# terraform

These scripts are all related to [Terraform], the infrastructure-as-code tool we use at work.

[Terraform]: https://www.terraform.io/

## The individual scripts

<!-- [[[cog

# This adds the root of the repo to the PATH, which has cog_helpers.py
from os.path import abspath, dirname
import sys

sys.path.append(abspath(dirname(dirname("."))))

import cog_helpers

folder_name = "terraform"

scripts = [
    {
        "name": "tf",
        "description": "alias for `terraform`",
    },
    {
        "name": "tfi",
        "description": """
        alias for <a href="https://developer.hashicorp.com/terraform/cli/commands/init"><code>terraform init</code></a>
        """,
    },
    {
        "name": "tfp",
        "description": """
        alias for <a href="https://developer.hashicorp.com/terraform/cli/commands/plan"><code>terraform plan -out=tfplan</code></a>.
        I run this before making any changes, so I can review what Terraform is about to do.
        """,
    },
    {
        "name": "tfa",
        "description": """
        alias for <a href="https://developer.hashicorp.com/terraform/cli/commands/apply"><code>terraform apply terraform.plan</code></a>.
        I only run this after I’ve reviewed the proposed changes from <code>tfp</code>.
        """,
    },
    {
        "name": "tfmv",
        "description": """
        alias for <a href="https://developer.hashicorp.com/terraform/cli/commands/state/mv"><code>terraform state mv</code></a>
        """,
    },
    {
        "name": "tflint",
        "description": """
        alias for the <a href="https://github.com/terraform-linters/tflint">tflint linter</a>, but running inside a Docker container
        """,
    },
]

cog_helpers.create_description_table(folder_name=folder_name, scripts=scripts)

]]]-->
<dl>
  <dt>
    <a href="https://github.com/alexwlchan/scripts/blob/main/terraform/tf">
      <code>tf</code>
    </a>
  </dt>
  <dd>
    alias for `terraform`
  </dd>

  <dt>
    <a href="https://github.com/alexwlchan/scripts/blob/main/terraform/tfi">
      <code>tfi</code>
    </a>
  </dt>
  <dd>
    alias for <a href="https://developer.hashicorp.com/terraform/cli/commands/init"><code>terraform init</code></a>
  </dd>

  <dt>
    <a href="https://github.com/alexwlchan/scripts/blob/main/terraform/tfp">
      <code>tfp</code>
    </a>
  </dt>
  <dd>
    alias for <a href="https://developer.hashicorp.com/terraform/cli/commands/plan"><code>terraform plan -out=tfplan</code></a>.
    I run this before making any changes, so I can review what Terraform is about to do.
  </dd>

  <dt>
    <a href="https://github.com/alexwlchan/scripts/blob/main/terraform/tfa">
      <code>tfa</code>
    </a>
  </dt>
  <dd>
    alias for <a href="https://developer.hashicorp.com/terraform/cli/commands/apply"><code>terraform apply terraform.plan</code></a>.
    I only run this after I’ve reviewed the proposed changes from <code>tfp</code>.
  </dd>

  <dt>
    <a href="https://github.com/alexwlchan/scripts/blob/main/terraform/tfmv">
      <code>tfmv</code>
    </a>
  </dt>
  <dd>
    alias for <a href="https://developer.hashicorp.com/terraform/cli/commands/state/mv"><code>terraform state mv</code></a>
  </dd>

  <dt>
    <a href="https://github.com/alexwlchan/scripts/blob/main/terraform/tflint">
      <code>tflint</code>
    </a>
  </dt>
  <dd>
    alias for the <a href="https://github.com/terraform-linters/tflint">tflint linter</a>, but running inside a Docker container
  </dd>
</dl>
<!-- [[[end]]] (sum: udcN6wOhi/) -->

## Choosing between `terraform` and `run_terraform.sh`

In some of the Terraform configurations at work, we use wrapper scripts `run_terraform.sh` instead of invoking `terraform` directly.
This wrapper script fetches API keys for the [Elastic Cloud] and [Auth0] providers, so we don't have to hard-code them or store them locally.
Something like:

```shell
EC_API_KEY=$(aws secretsmanager get-secret-value \
  --secret-id "elastic_cloud/api_key" \
  --output text \
  --query "SecretString")

EC_API_KEY="$EC_API_KEY" terraform "$@"
```

My `tf` scripts will choose whether to run a wrapper script or vanilla `terraform`, so I don't have to think about it.

[Elastic Cloud]: https://registry.terraform.io/providers/elastic/ec/latest/docs#using-your-api-key-on-the-elastic-cloud-terraform-provider
[Auth0]: https://registry.terraform.io/providers/auth0/auth0/latest/docs#environment-variables