Setting up Terraform for Continuous Delivery

Terraform on IBM Cloud® enables predictable and consistent creation of IBM Cloud services so that you can rapidly build complex, multitier cloud environments by following Infrastructure as Code (IaC) principles. Similar to using the IBM Cloud CLI or API and SDKs, you can automate the creation, update, and deletion of your IBM Cloud® Continuous Delivery instances by using the HashiCorp Configuration Language (HCL).

Looking for a managed Terraform on IBM Cloud® solution? Try out IBM Cloud® Schematics. With Schematics, you can use the Terraform scripting language that you are familiar with without worrying about setting up and maintaining the Terraform command line and the IBM Cloud® Provider plug-in. Schematics also provides pre-defined Terraform templates that you can easily install from the IBM Cloud® catalog.

Installing Terraform and configuring resources for Continuous Delivery

Before you begin, make sure that you have the required access to create and work with continuous-delivery resources, and the required access to create and work with toolchain resources.

Follow the Terraform on IBM Cloud getting started tutorial to install the Terraform CLI and configure the IBM Cloud Provider plug-in for Terraform. The plug-in abstracts the IBM Cloud APIs that are used to create, update, or delete continuous-delivery service instances and toolchain resources.
Create a Terraform configuration file that is named main.tf. In this file, add the configuration to create a Continuous Delivery service instance and to assign a user an access policy in Identity and Access Management (IAM) for that instance by using HCL. You also add the configuration to create a basic toolchain resource in the same resource group and region as the Continuous Delivery service instance, and to assign a user an access policy in IAM for that resource. The toolchain and the Continuous Delivery service instance that governs usage of the toolchain are in the same resource group and region. For more information about working with the Terraform configuration file, see the Terraform documentation.

The Continuous Delivery service instance in the following example is named my_cd. It is created with the professional pricing plan in the default resource group and in the us-south region. The user user1@ibm.com is assigned the Manager role in the IAM access policy for the service instance.

The toolchain resource is named my_toolchain. It is created in the default resource group and in the region that is specified in the provider "ibm" block in your provider.tf file. For this example, the region in provider.tf is set to us-south. The user user2@ibm.com is assigned the Editor role in the IAM access policy for the toolchain resource.
```
data "ibm_resource_group" "default_rg" {
  name = "default"
}

resource "ibm_resource_instance" "cd_instance" {
  name              = "my_cd"
  service           = "continuous-delivery"
  plan              = "professional"
  location          = "us-south"
  resource_group_id = data.ibm_resource_group.default_rg.id
}

resource "ibm_iam_user_policy" "cd_policy" {
  ibm_id = "user1@ibm.com"
  roles  = ["Manager"]
  resources {
    service              = "continuous-delivery"
    resource_instance_id = element(split(":", ibm_resource_instance.cd_instance.id), 7)
  }
}

resource "ibm_cd_toolchain" "toolchain_instance" {
  name              = "my_toolchain"
  resource_group_id = data.ibm_resource_group.default_rg.id
}

resource "ibm_iam_user_policy" "toolchain_policy" {
  ibm_id = "user2@ibm.com"
  roles  = ["Editor"]
  resources {
    service              = "toolchain"
    resource_instance_id = ibm_cd_toolchain.toolchain_instance.id
  }
}
```
Initialize the Terraform CLI.
```
terraform init
```
Create a Terraform execution plan. The Terraform execution plan summarizes all of the actions that you must run to create the Continuous Delivery service instance, toolchain resource, and associated IAM access policies in your account.
```
terraform plan
```
Create the Continuous Delivery service instance, toolchain resource, and associated IAM access policies in your account in IBM Cloud.
```
terraform apply
```
From the IBM Cloud resource list, expand the Developer tools section, then select the Continuous Delivery service instance that you created and note the instance ID.
Verify that the access policy is successfully assigned. For more information about assigning access policies, see Reviewing assigned access in the console.
From the IBM Cloud resource list, expand the Developer tools section, then select the toolchain resource that you created and note the instance ID.
Verify that the access policy is successfully assigned.

What's next?

Now that you successfully created your first Continuous Delivery service instance and toolchain resource with Terraform on IBM Cloud, you can choose between the following tasks:

For more information about IBM Cloud Provider resources and data sources, see the Terraform Registry documentation.