Cloud Services

Enterprise Marketplace

Expand menu Collapse menu

Pre- and post-provisioning policies for Terraform

Published On Oct 08, 2024 - 8:47 AM

Pre- and post-provisioning policies for Terraform

This page covers guidelines for creating and implementing pre- and post-provisioning policies for Terraform.

Software requirements

To generate JSON values, you must have the following Python package installed: https://pypi.org/project/python-hcl2/.

Roles required

To perform these procedures, the team that you are part of must have the Policy Admin
role.

Prerequisites for pre- and post-provisioning hooks

Before you can create policies for pre- and post-provisioning, you need to configure the callback URLs and apply the pre and post provisioning hook policies.

Create a post-provisioning hook policy

In Kyndryl Modern Operations Applications, complete these steps:

Navigate to the Developer Console
page. To learn more about navigating to the different services from each tenant, refer to Landing page navigation or Kyndryl Bridge Landing page navigation.

For Application
, select consume
.

In the Service
field, select Consume common API
.

In the Client Management API
section, click POST {API-Gateway}/emp/common/clients
.

Click Try it out
.

Enter the following in the payload:

{

 "name": "TerraformEngineProvisioningHook",

 "provider_code": "ibmcloud",

 "applicable_for": [

   {

     "id": "integration",

     "values": [

       "ProvisioningPostHook"

     ]

   }

 ],

 "callback": {

   "url": "cb-softlayer-prov-adapter:8010/adapter/post_prov_hook",

   "certs": {

     "endpoint_ca_cer": "",

     "endpoint_cer": "",

     "endpoint_key": ""

   },

   "connection_protocol": "http"

 }

}

Click Execute
.

Create a fulfillment policy for the post-provisioning policy

Create a fulfillment policy using the routingKey generated in the last section by using which Post hook subscription is created using these steps. The team you are part of must have the Policy Administrator role or the API won't work.

Navigate to the Developer Console
page. To learn more about navigating to the different services from each tenant, refer to Landing page navigation or Kyndryl Bridge Landing page navigation.

For Application
, select consume
.

In the Service
field, select Fullfillment_Service
.

In the v4-fulfillment-apis
section, click POST <API_GATEWAY>/v4/api/fulfillment/policies
.

Click Try it out
.

Enter the following in the payload. Make sure that the startDate is the day when you invoke this API. The correct context is the same as the context of the one that places the order.

{

 "context": [

   {

     "tagType": "team",

     "tagValueCodes": [

       "allinone"

     ]

   },

   {

     "tagType": "org",

     "tagValueCodes": [

       "admin_org"

     ]

   }

 ],

 "endDate": "",

 "name": "TerraformPostProvisioningPolicy",

 "policyType": "fulfillments",

 "rules": [

   {

     "rule_name": "TerraformPostProvisioning",

     "priority": 1,

     "condition": [

       "providerCode in ('aws')",

       "integrationType == postprovisioning",

       "orderType in ('New')"

     ],

     "outcome": [

       {

         "routingKey": "ibmcloud"

       }

     ]

   }

 ],

 "startDate": "2023-01-28T15:20:15.614681525Z",

 "status": "active"

}

Click Execute
.

Create a pre-provisioning hook policy

In Kyndryl Modern Operations Applications, complete these steps:

Navigate to the Developer Console
. To learn more about navigating to the different services from each tenant, refer to Landing page navigation or Kyndryl Bridge Landing page navigation.

For Application
, select consume
.

In the Service
field, select Consume common API
.

In the Client Management API
section, click POST {API-Gateway}/emp/common/clients
.

Click Try it out
.

Enter the following in the payload:

{

 "name": "TerraformEnginePreProvisioningHook",

 "provider_code": "ibmcloud",

 "applicable_for": [

   {

     "id": "integration",

     "values": [

       "ProvisioningPreHook"

     ]

   }

 ],

 "callback": {

   "url": "cb-softlayer-prov-adapter:8010/adapter/pre_prov_hook",

   "certs": {

     "endpoint_ca_cer": "",

     "endpoint_cer": "",

     "endpoint_key": ""

   },

   "connection_protocol": "http"

 }

}

Click Execute
.

Create a fulfillment policy for the pre-provisioning policy

Create a fulfillment policy using the routingKey generated in the last section by using which Pre hook subscription is created using these steps. The team you are part of must have the Policy Administrator role or the API won't work.

Navigate to the Developer Console
. To learn more about navigating to the different services from each tenant, refer to Landing page navigation or Kyndryl Bridge Landing page navigation.

For Application
, select consume
.

In the Service
field, select Fullfillment_Service
.

In the v4-fulfillment-apis
section, click POST <API_GATEWAY>/v4/api/fulfillment/policies
.

Click Try it out
.

Enter the following in the payload. Make sure that the startDate is the day when you invoke this API. The correct context is the same as the context of the one that places the order.

{

 "context": [

   {

     "tagType": "team",

     "tagValueCodes": [

       "allinone"

     ]

   },

   {

     "tagType": "org",

     "tagValueCodes": [

       "admin_org"

     ]

   }

 ],

 "endDate": "",

 "name": "TerraformPreProvisioningPolicy",

 "policyType": "fulfillments",

 "rules": [

   {

     "rule_name": "TerraformPreProvisioning",

     "priority": 1,

     "condition": [

       "providerCode in ('aws')",

       "integrationType == preprovisioning",

       "orderType in ('Delete')"

     ],

     "outcome": [

       {

         "routingKey": "ibmcloud"

       }

     ]

   }

 ],

 "startDate": "{insert todays time}",

 "status": "active"

}

Click Execute
.

Do you have two minutes for a quick survey?

Take Survey