turbot/tfe

steampipe plugin install tfesteampipe plugin install tfe

Terraform Enterprise + Steampipe

Terraform Enterprise is a cloud hosting company that provides virtual private servers and other infrastructure services.

Steampipe is an open source CLI to instantly query cloud APIs using SQL.

List workspaces in your Terraform Enterprise organization:

select
name,
execution_mode,
resource_count
from
tfe_workspace
+-----------------+----------------+----------------+
| name | execution_mode | resource_count |
+-----------------+----------------+----------------+
| getting-started | remote | 5 |
+-----------------+----------------+----------------+

Documentation

Get started

Install

Download and install the latest Terraform Enterprise plugin:

steampipe plugin install tfe

Credentials

ItemDescription
CredentialsTerraform Cloud/Enterprise requires a token for all requests.
RadiusEach connection represents a single Terraform Cloud/Enterprise account.
Resolution1. Credentials explicitly set in a Steampipe config file (~/.steampipe/config/tfe.spc).
2. Credentials specified in environment variables e.g. TFE_TOKEN.

Configuration

Installing the latest tfe plugin will create a config file (~/.steampipe/config/tfe.spc) with a single connection named tfe:

connection "tfe" {
plugin = "tfe"
# Get your API token per https://www.terraform.io/docs/cloud/users-teams-organizations/api-tokens.html
# If `token` is not specified, Steampipe will use the token in the `TFE_TOKEN` environment variable, if set
#token = "hE1hlYILrSqpqh.atlasv1.ARuZuyzl33F71WR55s6ln5GQ1HWIwTDDH3MiRjz7OnpCfaCb1RCF5zGaSncCWmJdCYA"
# Name of the organization to connect to
#organization = "example-org"
# Terraform Cloud or Terraform Enterprise hostname
# If `hostname` is not specified, the hostname will be determined in the following order:
# - The `TFE_HOSTNAME` environment variable, if set; otherwise
# - Default to app.terraform.io
#hostname = "app.terraform.io"
}

Get involved

Multi-Organization Connections

You may create multiple tfe connections:

connection "tfe_01" {
plugin = "tfe"
token = "5a76843869c183a4ea901c79102bfa1f667f39a2ea0ba857c9a35a9885d91fbd"
organization = "example-org-872e34"
}
connection "tfe_02" {
plugin = "tfe"
token = "6a76843869c183a4ea901c79102bfa1f667f39a2ea0ba857c9a35a9885d91fcd"
organization = "example-org-123f45"
}
connection "tfe_03" {
plugin = "tfe"
token = "7a76843869c183a4ea901c79102bfa1f667f39a2ea0ba857c9a35a9885d91fef"
organization = "example-org-123f90"
}

Each connection is implemented as a distinct Postgres schema. As such, you can use qualified table names to query a specific connection:

select * from tfe_02.tfe_workspace

Alternatively, you can use an unqualified name and it will be resolved according to the Search Path:

select * from tfe_workspace

You can use multi-organization connections by using an aggregator connection. Aggregators allow you to query data from multiple connections for a plugin as if they are a single connection:

connection "tfe_all" {
plugin = "tfe"
type = "aggregator"
connections = ["tfe_01", "tfe_02", "tfe_03"]
}

Querying tables from this connection will return results from the tfe_01, tfe_02, and tfe_03 connections:

select * from tfe_all.tfe_workspace

Steampipe supports the * wildcard in the connection names. For example, to aggregate all the TFE plugin connections whose names begin with tfe_:

connection "tfe_all" {
type = "aggregator"
plugin = "tfe"
connections = ["tfe_*"]
}

Aggregators are powerful, but they are not infinitely scalable. Like any other Steampipe connection, they query APIs and are subject to API limits and throttling.