Asset Inventory

Asset Inventory provides one place to easily view, analyze, and understand all your assets across projects and environments.

Resources in Cycloid Inventory can be provided using API calls or automatically using Cycloid Terraform HTTP backend.

Cycloid Terraform HTTP backend

Cycloid Terraform HTTP remote backend is a standalone element part of the global inventory feature. It corresponds to an actual Terraform HTTP backend that can be used to remotely store tfstate files.

Cycloid inventory can be used in Cycloid's pipelines or directly in Terraform as a HTTP remote state backend. It enables Cycloid features on top off Terraform such as Cycloid inventory overview, InfraPolicy and so on. Using Cycloid inventory, Terraform remote state files are sent to Cycloid API and stored in any of the compatible object storages such as Aws S3 bucket, Google Cloud Storage...

In the following graph you can have an overview of how the Cycloid Terraform HTTP backend works.

The following section explains how to use Cycloid inventory in both Cycloid pipelines and directly in Terraform code.

How to use Cycloid HTTP backend in Cycloid pipelines

In a pipeline template simply start by defining the Terraform resource type and then configuring a terraform resource with Cycloid HTTP backend by using the option backend_config

resource_types:
- name: terraform
  type: docker-image
  source:
    repository: cycloid/terraform-resource

resources:
- name: tfstate
  type: terraform
  icon: terraform
  source:
    backend_config:
      address: '($ cycloid_api_url $)/inventory?jwt=($ inventory_jwt $)'
      ## skip_cert_verification needs to be enabled when using self signed certificates.
      # skip_cert_verification: true
    backend_type: http
    env_name: default
    vars:
      env: ((env))
      project: ((project))
      customer: ((customer))

where cycloid_api_url a pipeline variable containing the Cycloid API url (ex https://http-api.cycloid.io on our Saas). And ($ inventory_jwt $) is a Cycloid special variable containing the jwt token of the Terraform HTTP backend.

This code sample uses our official cycloid/terraform-resource Docker image.

• Source code: github.com/cycloidio/terraform-resource (opens new window)
• Docker image: hub.docker.com/r/cycloid/terraform-resource (opens new window)

A common mistake if you are editing an existing pipeline, is to use the wrong resource Docker image. Please make sure the terraform resource_types used is the Cycloid docker image cycloid/terraform-resource.

For more examples on how to use and configure Terraform in Cycloid pipelines, please refer to Cycloid pipelines-examples section

Migrating an existing Terraform project on Cycloid HTTP backend/Inventory

The first step is to gather the current Terraform remote state configuration in your running pipeline. The 3 information you will need for the following step are:

• Credential: Name of the Cycloid credential used to access to your object storage.
• Object storage (bucket) name: The name of the bucket which contain the current tfstate file.
• tfstate path (key): The path where is located the tfstate file in the bucket.

You should be able to get those information by editing pipeline configuration or template, looking under the resources section for a terraform resources usually tfstate.

Example

resources:
  - name: tfstate
    type: terraform
    source:
      backend_config:
        access_key: ((aws.access_key))
        bucket: cycloid-terraform-remote-state
        key: myinfra-prod.tfstate
        region: eu-west-1
        secret_key: ((aws.secret_key))
        workspace_key_prefix: myinfra
      backend_type: s3
      env_name: prod
      vars:
        ...

• Credential: aws
• Object storage (bucket) name: cycloid-terraform-remote-state
• tfstate path (key): {workspace_key_prefix}/{env_name}/{key} -> myinfra/prod/myinfra-prod.tfstate

See Terraform backend doc here (opens new window)

resources:
- name: tfstate
  type: terraform
  icon: terraform
  source:
    env_name: prod
    backend_type: azurerm
    backend_config:
      container_name: cycloidtstate
      key: myinfra/prod/myinfra-prod.tfstate
      storage_account_name: ((azure_storage_cycloidtfstate.account_name))
      access_key: ((azure_storage_cycloidtfstate.access_key))
    vars:
      ...

• Credential: azure_storage_cycloidtfstate
• Object storage (container): cycloidtstate
• tfstate path (key): myinfra/prod/myinfra-prod.tfstate

See Terraform backend doc here (opens new window)

resources:
- name: tfstate
  type: terraform
  icon: terraform
  source:
    env_name: prod
    backend_type: gcs
    backend_config:
      bucket: cycloid-terraform-remote-state
      prefix: myinfra-prod/prod
      credentials: ((gcp-serviceaccount.json_key))
    vars:
      ...

• Credential: gcp-serviceaccount
• Object storage (bucket) name: cycloid-terraform-remote-state
• tfstate path (key): {prefix}/{env_name}.tfstate -> myinfra-prod/prod/prod.tfstate

See Terraform backend doc here (opens new window)

The second step is to configure if not already present a remote Terraform backend on your project. In your project, go under configuration tab and click on Add configuration button.

Configure the remote Terraform backend using the information gathered previously.

Then hit the Save button. It will generate a dedicated Cycloid API JWT token known as inventory_jwt to use this newly created Terraform HTTP backend.

From this point, edit your pipeline following the How to use Cycloid HTTP backend in Cycloid pipelines section. And refresh your running pipelines.

How to use Cycloid HTTP backend in Terraform

In local Terraform code, simply define a remote state backend for example in a backend.tmp.tf file:

terraform {
  backend "http" {
    address = "<CYCLOID_API_URL>/inventory?jwt=<JWT_TOKEN>"
    // skip_cert_verification needs to be enabled when using self signed certificates.
    // skip_cert_verification = true
  }
}

Make sure to use the appropriate values for:

• Cycloid URL <CYCLOID_API_URL>, for example https://http-api.cycloid.io on Cycloid SaaS version
• Cycloid HTTP backend token <JWT_TOKEN> found under your project configuration tab.

To see additional Terraform option for HTTP backends you can checkout official documentation here (opens new window)