HCP Packer improves channels and furthers integration with Terraform

HCP Packer, a powerful tool for tracking and managing image artifacts across multi-cloud environments, has just released two new features:

• Restricted channels
• Channel management with Terraform

Channels let you label and track image iterations and give you control over the delivery of your artifacts. These new additions provide further permissions control for your image channels and help enable a golden image pipeline with Terraform.

»Artifact management with channels

Teams working in software development understand the importance of versioning and tagging applications to keep track of changes and ensure their code is up to date. Similarly, it is crucial to version and tag image artifacts to maintain up-to-date infrastructure. HCP Packer channels allow you to do just that.

With channels, you can label image iterations to describe the quality and stability of a build. By assigning iterations human-readable names, downstream consumers can easily reference the images in Packer templates and Terraform configurations. As you release new image versions, the iteration associated with the channel is automatically updated. This makes it simple for consumers to reference the correct version from the registry without having to update their code and ensures that the latest image version is always in use.

Today we will cover five recent improvements to HCP Packer channels that give you further visibility and control, and simplify management of your artifact estate:

1. Channel overview page
2. Channel assignment history
3. Channel rollback
4. Restricted channels
5. Channel management with Terraform

»Channel overview

For HCP Packer users to ensure their infrastructure is always up to date, they need visibility and control over all image artifacts. The overview page provides high-level info for your image channels in a centralized location. From here you can review details on an iteration, such as its status, image ancestry, and channel assignment history.

»Channel assignment history

As images are published, assigned, and revoked over time, it is important to maintain visibility into their history. Channel assignment history provides a complete record of artifact activity in a channel. You can browse any existing bucket and select a channel to see exactly which iterations have been made available to downstream consumers. From here you can view each image iteration’s channel history, the status of its parent image, and extended metadata. For plus-tier HCP subscribers, the complete history of channel iterations is tracked and saved for a full year. This page provides further visibility to platform teams, allowing them to see when all iterations were assigned and by whom.

»Channel rollback

Channel rollback builds on the availability of channel assignment history and provides quicker remediation of released artifacts. When revoking a currently assigned iteration, you can now choose to roll back channels to their previously-assigned iteration. This also works with HCP Packer’s inherited revocation to automatically roll back the channel assignments of any descendant images when a parent image is revoked. This workflow allows organizations to reduce their time to remediation during a security incident without impacting downstream provisioning processes.

»Restricted channels

Image builders need to collaborate with other stakeholders to validate that new image iterations meet compliance and functionality requirements before releasing them to downstream consumers. Restricted channels provide control over the release of images by providing a means to limit channel access for other collaborators. This granular permissions control lets you ensure only the necessary users have channel access and enables the least privilege principle. This addition also helps streamline the image-validation process and prevents downstream consumers from using new image iterations before they have been validated and approved.

»Better together: Channel management with Terraform

A golden image is an image on top of which developers can build applications, letting them focus on the application itself instead of system dependencies and patches. A typical golden image includes the most up-to-date common system, logging, monitoring tools, security patches, and application dependencies. Traditionally, operations and security teams had to cross-reference spreadsheets, personally inform downstream developers, and manually update build files when they released new golden images.

HCP Packer and Terraform Cloud’s unified workflow enables users to simplify this process and create a successful golden image pipeline. The HCP Packer registry helps users track image metadata and storage location, and provides the correct image to developers automatically through Packer and Terraform integrations.

Previously, channel assignment relied on customers exiting Terraform to orchestrate API calls with custom scripting or workflow actions. This led to unnecessary friction during activation and difficulties incorporating HCP Packer into established infrastructure as code (IaC) workflows. With version 0.54 and newer of the HCP provider, you can now create, delete, and update channels directly from Terraform. This new feature deepens the integration of HCP Packer and Terraform Cloud, providing a consolidated and streamlined approach to artifact image management across the two products.

Here’s an example HCL snippet to update channels directly from Terraform:

»Summary and resources

HCP Packer’s channels provide control and visibility over image artifacts and enable a golden image pipeline with Terraform. The recent improvements to channel management demonstrate HashiCorp’s commitment to simplifying artifact management across multi-cloud environments and enabling platform teams to keep their infrastructure up-to-date.

To learn more about HCP Packer’s channels and artifact management, check out the following resources:

• Documentation
  • Image channels
  • Channel resource in the HCP provider
• Tutorials
  • Revoke an image and its descendants using inherited revocation
  • Control images with channels
• Demo videos
  • Channel assignment history and automated rollback
  • Tracking golden image ancestry with HCP Packer

Get started with HCP Packer for free to track and manage artifacts across all your cloud environments.