You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/working_with/official_plugins/Orchestration/terraform.md
+64Lines changed: 64 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -407,6 +407,29 @@ The following example can be used as a parameter file to the execute operation c
407
407
decision: "terraform/deny"
408
408
```
409
409
410
+
411
+
* `terraform.migrate_state`: Migrate Terraform state storage from a local statefile to a Cloud storage option, such as S3 or Azure Storage Account. The operation accepts two parameters: `backend` and `backend_config`. The `backend` parameter is a dict with two static keys, `name` and `options`. The `name` value is the name of the supported backend provider, such as `s3` or `azurerm`. The `options` value is a dict that contains the backend configuration. The `backend_config` is a dict of key:value's that will be used in the `terraform init -migrate-state` command as appended `-backend-confg` flags. This is useful for injecting credentials into the runtime, for example, the below example will result in the command: `terraform init -no-color -backend-config="bucket=tfstates" -backend-config="key=test" -backend-config="region=us-east-2" -backend-config="access_key=......" -backend-config="secret_key=....." -migrate-state`. Both the `backend` parameter and the `backend_config` parameters are necessary.
412
+
413
+
```yaml
414
+
operation: terraform.migrate_state
415
+
operation_kwargs:
416
+
backend:
417
+
name: s3
418
+
options:
419
+
bucket: tfstates
420
+
key: test
421
+
region: var.aws_region
422
+
access_key: var.access_key
423
+
secret_key: var.secret_key
424
+
backend_config:
425
+
bucket: tfstates
426
+
key: test
427
+
region: us-east-2
428
+
access_key: { get_secret: aws_access_key_id }
429
+
secret_key: { get_secret: aws_secret_access_key }
430
+
allow_kwargs_override: true
431
+
```
432
+
410
433
### **Runtime Properties**
411
434
412
435
* `state`: Saves the state of the resources created in the format { "resource_name" : <resource state> },
Workflow outputs are saved in `plain_text_infracost` and `infracost` runtime properties.
622
645
646
+
647
+
## migrate_state
648
+
649
+
You can migrate from local Terraform state file to a hosted storage state, such as S3 or Azure storage account, with the `migrate_state` workflow. This command exposes the functionality of `terraform init -migrate-state`. This workflow wraps the `terraform.migrate` interface for the `cloudify.nodes.terraform.Module` node type.
650
+
651
+
That operation accepts two parameters:
652
+
-`backend`: A dict that contains `name` and `options` keys. More information follows the `backend_config` definition.
653
+
-`backend_config`: a dict of key:value's that will be used in the `terraform init -migrate-state` command as appended `-backend-confg` flags. This is useful for injecting credentials into the runtime, for example, the below example will result in the command: `terraform init -no-color -backend-config="bucket=foo" -backend-config="key=bar" -backend-config="region=us-east-2" -backend-config="access_key=......" -backend-config="secret_key=....." -migrate-state`. Both the `backend` parameter and the `backend_config` parameters are necessary.
654
+
655
+
The `backend` parameter is a dict with two static keys:
656
+
-`name`: the name of the supported backend provider, such as `s3` or `azurerm`.
657
+
-`options`: a dict that contains the backend configuration.
658
+
659
+
You can invoke the `migrate_state` workflow from the CLI like this, using a YAML file describing the required parameters:
0 commit comments