Terraform

You can define OpsLevel services and checks with Hashicorp's Terraform tool.

With the OpsLevel Terraform provider, you can manage your service, teams and maturity rubric data with the same familiar tool you use to automate the rest of your infrastructure.

You can read more in-depth documentation about each Terraform resource and data-source on the Terraform registry.

Before we can get started please make sure you have Terraform installed.

Defining your first OpsLevel service

First we need to define the OpsLevel provider so that Terraform can pull in the provider plugin. We will also need give the provider an OpsLevel API token.

NOTE: the following code snippets assume you understand the basics of how Terraform works.

provider "opslevel" {
  apitoken = "XXX" // or environment variable OPSLEVEL_APITOKEN
}

Next we will need a few pieces of existing data from OpsLevel which are used when defining a service.

The following uses datasources to retrieve the available values for lifecycle and tier which will be used in the creation of your new service entry.

data "opslevel_lifecycle" "beta" {
    filter {
        field = "alias"
        value = "beta"
    }
}

data "opslevel_tier" "tier2" {
    filter {
        field = "index"
        value = "2"
    }
}

Then we need to create a team which will be the owner of the service. You will need to make sure the team’s manager email is associated with an user in your OpsLevel account.

resource "opslevel_team" "foo" {
  name = "foo"
  manager_email = "john.doe@example.com"
  responsibilities = "Responsible for foo frontend and backend"
}

Now that we have all the necessary pieces of data we can define our new service entry.

resource "opslevel_service" "foo" {
  name = "foo"

  description = "foo service"
  framework   = "rails"
  language    = "ruby"

  lifecycle_alias = data.opslevel_lifecycle.beta.alias
  tier_alias = data.opslevel_tier.tier3.alias
  owner_alias = opslevel_team.foo.alias
}

You can read more about all the fields available to set for a service entry here.

Creating Checks

Now that we have a service and team defined in your account let’s start to leverage the power of OpsLevel’s rubric system by defining a check.

Before we define the check we will need some additional datasources for rubric category and level.

data "opslevel_rubric_category" "security" {
  filter {
    field = "name"
    value = "Security"
  }
}

data "opslevel_rubric_level" "bronze" {
  filter {
    field = "name"
    value = "Bronze"
  }
}

Now we can define a check that validates that a repository is specified for each service entry in OpsLevel.

resource "opslevel_check_repository_integrated" "foo" {
  name = "foo"
  enabled = true
  category = data.opslevel_rubric_category.security.id
  level = data.opslevel_rubric_level.bronze.id
  owner = opslevel_team.foo.id
  notes = "Optional additional info on why this check is run or how to fix it"
}

If you take a look at your Rubric report in OpsLevel you should see that your newly created service entry is failing to pass this check. Let’s fix that with Terraform.

Before we can attach a repository to a service we need to make sure a Git Integration is setup on our account. Then we can reference that repository using an alias that resembles the repository clone URI.

resource "opslevel_service_repository" "bar" {
  service = opslevel_service.foo.id
  repository_alias = "github.com:example/bar"
}

If you refresh the Rubric report in OpsLevel you should see that your newly created service is now passing this check.

Congratulations! Your service catalog and maturity rubric is fully managed without leaving the comfort of Terraform.

Importing existing account data

For existing OpsLevel customers we have an easy approach to convert your entire OpsLevel account into Terraform configuration so you can fully control your account with Terraform.

First you will need to install our CLI.

With that installed you can now run a command which will output all of your OpsLevel account’s data to Terraform configuration as well have giving you all of the terraform import statements that need to be run.

OPSLEVEL_APITOKEN=XXX opslevel export terraform

This will create a directory named terraform and inside will be a series of *.tf files with all of the configuration needed to manage your OpsLevel account with Terraform. There is also an import.sh script which contains all of the terraform import statements that need to be run to populate your Terraform state. NOTE: You will need to run terraform init before you run import.sh to initialize the Terraform state file if not using an existing Terraform workspace.