It has been over a year since Terraform 0.12 was released and things are starting to line up for 0.13 to be released within the next few months. Once that date gets closer I will have some deep-dives on the new features coming out.

Meanwhile a major them is testing, both for correctness and security/compliance. There are a number of competing projects in this area which take a variety of approaches. A new one this week is TerraGoat, which is a learning environment for detecting security problems via infrastructure-as-code testing.

v0.13.0 beta program

Beta versions of 0.13 are going to be released soon with the first expected on June 3rd. Subscribe to the issue to get release announcements.

The two major features I see planned for 0.13 are:

1. Namespaced providers in the Terraform registry: currently only hashicorp maintained providers can be published to the registry. Soon others will also be able to publish their provider plugins there. See this blog post about what the configuration will look like.

2. Module expansion: aka count/for_each for modules.

There is a ton of other stuff in the CHANGELOG, so check it out if you are curious.

Deploy Any Resource With The New Kubernetes Provider for HashiCorp Terraform

Terraform has not been a great tool for managing resources in Kubernetes. When HashiCorp announced first-class support for Kubernetes (in 2018) I was excited at the prospect of having a better way of using the power of Terraform when working in k8s. At the time, I expected them to fill out support for k8s resources in the provider and fix known problems.

It seems instead they are taking a lower-level approach of exposing a raw manifest-level interface. This makes sense. Most are probably converting their yaml manifests to HCL anyway. Why not make that easier? And why require adding new terraform provider code for every kind of k8s resource? Just expose the raw API directly.

The provider is still alpha, so don't use it for anything real. but if this is an area you are interested in, at least read the docs.

Introducing TerraGoat, a vulnerable-by-design Terraform training project

TerraGoat is a new project which includes intentionally insecure Terraform code intended to be used for learning how to detect and secure infrastructure managed by code.

Has anyone had a try at working through it?

ConnectWorkspaces with Run Triggers (tf cloud / enteprprise)

This is a nice walkthrough of connecting workspaces in TF[Cloud|Enterprise] (TFEC?) via run triggers.

A run trigger is used to connect two workspaces that share data, maybe via an output/terraform_remote_state. If B depends on A and you configure a run trigger, when A is applied successfully, a run will be queued for B.

I haven't used it but plan on trying it out once my team finishes our current TFE migration.

Anonymized, Secure, and Free Terraform Cost Estimation

A free API that will give you a cost estimate based on a Terraform plan or state file. It is not stated explicitly, but it seem to support only AWS.

Notable releases

v0.12.26 · terraform

Two minor enhancements in this release–

1. You can now use -target with remote backends if the remote supports it. The most popular ones, Terraform Enterprise and Cloud do not, yet. #24834

2. There is now support for "unmanaged providers" which basically means you can start and run provider processes apart from Terraform. This is potentially very useful for debugging. #24674

v0.2.1 · terraform-ls

Nothing major in the changelog for the language server, just some bug fixes and addition of signing and pushing the builds to releases.hashicorp.com.

v0.27.4 · terratest

helm.Rollback now supports rolling back to the previous version by passing in "" for revision. Also, this release fixes a bug for Helm v3 where the rollback command required specifying namespace.

v0.17.0 · terraform-provider-tfe

One improvement to tfe_team which added support for organization-level permissions and visibility on teams. (#155)

v2.63.0 · terraform-provider-aws

Lots of stuff in this release, so it is hard to summarize. Just go read the release notes. :)

v0.16.1 · tflint

Enhancements

#762: Add terraform_comment_syntax rule (@bendrucker)

BugFixes

#745: Expose raw hcl.File objects to rules (@bendrucker) See also #741

#759: Ignore lang.ReferencesInExpr errors when walking all expressions (@bendrucker)

#763: Make rule config which is enabled with CLI non-nilable (@wata727)

v1.6.0 · terraform-provider-postgresql

FEATURES

postgresql_grant: Implement grant on database. (#123)

Support client/server SSL certificates. (#126)

Use SDK validations functions instead of custom ones. (#122)

BUG FIXES

Fix max_connections validation to allow 0 (unlimited). (#128)