@@ -97,9 +97,15 @@ This template enables [Terraform integration in Merge Requests](https://docs.git
As a result if you enabled your `production` environment, every merge request will compute and display infrastructure changes compared to `master` branch.
### GitLab managed Terraform State
### Terraform Backend management
By default, this template enables [GitLab managed Terraform State](https://docs.gitlab.com/ee/user/infrastructure/terraform_state.html)(set`$TF_GITLAB_BACKEND_DISABLED` to disable).
By default, this template enables [GitLab managed Terraform State](https://docs.gitlab.com/ee/user/infrastructure/terraform_state.html).
As mentionned in GitLab's documentation, that requires that your Terraform scripts declare the
Terraform [HTTP backend](https://www.terraform.io/docs/language/settings/backends/http.html), the templates
does the rest to configure it automatically.
This default behavior can be disabled by setting `$TF_GITLAB_BACKEND_DISABLED` to `false`.
In that case, you'll have to declare and configure your backend and tfstate by yourself (see [Implicit Backend configuration support](#implicit-backend-configuration-support) below).
If you disabled the GitLab-managed Terraform state (by setting `$TF_GITLAB_BACKEND_DISABLED` to `false`),
the template supports an implicit [backend configuration](https://www.terraform.io/language/settings/backends/configuration#file) mechanism:
1. Looks for a `$env.tfbackend` file (ex: `staging.tfbackend` for staging environment),
2. Fallbacks to `default.tfbackend` file.
If one of those files are found, it is automatically used by the template in the `terraform init` command (using the `-backend-config` CLI option).
### Environments configuration
As seen above, the Terraform template may support up to 4 environments (`review`, `integration`, `staging` and `production`).
@@ -277,10 +293,13 @@ You have to be aware that your Terraform code has to be able to cope with variou
In order to be able to implement some **genericity** in your code, you should use [Terraform variables](https://www.terraform.io/docs/language/values/variables.html)(in your Terraform files), and environment variables (in your hook scripts):
1. any [predefined GitLab CI variable](https://docs.gitlab.com/ee/ci/variables/#predefined-environment-variables) may be freedly used in your hook scripts or extra options variables (ex: `TF_EXTRA_OPTS: "-var project_name=$CI_PROJECT_NAME"`)
2. you may also use [custom GitLab variables](https://docs.gitlab.com/ee/ci/variables/#custom-cicd-variables) to pass values to your hook script or even directly as Terraform variables [using the right syntax](https://www.terraform.io/docs/cli/config/environment-variables.html#tf_var_name)
1. Use [`tfvars` files](https://www.terraform.io/language/values/variables#variable-definitions-tfvars-files) for non-secret configuration:
* default `terraform.tfvars[.json]` and `*.auto.tfvars[.json]` files are obviously supported by Terraform,
* the template also auto-detects any file named `$env.env.tfvars[.json]` (ex: `staging.env.tfvars` for staging environment) and uses it with all related `terraform` commands.
2. any [predefined GitLab CI variable](https://docs.gitlab.com/ee/ci/variables/#predefined-environment-variables) may be freedly used in your hook scripts or extra options variables (ex: `TF_EXTRA_OPTS: "-var project_name=$CI_PROJECT_NAME"`)
3. you may also use [custom GitLab variables](https://docs.gitlab.com/ee/ci/variables/#custom-cicd-variables) to pass values to your hook script or even directly as Terraform variables [using the right syntax](https://www.terraform.io/docs/cli/config/environment-variables.html#tf_var_name)
(ex: env variable `$TF_VAR_ssh_private_key_file` will be visible as `ssh_private_key_file` Terraform variable in your code)
3.**dynamic variables** provided by the template:
4.**dynamic variables** provided by the template:
*`environment_type`: the environment type (`review`, `integration`, `staging` or `production`)
*`environment_name` (set as `$CI_ENVIRONMENT_NAME`): the full environment name (ex: `review/fix-prometheus-configuration`, `integration`, `staging` or `production`)
*`environment_slug` (set as `$CI_ENVIRONMENT_SLUG`): the _slugified_ environment name (ex: `review-fix-promet-r13zmu`, `integration`, `staging` or `production`)