A Terraform provider for managing Snyk Universal Broker resources.
This provider experimental and should only be used in coordination with Snyk solutions architecture.
- App Installation: Install the Snyk Broker App to organizations
- Deployments: Create and manage Broker deployments
- Credentials: Define credential references for secure secret management
- Connections: Configure connections to SCMs, container registries, and other integrations
- Integrations: Link organization integrations to Broker connections
- Bulk Migration: Migrate multiple organizations to Universal Broker
- Terraform >= 1.0
- Go >= 1.21 (for building from source)
- Snyk API Token or OAuth Service Account credentials (when SA has Tenant Admin)
terraform {
required_providers {
snyk-broker = {
source = "snyk-labs/snyk-broker"
version = "~> 0.1"
}
}
}# Clone the repository
git clone https://github.com/snyk-labs/snyk-broker-provider.git
cd snyk-broker-provider
# Build and install locally
go build -o terraform-provider-snyk-brokerprovider "snyk" {
# Option 1: API Token authentication
api_token = var.snyk_token
# Option 2: OAuth authentication (not yet supported until SA has Tenant Admin)
# client_id = var.snyk_client_id
# client_secret = var.snyk_client_secret
# Region: us (default), eu, or au
region = "us"
}The provider supports the following environment variables:
| Variable | Description |
|---|---|
SNYK_TOKEN |
Snyk API token |
SNYK_CLIENT_ID |
OAuth client ID |
SNYK_CLIENT_SECRET |
OAuth client secret |
SNYK_REGION |
Snyk region (us, eu, au) |
| Resource | Description |
|---|---|
snyk_broker_app_install |
Installs the Broker App to an organization |
snyk_broker_deployment |
Creates a Broker deployment |
snyk_broker_credential |
Defines credential references |
snyk_broker_connection |
Configures Broker connections |
snyk_broker_connection_integration |
Links integrations to connections |
snyk_broker_bulk_migration |
Migrates organizations to Universal Broker |
| Data Source | Description |
|---|---|
snyk_broker_deployments |
Lists deployments for a tenant |
snyk_broker_connections |
Lists connections for a deployment |
snyk_broker_connections_for_org |
Lists connections for an organization |
snyk_broker_connection_integrations |
Lists integrations for a connection |
snyk_broker_migration_orgs |
Lists organizations available for migration |
# Install the Broker App
resource "snyk_broker_app_install" "main" {
org_id = var.snyk_org_id
app_id = var.snyk_broker_app_id
}
# Create a deployment
resource "snyk_broker_deployment" "main" {
tenant_id = var.snyk_tenant_id
install_id = snyk_broker_app_install.main.install_id
org_id = var.snyk_org_id
name = "Production Broker"
metadata = {
cluster = "us-east-1"
}
}
# Create a credential reference
resource "snyk_broker_credential" "github" {
tenant_id = var.snyk_tenant_id
install_id = snyk_broker_app_install.main.install_id
deployment_id = snyk_broker_deployment.main.id
environment_variable_name = "GITHUB_TOKEN"
type = "github"
comment = "GitHub PAT for Broker"
}
# Create a connection
resource "snyk_broker_connection" "github" {
tenant_id = var.snyk_tenant_id
install_id = snyk_broker_app_install.main.install_id
deployment_id = snyk_broker_deployment.main.id
name = "GitHub Enterprise"
type = "github"
configuration = {
github_token = snyk_broker_credential.github.id
broker_client_url = "https://broker.example.com:8000"
}
}
# Connect organization integration
resource "snyk_broker_connection_integration" "github" {
tenant_id = var.snyk_tenant_id
connection_id = snyk_broker_connection.github.id
org_id = var.snyk_org_id
integration_id = var.github_integration_id
type = "github"
}After creating resources with Terraform, run the Broker client:
docker run --restart=always \
-p 8000:8000 \
-e ACCEPT_CODE=true \
-e DEPLOYMENT_ID=<deployment_id> \
-e CLIENT_ID=<client_id> \
-e CLIENT_SECRET=<client_secret> \
-e GITHUB_TOKEN=<your-github-token> \
-e UNIVERSAL_BROKER_ENABLED=true \
-e PORT=8000 \
-e BROKER_HA_MODE_ENABLED=true \
snyk/broker:universalmake build# Run unit tests
make test
# Run with coverage
make test-coveragemake installApache-2.0