We have 350+ people and 400+ repositories on Github. Each turnip can have several admins, and they do what they see fit - naturally, it happens that one person does not know what the other is doing. When we were tired of looking at the torment of others in the infrastructure and adding / removing people manually, we decided that we would switch to centralized management, Infrastructure as Code.
And we chose Terraform as the platform.
"I have cubes with the letters O, P, A ..."
Everything looked smooth on paper. Terraform is popular, it shouldn't be hard to find people who know it. It has a state, and TF brings resources to match - we can always be sure that the real configuration is exactly as described. And there is no need to climb the Web UI anymore - I looked at the config and saw everything.
. TF , . 20 , β Github- API.
, :
- .
- .
- .
- .
- .
- .
. , Terraform : 1 4. , 2 5. : TF , , . β , . , - - PR, c . β¦
. . :
resource "github_membership" "membership_for_" {
username = ""
role = "member"
}
resource "github_team" "team_" {
name = ""
description = ""
privacy = "closed"
parent_team_id = "123456"
}
resource "github_team_membership" "team___membership" {
team_id = "${data.terraform_remote_state.teams.team__id}"
username = ""
role = "member"
}
resource "github_repository" "" {
name = ""
description = ""
homepage_url = ""
has_projects = false
has_wiki = true
has_issues = true
has_downloads = true
private = true
archived = false
topics = ["yii", "school", "mobile"]
}
resource "github_team_repository" "team__repo_" {
team_id = "${data.terraform_remote_state.teams.team__id}"
repository = "${data.terraform_remote_state.repos.repo__name}"
permission = "push"
}
resource "github_repository_collaborator" "__collaborator" {
repository = ""
username = ""
permission = "admin"
}, , - , - . β . β . ...
, id. β β , id . . . - . β ? .
Β« Β» . β Β« Β». . ? ? ? . , . , β .
TF, , - . - , . Terraform ! , : TF, - TF. ...
-, -!
β API. β . , Terraform , 800 , 801 - , , .
- .
- , . resource, value 123456, , .
- - β , -- .
- / / β .
YAML
skyeng:
name: Skyeng
admin:
- aleksandr.sergeich
member:
- andrey.vadimych
- denis.andreich
- mikhail.leonidych
- vladimir.nickolaichqa-team:
privacy: secret
maintainer:
- denis.andreich
member:
- andrey.vadimych
- mikhail.leonidych
- vladimir.nickolaichalerta:
description: >-
Alerta monitoring system
homepage: https://alerta.io
teams:
admin:
- admin-team
push:
- dev-team
- qa-team
collaborators:
direct:
- denis.andreich
outside:
- william.shakespeare, β
: , β . CI/CD. - : , . . , .
:
ansible-playbook gitwand.yml
-e github_repos__state=present
-e github_repos__include=my_repo- β :
ansible-playbook gitwand.yml
-e github_teams__state=present
-e github_teams__include=my_team, github_teams__include.
. LDAP, , , . , , , - . Github-.