set backend config parms in tf init

[mcascone]

https://github.com/bitops-plugins/terraform/blob/0deae239284e767e9a24e0b7c1fc5eaef2be3859/deploy.sh#L58

Intro

My understanding is we are manually setting static parms in our provider.tf, and especially the backend block. There is scripted generation going on but i think we're still essentially manually setting it, and it's hard to grasp some of the logic

GPT seems to have identified a way to pass these in dynamically, with env vars, just like we do with everything else:

GPT says:

Terraform's backend configuration does not directly support interpolation syntax, which includes environment variables, for security reasons. This is by design and noted in Terraform's official documentation:

The backend configuration only uses static variables. You can't use a variable in the backend configuration. The backend is loaded very early in the Terraform process, and as such, only has minimal access to the configuration.

However, you can use environment variables to provide values for the backend configuration indirectly. For the "azurerm" backend, you can use the following environment variables:

• ARM_ACCESS_KEY
• ARM_CLIENT_ID
• ARM_CLIENT_SECRET
• ARM_SUBSCRIPTION_ID
• ARM_TENANT_ID

The values of these environment variables can be used to authenticate with Azure.

Naming Note

The ARM_* environment variables used for the Azure provider do not require the TF_VAR_ prefix. These are specific environment variables that Terraform's Azure provider looks for, and they are different from the user-defined variables that you might set with the TF_VAR_ prefix.

These environment variables are used for authentication with Azure and are read directly by the Azure provider. You do not need to define corresponding variables in your Terraform configuration, and you do not use them with the var. syntax in your configuration. You should set these ARM_* environment variables directly, without using the TF_VAR_ prefix, when using the Azure provider with Terraform.

For other attributes like resource_group_name, storage_account_name, container_name, and key, Terraform does not natively support using environment variables. These values must be hardcoded in the backend configuration block.

The Workaround

You can work around this limitation with a two-step terraform init process, by using -backend-config parameters during the initialization. This allows you to pass in values from your environment. Here is an example:

terraform init \
    -backend-config="resource_group_name=$RESOURCE_GROUP_NAME" \
    -backend-config="storage_account_name=$STORAGE_ACCOUNT_NAME" \
    -backend-config="container_name=$CONTAINER_NAME" \
    -backend-config="key=$KEY"

In this way, you can provide backend configuration values from your environment, although it's a bit more complex than simply using environment variables in the configuration file.

Note again that these do not need to be prefixed with TF_VAR_ since they are just all environment variables that you've set in your shell, and their values are passed to the terraform init command.

[mcascone]

Using a real azure providers.tf file, the output appears to be identical. Comparison with diff folders extension shows no diffs.

Parameterized command:

❯ tfi -backend-config=resource_group_name="bitops-azure-test" \
    -backend-config=storage_account_name="bitops" \
    -backend-config=container_name="bitopstfstate" \
    -backend-config=key="state"

Files

hardcoded version

 terraform {

   required_version = ">=0.12"

   required_providers {
     azurerm = {
       source = "hashicorp/azurerm"
       version = "~>3.0.0"
     }
   }

   backend "azurerm" {
     resource_group_name  = "bitops-azure-test"
     storage_account_name = "bitops"
     container_name       = "bitopstfstate"
     key                  = "state"
    }
 }

parameterized version

 terraform {

   required_version = ">=0.12"

   required_providers {
     azurerm = {
       source = "hashicorp/azurerm"
       version = "~>3.0.0"
     }
   }

   backend "azurerm" {
    }
 }