Interview

Panel: Infrastructure as Code and the Future of Terraform

Watch Paul Hinze and Robbie Th'ng from HashiCorp's Terraform team answer questions about Terraform 0.13, 1.0, modules, and Terraform Cloud.

Speakers

  • Robbie Th'ng
    Robbie Th'ngProduct Management Director of Terraform, HashiCorp
  • Paul Hinze
    Paul HinzeEngineering Director of Terraform, HashiCorp

Transcript

Rob Barnes: So next up, we have a Terraform live discussion panel, and I would like to welcome to the virtual stage two members of our Terraform team. So let's introduce you to Paul Hinze and Robbie Th'ng, and we're going to have a discussion about the future of Terraform and infrastructure as code. I'm going to get you to ask your questions below me again. This is a great opportunity to interact with our engineering team, so please do take advantage of it. And with that said, I'm going to pass it over to Domi to kick us off. Over to you, Domi.

Dominique Top: Thank you, Rob. Hi, Paul. Hi, Robbie. Thanks for joining us today. Thank you for joining us. Just to kick us off, could you tell me about your favorite Terraform feature? Let's start with Robbie.

Robbie Th'ng: Favorite Terraform feature? Oh, man, that's a pretty hard one. I guess we'll start with the 0.13 stuff, the stuff that we just announced. And at least my favorite feature is the variable validation because I'm pretty bad at writing Terraform config, and so variable validation allows me to essentially try catch all the things I definitely did wrong the first time I run a Terraform config, which is usually typing the variables incorrectly. So I can pretty much stop myself from continually typing in the region or the AMI image incorrectly. So pretty happy about that.

Dominique Top: Amazing. I'm sure many people will agree. What about you, Paul?

Paul Hinze: Yeah, just to continue on the 0.13 stuff, I think the... 0.13 includes a bunch of features that make writing modules a lot more powerful. So you take the variable validation for module authors, and you add on the ability to support count and for each expansion of modules for people who are calling into modules. And so, for me, I think that's my favorite. I would say my favorite Terraform feature is the ability to write modules. And so it gets all the more powerful in this release, which is really important for the ability to share infrastructure as code and use repeatable patterns when you're writing Terraform.

Dominique Top: Amazing. Thank you. So is the change from 0.13 going to be as drastic as 0.12 was, Robbie?

Robbie Th'ng: Yes. It's going to be worse. Not only are they going to be breaking changes, we're going to break other things, as well. Vault will break. No, it's going to be significantly easier. I think we learnt a lot from the 0.12 upgrade. Even though that was a necessary upgrade for a lot of reasons for the HCL improvements, I think that obviously we want to be in a position where it's much easier to understand what's going to be happening, as well as not breaking things in flight. So it should be significantly easier than 0.12 for most customers, I would hope.

Dominique Top: Well, fingers crossed for that one. Let's see if there's some audience questions. Do you want to see it as anything come in yet, Rob?

Rob Barnes: Thank you very much, Domi. Yes, we have a flurry of questions. So we'll start with this one, which is, "I am writing a Terraform wrapper to store state in Vault. Are there any plans..." Oh, it's moved along. "Are there any plans to use Vault to store state?" That's an interesting one. Can I ask that to Paul, please?

Paul Hinze: Sure, yeah. So interestingly, if you use Terraform Cloud, your state is actually already encrypted using Vault. So within the architecture of the Terraform Cloud platform naturally, of course, we're using Vault in order to encrypt the state at rest.

Paul Hinze: Now, in terms of the interaction between Terraform and Vault's in open source context and in sort of the ability for users to directly interact with Vault, that's something we're thinking very hard about. I think what you have today is you already have a Vault provider, right? So Terraform can already interact with Vault in terms of the ability to configure it, to store secrets from it, to retrieve secrets from Vault. That's available today. But what we'd really like to spend more time on thinking about designing and eventually building is a tighter integration with Vault to get a really deeper understanding of the notion of retrieving secrets from Vault and with an awareness of that limited time factor of the lease. So I can tell you that's something that's very much actively being talked about on our side, and it's something that you should stay tuned on to hear what we're coming up with.

Rob Barnes: Amazing to hear. Thank you. So next question we have is, "When will version 1.0 be released?" I think this is a question that's been on a lot of Terraform practitioners' tongues for many years, I'll say. So I'll give this one to Robbie.

Robbie Th'ng: That's a great question. When would you like it? I honestly think that getting a 0.13 release out is important, just to test some of the new things that are coming there, and then just reevaluating where we are. 1.0, for us, if you watched Kristen's talk, means different things, and it's really important to understand after every release we do where the community is at, what other things are in consideration, what things are important to them before we consider the bar for stability, which we consider 1.0 to be. So when is less important to us than what, and I think what is slowly becoming more and more clear. So I would say that we'll have a really good idea probably this year as to when 1.0 will land, but I don't know. I don't know when that will be.

Rob Barnes: Amazing. Thank you very much. We have another question here and that is, "Will Terraform Enterprise eventually go away, and it will just be Terraform Cloud?" So I'll give this one to Paul.

Paul Hinze: Yeah, that's a great question. So just to set the stage, Terraform Enterprise is installable on-premises, on customer infrastructure, across all of the public clouds, including sort of on-prem hardware. And the question is, with the general shift to services and the Terraform Cloud being a solution now, is Terraform Enterprise going the way of the Dodo? No. The answer is no. The fact of the matter is there's always going to be an incredibly strong use case for a Terraform collaboration platform within environments that need to have an on-premises infrastructure provisioning platform. We think that, overall, the ability to adopt something like Terraform Cloud is going to grow. That's absolutely true, and we're seeing that day by day as more and more users and customers sign up for Terraform Cloud. But the fact of the matter is Terraform Enterprise still has an incredibly strong user base of incredibly important customers that are running significant parts of the internet and the economy, basically. And that long tail of incredibly locked down environments, incredibly strict environmental requirements, we don't see that as going away. And so Terraform Enterprise is absolutely going to be a key part of the Terraform story for a long time.

Rob Barnes: Amazing. Thank you very much. We have a flurry of questions. Let's just keep them coming. So we have a question here. "Are modules Terraform's final answer to higher level infrastructure abstractions offered by things like AWS CDK and Pulumi?" I'll give that one to Robbie.

Robbie Th'ng: Are modules the answer for that? Is that the question? That's an interesting one.

Rob Barnes: I guess. I'll try and interpret it myself. I think what they're trying to say is obviously modules is kind of the highest layer of infrastructure production, I'd say, in Terraform at the moment. Are there any plans to abstract even further to a higher layer, I guess? And they're making comparisons to things like AWS CDK and Pulumi. So that's kind of how I've interpreted the question.

Robbie Th'ng: Yeah, it's a fair question. I think possibly the answer there is because you can do more with like a natural programming language that you could maybe have some other higher levels of abstraction that you would see in another programming language. You can do a lot with modules. I think the flexibility that you have with modules today, and the way that you can break down infrastructure into components like that, that kind of restriction, I think, is actually kind of nice because it encourages patterns, which I think are best practice for when you want to deploy infrastructure. Higher level functions or high level of abstraction really I don't think would offer much in terms of reducing complexity. It would probably increase it. And when you get into that level, I think you want to start thinking about probably things like workspaces because outside of the abstraction of modules, you probably want to start considering environments, and workspaces are a really good abstraction for that.

Robbie Th'ng: But anything other than that I think would probably be overly complex in terms of what you would want to do with infrastructure where we are right now. That's not to say that we won't, I think, support something like CDK. We have an integration with CDK that we want people to try and take a look at really soon. And I think that's going to be something that we're going to build on overtime for people that want to go down that route. But I think the restrictions that you have with HCL today are sensible for infrastructure provisioning workflows, in my mind, but always willing to be convinced by the community otherwise.

Rob Barnes: Amazing. Thank you very much. I'll ask one more question because we are short on time. So the question is, "Does HashiCorp plan to take on maintenance of any more providers? There are some popular products that will be great to see providers for, such as Elasticsearch and G Suite." So I'll give this one to Paul.

Paul Hinze: Yeah, great question. I think what you're seeing in the 0.13 release is that we're actually trying to make it easier for the community and our partners to take on maintenance and distribute our providers. So 0.13 includes the ability for providers to be hosted directly from the Terraform registry, which is an exciting feature because previously what you would have to do is either work with us directly in order to get your sort of GitHub repository in a very specific place and sort of work through our build system, which was limiting the number of people who could publish providers that were available from Terraform in it, or you'd have to distribute it by yourself. And you'd have to basically say, "Download this binary, put it in a very specific path on your computer..." And so those were basically the two lanes.

Paul Hinze: Now what we have is an integrated experience with the Terraform registry that allows both HashiCorp partners and members of the community to publish providers and get them available from Terraform in it. So we're very excited about that. Because the fact of the matter is there's a limit to the amount of the number of providers that we can take over maintenance first party. There's only so many HashiCorp employees. And so the real way to solve this problem is to get the community, to enable the community to officially support as many providers as there are APIs in the world. That's the goal. And so we need help in order to do that. We can't do that on our own. So that's the plan, and we're really excited about what 0.13 enables there with its Terraform registry support for the providers.

Rob Barnes: Brilliant. Thank you very much. I'll refer it back to Domi.

More resources like this one

  • 3/15/2023
  • Presentation

Advanced Terraform techniques

  • 2/3/2023
  • Case Study

Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones

  • 2/1/2023
  • Case Study

Should My Team Really Need to Know Terraform?

  • 1/20/2023
  • Case Study

Packaging security in Terraform modules