Cloud Services

Enterprise Marketplace

Pre- and post-provisioning policies for Terraform
Published On Jun 06, 2024 - 2:38 PM

Pre- and post-provisioning policies for Terraform

This page covers guidelines for creating and implementing pre- and post-provisioning policies for Terraform.

Software requirements

To generate JSON values, you must have the following Python package installed: https://pypi.org/project/python-hcl2/.

Roles required

To perform these procedures, the team that you are part of must have the
Policy Admin
role.

Prerequisites for pre- and post-provisioning hooks

Before you can create policies for pre- and post-provisioning, you need to configure the callback URLs and apply the pre and post provisioning hook policies.
Create a post-provisioning hook policy
In Kyndryl Modern Operations Applications, complete these steps:
  1. Navigate to the
    Developer Console
    page. To learn more about navigating to the different services from each tenant, refer to Landing page navigation or Kyndryl Bridge Landing page navigation.
  2. For
    Application
    , select
    consume
    .
  3. In the
    Service
    field, select
    Consume common API
    .
  4. In the
    Client Management API
    section, click
    POST {API-Gateway}/emp/common/clients
    .
  5. Click
    Try it out
    .
  6. Enter the following in the payload:
    { "name": "TerraformEngineProvisioningHook", "provider_code": "ibmcloud", "applicable_for": [ { "id": "integration", "values": [ "ProvisioningPostHook" ] } ], "callback": { "url": "cb-softlayer-prov-adapter:8010/adapter/post_prov_hook", "certs": { "endpoint_ca_cer": "", "endpoint_cer": "", "endpoint_key": "" }, "connection_protocol": "http" } }
  7. Click
    Execute
    .
Create a fulfillment policy for the post-provisioning policy
Create a fulfillment policy using the routingKey generated in the last section by using which Post hook subscription is created using these steps. The team you are part of must have the Policy Administrator role or the API won't work.
  1. Navigate to the
    Developer Console
    page. To learn more about navigating to the different services from each tenant, refer to Landing page navigation or Kyndryl Bridge Landing page navigation.
  2. For
    Application
    , select
    consume
    .
  3. In the
    Service
    field, select
    Fullfillment_Service
    .
  4. In the
    v4-fulfillment-apis
    section, click
    POST <API_GATEWAY>/v4/api/fulfillment/policies
    .
  5. Click
    Try it out
    .
  6. Enter the following in the payload. Make sure that the startDate is the day when you invoke this API. The correct context is the same as the context of the one that places the order.
    { "context": [ { "tagType": "team", "tagValueCodes": [ "allinone" ] }, { "tagType": "org", "tagValueCodes": [ "admin_org" ] } ], "endDate": "", "name": "TerraformPostProvisioningPolicy", "policyType": "fulfillments", "rules": [ { "rule_name": "TerraformPostProvisioning", "priority": 1, "condition": [ "providerCode in ('aws')", "integrationType == postprovisioning", "orderType in ('New')" ], "outcome": [ { "routingKey": "ibmcloud" } ] } ], "startDate": "2023-01-28T15:20:15.614681525Z", "status": "active" }
  7. Click
    Execute
    .
Create a pre-provisioning hook policy
In Kyndryl Modern Operations Applications, complete these steps:
  1. Navigate to the
    Developer Console
    . To learn more about navigating to the different services from each tenant, refer to Landing page navigation or Kyndryl Bridge Landing page navigation.
  2. For
    Application
    , select
    consume
    .
  3. In the
    Service
    field, select
    Consume common API
    .
  4. In the
    Client Management API
    section, click
    POST {API-Gateway}/emp/common/clients
    .
  5. Click
    Try it out
    .
  6. Enter the following in the payload:
    { "name": "TerraformEnginePreProvisioningHook", "provider_code": "ibmcloud", "applicable_for": [ { "id": "integration", "values": [ "ProvisioningPreHook" ] } ], "callback": { "url": "cb-softlayer-prov-adapter:8010/adapter/pre_prov_hook", "certs": { "endpoint_ca_cer": "", "endpoint_cer": "", "endpoint_key": "" }, "connection_protocol": "http" } }
  7. Click
    Execute
    .
Create a fulfillment policy for the pre-provisioning policy
Create a fulfillment policy using the routingKey generated in the last section by using which Pre hook subscription is created using these steps. The team you are part of must have the Policy Administrator role or the API won't work.
  1. Navigate to the
    Developer Console
    . To learn more about navigating to the different services from each tenant, refer to Landing page navigation or Kyndryl Bridge Landing page navigation.
  2. For
    Application
    , select
    consume
    .
  3. In the
    Service
    field, select
    Fullfillment_Service
    .
  4. In the
    v4-fulfillment-apis
    section, click
    POST <API_GATEWAY>/v4/api/fulfillment/policies
    .
  5. Click
    Try it out
    .
  6. Enter the following in the payload. Make sure that the startDate is the day when you invoke this API. The correct context is the same as the context of the one that places the order.
    { "context": [ { "tagType": "team", "tagValueCodes": [ "allinone" ] }, { "tagType": "org", "tagValueCodes": [ "admin_org" ] } ], "endDate": "", "name": "TerraformPreProvisioningPolicy", "policyType": "fulfillments", "rules": [ { "rule_name": "TerraformPreProvisioning", "priority": 1, "condition": [ "providerCode in ('aws')", "integrationType == preprovisioning", "orderType in ('Delete')" ], "outcome": [ { "routingKey": "ibmcloud" } ] } ], "startDate": "{insert todays time}", "status": "active" }
  7. Click
    Execute
    .
Do you have two minutes for a quick survey?
Take Survey