# Configure the Harness Terraform Provider
# Replace with your Harness Manager endpoint if self-hosted (e.g., https://your-harness-domain.com/gateway)
# The account_id and platform_api_key will be provided securely, ideally via environment variables or Harness Secrets.
provider "harness" {
endpoint = "https://app.harness.io/gateway" # Adjust for your self-hosted instance
account_id = var.harness_account_id
platform_api_key = var.harness_platform_api_key
}
# Define a variable for the Harness Account ID
variable "harness_account_id" {
description = "The Harness Account ID where resources will be provisioned."
type = string
sensitive = true # Mark as sensitive to prevent logging
}
# Define a variable for the Harness Platform API Key
variable "harness_platform_api_key" {
description = "The Harness Platform API Key for authentication."
type = string
sensitive = true # Mark as sensitive to prevent logging
}
# 1. Manage a Harness Organization
# This resource creates or manages a Harness Organization.
# Change 'self_managed_org' and 'Self Managed Organization' to your desired names.
resource "harness_platform_organization" "self_managed_org" {
name = "Self Managed Organization"
identifier = "self_managed_org" # Unique identifier, often lowercase and hyphenated
description = "Organization managed by Terraform via Harness Pipeline"
}
# 2. Manage a Harness Project within the Organization
# This resource creates or manages a Harness Project.
# It depends on the organization being created first.
# Change 'self_managed_project' and 'Self Managed Project' to your desired names.
resource "harness_platform_project" "self_managed_project" {
name = "Self Managed Project"
identifier = "self_managed_project" # Unique identifier
org_id = harness_platform_organization.self_managed_org.identifier # Reference the organization's identifier
description = "Project managed by Terraform within Self Managed Organization"
color = "#0066FF" # Optional: Project color
# Dependencies ensure resources are created in the correct order
depends_on = [
harness_platform_organization.self_managed_org
]
}
# 3. Manage a Sample Harness Pipeline within the Project
# This resource creates or manages a Harness Pipeline.
# This is a very basic example; a real pipeline YAML would be much more complex.
# You can define a more complex pipeline YAML in a separate file (e.g., pipeline.yaml)
# and read its content using `file()` function, or embed it directly.
# Change 'self_managed_example_pipeline' to your desired name and identifier.
resource "harness_platform_pipeline" "self_managed_example_pipeline" {
name = "Self Managed Example Pipeline"
identifier = "self_managed_example_pipeline" # Unique identifier
org_id = harness_platform_organization.self_managed_org.identifier
project_id = harness_platform_project.self_managed_project.identifier
# The 'yaml' block defines the actual pipeline structure.
# This is a minimal example. You would replace this with your actual pipeline definition.
# Ensure the YAML is properly indented and escaped if embedded directly.
# For complex YAML, consider using file("${path.module}/pipeline_definition.yaml")
yaml = <<-EOT
pipeline:
name: ${harness_platform_pipeline.self_managed_example_pipeline.name}
identifier: ${harness_platform_pipeline.self_managed_example_pipeline.identifier}
projectIdentifier: ${harness_platform_project.self_managed_project.identifier}
orgIdentifier: ${harness_platform_organization.self_managed_org.identifier}
tags: {}
properties:
ci:
codebase:
connectorRef: YOUR_CODE_REPO_CONNECTOR_REF # Replace with a valid connector to your code repo
repoName: YOUR_REPO_NAME # Replace with your repository name
build: <+input>
stages:
- stage:
name: Build
identifier: Build
description: ""
type: CI
spec:
cloneCodebase: true
platform:
arch: Amd64
os: Linux
runtime:
spec: {}
type: Cloud
execution:
steps:
- step:
type: Run
name: Echo Hello
identifier: Echo_Hello
spec:
shell: Sh
command: echo "Hello from self-managed pipeline!"
EOT
# Dependencies ensure resources are created in the correct order
depends_on = [
harness_platform_project.self_managed_project
]
}
# Example of managing other Harness resources (uncomment and configure as needed)
/*
# Manage a Harness Connector (e.g., a Git Connector)
resource "harness_platform_connector_github" "github_connector" {
name = "MyGitHubConnector"
identifier = "my_github_connector"
description = "GitHub connector managed by Terraform"
org_id = harness_platform_organization.self_managed_org.identifier
project_id = harness_platform_project.self_managed_project.identifier
# For SaaS Git provider, specify URL and credentials
url = "https://github.com/your-org"
connection_type = "Account" # Or "Project"
# You might use secrets for authentication, e.g., personal_access_token_ref or ssh_key_ref
# For example, using a personal access token stored as a Harness Secret:
# api_authentication {
# token_ref = "account.${harness_platform_secret_text.github_pat.identifier}" # Replace with your secret ID
# }
}
# Manage a Harness Secret Text
resource "harness_platform_secret_text" "github_pat" {
name = "github_pat"
identifier = "github_pat"
description = "GitHub Personal Access Token"
org_id = harness_platform_organization.self_managed_org.identifier
project_id = harness_platform_project.self_managed_project.identifier
secret_manager_identifier = "harnesssecrethsm" # Or your custom secret manager ID
value_type = "Inline"
value = "YOUR_GITHUB_PAT_VALUE" # IMPORTANT: Use Harness Secrets to store this securely
# For production, fetch this from a secure location or use an external secret manager
}
*/