Terraform 0.12 introduces a new version of HCL with notable new features such as for-loops. 0.12 also includes remote plan and apply, which keeps secrets off of CI systems and developer machines.
We recently announced the availability of Terraform 0.12, which is the newest version of Terraform, and this is one of the bigger releases we’ve had in a while.
What it started with, after Terraform 0.11, was us going and trying to listen to the community to better understand, What are people’s challenges using Terraform, not only as beginners, but as they get to intermediate and more advanced usages? And what this started to reveal for us was that there are limitations of Terraform’s configuration language, known as HCL, or the HashiCorp Config Language—that as we get more sophisticated, we spent our time fighting HCL to be able to express what we want in terms of our infrastructure.
This pointed to a deeper need for us to look at both HCL, but also Terraform more broadly, and say, “How do we give users the flexibility and the expressive power they want to be able to support these more complex, larger infrastructures?” That started as a small project in terms of a handful of updates to the system, and ultimately ended up with HCL2, HashiCorp Config Language’s successor.
In many ways, HCL2 is backwards-compatible and extremely familiar to anyone who has used HCL or Terraform previous to 0.12, but what it does is make the system much more expressive.
First, cross-support for lists, for maps, for better expression and interpolations, the ability to use four expressions and loops over resources. What this lets us do is build richer, more complex infrastructure, but with a much less complex configuration. It lets us more succinctly explain exactly what we want without having to hack around the edges of Terraform.
We’re very, very excited for HCL2. We think it’s gonna make Terraform configurations a lot simpler and more intuitive as you get to more complex deployments.
The other thing we’ve been looking at with Terraform Enterprise is, How do we make it easier for users to integrate Terraform into their existing workflows? A common example of this is: Terraform might be embedded as part of a CI/CD pipeline, but we still want to leverage Terraform Enterprise for its policy governance, its role-based access control, its state management. And so, How do we integrate this CI environment?
What we’ve done is introduce this notion of remote Plan and remote Apply. Even though the Terraform command, like
terraform plan or
terraform apply, is being run in a CI environment or on a developer’s laptop, what’s happening is that’s being back-ended and executed by Terraform Enterprise remotely. What this lets us do is still prevent secrets such as AWS credentials or TLS certificates from having to be distributed to CI systems or developer machines. We can keep that centralized within Terraform Enterprise. But we also have a central way to see all of our change history, a central way to apply our policy and governance on top of Terraform.
The goal is making it easy to integrate those policy controls, but meet end users wherever they are, whether CI or end systems. Both of these are packaged and coming along with Terraform 0.12 that we’re very excited to be able to share.
How OVHcloud Migrated to Terraform Enterprise
How Deutsche Bank Onboarded to Google Cloud w/ Terraform
Using Terraform to Build a Self-Service GitOps Infrastructure as Code Platform at AppFlyer
Using Terraform with AWS Control Tower via AFT