weekly.tf - Issue #38

This tfsec release listed below adds support for 'and' and 'or' expressions, which got me thinking–

We have a bunch of tools for doing static or semi-dynamic analysis of terraform code, each with their own way of modeling the policies being enforced. Each of these policy models will get more and more complex over time, converging on becoming a general purpose policy language.

If you believe that is the case, then you should probably just pick a general purpose policy language like OPA (maybe via regula) or Sentinel.

What do you think?

This is a really neat hack that I didnt' know about.

There is a challenge when using a terraform provider which needs information from the terraform state in order to be configured. The canonical example is creating a kubernetes cluster and using it in the same terraform component.

The kubernetes provider needs authentication details that can only be known after the cluster is created. This is a problem, because Terraform will try and configure the provider before creating any resources.

That is, unless the provider has an alias. In that case terraform will not try to configure the provider until it is first used.

There is a lot of action in the Terraform/infrastructure-as-code delivery space, with Scalr, Env0 and Spacelift all launching in the last year.

What do know the tradeoffs? Have a favorite? Dig into this Reddit thread to learn or share.

Another fun Reddit thread today, asking, basically "why is terraform's language weird".

Notable Releases

You can now run plan and apply from within VS Code, if you are into that sort of thing.

Lots of enhancements and bug fixes, too many to summarize here.

Most notably - and and or support.

Like all patch releases should be, this one is nice and small, limited to some enhancements and bug fixes only.