HashiCorp Terraform 0.8

We've released Terraform 0.8. Terraform is a tool for safely and efficiently building, combining, and launching any infrastructure.

Terraform continues to grow extremely fast! Since our last major Terraform release, downloads have increased 100% month over month and the number of community contributors has increased 50% from 500 to over 750. We had 14 minor releases of 0.7.x to add and improve hundreds of resources and dozens of providers.

Terraform 0.8 adds major new functionality to Terraform. Highlights include:

• Console
• Conditional Values
• Terraform Version Requirement
• Depending on Modules
• Vault Provider
• Nomad Provider

»Community

We want to thank our growing community for the continous stream of improvements, fixes, and ideas. As the Terraform community has increased in size, we know that issues are taking longer to resolve than we would like. We are working to grow the Terraform team at HashiCorp, and we are grateful to the community for their enthusiasm and support in improving Terraform.

Terraform contributors have grown 50% in just four months. Terraform 0.8 has over 750 contributors and almost two dozen core committers. As with most Terraform releases, the bulk of the changes are due to the large amount of contributions we receive from the community.

In addition to pure code contributions, the community has corrected documentation, authored books, written blog posts, and spoken at conferences. All of this helps just as much as any code contribution.

Thank you Terraform community!

»Upgrading

Terraform 0.8 introduces some backwards incompatibilities with Terraform 0.7. Please review the upgrade guide. The upgrade guide goes over all backwards incompatibilities and necessary considerations when upgrading to 0.8.

»Console

Terraform 0.8 adds a new interactive console with terraform console that can be used to experiment with interpolations and inspect your infrastructure.

For beginners, the console is a great additional learning resource. You can try interpolations (anything you would put in a Terraform configuration attribute) and see the output they generate. The console is currently read-only, so you can't accidentally change infrastructure or state!

$ terraform console
> 1+5
6
> aws_instance.foo.0.id
i-abcd1234
> join(", ", aws_instance.foo.*.id)
i-abcd1234, i-bcde2345

For advanced users, terraform console can also be used for scripting. Previously, the only way to extract information from a Terraform run was to create an output. Otherwise, you'd have to spelunk through JSON state files to extract what you wanted. Now you can just pipe computations to terraform console and get a response:

$ echo 'aws_instance.foo.0.id' | terraform console
i-abcd1234

This is just the beginning for terraform console. In future versions we plan to expose the ability to trigger plans, applies, and more.

Read more about the console in the documentation.

»Conditional Values

Interpolations now support basic conditionals. This allows you to conditionally assign a value. Used with count, this enables conditional inclusion of resources as well. For example:

variable "env" { default = "development" }

resource "aws_instance" "foo" {
  count = "${var.env == "production" ? 1 : 0}"
}

In the above example, when the environment isn't "production", the AWS instance "foo" would not be created since the count value would be 0. Terraform supports all the common logical operators:

• Equality: == and !=
• Numeric comparison: >, <, >=, <=
• Boolean operations: &&, ||, ! (unary)

This feature in Terraform 0.8 allows conditionally setting values, but we also hope in the future that the groundwork laid for this will allow more advanced conditionals that have been requested for Terraform.

Read the documentation on conditional values to learn more.

»Terraform Version Requirement

Running a Terraform configuration against an unexpected Terraform version can sometimes be disasterous: bugs that are fixed in newer versions can damage your infrastructure! In Terraform 0.8 you can now specify the Terraform version required to interact with a configuration:

terraform {
  required_version = ">= 0.8, < 0.9"
}

If the version of Terraform does not match the desired version, Terraform will output an error very early on notifying the user that they must change their Terraform version to interact with the configuration.

Modules may also specify required Terraform versions using the same syntax. When a configuration using that module is run, the required Terraform version constraints must be satisfied for all modules. If the running Terraform version violates any constraint, Terraform will show the user an error message.

Older Terraform versions (prior to 0.8) should error when they see the terraform configuration since it wasn't valid configuration. Therefore, this can effectively be used to protect your infrastructure from incorrect Terraform versions.

Read the documentation on the Terraform version requirement to learn more.

»Depending on Modules

The depends_on metaparameter can now point to entire modules in addition to individual resources.

module "network" {
  # ...
}

resource "aws_instance" "foo" {
  # ...

  depends_on = ["module.network"]
}

In the example above, the "foo" AWS instance won't be created until everything inside the "network" module completes first (including any sub-modules).

The primary use case for this feature is when a resource depends on some side effect of a module. Otherwise, the resource usually depends explicitly on a module output and therefore doesn't need to specify the module dependency.

You can learn more about module dependencies on the resource configuration page.

»Vault Provider

Creating and changing infrastructure often requires a number of different credentials. The best place to store those credentials is a secure secret management tool. Vault is a secret management tool created by HashiCorp, and the Vault provider for Terraform provides a way to read and write secrets.

The Vault provider currently only supports the generic secret backend. Support for more backends will be added as time goes on, but generic secrets covers a large use case for Vault.

The vault_generic_secret data source can be used to read secrets:

data "vault_generic_secret" "example" {
  path = "secret/aws"
}

provider "aws" {
  access_key = "${data.vault_generic_secret.example.data["access_key"]}"
}

The example above uses Vault to read the AWS access key to configure Terraform.

The identically named resource can be used to write data:

resource "vault_generic_secret" "example" {
  path = "secret/infra"

  data_json = <<EOT
{
  "ip":   "${aws_instance.foo.public_ip}"
}
EOT
}

The example above takes data generated by Terraform during runtime and uses that to store it as a secret in Vault.

Read the Vault provider documentation to learn more.

»Nomad Provider

The Nomad provider for Terraform allows you to configure jobs to run on Nomad, HashiCorp's application deployment and cluster management tool.

The Nomad provider enables Terraform to set up Nomad jobs that must run as part of the infrastructure creation process. The use case here is primarily system jobs or batch initialization jobs.

This does not replace nomad run completely. You are still expected to use Nomad for application deploys over time, but Terraform can be used to bootstrap your cluster.

The nomad_job resource is used to manage jobs:

resource "nomad_job" "monitoring" {
    jobspec = "${file("${path.module}/jobspec.hcl")}"
}

The example above reads a jobspec and submits the job to Nomad.

Read the Nomad provider documentation to learn more.

»Conclusion

Terraform growth in every metric has been explosive. We are committed to continue improving Terraform and we have a lot of exciting things planned for the future!

We will continue to ship minor releases of Terraform on average every two weeks, so you can expect 0.8.1 and onwards throughout the coming weeks. At the same time, we are already beginning development on Terraform 0.9, which will focus on collaboration and more natural integration with Terraform Enterprise. We are excited to share more details soon.

Go download Terraform and give it a try!