search

localstack / terraform-local

Terraform CLI wrapper to deploy your Terraform applications directly to LocalStack
Apache License 2.0
182 stars 21 forks source link

tflocal overwrites or removes some S3 backend configurations #25

Open mviamari opened 1 year ago

mviamari commented 1 year ago

When using tflocal, an s3 backend is generated automatically to use the localstack endpoints for the remote state. This works in many cases, however if the desired backend configuration has been customized beyond the default options/configuration applied in TF_S3_BACKEND_CONFIG (https://github.com/localstack/terraform-local/blob/main/bin/tflocal#L45), those options/configurations are lost.

For example, if the desired backend configuration has force_path_style = true, that configuration is lost when tflocal is used.

This is the initial backend configuration from the tf files.

terraform {
  backend "s3" {
    region                      = "us-east-1"
    bucket                      = "terraform-state-us-east-1"
    key                         = "000000000000/000000000000-localstack/localstack/bootstrap/terraform.tfstate"
    dynamodb_table              = "terraform-lock"

    access_key                  = "test"
    secret_key                  = "test"
    dynamodb_endpoint           = "http://localhost.localstack.cloud:4566"
    endpoint                    = "http://s3.localhost.localstack.cloud:4566"
    skip_credentials_validation = true
    skip_metadata_api_check     = true

    #these configuration options are lost
    encrypt                     = true
    force_path_style            = true
    acl                         = "bucket-owner-full-control"
  }
}

this is the backend configuration generated by tflocal as an override.

terraform {
  backend "s3" {
    region         = "us-east-1"
    bucket         = "terraform-state-us-east-1"
    key            = "000000000000/000000000000-localstack/localstack/bootstrap/terraform.tfstate"
    dynamodb_table = "terraform-lock"

    access_key        = "test"
    secret_key        = "test"
    endpoint          = "http://s3.localhost.localstack.cloud:4566"
    iam_endpoint      = "http://localhost.localstack.cloud:4566"
    sts_endpoint      = "http://localhost.localstack.cloud:4566"
    dynamodb_endpoint = "http://localhost.localstack.cloud:4566"
    skip_credentials_validation = true
    skip_metadata_api_check     = true
  }
}
lakkeger commented 10 months ago

Hi @mviamari! You are right, currently these configurations are not merged into the backend block. We'd ask your patience to add this issue to our timeline and implement the changes you've requested. I'll get back to you soon with more information.