ishenwei/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update nexus: fix conflicts and sync local changes

Browse Source
This commit is contained in:
Shen Wei
2026-04-26 12:06:50 +08:00
parent 191797c01b
commit f09834b5a5
2443 changed files with 254323 additions and 255154 deletions
Download Patch File Download Diff File Expand all files Collapse all files

298
wiki/entities/Terraform.md
View File

@@ -1,149 +1,149 @@
---
title: "Terraform"
type: entity
tags:
- devops
- iac
- infrastructure
- automation
created: 2026-04-25
---
# Terraform
## Definition
Terraform 是 HashiCorp 开源的**基础设施即代码 (IaC)** 工具通过声明式配置文件管理云资源。Agentic AI 代理审查 Terraform 脚本,在执行前建议改进,确保基础设施配置的可靠性和安全性。
## Aliases
- Terraform
- Terraform IaC
- Infrastructure as Code
## Relationship with [[Infrastructure-as-Code]]
Terraform 是 [[Infrastructure-as-Code]] 实践的主要实现工具之一:
```
Infrastructure as Code Tools:
├── Terraform ←
├── CloudFormation (AWS)
├── Pulumi
├── Ansible
└── Pulumi
```
## Agentic AI IaC Management
Agentic AI 在 Terraform 工作流中扮演审查者角色:
```
┌─────────────────────────────────────────────────┐
│ Agentic AI IaC Management Workflow │
├─────────────────────────────────────────────────┤
│ │
│ 1. Developer writes Terraform │
│ ↓ │
│ 2. Agentic AI reviews (auto) │
│ ├── Security scan (IAM policies) │
│ ├── Cost estimation │
│ ├── Best practices check │
│ └── Compliance validation │
│ ↓ │
│ 3. AI Suggestions │
│ ├── "S3 bucket should enable encryption" │
│ ├── "Remove hardcoded credentials" │
│ └── "Consider using modules for reuse" │
│ ↓ │
│ 4. Apply (after approval) │
│ │
└─────────────────────────────────────────────────┘
```
## AI Review Capabilities
| Check Type | Description |
|------------|-------------|
| **Security** | IAM 过度权限、公开 S3 访问、硬编码密钥 |
| **Cost** | 资源过度配置、未使用资源识别 |
| **Compliance** | 标签规范、资源命名、区域限制 |
| **Best Practices** | 模块化、状态管理、回滚计划 |
## Example
> Agentic AI reviews Terraform plan:
> ```hcl
> resource "aws_s3_bucket" "data" {
> bucket = "my-sensitive-data"
> }
> ```
>
> AI Detection:
> - ⚠️ **Security Risk**: Bucket is public by default
> - ⚠️ **Missing**: Encryption not enabled
> - ⚠️ **Missing**: Versioning not enabled
>
> AI Suggestions:
> ```hcl
> resource "aws_s3_bucket" "data" {
> bucket = "my-sensitive-data"
>
> server_side_encryption_configuration {
> rule {
> apply_server_side_encryption_by_default {
> sse_algorithm = "AES256"
> }
> }
> }
> }
>
> versioning { enabled = true }
> acl = "private" # Block public access
> ```
## State File Management
Terraform 通过**状态文件 (state file)** 将声明式配置中定义的**期望状态**与云环境的**实际资源状态**进行绑定。关键特性:
- **状态锁定**:防止并发执行导致状态不一致
- **远程状态**:企业级场景需将状态文件存储在 S3+ DynamoDB 锁)等远程后端,支持团队协作
- **差异对比**`terraform plan` 预览实际变更内容再执行,是 Terraform 的核心优势
**来源**: [[ctp-topic-48-terraform-vs-terragrunt]]
## Terragrunt Wrapper
Terragrunt 是 Terraform 的轻量封装,继承所有 Terraform 命令HCL 语法完全兼容)。两者关系:
- `terragrunt plan` = `terraform plan`
- Terragrunt 通过 `remote_state``include` 块实现跨环境配置的 DRY 管理
**来源**: [[ctp-topic-48-terraform-vs-terragrunt]]
## Ecosystem Tools
| 工具 | 类型 | 用途 |
|------|------|------|
| [[Terragrunt]] | 封装 | 多环境 DRY 配置 |
| [[Atlantis]] | CI/CD | Git PR 驱动的 plan/apply |
| Terraform Enterprise | 平台 | 企业 CI + workspaces |
| [[Gruntwork]] | 模块库 | 预建可复用 IaC 模块 |
| Terratest | 测试 | IaC 集成测试Golang |
| tfsec | 安全 | Terraform 静态安全分析 |
**来源**: [[ctp-topic-48-terraform-vs-terragrunt]], [[ctp-topic-56-automated-infrastructure-testing]]
## Related Concepts
- [[Infrastructure-as-Code]] — Terraform 是 IaC 的实现工具
- [[Automated Security Audit]] — AI 审查 Terraform 安全
- [[Cloud-Native]] — IaC 支持 Cloud-Native 实践
- [[Multi-Account Deployment]] — Terraform HCP/Cloud 多账户部署与 CloudFormation StackSets 对比
- [[AWS CloudFormation StackSets]] — AWS 原生多账户 IaC 部署工具,与 Terraform 有功能重叠
## Related Entities
- [[AWS CloudFormation StackSets]]AWS 原生多账户部署服务,与 Terraform 在多账户 IaC 场景形成对比
## Related Sources
- [[how-agentic-ai-can-help-for-cloud-devops]]
---
title: "Terraform"
type: entity
tags:
- devops
- iac
- infrastructure
- automation
created: 2026-04-25
---
# Terraform
## Definition
Terraform 是 HashiCorp 开源的**基础设施即代码 (IaC)** 工具通过声明式配置文件管理云资源。Agentic AI 代理审查 Terraform 脚本,在执行前建议改进,确保基础设施配置的可靠性和安全性。
## Aliases
- Terraform
- Terraform IaC
- Infrastructure as Code
## Relationship with [[Infrastructure-as-Code]]
Terraform 是 [[Infrastructure-as-Code]] 实践的主要实现工具之一:
```
Infrastructure as Code Tools:
├── Terraform ←
├── CloudFormation (AWS)
├── Pulumi
├── Ansible
└── Pulumi
```
## Agentic AI IaC Management
Agentic AI 在 Terraform 工作流中扮演审查者角色:
```
┌─────────────────────────────────────────────────┐
│ Agentic AI IaC Management Workflow │
├─────────────────────────────────────────────────┤
│ │
│ 1. Developer writes Terraform │
│ ↓ │
│ 2. Agentic AI reviews (auto) │
│ ├── Security scan (IAM policies) │
│ ├── Cost estimation │
│ ├── Best practices check │
│ └── Compliance validation │
│ ↓ │
│ 3. AI Suggestions │
│ ├── "S3 bucket should enable encryption" │
│ ├── "Remove hardcoded credentials" │
│ └── "Consider using modules for reuse" │
│ ↓ │
│ 4. Apply (after approval) │
│ │
└─────────────────────────────────────────────────┘
```
## AI Review Capabilities
| Check Type | Description |
|------------|-------------|
| **Security** | IAM 过度权限、公开 S3 访问、硬编码密钥 |
| **Cost** | 资源过度配置、未使用资源识别 |
| **Compliance** | 标签规范、资源命名、区域限制 |
| **Best Practices** | 模块化、状态管理、回滚计划 |
## Example
> Agentic AI reviews Terraform plan:
> ```hcl
> resource "aws_s3_bucket" "data" {
> bucket = "my-sensitive-data"
> }
> ```
>
> AI Detection:
> - ⚠️ **Security Risk**: Bucket is public by default
> - ⚠️ **Missing**: Encryption not enabled
> - ⚠️ **Missing**: Versioning not enabled
>
> AI Suggestions:
> ```hcl
> resource "aws_s3_bucket" "data" {
> bucket = "my-sensitive-data"
>
> server_side_encryption_configuration {
> rule {
> apply_server_side_encryption_by_default {
> sse_algorithm = "AES256"
> }
> }
> }
> }
>
> versioning { enabled = true }
> acl = "private" # Block public access
> ```
## State File Management
Terraform 通过**状态文件 (state file)** 将声明式配置中定义的**期望状态**与云环境的**实际资源状态**进行绑定。关键特性:
- **状态锁定**:防止并发执行导致状态不一致
- **远程状态**:企业级场景需将状态文件存储在 S3+ DynamoDB 锁)等远程后端,支持团队协作
- **差异对比**`terraform plan` 预览实际变更内容再执行,是 Terraform 的核心优势
**来源**: [[ctp-topic-48-terraform-vs-terragrunt]]
## Terragrunt Wrapper
Terragrunt 是 Terraform 的轻量封装,继承所有 Terraform 命令HCL 语法完全兼容)。两者关系:
- `terragrunt plan` = `terraform plan`
- Terragrunt 通过 `remote_state``include` 块实现跨环境配置的 DRY 管理
**来源**: [[ctp-topic-48-terraform-vs-terragrunt]]
## Ecosystem Tools
| 工具 | 类型 | 用途 |
|------|------|------|
| [[Terragrunt]] | 封装 | 多环境 DRY 配置 |
| [[Atlantis]] | CI/CD | Git PR 驱动的 plan/apply |
| Terraform Enterprise | 平台 | 企业 CI + workspaces |
| [[Gruntwork]] | 模块库 | 预建可复用 IaC 模块 |
| Terratest | 测试 | IaC 集成测试Golang |
| tfsec | 安全 | Terraform 静态安全分析 |
**来源**: [[ctp-topic-48-terraform-vs-terragrunt]], [[ctp-topic-56-automated-infrastructure-testing]]
## Related Concepts
- [[Infrastructure-as-Code]] — Terraform 是 IaC 的实现工具
- [[Automated Security Audit]] — AI 审查 Terraform 安全
- [[Cloud-Native]] — IaC 支持 Cloud-Native 实践
- [[Multi-Account Deployment]] — Terraform HCP/Cloud 多账户部署与 CloudFormation StackSets 对比
- [[AWS CloudFormation StackSets]] — AWS 原生多账户 IaC 部署工具,与 Terraform 有功能重叠
## Related Entities
- [[AWS CloudFormation StackSets]]AWS 原生多账户部署服务,与 Terraform 在多账户 IaC 场景形成对比
## Related Sources
- [[how-agentic-ai-can-help-for-cloud-devops]]