Hashicorp Configuration Language

From NovaOrdis Knowledge Base
Jump to navigation Jump to search

External

Internal

Overview

Comments

# This is a comment

Block

Terraform Block

terraform {
  required_version = ">= 0.12"
}

Resource Block

Declares a resource.

Data Block

Declares a data source.

data "data-source-name" "local-name" {
  ...
}
data "aws_ami" "example" {

  most_recent = true

  owners = ["self", "0000000"]

  filter {
    name   = "name"
    values = ["consul-ubuntu-*"]
  }

  tags = {
    Name   = "app-server"
    Tested = "true"
  }
}

Module Block

Represents a module call.

References to Named Values or Interpolation Expression

https://www.terraform.io/docs/configuration/expressions.html#references-to-named-values

Resource elements can be used by other resources via interpolation expressions:

resource "something" "something_else" {

  some_id = "something-${aws_vpc.main.id}"
  ...
}

Terraform 0.11 and earlier required all non-constant expressions to be provided via interpolation syntax ${...}, but this pattern is now deprecated in templates that consist entirely of a single interpolation sequence:

resource "aws_subnet" "something" {

  ami = var.k8s_node_ami_id
  ...
}

Template interpolation syntax is still used to construct strings from expressions when the template includes multiple interpolation sequences or a mixture of literal strings and interpolations

Input Variable

https://www.terraform.io/docs/configuration/variables.html

Input variables are conventionally declared in the variables.tf file of the module:

variable "region" {
  description = "This is the region"
  type = string
  default = "us-east-1"
}

Each variable can have a default value specified with "default". "default" may be "null". If there is no "default" declaration, Terraform will signal an error when terraform apply is executed, and it will initiate an interactive CLI that will inquire for the value of the missing variable:

var.environment_name
  The name of the environment

  Enter a value:
variable "masters" {
  description = "The number of master nodes"
  type = number
  default = 1
}

A default value of 0 for the case where that input variable specifies a count of some sort, is valid. For a module that creates EC2 instances, specifying 0 for the default count value simply does not create any instance of that kind.

Variables can be used via interpolation expression, prefixed with “var.”

To use the variable:

...
Name = "${var.playground_name}-playground-vpc"
...

Variables can be assigned in multiples way, and this is the descending order of precedence:

  • command-line flags: -var = region=something) It will complain if single quotes are used, they will be interpreted as part of the variable name.
  • from a file (.tfvars, -var-file=…) terraform.tfvars or *.auto.tfvars in the current directory are automatically loaded. Multiple -var-file can be used.
  • From environment variables: TF_VAR_name. This can only be used for string variables.
  • UI Input
  • Variable defaults (“default” keyword).

Input Lists

https://learn.hashicorp.com/terraform/getting-started/variables#lists
variable "security_group_ids" {
  description = "The list of security groups"
  type        = list
  default     = ["sg-a41f9d51704199e97"]
}

Input Maps

https://learn.hashicorp.com/terraform/getting-started/variables#maps

Output Variable

https://www.terraform.io/docs/configuration/outputs.html
https://learn.hashicorp.com/terraform/getting-started/outputs

Output variables are a way to organize data to be easily queried and shown back to the Terraform user. Terraform usually stores hundred or thousands of attribute values, but only a few of those are important. Output variables have several uses: a child module can use outputs to expose a subset of its resource attributes to a parent module, a root module ca use outputs to print certain values in the CLI output after running terraform apply and when using remote state, module outputs can be accessed by other configurations via a terraform_remote_state data source.

"Output value" and "output" are semantically equivalent.

An output is declared as:

output "bastion_public_ip" {
  value = aws_instance.bastion.public_ip
  description = "The public IP address of the bastion"
}

Outputs can be delegated to other teams via remote state.

Also see:

terraform output

Output Lists

output "master_node_private_ips" {
  value = aws_instance.master-node.*.private_ip
  description = "The private IP of the master nodes"
}

Result:

Outputs:

master_node_private_ips = [
    "10.1.13.51",
]
worker_node_private_ips = [
    "10.1.13.153",
    "10.1.13.61",
]

Output Maps

Functions

https://www.terraform.io/docs/configuration/functions.html
https://www.terraform.io/docs/configuration/expressions.html#function-calls


Function Categories

String

substr

https://www.terraform.io/docs/configuration/functions/substr.html
...
cidr_block = "${substr("${var.my_cidr_block}", 0, 5)}.1.0/24"
...

IP Network

cidrsubnet

https://www.terraform.io/docs/configuration/functions/cidrsubnet.html

The following turns "10.10.0.0/16" into its first /24 subnet "10.10.1.0/24"

...
cidr_block = "${cidrsubnet("${var.vpc_cidr_block}", 8, 1)}"
...