Add support for terraform_remote_state data sources
Release Post candidate
A best practice with Infrastructure as Code projects is to have a layered setup, where higher layer infrastructure resources access the output of lower elements, but layers are managed separately from each other. In the case of Terraform this is achieved using the terraform_remote_state
data source. Until now the GitLab managed Terraform state needed various settings to were hard to specify and thus it was hard to use.
With the current GitLab version we've simplified the way a GitLab managed Terraform state can be accessed. The access is regulated.
Problem to solve
As a serious Terraform user, I've a layered infrastructure setup where top layers need information (like IP address) from lower layers. These are exported as terraform output
resources and can be read using Terraform's terraform_remote_state
data source. I'd like to access remote state files stored by GitLab.
Definition of done
-
Leveraging Specialized CI Job tokens
a user can enableterraform_remote_state
data resources to work correctly across terraform projects. -
Ensure correct documentation exists. -
Create a meaningful example project and link to it in the docs.
Further details
Security should be a top concern here. Only reading should be allowed on selected repositories.
Proposal
"API" design
The best option would be to define the data resource as:
data "terraform_remote_state" "vpc" {
backend = "gitlab"
config = {
project = "nagyv/my-network-setup"
path = "terraform/vpc"
}
}
Authorization
Let's assume that we have two Terraform projects:
gitlab.com/gitlab-org/configure/infrastructure-example
gitlab.com/gitlab-org/other-sub-group/basic-data
where infrastructure-example
depends on basic-data
. If I have rights to propose an MR and run terraform plan
on infrastructure-example
then I should be able to access the "state output" (using the remote state data source).
Permissions and Security
Documentation
Availability & Testing
What does success look like, and how can we measure that?
What is the type of buyer?
Is this a cross-stage feature?
Links / references
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.