Add Terraform Scripts

Updated 1 day ago by Michael Cretzman

This topic describes how to set up a Harness Infrastructure Provisioner for Terraform.

Once the Harness Infrastructure Provisioner is set up, you can use it to define a deployment target in a Harness Infrastructure Definition.

Once you add the Infrastructure Definition to a Workflow, you add a Terraform Provisioner step to the Workflow. The Terraform Provisioner step uses the same Harness Infrastructure Provisioner to run your scripts and build the target infrastructure.

Harness supports first class Terraform provisioning for AWS-based infrastructures (SSH, ASG, ECS, Lambda) and Google Kubernetes (GKE).

Harness Terraform Infrastructure Provisioner are only supported in Canary and Multi-Service Workflows. For AMI/ASG and ECS deployments, Terraform Infrastructure Provisioners are also supported in Blue/Green Workflows.

In this topic:

Before You Begin

Visual Summary

This topic describes step 1 in the Harness Terraform Provisioning implementation process:

Once you have completed this topic, you can move onto the next step: Map Terraform Infrastructure.

Step 1: Add a Terraform Provisioner

To set up a Terraform Infrastructure Provisioner, do the following:

  1. In your Harness Application, click Infrastructure Provisioners.
  2. Click Add Infrastructure Provisioner, and then click Terraform. The Add Terraform Provisioner dialog appears.
  3. In Name, enter the name for this provisioner. You will use this name to select this provisioner in Harness Infrastructure Definitions and Workflows.
  4. Click Next. The Script Repository section appears. This is where you provide the location of your Terraform script in your Git repo.

Step 2: Select Your Terraform Script Repo

  1. In Script Repository, in Git Repository, select the Source Repo Provider you added for the Git repo where your script is located.
  2. In Commit, select Latest from Branch or Specific Commit ID.
    1. If you selected Latest from Branch, in Git Repository Branch, enter the repo branch to use. For example, master. For master, you can also use a dot (.).
    2. If you selected Specific Commit ID, in Commit ID, enter the Git commit ID to use.
  3. In Terraform Configuration Root Directory, enter the folder where the script is located. Here is an example showing the Git repo on GitHub and the Script Repository settings:
  4. Click Next. The Variables section is displayed. This is where you will specify the script input variables that must be given values when the script is run.

Before you move onto Variables, let's review the option of using expressions in Script Repository.

Option 1: Use Expressions for Script Repository

You can also use expressions in the Git Repository Branch and Terraform Configuration Root Directory and have them replaced by Workflow variable values when the Terraform Provisioner is used by the Workflow. For example, a Workflow can have variables for branch and path:

In Script Repository, you can enter variables as ${workflow.variables.branch} and ${workflow.variables.path}:

You cannot use variables in the Script Repository fields to populate the Variables section. To populate the Variables section, click Populate from Example and enter in actual values.

When the Workflow is deployed, you are prompted to provide values for the Workflow variables, which are then applied to the Script Repository settings:

This allows the same Terraform Provisioner to be used by multiple Workflows, where each Workflow can use a different branch and path for the Script Repository.

Step 3: Add Input Variables

You can enter input variables manually or have the Harness Delegate use the Source Repo Provider you added to pull the variables from your script and populate the Variables section.

  1. In Variables, click Populate Variables.
  2. In Populate from Example, click Submit.
    If Harness cannot pull the variables from your script, check your settings and try again. Ensure that your Source Repo Provisioner is working by clicking its TEST button.
    Once Harness pulls in the variables from the script, it populates the Variables section.

In the Type column for each variable, you can specify Text or Encrypted Text.

When you add the provisioner to a Workflow, you will have to provide text values for Text variables, and select Harness Encrypted Text variables for Encrypted Text variables. See Encrypted Text variables in Secrets Management.

Option 2: Add Remote State Variables

By default, Terraform uses the local backend to manage state, in a local Terraform language file named terraform.tfstate on the disk where you are running Terraform.

With remote state, Terraform writes the state data to a persistent remote data store (such as an S3 bucket or HashiCorp Consul), which can then be shared between all members of a team.

You can add the backend configs (remote state variables) for remote state to your Terraform Provisioner in Backend Configuration (Remote state).

  1. In Backend Configuration (Remote state), enter the backend configs from your script.

Depending on which platform you store your remote state data, Terraform allows you to pass many different credentials and configuration settings, such as access and secret keys. For example, see the settings available for AWS S3 from Terraform.

Step 4: Complete the Terraform Provisioner

When you are done, the Terraform Provisioner will look something like this:

Now you can use this provisioner in both Infrastructure Definitions and Workflows.

Next Steps

  • Infrastructure Definitions — Use the Terraform Infrastructure Provisioner to define a Harness Infrastructure Definition. You do this by mapping your script outputs to the required Harness Infrastructure Definition settings. Harness supports provisioning for many different platforms. See the following:
  • Workflows — Once you have created the Infrastructure Definition and added it to a Workflow, you add a Terraform Provisioner Step to the Workflow to run your script and provision the infra: Provision using the Terraform Provisioner Step.

How did we do?