.org/security/gpg-key/
https://gist.github.com/troyfontaine/18c9146295168ee9ca2b30c00bd1b41e
## Prerequisites
Before using this template, ensure you have the following:
* **Tools**:
* [Tool Name, e.g., Terraform] version `x.y.z` or higher
* [Tool Name, e.g., Git]
* **Access & Permissions**:
* [Required access, e.g., Project Member permissions on a STACKIT project]
* STACKIT provider credentials configured
## How to Use
Follow these steps to implement the template:
1. **Clone the repository:**
```bash
git clone [repository-url]
cd [repository-name]
```
2. **Configure the variables:**
* Create a `terraform.tfvars` file or set environment variables as described in the **Configuration** section below.
3. **Initialize and apply:**
```bash
terraform init
terraform plan
terraform apply
```
4. **Verify the deployment:**
* [Provide a simple command or step to check if the deployment was successful].
## Configuration
The following variables can be configured.
| Variable Name | Description | Type | Default Value | Required |
|---------------|---------------------------------------------|----------|---------------|----------|
| `project_id` | The STACKIT project ID. | `string` | `null` | Yes |
| `region` | The region where resources will be created. | `string` | `eu01` | No |
| `...` | ... | `...` | `...` | ... |
## Testing
This repository includes automated and manual testing procedures to ensure quality.
### Automated Tests
* **Validation**: `terraform validate` is automatically executed on every commit via the CI/CD pipeline.
* **Security Scans**: A secret check is performed on every push to the repository.
### Manual Tests
The following aspects should be tested manually after deployment:
* [Manual Test Case 1, e.g., "Verify connectivity to the database instance."]
* [Manual Test Case 2, e.g., "Check permissions for the created service account."]
### Dependencies
This template relies on the following pinned versions:
* **Provider [Provider Name, e.g., STACKIT]**: `~> 0.69.0`
This repository demonstrates how to create projects within nested folders.
## Changelog