Terraform Cloud Now Offers Less Code — and No Code — Options
Cloud computing infrastructure software provider HashiCorp has given a graphical user interface (GUI) to its popular Terraform auto-provisioning tool, in hopes of making it simple enough for even developers to use </snark>.
A Terraform self-service model could “cut down on the training an organization would need to do to get developers up to speed on using the infrastructure-as-code software,” said Meghan Liese, HashiCorp vice president of product and partner marketing. It is available on Terraform Cloud, a managed service offering that is part of the HashiCorp Cloud Platform.
The no code option of Terraform is one of the new features that will be introduced during Thursday’s keynotes at HashiConf 2022, held this week in Los Angeles.
Terraform is HashiCorp’s flagship software, as well as a cornerstone for the company’s multicloud management architecture. The open source tool provides a way to define IT resources — such as monitoring software or cloud services — in human-readable configuration files. These files, which serve as blueprints, can then be used to automatically provision the systems themselves. Kubernetes deployments, for instance, can be streamlined through Terraform.
Typically, the DevOps teams, or system administrators, use Terraform to provision infrastructure, but there is also growing interest to allow developers to do it themselves, in a self-service fashion, Liese explained. Multicloud skills are in short supply, concluded the 2022 HashiCorp State of Cloud Strategy Survey, so making the provision process easier could help more developers, the company reckons.
The new console interface aims to greatly expand the use of Terraform. The company has been offering self-service options for a while, by way of an architecture that allows for modules to be reused through the private registry for Terraform Cloud and Terraform Enterprise.
Use of modules still requires some expertise, however, in that “developers still have to select a module based on its contents, add it to a version control repo, create a workspace in Terraform Cloud, and provision the module from that workspace,” according to the HashiCorp promotional literature.
In this “no code” setup, developers can pick from a catalog of no-code-ready modules, which can be deployed directly to workspaces. No need to learn the HCL configuration language. And the administrators will no longer have to answer the same “how-do-I-do-this-in-HCL?” queries.
The recent release of Terraform 1.3 came with the promise to greatly reduce the amount of code HCL jockeys must manage, through the improvement of the
make code block.
make has been available since Terraform 1.1, but some kinks were worked out for this latest release. What
make does is provide the ability to refactor resources within a Terraform configuration file, moving large code blocks off as separate modules, where they can be discovered through a public or private registry.
Leise offered an example of managing the code needed to call an Amazon Web Services ECS cluster. With
make, it can be moved off the main HCL file and saved in a module that can be called in at run time. In the example below, 200 codes is reduced to 37 lines:
With the known state of a system captured on Terraform, it is a short step to check to ensure that the actual running system is identical to the desired state captured in HCL. Many times “drift” can occur, as administrators, or even the apps themselves, make changes to the system. Especially in regulated environments, such as hospitals, it is essential that a system is in a correct state.
Earlier this year, HashiCorp added Drift Detection to Terraform Cloud to continuously check infrastructure state to detect changes and provide alerts and offer remediation if that option is chosen. Now, another update, Continuous validation expands these checks to include user assertions, or post-conditions, as well.
One post-condition may be something like ensuring that certificates haven’t expired. If they do, the software can offer an alert to the admin to update the certs. Another condition might be to check for new container images, which may have been updated as a response to a security patch.
The company unveiled a number of other new features for Terraform Cloud as well at the show as well, including support for the Open Policy Agent standard. Terraform Cloud has previously relied on the in-house Sentinel to enforce Policy as Code framework, but OPA is rapidly becoming an industry standard for policy coding. It also introduced an Azure Provider Automation tool, a ServiceNow ServiceGraph Connector, and a Terraform Plugin Framework.