Terraform Cloud Internal Package
Ownership: Community Maturity: Preview Visibility: Internal/Private Public Listing: No Canonical Layer: Infra Canonical Area: Infrastructure-as-Code
Overview
The Terraform Cloud internal package processes Terraform Cloud webhook events and delivers them to downstream systems. This is an internal/private package for V1 and is not part of a public marketplace.
Supported Event Types
- ✅
terraform_plan - ✅
terraform_apply - ✅
terraform_run_cancelled - ✅
terraform_run_failed - ✅
terraform_run_success - ✅
terraform_workspace_created - ✅
terraform_workspace_destroyed
YAML/DAG Contract
package:
name: terraform-cloud-internal
version: 1.0.0
provider: terraform
visibility: internal/private
description: "Terraform Cloud webhook processing package for IaC"
canonical_layer: infra
canonical_area: infrastructure-as-code
endpoints:
- name: terraform-webhook
provider: terraform
url: https://your-domain.com/webhooks/terraform
auth: {type: bearer, token: {{TERRAFORM_TOKEN}}}
events:
- terraform_plan
- terraform_apply
- terraform_run_cancelled
- terraform_run_failed
- terraform_run_success
- terraform_workspace_created
- terraform_workspace_destroyed
targets:
- name: infrastructure-logs
provider: terraform
url: https://api.terraform-logs.com/events
auth: {type: bearer, token: {{INFRASTRUCTURE_LOGS_TOKEN}}}
events:
- terraform_plan
- terraform_apply
- terraform_run_cancelled
- terraform_run_failed
- terraform_run_success
- terraform_workspace_created
- terraform_workspace_destroyed
flows:
- name: terraform-events
provider: terraform
endpoint: terraform-webhook
target: infrastructure-logs
events:
- terraform_plan
- terraform_apply
- terraform_run_cancelled
- terraform_run_failed
- terraform_run_success
- terraform_workspace_created
- terraform_workspace_destroyed
Authentication
Endpoint Authentication
auth:
type: bearer
token: {{TERRAFORM_TOKEN}}
Uses Terraform Cloud API token for webhook authentication.
Target Authentication
auth:
type: bearer
token: {{INFRASTRUCTURE_LOGS_TOKEN}}
Uses bearer token for infrastructure logs delivery.
Fixtures
Test input data for validation.
Example: fixtures/terraform/terraform_plan.json
{
"event": "terraform_plan",
"workspace": "production",
"status": "pending",
"execution_id": "run-12345",
"created_at": "2026-06-24T10:00:00Z"
}
Goldens
Expected output data.
Example: goldens/terraform/terraform_plan.json
{
"destination": "infrastructure-logs",
"event_type": "terraform_plan",
"timestamp": "2026-06-24T10:00:00Z",
"payload": {
"event": "terraform_plan",
"workspace": "production",
"status": "pending",
"execution_id": "run-12345",
"processed_at": "2026-06-24T10:00:00Z"
}
}
Sandbox Validation State
✅ Sandbox Validated
- All event types validated
- Authentication boundaries verified
- Output format validated against goldens
- No errors or warnings
Production Revalidation
⚠️ Pending
Full production deployment and validation requires:
- Controlled deployment to production
- Explicit approval from operators
- Production evidence collection
- Production validation against real data
Real Webhook Runbook
Runbook not yet available for production validation.
Known Nonclaims
- ❌ NOT a public marketplace package
- ❌ NOT production-validated
- ❌ NOT part of a public package listing
- ❌ NOT Zen-cross
Usage
Validate the package:
zen package validate terraform-cloud-internal
Inspect the package:
zen package inspect terraform-cloud-internal
Get package evidence:
zen package evidence terraform-cloud-internal