search

hashicorp / terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
https://www.terraform.io/
Other
42.52k stars 9.52k forks source link

backend configuration should support workspaces #23874

Open matti opened 4 years ago

matti commented 4 years ago

currently it's not possible to have backend per workspace.

for example workspace "bar" to have bucket "terraform-bar" and "beer" to have bucket "terraform-beer"

both workspaces live in the same bucket, effectively granting user access to all workspaces.

this is due to .terraform/terraform.tfstate not supporting workspaces.

proposed solution: use .terraform/<workspacename>.tfstate when workspace configured.

jbardin commented 4 years ago

Hi @matti,

You mention "bucket" in the issue here, is this a specific request for the s3 backend? Workspaces as they are implemented now live within a backend, and therefore any options would need to be configured by a particular backend depending on what it could support. There will likely be reconsideration of what workspaces in the CLI mean in the future, but that would be separate from a feature request for for a remote state backend.

The .terraform/terraform.tfstate file itself is only storage for the init configuration, and doesn't apply to workspaces.

matti commented 4 years ago

I think that the following workaround would work:

TF_DATA_DIR By default this data is written into a .terraform subdirectory of the current directory, but the path given in TF_DATA_DIR will be used instead if non-empty.

export TF_WORKSPACE=bar
export TF_DATA_DIR=.terraform-$TF_WORKSPACE
terraform apply

this would keep init configurations separate and per workspace

jbardin commented 4 years ago

Thanks @matti

I think this is confusion abut what workspaces are in the CLI, and why I mentioned that we have plans to rethink this to better align them with "workspaces" in Terraform Cloud which are different.

In the CLI, workspaces are simply a named state file, and switching workspaces only changes which name the state goes by within the current backend. Because they only exist within the backend itself, you need to start with the same TF_DATA_DIR.

matti commented 4 years ago

Confusion or not, I'm now sucessfully running TF_DATA_DIR set to .terraformhack/$TF_WORKSPACE and configuring bucket with init options.

This allows concurrent running of different workspaces at the same time from my machine.

matti commented 4 years ago

so technically I'm not using multiple workspaces at the same time - I only use them to get handy terraform.workspace without having to declare something like var.name in every module etc.