This plugin enables you to run Terraform against providers in a Vela pipeline.
Source Code: https://github.com/go-vela/vela-terraform
Registry: https://hub.docker.com/r/target/vela-terraform
NOTE:
Users should refrain from using latest as the tag for the Docker image.
It is recommended to use a semantically versioned tag instead.
Sample of adding installing terraform version:
steps:
- name: apply
image: target/vela-terraform:latest
pull: always
parameters:
action: apply
auto_approve: true # Required for versions of Terraform 0.12.x
version: 0.11.7Sample of adding init options to Terraform configuration:
steps:
- name: apply
image: target/vela-terraform:latest
pull: always
parameters:
action: apply
auto_approve: true # Required for versions of Terraform 0.12.x
init_options:
get_plugins: trueSample of applying Terraform configuration:
steps:
- name: apply
image: target/vela-terraform:latest
pull: always
parameters:
action: apply
auto_approve: true # Required for versions of Terraform 0.12.xSample of destroying Terraform configuration:
steps:
- name: destroy
image: target/vela-terraform:latest
pull: always
parameters:
action: destroy
auto_approve: true # Required for versions of Terraform 0.12.xSample of formatting Terraform configuration files:
steps:
- name: fmt
image: target/vela-terraform:latest
pull: always
parameters:
action: fmtSample of planning Terraform configuration:
steps:
- name: plan
image: target/vela-terraform:latest
pull: always
parameters:
action: planSample of validating Terraform configuration:
steps:
- name: validate
image: target/vela-terraform:latest
pull: always
parameters:
action: validateNOTE: Users should refrain from configuring sensitive information in your pipeline in plain text.
Users can use Vela internal secrets to substitute these sensitive values at runtime:
steps:
- name: apply
image: target/vela-terraform:latest
pull: always
+ secrets: [ terraform_username, terraform_password ]
parameters:
action: apply
auto_approve: true # Required for versions of Terraform 0.12.x
- username: octocat
- password: superSecretPasswordThis example will add the secrets to the
applystep as environment variables:
TERRAFORM_USERNAME=<value>TERRAFORM_PASSWORD=<value>
The plugin accepts the following files for authentication:
| Parameter | Volume Configuration |
|---|---|
password |
/vela/parameters/terraform/password, /vela/secrets/terraform/password |
username |
/vela/parameters/terraform/username, /vela/secrets/terraform/username |
Users can use Vela external secrets to substitute these sensitive values at runtime:
steps:
- name: apply
image: target/vela-terraform:latest
pull: always
parameters:
action: apply
auto_approve: true # Required for versions of Terraform 0.12.x
- username: octocat
- password: superSecretPasswordThis example will read the secret values in the volume stored at
/vela/secrets/
NOTE:
The plugin supports reading all parameters via environment variables or files.
Any values set from a file take precedence over values set from the environment.
Terraform commands will be invoked in the current directory by default.
The following parameters are used to configure the image:
| Name | Description | Required | Default | Environment Variables |
|---|---|---|---|---|
action |
action to perform with Terraform | true |
N/A |
PARAMETER_ACTIONTERRAFORM_ACTION |
init_options |
options to use for Terraform init operation | false |
N/A |
PARAMETER_INIT_OPTIONSTERRAFORM_INIT_OPTIONS |
log_level |
set the log level for the plugin | true |
info |
PARAMETER_LOG_LEVELTERRAFORM_LOG_LEVEL |
machine |
netrc machine name to communicate with | true |
github.com |
PARAMETER_MACHINETERRAFORM_MACHINEVELA_NETRC_MACHINE |
password |
netrc password for authentication | true |
set by Vela | PARAMETER_PASSWORDTERRAFORM_PASSWORDVELA_NETRC_PASSWORD |
username |
netrc user name for authentication | true |
set by Vela | PARAMETER_USERNAMETERRAFORM_USERNAMEVELA_NETRC_USERNAME |
version |
set the Terraform CLI version | true |
1.2.7 |
PARAMETER_VERSIONTERRAFORM_VERSION |
The following parameters can be used within the init_options to configure the image:
| Name | Description | Required | Default |
|---|---|---|---|
backend |
configure the backend for this configuration | true |
N/A |
backend_configs |
this is merged with what is in the configuration file | true |
N/A |
force_copy |
suppress prompts about copying state data | true |
N/A |
from_module |
copy the contents of the given module into the target directory before initialization | true |
N/A |
get |
download any modules for this configuration | true |
N/A |
get_plugins |
download any missing plugins for this configuration | true |
N/A |
input |
ask for input for variables if not directly set | true |
N/A |
lock |
lock the state file when locking is supported | false |
N/A |
lock_timeout |
duration to retry a state lock | false |
N/A |
no_color |
disables colors in output | false |
N/A |
plugin_dirs |
directory containing plugin binaries; overrides all default search paths for plugins | false |
N/A |
reconfigure |
reconfigure the backend, ignoring any saved configuration | false |
N/A |
upgrade |
install the latest version allowed within configured constraints | false |
N/A |
verify_plugins |
verify the authenticity and integrity of automatically downloaded plugins | false |
N/A |
The following parameters are used to configure the apply action:
Command uses Terraform CLI command defaults if not overridden in config.
| Name | Description | Required | Default | Environment Variables |
|---|---|---|---|---|
auto_approve |
skip interactive approval of applying resources | false |
false |
PARAMETER_AUTO_APPROVETERRAFORM_AUTO_APPROVE |
backup |
path to backup the existing state file | false |
N/A |
PARAMETER_BACKUPTERRAFORM_BACKUP |
directory |
the directory containing Terraform files to apply | false |
. |
PARAMETER_DIRECTORYTERRAFORM_DIRECTORY |
lock |
lock the state file when locking is supported | false |
false |
PARAMETER_LOCKTERRAFORM_LOCK |
lock_timeout |
duration to retry a state lock | false |
N/A |
PARAMETER_LOCK_TIMEOUTTERRAFORM_LOCK_TIMEOUT |
no_color |
disables colors in output | false |
false |
PARAMETER_NO_COLORTERRAFORM_NO_COLOR |
parallelism |
number of concurrent operations as Terraform walks its graph | false |
N/A |
PARAMETER_PARALLELISMTERRAFORM_PARALLELISM |
refresh |
update state prior to checking for differences | false |
false |
PARAMETER_REFRESHTERRAFORM_REFRESH |
state |
path to read and save state | false |
N/A |
PARAMETER_STATETERRAFORM_STATE |
state_out |
path to write updated state file | false |
N/A |
PARAMETER_STATE_OUTTERRAFORM_STATE_OUT |
target |
resource to target | false |
N/A |
PARAMETER_TARGETTERRAFORM_TARGET |
vars |
a map of variables to pass to the Terraform (<key>=<value>) |
false |
N/A |
PARAMETER_VARSTERRAFORM_VARS |
var_files |
a list of var files to use | false |
N/A |
PARAMETER_VAR_FILESTERRAFORM_VAR_FILES |
The following parameters are used to configure the destroy action:
Command uses Terraform CLI command defaults if not overridden in config.
| Name | Description | Required | Default | Environment Variables |
|---|---|---|---|---|
auto_approve |
skip interactive approval of destroying resources | false |
false |
PARAMETER_AUTO_APPROVETERRAFORM_AUTO_APPROVE |
backup |
path to backup the existing state file | false |
N/A |
PARAMETER_BACKUPTERRAFORM_BACKUP |
directory |
the directory containing Terraform files to destroy | false |
. |
PARAMETER_DIRECTORYTERRAFORM_DIRECTORY |
lock |
lock the state file when locking is supported | false |
false |
PARAMETER_LOCKTERRAFORM_LOCK |
lock_timeout |
duration to retry a state lock | false |
N/A |
PARAMETER_LOCK_TIMEOUTTERRAFORM_LOCK_TIMEOUT |
no_color |
disables colors in output | false |
false |
PARAMETER_NO_COLORTERRAFORM_NO_COLOR |
parallelism |
number of concurrent operations as Terraform walks its graph | false |
N/A |
PARAMETER_PARALLELISMTERRAFORM_PARALLELISM |
refresh |
update state prior to checking for differences | false |
false |
PARAMETER_REFRESHTERRAFORM_REFRESH |
state |
path to read and save state | false |
N/A |
PARAMETER_STATETERRAFORM_STATE |
state_out |
path to write updated state file | false |
N/A |
PARAMETER_STATE_OUTTERRAFORM_STATE_OUT |
target |
resource to target | false |
N/A |
PARAMETER_TARGETTERRAFORM_TARGET |
vars |
a map of variables to pass to the Terraform (<key>=<value>) |
false |
N/A |
PARAMETER_VARSTERRAFORM_VARS |
var_files |
a list of var files to use | false |
N/A |
PARAMETER_VAR_FILESTERRAFORM_VAR_FILES |
The following parameters are used to configure the fmt action:
Command uses Terraform CLI command defaults if not overridden in config.
| Name | Description | Required | Default | Environment Variables |
|---|---|---|---|---|
check |
validate if the input is formatted | false |
false |
PARAMETER_CHECKTERRAFORM_CHECK |
diff |
diffs of formatting changes | false |
false |
PARAMETER_DIFFTERRAFORM_DIFF |
directory |
the directory containing Terraform files to format | false |
. |
PARAMETER_DIRECTORYTERRAFORM_DIRECTORY |
list |
list files whose formatting differs | false |
false |
PARAMETER_LISTTERRAFORM_LIST |
write |
write result to source file instead of STDOUT | false |
false |
PARAMETER_WRITETERRAFORM_WRITE |
The following parameters are used to configure the plan action:
Command uses Terraform CLI command defaults if not overridden in config.
| Name | Description | Required | Default | Environment Variables |
|---|---|---|---|---|
destroy |
destroy all resources managed by the given configuration and state | false |
false |
PARAMETER_DESTROYTERRAFORM_DESTROY |
detailed_exit_code |
return detailed exit codes when the command exits | false |
false |
PARAMETER_DETAILED_EXIT_CODETERRAFORM_DETAILED_EXIT_CODE |
directory |
the directory containing Terraform files to plan | false |
. |
PARAMETER_DIRECTORYTERRAFORM_DIRECTORY |
input |
ask for input for variables if not directly set | false |
false |
PARAMETER_INPUTTERRAFORM_INPUT |
lock |
lock the state file when locking is supported | false |
false |
PARAMETER_LOCKTERRAFORM_LOCK |
lock_timeout |
duration to retry a state lock | false |
N/A |
PARAMETER_LOCK_TIMEOUTTERRAFORM_LOCK_TIMEOUT |
module_depth |
specifies the depth of modules to show in the output | false |
N/A |
PARAMETER_MODULE_DEPTHTERRAFORM_MODULE_DEPTH |
no_color |
disables colors in output | false |
false |
PARAMETER_NO_COLORTERRAFORM_NO_COLOR |
parallelism |
number of concurrent operations as Terraform walks its graph | false |
N/A |
PARAMETER_PARALLELISMTERRAFORM_PARALLELISM |
refresh |
update state prior to checking for differences | false |
false |
PARAMETER_REFRESHTERRAFORM_REFRESH |
state |
path to read and save state | false |
N/A |
PARAMETER_STATETERRAFORM_STATE |
target |
resource to target | false |
N/A |
PARAMETER_TARGETTERRAFORM_TARGET |
vars |
a map of variables to pass to the Terraform (<key>=<value>) |
false |
N/A |
PARAMETER_VARSTERRAFORM_VARS |
var_files |
a list of var files to use | false |
N/A |
PARAMETER_VAR_FILESTERRAFORM_VAR_FILES |
The following parameters are used to configure the validate action:
Command uses Terraform CLI command defaults if not overridden in config.
| Name | Description | Required | Default | Environment Variables |
|---|---|---|---|---|
check_variables |
command will check whether all required variables have been specified | false |
false |
PARAMETER_CHECK_VARIABLESTERRAFORM_CHECK_VARIABLES |
directory |
the directory containing Terraform files to validate | false |
. |
PARAMETER_DIRECTORYTERRAFORM_DIRECTORY |
no_color |
disables colors in output | false |
false |
PARAMETER_NO_COLORTERRAFORM_NO_COLOR |
vars |
a map of variables to pass to the Terraform (<key>=<value>) |
false |
N/A |
PARAMETER_VARSTERRAFORM_VARS |
var_files |
a list of var files to use | false |
N/A |
PARAMETER_VAR_FILESTERRAFORM_VAR_FILES |
COMING SOON!
You can start troubleshooting this plugin by tuning the level of logs being displayed:
steps:
- name: apply
image: target/vela-terraform:latest
pull: always
parameters:
action: apply
auto_approve: true
+ log_level: traceYou can also instruct the Terraform CLI to output verbose logging:
steps:
- name: apply
image: target/vela-terraform:latest
pull: always
+ environment:
+ TF_LOG: TRACE
parameters:
action: apply
auto_approve: trueBelow are a list of common problems and how to solve them: