terraform-local icon indicating copy to clipboard operation
terraform-local copied to clipboard

Published 20 hours ago verified publisher icon localstack

tflocal overwrites or removes some S3 backend configurations

Open mviamari opened this issue 2 years ago • 1 comments

When using tflocal, an s3 backend is generated automatically to use the localstack endpoints for the remote state. This works in many cases, however if the desired backend configuration has been customized beyond the default options/configuration applied in TF_S3_BACKEND_CONFIG (https://github.com/localstack/terraform-local/blob/main/bin/tflocal#L45), those options/configurations are lost.

For example, if the desired backend configuration has force_path_style = true, that configuration is lost when tflocal is used.

This is the initial backend configuration from the tf files.

terraform {
  backend "s3" {
    region                      = "us-east-1"
    bucket                      = "terraform-state-us-east-1"
    key                         = "000000000000/000000000000-localstack/localstack/bootstrap/terraform.tfstate"
    dynamodb_table              = "terraform-lock"

    access_key                  = "test"
    secret_key                  = "test"
    dynamodb_endpoint           = "http://localhost.localstack.cloud:4566"
    endpoint                    = "http://s3.localhost.localstack.cloud:4566"
    skip_credentials_validation = true
    skip_metadata_api_check     = true

    #these configuration options are lost
    encrypt                     = true
    force_path_style            = true
    acl                         = "bucket-owner-full-control"
  }
}

this is the backend configuration generated by tflocal as an override.

terraform {
  backend "s3" {
    region         = "us-east-1"
    bucket         = "terraform-state-us-east-1"
    key            = "000000000000/000000000000-localstack/localstack/bootstrap/terraform.tfstate"
    dynamodb_table = "terraform-lock"

    access_key        = "test"
    secret_key        = "test"
    endpoint          = "http://s3.localhost.localstack.cloud:4566"
    iam_endpoint      = "http://localhost.localstack.cloud:4566"
    sts_endpoint      = "http://localhost.localstack.cloud:4566"
    dynamodb_endpoint = "http://localhost.localstack.cloud:4566"
    skip_credentials_validation = true
    skip_metadata_api_check     = true
  }
}

mviamari avatar Jul 28 '23 14:07 mviamari

Hi @mviamari! You are right, currently these configurations are not merged into the backend block. We'd ask your patience to add this issue to our timeline and implement the changes you've requested. I'll get back to you soon with more information.

lakkeger avatar Oct 23 '23 11:10 lakkeger