Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docs: Using Hashicorp Cloud, BackendConfig, and Planning #1544

Open
jlewi opened this issue Mar 13, 2025 · 0 comments
Open

Docs: Using Hashicorp Cloud, BackendConfig, and Planning #1544

jlewi opened this issue Mar 13, 2025 · 0 comments

Comments

@jlewi
Copy link

jlewi commented Mar 13, 2025

I'm using Hashicorp Cloud to store state file. I'd like to review/approve plans with the tofu controller/CLI. The backend for Hashicorp is configured in my Terraform with a section like the one below

  backend "remote" {
    hostname     = "app.terraform.io"
    organization = "acme_inc"
    workspaces {
      name = "kubernetes-defaults"
    }
  }

It took me a while to understand how to configure the backend in the Terraform resource.

It looks like the controller will try to define a file "backend_override.tf" with a backend stanza e.g.

terraform {
  backend "kubernetes" {
    secret_suffix     = "all-projects"
    in_cluster_config = true
    namespace         = "flux-system"
    labels            = {
      
    }
  }

That code is here

tofu-controller/controllers/tf_controller_backend.go

Line 76 in 90ae7db

%v

You can disable that by disabling the backendConfig

backendConfig:
  disable: true

But then I couldn't find my plan anywhere. It looks like if you disable the backend then a dummy terrraform plan gets saved

tofu-controller/runner/server_save_tfplan.go

Line 21 in 90ae7db

func (r *TerraformRunnerServer) SaveTFPlan(ctx context.Context, req *SaveTFPlanRequest) (*SaveTFPlanReply, error) {

However, it looks like I can use backendCustomConfiguration to avoid disabling the backend while not adding a new backend definition.

tofu-controller/controllers/tf_controller_backend.go

Line 76 in 90ae7db

%v

So I changed my configuration to

  backendConfig:
    # See: https://github.com/flux-iac/tofu-controller/blob/90ae7db8a627e37ff77409e8a0fbd9227dfd7781/controllers/tf_controller_backend.go#L76
    # We pass along an empty configuration so that the TOFU conroller won't override the backend we have configured in our Terraform.
    customConfiguration: |
      // Empty custom configuration so that backend configuration
      // defined in the terraform will be used

This seems to be working as expected.

No action needed. Merely wanted to document this in case other people hit this issue.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jlewi