Terraform files are store in git repo on Azure side and passed over to agent within the pipeline execution.
Terraform files are run as instance-principal on OCI and hence terraform execution is authorized using OCI policies. Config in Terraform.
No OCI credentials are stored on Azure side. Only the PAT is need for the OCI runner (Azure DevOps agent) to connect to Azure Dev and start listening for pipeline jobs.
Terraform state is stored on OCI Object Storage private Bucket using a preauth. Config in Terraform.
Documentation
The following resources are created within the example terraform files:
- VCN
- Compute VM with ssh access
- Database (ATP)
Running thru pipeline:
Change Terraform authorization to resource-principal Config in Terraform:
provider "oci" {
auth = "ResourcePrincipal"
region = "eu-amsterdam-1"
}
Build_spec.yaml for OCI DevOps.