Terraform Backend Repository Structure
The Terraform Backend repository is a directory with a collection of workspaces consisting of these main coordinates;
- backend: Set as Remote by definition
- hostname: Your Artifactory domain name
- organization: Backend Artifactory Repository name
prefix: Allows users to add a user-defined prefix when working with multiple workspace under the same prefix.
terraform {
backend “remote” {
hostname = “my_artifactory_domain.org”
organization = “backend repository name”
workspaces {
prefix = “my-prefix-”
}
}
}
Setting up a Local Terraform Backend Repository
Local repositories enable you to deploy Terraform Backend Zip files. Artifactory calculates the metadata for all file and indexes them to allow users to download these packages through the Terraform CLI.
- To create an Terraform Backend local repository, navigate to the Administration module.
- Navigate to Repositories | Repositories | Local | New Local Repository and select Terraform BE as the Package Type.
Setting Up Artifactory as the Remote State and Locking Provider
In Artifactory, you can set up the Terraform Backend repository as a remote state and locking provider.
Generate an Access Token
To use Artifactory with your Terraform CLI, you will need to generate an identity token using the following two methods:Generating an Access Token Using Browser Login
- Natively run the Terraform login to your Artifactory domain to generate an access token and save it in the Credentials file (
~/.terraform.d/credentials.tfrc.json).
When you run the login, the following page opens.
The Terraform command line login process is displayed.
- You are routed to the JFrog Platform login page and the following page opens.
- Click Approve.
The following message is displayed.
- Close the page and return to the command line to view the success message.
- Next, perform a one time edit to the
~/.terraformrcfile to ensure that the CLI searches for the providers only in the Artifactory. For this purpose, we recommend only pointing to the Terraform Virtual repository.
Manually Generating an Identity Token
- Generate an identity token that you can use to connect Artifactory to the Terraform CLI. For more details, please refer to User Profile- Identity Token.
- Create a file named '
credentials.tfrc.json'in your Terraform directory, ('~/.terraform.d/credentials.tfrc.json'). Update the identity token you generated in the
credentials.tfrc.jsonfile, as in the example below:#cat ~/.terraform.d/credentials.tfrc.json { "credentials": { "ARTIFACTORY-DOMAIN": { "token": "IDENTITY-TOKEN" } } }If you have added the access token in
credentials.tfrc.json, you do not need to login again using Terraform login servername.jfrog.io.
Viewing Individual Terraform Workspace Information
Artifactory lets you view selected metadata of a Terraform Backend workspace directly from the UI.
In the Artifact Repository Browser, select your local Terraform Backend repository and scroll down to find and select the package you want to inspect.
The metadata is displayed in the Terraform Info tab, or viewed in the Packages view.
Viewing State and Lock Information and History
Artifactory automatically generates a state.json file when a workspace.json is deployed. The latest file is declared as the state.latest.json and all previous states are renamed with a timestamp indicating the time they are were created, for example, state.1640018380463.json.
Artifactory provides information about the workspace deployment process.
In Artifactory, while performing Terraform configuration changes you will notice that the locked.by property together with the name of the user performing the change is displayed in the Properties tab of the Workspace.
