search

hashicorp / terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
https://www.terraform.io/
Other
42.11k stars 9.47k forks source link

Terraform Cloud Remote Backend Workspace Suffix Support #24725

Open Jimwoodward opened 4 years ago

Jimwoodward commented 4 years ago

Current Terraform Version

Terraform v0.12.24

Use-cases

The end goal of this request is to be able to use terraform plan, terraform apply, and terraform init, with one set of terraform code, that has one remote backend configured to work across multiple workspaces, where the workspace's names share a common suffix. Example workspace names would be development-vpc, staging-vpc, and production-vpc.

Attempted Solutions

The present attempted solution was to use a variable in the remote backend, but that is not supported. Here is an example of what that would look like:

terraform {
  backend "remote" {
    organization = "my-org"

    workspaces {
      name = "${var.workspace_prefix}-vpc"
    }
  }
}

This is obviously not allowed since variables are not allowed in backends. The result of running terraform init with this though is:

>terraform init

Initializing the backend...
Backend configuration changed!

Terraform has detected that the configuration specified for the backend
has changed. Terraform will now check for existing state in the backends.

Error: Variables not allowed

  on main.tf line 17, in terraform:
  17:       name = "${var.workspace_suffix}-vpc"

Variables may not be used here.

Proposal

The change we would like to see to support our use case is like the currently supported prefix option (https://www.terraform.io/docs/backends/types/remote.html#prefix), but instead of a common prefix, a common suffix.

The current prefix method looks like:

terraform {
  backend "remote" {
    organization = "my-org"

    workspaces {
      prefix = "my-app-"
    }
  }
}

The suffix method would look like:

terraform {
  backend "remote" {
    organization = "my-org"

    workspaces {
      suffix = "-my-app"
    }
  }
}

Additional

We have over 1500 workspaces in Terraform Cloud. They all follow the naming convention of <environment>-workspace-name-here, and we have automation built around this naming convention. Changing our workspace names to follow a convention where the shared, static aspect of their name comes first, and the dynamic environment aspect of them comes second, is unfortunately out of the question for us due to the level of effort.

eytanhanig commented 4 years ago

This sounds like a fun project. Can anyone think of a reason that Hashicorp/TFC wouldn't allow it?

arbourd commented 4 years ago

I would be willing to do the work to implement this if Hashicorp is interested.

We also have a ton of workspaces and organizing them by environment (rather than app name) is far more appealing.

marcmarcet commented 3 years ago

I think it would be also very interesting to make name/prefix optional and take whatever the user sets as TF_WORKSPACE as the workspace name.

This would allow to follow any custom convention without relying on prefix/suffix limitations.

fugkco commented 3 years ago

We've started generating our backend configuration that is git ignored, then simply use terraform init -backend-config=./backend_config.hcl. It will require a wrapper script of some sort, but that's not a huge issue.