Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

command backend #33007

Open
pauldraper opened this issue Apr 9, 2023 · 6 comments
Open

command backend #33007

pauldraper opened this issue Apr 9, 2023 · 6 comments
Labels
enhancement new new issue not yet triaged

Comments

@pauldraper
Copy link

pauldraper commented Apr 9, 2023
edited
Loading

Terraform Version

-

Use Cases

I want to implement a custom backend, e.g. MySQL, MongoDB, Vault. Currently there is no general extension mechanism. #5877

Attempted Solutions

There is a HTTP backend that can be used as an extension mechanism. That is awkward, because it requires starting an HTTP server, controlling authentication so that other processes cannot access, etc.

Proposal

Invoke commands with an external process.

terraform {
  backend "command" {
    command = ["executable", "arg1"]
    environment = {
      name = "value"
    }
    working_directory = "dir"
  }
}

Terraform would specify env var TF_ACTION as read, write, lock, or unlock, with the lock information being in TF_LOCK.

The executable would read stdin/write stdout.

References

No response
@pauldraper pauldraper added enhancement new new issue not yet triaged labels Apr 9, 2023
@crw
Copy link
Contributor

crw commented Apr 10, 2023
edited
Loading

I believe this is a duplicate of #5877

The prescribed solution is extremely specific, so I will bring this to triage to see if it makes sense keeping this one open due to its specificity.

Thanks for the request!

@pauldraper
Copy link
Author

Yes, #5877 would solve this.

But it's 7 years old, and ambitious.

@ei-grad
Copy link

ei-grad commented May 29, 2023

Voted for this issue since #5877 proposes the use of plugin system, while this one propose a simple and flexible solution which can be built-in like the "local" backend and doesn't require to code in go.

Seriously, one could think that Hashicorp is looking for the world-wide infrastructure control, making secure .tfstate management so nontrivial... other reason for this could be TFCloud promotion, but wait... O_O

@ei-grad
Copy link

ei-grad commented May 29, 2023
edited
Loading

Though I would prefer to specify read / write / lock / unlock commands in separate parameters to get rid of writing the "switch" inside of command (and effectively requiring it to be a shell script / custom program).

And don't think that environment variables should be configured (they can be just inherited from env in which terraform runs). Working directory as of me also should be treated in "convention over configuration" way (should be equal to terraform working directory). Both this can be specified using bash -c "..." if needed.

What do you think?

@ei-grad
Copy link

ei-grad commented May 29, 2023
edited
Loading

Hmm. With "local-exec" having working_dir and environment parameters, it is better to have them too in the "command" backend which looks similar to "local-exec" in semantics. And looking on "local-exec" maybe command parameter should be plain string and interpreter should be added..?

@pauldraper pauldraper mentioned this issue Jul 28, 2023
Open
@pauldraper
Copy link
Author

pauldraper commented Jul 28, 2023
edited
Loading

Using an env var is somewhat odd, but presents some more flexibility with programs accepting CLI vars.

The command/interpreter is awkward, but matches the local-exec paradigm.

Neither are highly significant to the overall benefit/functionality/ergonomics.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement new new issue not yet triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@crw @ei-grad @pauldraper