terraform: what's new in version 0.7.x? - mschuette.name · example:usingstateimport $...

Terraform: What’s New in Version 0.7.x?

Martin Schütte10 November 2016

AWS User Group Hamburg

TERRAFORMBuild,  Combine,  and  Launch  Infrastructure

Outline

terraform fmt

Internal Plugins/Single Binary

Output flag -json

Lists and Maps

State

Data Sources

Martin Schütte | Terraform | AWS UG HH 3/22

terraform fmt

• Ok, actually in there since 0.6.15• Inspired by go fmt• Fixes whitespace for uniform code style

Martin Schütte | Terraform | AWS UG HH 4/22

Example: before terraform fmt

provider ”aws” {region=”eu-west-1”

}

variable ”ami”{}

# use amiresource ”aws_instance” ”web” {

instance_type =”t2.micro”ami =”${var.ami}”

}

Martin Schütte | Terraform | AWS UG HH 5/22

Example: after terraform fmt

provider ”aws” {region = ”eu-west-1”

}

variable ”ami” {}

# use amiresource ”aws_instance” ”web” {instance_type = ”t2.micro”ami = ”${var.ami}”

}

Martin Schütte | Terraform | AWS UG HH 6/22

Internal Plugins/Packaged as Single Binary

• Golang design: statically linked binary• Terraform design: plugins

⇒ Multiple binaries using network RPC,lots of shared code is duplicated

• Now all (default) plugins are compiled into single binary• Still uses RPC, custom plugins possible (doc)

Martin Schütte | Terraform | AWS UG HH 7/22

Size of Terraform Releases (linux amd64)

v0.6.0 v0.6.5 v0.6.10 v0.6.16 v0.7.0 v0.7.100

200

400

600

800

268339

459

596

737

547

87 67

SizeinMb

0

10

20

30

40

50

60

1720

28

36

4448

ProviderCount

Martin Schütte | Terraform | AWS UG HH 8/22

Output flag -json

Small change, but very useful for integration

$ terraform output -json{

”aws_command_url”: {”sensitive”: false,”type”: ”string”,1”value”: ”https://....amazonaws.com/prod/event”

},”sql_endpoint”: {

”sensitive”: false,”type”: ”string”,”value”: ”....rds.amazonaws.com:3306”

}}

Martin Schütte | Terraform | AWS UG HH 9/22

Example: Integration with JSON Output

$ terraform output sql_endpoint....rds.amazonaws.com:3306$ terraform output aws_command_url....amazonaws.com/prod/weather

$ terraform output -json > output.json$ cat output.json | \> jq ’.sql_endpoint.value,.aws_command_url.value’”....rds.amazonaws.com:3306””....amazonaws.com/prod/weather”

Martin Schütte | Terraform | AWS UG HH 10/22

Example: Jenkins Groovy Post-Build

def jsonfile = new File(basepath, ’output.json’)def tfoutput = new JsonSlurper().parseText( jsonfile.getText() )

summary = manager.createSummary(”clipboard.png”)summary.appendText(”Terraform Output:<ul>”, false)tfoutput.each {

summary.appendText(”<li><code><b>$it.key</b>: ”+”$it.value.value</code></li>”, false)

}summary.appendText(”</ul>”, false)

Martin Schütte | Terraform | AWS UG HH 11/22

Lists and Maps

Old way: only Strings# in VPC moduleoutput ”private_subnets” {value = ”${join(”,”, aws_subnet.private.*.id)}”

}

# in callernet_id = ”${element(split(”,”, var.private_subnets), count.index)}”

New: easily pass Lists and Maps# in VPC moduleoutput ”private_subnets” {value = [”${aws_subnet.private.*.id}”]

}

# in callernet_id = ”${var.private_subnets[count.index]}”

Martin Schütte | Terraform | AWS UG HH 12/22

State Manipulation

New state command to list, show, delete, move resources

Example: “live refactoring” with mv$ terraform state mv aws_instance.foo aws_instance.bar$ terraform state mv aws_instance.webserver module.web

Martin Schütte | Terraform | AWS UG HH 13/22

State Import (Work in Progress)

• New import command• Imports single resource instance by ID• Writes into state (not to source!)⇒ some yak shaving required

Martin Schütte | Terraform | AWS UG HH 14/22

Example: Using State Import

$ terraform import aws_instance.server i-0f83bd96e9ea45fe3aws_instance.server: Importing from ID ”i-0f83bd96e9ea45fe3”...aws_instance.server: Import complete!Imported aws_instance (ID: i-0f83bd96e9ea45fe3)

aws_instance.server: Refreshing state... (ID: i-0f83bd96e9ea45fe3)

Import success! The resources imported are shown above. These arenow in your Terraform state. Import does not currently generateconfiguration, so you must do this next. If you do not createconfiguration for the above resources, then the next ‘terraform plan‘will mark them for destruction.

$ terraform state listaws_instance.server$ terraform state show aws_instance.serverid = i-0f83bd96e9ea45fe3ami = ami-0044b96favailability_zone = eu-central-1bdisable_api_termination = false...

Martin Schütte | Terraform | AWS UG HH 15/22

Data Sources

• Lookup information from Provider• Currently only few sources, e. g.

• AWS Account-ID• AWS AMI-ID• AWS IAM Policy Document• Consul Keys• Docker Registry Image Metadata (WIP)

Martin Schütte | Terraform | AWS UG HH 16/22

“The Old Way” Example: Pipeline without Data Source

$ packer ami.json | tee | grep ...$ terraform apply -var ”ami=${ami}” ...

Martin Schütte | Terraform | AWS UG HH 17/22

Example: Finding AMIs

# searches for most recent tagged AMI in own accountdata ”aws_ami” ”webami” {most_recent = trueowners = [”self”]

filter {name = ”tag:my_key”values = [”my_value”]

}}

# use AMIresource ”aws_instance” ”web” {instance_type = ”t2.micro”ami = ”${data.aws_ami.webami.id}”

}

Martin Schütte | Terraform | AWS UG HH 18/22

Example: Reading Account & Region

data ”aws_caller_identity” ”current” {}

data ”aws_region” ”current” {current = true

}

resource ”aws_lambda_permission” ”allow_gitlabbots” {statement_id = ”AllowExecutionFromEvents”action = ”lambda:InvokeFunction”function_name = ”${aws_lambda_function.mybot.arn}”principal = ”apigateway.amazonaws.com”source_arn <<EOT

arn:aws:execute-api:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:...

EOT}

Martin Schütte | Terraform | AWS UG HH 19/22

New Links and Resources

• A Comprehensive Guide to Terraformseries of posts by Yevgeniy Brikman (Gruntwork)

• The Terraform Book by James Turnbullto be released late 2016.

Martin Schütte | Terraform | AWS UG HH 20/22

Terraform 0.8

• Preparations are ongoing• Improved string escape sequence handling• New apply graph creation (experimental in 0.7.8)

Martin Schütte | Terraform | AWS UG HH 21/22

The End

Martin Schütte@m_schuett

info@martin-schuette.de

slideshare.net/mschuett/

Martin Schütte | Terraform | AWS UG HH 22/22