/tapir

A Private Terraform Registry

Primary LanguageJavaApache License 2.0Apache-2.0

Tapir

All Contributors

A Private Terraform Registry

Test Release Docs-deployment

Tapir overview

Tapir is the registry you always wanted if you are using Terraform at enterprise scale. Core values of Tapir is to provide

  • visibility
  • transparency
  • increases adoption rate
  • security
  • quality for your Terraform modules.

Feedback

You can send feedback and feature requests via GitHub issues. Either vote existing issues or feel free to raise an issue.

Why?

Modules

Terraform modules are reusable parts of infrastructure code. The most crucial part of re-usability is transparency and visibility. Since Terraform supports Git-based modules there are several disadvantages that come along with this capability.

  • Access to Git repos are often designed on team level, no access for others per default
  • Search capabilities are very limited, in terms you are searching for specific Terraform modules
  • You may not get insights in the codes quality and security measures
  • Module versioning is not enforced
  • Documentation formats vary or docs are missing at all. This is where Tapir jumps in.

Providers

If you make use of custom providers, or just want to have them mirrored you need an Artifactory to store the binaries. Additionally, users of the module need to break out the Toolchain and manually setup providers and copy them into the global provider directory. Supporting Terraform providers, Tapir does not help you to get your providers visible, but also keeps the users within the toolchain of Terraform only. That means:

  • Build providers with the same process and pipeline and make use of official HashiCorp provider project template.
  • Increase security and enforce providers to be GPG signed. Running terraform init will check if SHASUMS are valid before downloading the actual provider binary.
  • Help your users to focus on the infrastructure code rather that the setup. Tapir provides ready-to-copy code with a proper provider config example.

About Tapir

Tapir is an implementation of the official Terraform registry protocol. You can easily run an instance on your own with the full flexibility and power a central registry has.

  • It will provide you a simple, but powerful UI to search for modules and providers that are available across your organization.
  • It implements the official Terraform registry protocols
    • modules and providers supported
  • It scans the module source code on push, you will have insights about the code quality and security measures
    • Tapir integrates Trivy for that purpose
  • It generates documentation and stats for the module
    • See module dependencies, inputs, outputs and resources that will be generated
    • Tapir integrates terraform-docs for that purpose
  • It provides several storage adapters
    • currently S3, AzureBlob and Local
  • It provides several database adapters for the data
    • currently Dynamodb (default), Elasticsearch, CosmosDb
  • It provides a REST-API for custom integrations and further automation Tapir is build on Quarkus and ReactJS. You can run Tapir wherever you can run Docker images.
  • If you run Tapir with local storage, it can even be operated in an air-gaped environment, with no internet access

Apart from the above, this is what Wikipedia knows about Tapirs.

Overview

Deployment

NOTE starting with version 0.6.0 authentication is required. Hence, you need an OIDC IDP to run Tapir. Read more about the authentication below.

You can run Tapir wherever you can run Docker images. Images are available on DockerHub pacovk/tapir and AWS Elastic Container Registry public.ecr.aws/pacovk/tapir. There are samples with Terraform in examples/.

Configure

Tapir is configured via environment variables. You can learn how to set up Tapir here.

How-to

To see how to use Tapir, please read the usage docs.

Troubleshoot

See troubleshooting docs

Roadmap

  • Add more storage adapter
    • GCP
  • Add more Database adapter
    • Postgresql
  • Provide a Github/ Gitlab integration to crawl for additional code metrics and ownership informations

Contribution

If you want to contribute to this project, please read the contribution guidelines. A detailed How-to guide on local development can be found in the docs.

Actively searching for contributors.
Feedback is always appreciated 🌈
Feel free to open an Issue (Bug- /Feature-Request) or provide a Pull request. 🔧

Contributors ✨

Thanks go to these wonderful people (emoji key):

PacoVK
PacoVK

👀 📆 🚧 💡 💻 📖
Andrea Defraia
Andrea Defraia

💡
Wmxs
Wmxs

🐛 🤔