constellation/dev-docs/workflows/terraform-provider.md
Daniel Weiße 9a4e96905f
bazel: place Terraform provider binaries in local registry path on devbuild (#2714)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-12-14 08:18:48 +01:00

2.6 KiB

Constellation Terraform Provider

This document explains the basic ways of working with the Constellation Terraform Provider.

Building the Terraform Provider

The Constellation Terraform provider can be built through Bazel, either via the devbuild target (recommended), which will create a terraform directory with the provider binary and some utility files in the current working directory, or explicitly via this command:

bazel build //terraform-provider-constellation:tf_provider

Documentation for the provider can be generated with:

bazel run //:generate
# or
bazel run //bazel/ci:terraform_docgen

Using the Terraform Provider

If using the devbuild target, the Terraform provider binary is automatically copied to your local registry cache at ${HOME}/.terraform.d/plugins/registry.terraform.io/edgelesssys/constellation/<version>/<os>_<arch>/. After running devbuild, you can use the provider by simply adding the following to your Terraform configuration:

terraform {
  required_providers {
    constellation = {
      source = "edgelesssys/constellation"
      version = "<version>"
    }
  }
}

Alternatively, you can configure Terraform to use your binary by setting a development override, so that the registry path to the provider is replaced with the path to the locally built provider. A config.tfrc file containing the necessary configuration can be created with the following commands:

bazel build //terraform-provider-constellation:terraform_rc
cp bazel-bin/terraform-provider-constellation/config.tfrc .
sed -i "s|@@TERRAFORM_PROVIDER_PATH@@|$(realpath bazel-bin/terraform-provider-constellation/tf_provider_/tf_provider)|g" config.tfrc

Afterwards, all Terraform commands that should use the local provider build should be prefixed with TF_CLI_CONFIG_FILE=config.tfrc like so:

TF_CLI_CONFIG_FILE=config.tfrc terraform apply
...

Testing the Terraform Provider

Terraform acceptance tests can be run hermetically through Bazel (recommended):

bazel test --config=integration-only //terraform-provider-constellation/internal/provider:provider_test

The tests can also be run through Go, but the TF_ACC environment variable needs to be set to 1, and the host's Terraform binary is used, which may produce inaccurate test results.

cd terraform-provider-constellation
TF_ACC=1 go test -v ./...