search

onelogin / onelogin

A CLI for Using OneLogin
Apache License 2.0
20 stars 10 forks source link

Unable to work with Terraform remote backend #17

Open TwSimoneRoselli opened 3 years ago

TwSimoneRoselli commented 3 years ago

Hi,

We tried the onelogin binary with a Terraform remote backend configuration and it seems not to be working.

Not sure whether this is the only place to check, but in this file, the TF remote backend doesn't seem to be supported: https://github.com/onelogin/onelogin/blob/0b044e9c788b0db59dff28ef8ad15c3ab3c68591/cmd/terraform-import.go#L137

onelogin terraform-import onelogin_user_mappings       

Using profile default
Collecting User Mappings from OneLogin...
This will import 1 resources. Do you want to continue? (y/n): y
2020/09/18 13:51:04 Initializing Terraform with 'terraform init'...
2020/09/18 13:51:08 Importing resource 1
2020/09/18 13:51:15 Collecting State from tfstate File
2020/09/18 13:51:15 Unable to Read tfstate open terraform.tfstate: no such file or directory

Is the remote backend support anywhere in the project timeline?

Thanks

dcaponi commented 3 years ago

Hey @TwSimoneRoselli Sorry for taking so long to get back to you on this. The short answer is no, remote backend support is not in the short term plan. When this CLI tool was made, it was assumed that most users would be manipulating local TF files and state.

If TF remote backend is something that you think would add a lot of value to your work or something that a lot of people seem to be using, we'll look into prioritizing it sooner.

marcusvoss commented 3 years ago

Hi @dcaponi,

if I get the content of this page https://www.terraform.io/docs/state/remote.html correct, it is kind mandatory for teams to work with remote state files including state file locking in order to avoid racing condition situation in the infrastructure (or things you automate).

My feeling currently is, that not supporting terraform remote state files will leave the onelogin terraform provider in beta / playground state for a while. I might be wrong, so I am happy to learn from the community, how they deal with the problems remote state files solve.

Cheers Marcus

dcaponi commented 3 years ago

The onelogin terraform-import CLI command is an optional convenience offering we have, similar to Terraformer but exclusively for OneLogin stuff.

This CLI tool does not have any bearing on the provider itself and if you use the provider without the CLI, since HashiCorp verified the provider as following all their requirements, it should work with a normal workflow.

All the CLI command does is automate the following:

  1. call the API to get a list of resources
  2. set up a .tf file with the bare minimum information for each resource to get the import command to work 
    provider onelogin {
alias = "onelogin"
}
resource onelogin_apps first_app-id1 {}
resource onelogin_apps second_app-id2 {}
  3. call terraform import for each resource
  4. parse the .tfstate generated from terraform import to construct a filled in .tf file.

So when you run the terraform import manually, it is saving .tfstate not on your local machine and when the tool looks for terraform.tfstate in the same directory as it is run its not there, its in this TF remote backend. This needs to be a change in step 4 to check for this.