Skip to content

groundcover-com/terraform-provider-groundcover

BranchesTags

Repository files navigation

groundcover Terraform Provider

Terraform provider for managing groundcover resources.

Usage Examples

Basic usage examples can be found in the examples/ directory:

Importing Resources

All resources support terraform import. To import an existing resource into your Terraform state:

terraform import groundcover_<resource_type>.<name> <id>

For most resources, the import ID is the resource's UUID. Some exceptions:

  • Ingestion Key: Import by name: terraform import groundcover_ingestionkey.example <name>
  • Data Integration: Import using composite key: terraform import groundcover_dataintegration.example <type>:<id>
  • Logs Pipeline: Singleton resource — use any value: terraform import groundcover_logspipeline.example any
  • Traces Pipeline: Singleton resource — use any value: terraform import groundcover_tracespipeline.example any
  • Metrics Pipeline: Singleton resource — use any value: terraform import groundcover_metricspipeline.example any See each resource's documentation in docs/resources/ for the exact import syntax.

Local Development and Testing

To use this provider locally before it is published to the Terraform Registry, follow these steps:

  1. Build the Provider: Compile the provider binary using the Makefile:

    make build

    This command typically places the compiled terraform-provider-groundcover executable into the ./dist directory within your project.

  2. Configure Terraform CLI for Local Override: Terraform needs to know where to find your locally built provider instead of trying to download it from a registry. Create or edit the Terraform CLI configuration file (~/.terraformrc on macOS/Linux, %APPDATA%\terraform.rc on Windows) and add the following provider_installation block:

    # ~/.terraformrc or %APPDATA%\terraform.rc

provider_installation {
  # Replace "groundcover-com/groundcover" if you used a different source 
  # address in main.go. Replace the path with the actual absolute path
  # to the directory containing the built provider binary (step 1).
  dev_overrides {
    "registry.terraform.io/groundcover-com/groundcover" = "/Users/<YOUR_HOME_FOLDER>/projects/terraform-provider-groundcover/dist"
    # Example for Windows:
    # "registry.terraform.io/groundcover-com/groundcover" = "C:/Users/<YourUser>/path/to/terraform-provider-groundcover/dist"
  }

  # For all other providers, install them directly from their origin registries.
  direct {}
}
    • Important: Replace registry.terraform.io/groundcover-com/groundcover if your provider address in main.go is different.
    • Important: Replace /Users/<YOUR_HOME_FOLDER>/projects/terraform-provider-groundcover/dist with the absolute path to the directory containing the terraform-provider-groundcover binary built by make build.

  3. Use in a Terraform Project: In a separate directory for your Terraform configuration:

    • Create a .tf file (e.g., main.tf).
    • Declare the provider requirement, ensuring the source matches the one used in dev_overrides: 
      # main.tf

terraform {
  required_providers {
    # This 'source' value MUST exactly match:
    # 1. The key used in your ~/.terraformrc dev_overrides block
    # 2. The 'Address' set in your provider's main.go
    groundcover = {
      source = "registry.terraform.io/groundcover-com/groundcover"
      # Version constraint is still good practice, but less critical
      # for local dev as dev_overrides takes precedence.
      # Use ">= 0.1.0" or similar if you haven't tagged releases yet.
      version = ">= 0.0.0"
    }
  }
}

# Configure the provider instance
provider "groundcover" {
  # It's STRONGLY recommended to provide the API key via an environment variable
  # export TF_VAR_groundcover_api_key="YOUR_API_KEY_HERE"
  api_key = var.groundcover_api_key # Use this if defining a variable below

  # Base URL is optional, defaults to api.groundcover.com in the provider code
  api_url = "https://api.groundcover.com" # optional, defaults to https://api.groundcover.com - required only for on-prem backends
  backend_id = "groundcover"              # Your Backend ID can be found in the groundcover UI under Settings->Access->API Keys
  # org_name = "groundcover"              # deprecated: use backend_id instead
}

# (Optional but recommended) Define input variables
variable "groundcover_api_key" {
  type        = string
  description = "groundcover API Key"
  sensitive   = true
}

# Define a policy resource using your provider
resource "groundcover_policy" "test_policy" {
  name        = "My Terraform Test Policy"
  description = "Policy managed via local Terraform provider build"
  claim_role  = "tf-test-claim"
  role = {
    admin  = "admin" # key is "read"/"write"/"admin" - value is ignored
  }

  # Example data_scope (adjust based on actual API needs)
  data_scope = {
    simple = {
      operator = "and"
      conditions = [
        {
          key    = "cluster"
          origin = "root"
          type   = "string"
          filters = [
            {
              op    = "match"
              value = "my-prod-cluster"
            }
          ]
        },
        {
          key    = "namespace"
          origin = "root"
          type   = "string"
          filters = [
            {
              op    = "not_match"
              value = "kube-system"
            }
          ]
        }
      ]
    }
  }
}

output "policy_id" {
  value = groundcover_policy.test_policy.uuid
}

output "policy_revision" {
  value = groundcover_policy.test_policy.revision_number
}
    • Run terraform init. Terraform will detect the dev_overrides and use your local build.

Requirements

  • Terraform >= 1.0 (Check required_version if specified in main.tf)
  • Go >= 1.25.7 (to build the provider plugin)
  • groundcover Account and API Key.

Provider Reference

Configure the groundcover provider in your Terraform configuration:

provider "groundcover" {
  # api_key    = "YOUR_API_KEY" # Required
  # backend_id = "YOUR_BACKEND_ID" # Required - can be found in the groundcover UI under Settings->Access->API Keys
  # api_url    = "https://api.your-instance.groundcover.com" # Optional
}

Arguments

  • api_key (String, Required, Sensitive): Your groundcover API key. It is strongly recommended to configure this using the GROUNDCOVER_API_KEY environment variable rather than hardcoding it.
  • backend_id (String, Required): Your groundcover Backend ID. Can be found in the groundcover UI under Settings->Access->API Keys. Can also be set via the GROUNDCOVER_BACKEND_ID environment variable.
  • api_url (String, Optional): The base URL for the groundcover API. Defaults to https://api.groundcover.com if not specified. Can also be set via the GROUNDCOVER_API_URL environment variable.

Testing

The provider includes comprehensive acceptance tests for all resources. To run the tests, you'll need access to a groundcover environment.

Prerequisites

To run groundcover tests, you'll need at minimum:

  • A valid groundcover Backend ID
  • The groundcover API URL
  • A valid groundcover API Key

Set the required environment variables:

# Required for all tests
export GROUNDCOVER_API_KEY="your-api-key-here"             # Your groundcover API key
export GROUNDCOVER_API_URL="https://api.groundcover.com/"  # groundcover API URL
export GROUNDCOVER_BACKEND_ID="your-backend-id"            # Your groundcover Backend ID

# Required only for Ingestion Key resource tests (requires in-cloud backend)
export GROUNDCOVER_INCLOUD_BACKEND_ID="your-in-cloud-backend-id"  # In-cloud backend ID for ingestion key tests

Note: The GROUNDCOVER_ORG_NAME environment variable is deprecated. Use GROUNDCOVER_BACKEND_ID instead.

Running Tests

# Run all acceptance tests
TF_ACC=1 go test ./internal/provider -v

# Run acceptance tests with coverage reporting
TF_ACC=1 go test ./internal/provider -v -cover

# Run specific resource tests
TF_ACC=1 go test ./internal/provider -v -run TestAccPolicyResource
TF_ACC=1 go test ./internal/provider -v -run TestAccServiceAccountResource
TF_ACC=1 go test ./internal/provider -v -run TestAccMonitorResource
TF_ACC=1 go test ./internal/provider -v -run TestAccApiKeyResource
TF_ACC=1 go test ./internal/provider -v -run TestAccLogsPipelineResource
TF_ACC=1 go test ./internal/provider -v -run TestAccMetricsAggregationResource
TF_ACC=1 go test ./internal/provider -v -run TestAccMetricsPipelineResource
TF_ACC=1 go test ./internal/provider -v -run TestAccIngestionKeyResource
TF_ACC=1 go test ./internal/provider -v -run TestAccDashboardResource
TF_ACC=1 go test ./internal/provider -v -run TestAccDataIntegrationResource
TF_ACC=1 go test ./internal/provider -v -run TestAccSyntheticTestResource
TF_ACC=1 go test ./internal/provider -v -run TestAccTracesPipelineResource
TF_ACC=1 go test ./internal/provider -v -run TestAccSilenceResource

# Run unit tests only (no API calls required)
go test ./internal/provider -v

Test Coverage

The provider includes comprehensive acceptance tests covering:

  • Create, Read, Update, Delete (CRUD) operations for all resources
  • Import functionality to ensure resources can be imported into Terraform state
  • Disappears testing to verify proper handling when resources are deleted outside Terraform
  • Complex configurations including resource relationships and advanced features
  • Error handling validation for various API error conditions

Test Architecture

The test suite includes:

  • Acceptance tests that interact with real groundcover API endpoints
  • Unit tests for utility functions (YAML parsing, error handling)
  • Retry logic to handle eventual consistency in cloud APIs
  • Environment-specific configurations for different backend types (in-cluster and in-cloud)

Resource Reference

See the REFERENCE.md file for detailed documentation of each resource. For detailed examples of how to use each resource, see the examples directory.

About

Official Terraform Provider for groundcover

groundcover.com

Resources

Readme

License

MPL-2.0 license

Contributing

Contributing
Activity
Custom properties

Stars

20 stars

Watchers

6 watching

Forks

0 forks
Report repository

Releases 44

v1.13.1 Latest
May 6, 2026
+ 43 releases

Contributors

Languages