The Environment YAML
Environment as Code (EaC) allows you to define and manage Torque environments using YAML files. If you know how to write Torque blueprints, you can write EaC YAML files. The structure of an EaC YAML file is similar to a blueprint, with the addition of an 'environment' section that defines the properties of the specific environment instance.
Environment Discovery
Environment YAML files must be placed under the 'environments' directory in the repository. Torque periodically scans this directory for environment YAML files and stores them internally.
Environments are written in YAML files that reside in an /environments folder within a source control repository onboarded to Torque (the folder name is case-sensitive and must be "environments"). Environments kept in the /environments folder must be of type ".yaml" and not ".yml" to be used in Torque.
The directory structure should be as follows:
environments/
production.yaml
staging.yaml
devbox.yaml
When a new environment YAML file is detected or an existing one is modified, Torque performs validations on the file. If the file is valid, a snapshot is saved, which will be used to create or reconcile the environment. If the file is invalid, it will not affect the existing snapshot or the environment.
If a user modifies the environment YAML file, the changes will be applied to the corresponding environment.
Possible applicable changes:
- Add/remove grains
- Change commit/tag
- Environment inputs
- Grain inputs
All sources must contain a commit hash or tag.
Usage Example
Here's an example of a Torque environment YAML file:
spec_version: 2
environment:
environment_name: eac-env-name
owner_email: me@quali.com
state: active
labels:
label-key: label-value
label-key2: # for "value only" labels
inputs:
agent:
type: agent
default: production-k8s
tf_input:
type: string
default: default_input
outputs:
tf_output:
value: '{{ .grains.tf1.outputs.output2 }}'
quick: true
grains:
tf1:
kind: terraform
tf-version: 1.5.5
spec:
source:
store: iac-repo
path: terraform/complex-references1
tag: v1.0.1
agent:
name: '{{ .inputs.agent }}'
inputs:
- test_input1: '{{ .inputs.tf_input }}'
- test_input2: "input2"
outputs:
- output2
tf2:
kind: terraform
tf-version: 1.5.5
spec:
source:
store: iac-repo
path: terraform/complex-references2
tag: v1.0.2
agent:
name: '{{ .inputs.agent }}'
inputs:
- test_input1: '{{.inputs.tf_input}}'
- test_input2: "input2"
outputs:
- output2
scripts:
pre-tf-init:
source:
store: scripts-repo
path : scripts/user_script.sh
arguments: "value"
pre-tf-destroy:
source:
store: scripts-repo
path : scripts/user_script.sh
arguments: "value"
bp1:
kind: blueprint
spec:
source:
store: iac-repo
path: blueprints/building-block.yaml
tag: official-1.0.1
inputs:
- agent: '{{ .inputs.agent }}'
In this example, the environment
section defines the environment name, description, owner email, and state. The inputs
and outputs
sections define the environment-level inputs and outputs, respectively.
The grains
section contains the list of grains that make up the environment, similar to a blueprint. Each grain specifies its kind (e.g., terraform
, blueprint
, etc.), version, and other configuration details specific to that grain type.
By following this structure, users can define and manage their environments as code, allowing for version control, collaboration, and automated deployments using Torque's Environment as Code (EaC) functionality.
Environment section
The environment section contains all of the specific data related to the environment instance. This is the main configuration block that defines how the environment should be created and managed.
environment:
environment_name: eac-env
description: eac example
owner_email: me@quali.com
state: active # desired state: active/inactive
collaborators:
collaborators_emails:
- collaborator1@quali.com
- collaborator2@quali.com
collaborators_groups:
- Group1
- Group2
spaces:
- spaceA
- spaceB
tags:
key1: value1
key2: value2
Environment Spec Reference
environment_name
The unique name identifier for the environment. This field is required and must be unique within the space.
environment:
environment_name: my-production-env
description
An optional description providing additional context about the environment's purpose or contents.
environment:
description: "Production environment for web application"
owner_email
The email address of the environment owner. This field is required and must be a valid email address of a user in the Torque system.
environment:
owner_email: admin@company.com
Updating the owner email does not update the owner of active environments. Owner changes only apply to new environment deployments.
state
The desired state of the environment. Possible values are:
active
: The environment should be running and availableinactive
: The environment should be stopped/terminated
environment:
state: active
collaborators
Defines users and groups that have collaborative access to the environment. Collaborators can view and potentially modify the environment based on their permissions.
environment:
collaborators:
collaborators_emails:
- user1@company.com
- user2@company.com
collaborators_groups:
- Developers
- QA-Team
Sub-fields:
collaborators_emails
: List of email addresses for individual userscollaborators_groups
: List of group names that should have collaborative access
spaces
Specifies which Torque spaces this environment belongs to. Environments can be associated with multiple spaces for organization and access control purposes.
environment:
spaces:
- development
- testing
- staging
tags
Key-value pairs for categorizing and organizing environments. Tags can be used for filtering, reporting, and applying policies.
environment:
tags:
project: web-app
team: backend
cost-center: engineering
environment-type: production
labels
Similar to tags but used specifically for workflow attachment and selection. Labels help determine which workflows are available for this environment.
environment:
labels:
application: web-service
tier: production
region: us-east-1
duration
Specifies the maximum lifetime of the environment. The environment will be automatically terminated after this duration expires.
environment:
duration: PT4H # ISO 8601 duration format (4 hours)
Supported formats:
- ISO 8601 duration format (e.g.,
PT1H30M
for 1 hour 30 minutes) - Hours format (e.g.,
4h
for 4 hours) - Minutes format (e.g.,
120m
for 120 minutes)
auto_approve
Controls whether the environment deployment should proceed automatically without requiring manual approval, even if approval policies are configured.
environment:
auto_approve: true # Default: false
blueprint_commit
Specifies a specific commit hash or tag for the blueprint source, allowing for precise version control of the environment definition.
environment:
blueprint_commit: "abc123def456" # Commit hash
# OR
blueprint_commit: "v2.1.0" # Tag
EaC Management APIs
Torque provides REST APIs for managing Environment as Code (EaC) files and their associated environments. These APIs allow you to control the lifecycle and behavior of EaC-managed environments.
Enable/Disable EaC Record
Control whether the reconcile loop processes a specific EaC file. When disabled, the reconcile loop will skip the EaC file and will not launch or modify environments based on its contents.
Endpoint:
PUT /api/spaces/{space_name}/eac/enable
Request Body:
{
"eac_path": "environments/production.yaml",
"enable": true
}
Parameters:
eac_path
(string, required): The full path identifier of the EaC file in the Git repositoryenable
(boolean, required): Set totrue
to enable processing,false
to disable
Behavior:
- Enabled (default): New EaC files are enabled by default. The reconcile loop will process the file and apply any changes
- Disabled: The reconcile loop will skip this EaC file and will not attempt to launch or modify environments based on its contents
Example:
curl -X PUT "https://portal.qtorque.io/api/spaces/my-space/eac/enable" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <token>" \
-d '{
"eac_path": "environments/staging.yaml",
"enable": false
}'
Detach EaC Environment
Detach an EaC-managed environment so that it will no longer be subject to changes that occur in the EaC file. The environment becomes a regular environment that is managed independently.
Endpoint:
PUT /api/spaces/{space_name}/environments/{eac_env_id}/eac/detach
Parameters:
space_name
(string, required): The name of the space containing the environmenteac_env_id
(string, required): The ID of the EaC-managed environment to detach
What happens when detaching:
- The associated EaC file is automatically disabled
- The environment ID is removed from the EaC record in the database
- The EaC path reference is removed from the environment state
- The environment continues to run but is no longer managed by the EaC file
Example:
curl -X PUT "https://portal.qtorque.io/api/spaces/my-space/environments/env-123/eac/detach" \
-H "Authorization: Bearer <token>"
Terminate EaC Environment
Terminate an EaC-managed environment, which automatically detaches it first and then terminates the environment.
Endpoint:
DELETE /api/spaces/{space_name}/environments/{eac_env_id}/eac
Parameters:
space_name
(string, required): The name of the space containing the environmenteac_env_id
(string, required): The ID of the EaC-managed environment to terminate
Query Parameters:
interrupt
(boolean, optional): Set totrue
to force termination,false
for graceful termination (same as normal environment termination)
What happens when terminating:
- The environment is first detached (same process as the detach API)
- The environment is then terminated following the normal termination process
Example:
# Graceful termination
curl -X DELETE "https://portal.qtorque.io/api/spaces/my-space/environments/env-123/eac" \
-H "Authorization: Bearer <token>"
# Force termination
curl -X DELETE "https://portal.qtorque.io/api/spaces/my-space/environments/env-123/eac?interrupt=true" \
-H "Authorization: Bearer <token>"
Use Cases
Development Workflow:
- Disable EaC during maintenance: Temporarily disable an EaC file while making significant changes to prevent unwanted deployments
- Detach for customization: Detach an environment when you need to make manual changes that shouldn't be overwritten by the EaC file
- Clean termination: Use the terminate API to properly clean up EaC environments and their associations
Production Management:
- Disable EaC files for environments that require manual oversight
- Detach environments before performing manual maintenance or testing
- Use terminate for clean decommissioning of EaC-managed environments
Once an environment is detached from its EaC file, it cannot be re-attached. The environment becomes a standard Torque environment and must be managed manually or through regular APIs.