Terraform
swift (deprecated)
Note: The swift
backend is deprecated and will be removed in a future Terraform release.
Stores the state as an artifact in Swift.
This backend supports state locking.
Warning! It is highly recommended that you enable Object Versioning by setting the archive_container
configuration. This allows for state recovery in the case of accidental deletions and human error.
Example Configuration
terraform {
backend "swift" {
container = "terraform-state"
archive_container = "terraform-state-archive"
}
}
This will create a container called terraform-state
and an object within that container called tfstate.tf
. It will enable versioning using the terraform-state-archive
container to contain the older version.
For the access credentials we recommend using a partial configuration.
Data Source Configuration
data "terraform_remote_state" "foo" {
backend = "swift"
config = {
container = "terraform_state"
archive_container = "terraform_state-archive"
}
}
Configuration Variables
Warning: We recommend using environment variables to supply credentials and other sensitive data. If you use -backend-config
or hardcode these values directly in your configuration, Terraform will include these values in both the .terraform
subdirectory and in plan files. Refer to Credentials and Sensitive Data for details.
The following configuration options are supported:
auth_url
- (Optional) The Identity authentication URL. If omitted, theOS_AUTH_URL
environment variable is used.cloud
- (Optional; required ifauth_url
is not specified) An entry in aclouds.yaml
file. See the OpenStackos-client-config
documentation for more information aboutclouds.yaml
files. If omitted, theOS_CLOUD
environment variable is used.region_name
- (Optional) - The region in which to storeterraform.tfstate
. If omitted, theOS_REGION_NAME
environment variable is used.container
- (Required) The name of the container to create for storing the Terraform state file.state_name
- (Optional) The name of the state file in the container. Defaults totfstate.tf
.path
- (Optional) DEPRECATED: Usecontainer
instead. The name of the container to create in order to store the state file.user_name
- (Optional) The Username to login with. If omitted, theOS_USERNAME
environment variable is used.user_id
- (Optional) The User ID to login with. If omitted, theOS_USER_ID
environment variable is used.application_credential_id
- (Optional) (Identity v3 only) The ID of an application credential to authenticate with. Anapplication_credential_secret
has to bet set along with this parameter.application_credential_name
- (Optional) (Identity v3 only) The name of an application credential to authenticate with. Requiresuser_id
, oruser_name
anduser_domain_name
(oruser_domain_id
) to be set.application_credential_secret
- (Optional) (Identity v3 only) The secret of an application credential to authenticate with. Required byapplication_credential_id
orapplication_credential_name
.tenant_id
- (Optional) The ID of the Tenant (Identity v2) or Project (Identity v3) to login with. If omitted, theOS_TENANT_ID
orOS_PROJECT_ID
environment variables are used.tenant_name
- (Optional) The Name of the Tenant (Identity v2) or Project (Identity v3) to login with. If omitted, theOS_TENANT_NAME
orOS_PROJECT_NAME
environment variable are used.password
- (Optional) The Password to login with. If omitted, theOS_PASSWORD
environment variable is used.token
- (Optional; Required if not usinguser_name
andpassword
) A token is an expiring, temporary means of access issued via the Keystone service. By specifying a token, you do not have to specify a username/password combination, since the token was already created by a username/password out of band of Terraform. If omitted, theOS_TOKEN
orOS_AUTH_TOKEN
environment variables are used.user_domain_name
- (Optional) The domain name where the user is located. If omitted, theOS_USER_DOMAIN_NAME
environment variable is checked.user_domain_id
- (Optional) The domain ID where the user is located. If omitted, theOS_USER_DOMAIN_ID
environment variable is checked.project_domain_name
- (Optional) The domain name where the project is located. If omitted, theOS_PROJECT_DOMAIN_NAME
environment variable is checked.project_domain_id
- (Optional) The domain ID where the project is located If omitted, theOS_PROJECT_DOMAIN_ID
environment variable is checked.domain_id
- (Optional) The ID of the Domain to scope to (Identity v3). If omitted, the following environment variables are checked (in this order):OS_USER_DOMAIN_ID
,OS_PROJECT_DOMAIN_ID
,OS_DOMAIN_ID
.domain_name
- (Optional) The Name of the Domain to scope to (Identity v3). If omitted, the following environment variables are checked (in this order):OS_USER_DOMAIN_NAME
,OS_PROJECT_DOMAIN_NAME
,OS_DOMAIN_NAME
,DEFAULT_DOMAIN
.default_domain
- (Optional) The ID of the Domain to scope to if no other domain is specified (Identity v3). If omitted, the environment variableOS_DEFAULT_DOMAIN
is checked or a default value of "default" will be used.insecure
- (Optional) Trust self-signed SSL certificates. If omitted, theOS_INSECURE
environment variable is used.cacert_file
- (Optional) Specify a custom CA certificate when communicating over SSL. You can specify either a path to the file or the contents of the certificate. If omitted, theOS_CACERT
environment variable is used.cert
- (Optional) Specify client certificate file for SSL client authentication. If omitted theOS_CERT
environment variable is used.key
- (Optional) Specify client private key file for SSL client authentication. If omitted theOS_KEY
environment variable is used.endpoint_type
- (Optional) Specify which type of endpoint to use from the service catalog. It can be set using the OS_ENDPOINT_TYPE environment variable. If not set, public endpoints is used.swauth
- (Optional) Set totrue
to authenticate against Swauth, a Swift-native authentication system. If omitted, theOS_SWAUTH
environment variable is used. You must also setusername
to the Swauth/Swift username such asusername:project
. Set thepassword
to the Swauth/Swift key. This feature supports v1.0 of the Swauth system. Finally, setauth_url
as the location of the Swift service.disable_no_cache_header
- (Optional) If set totrue
, the HTTPCache-Control: no-cache
header will not be added by default to all API requests. If omitted this header is added to all API requests to force HTTP caches (if any) to go upstream instead of serving cached responses.allow_reauth
- (Optional) If set totrue
, OpenStack authorization will be perfomed automatically, if the initial auth token get expired. This is useful, when the token TTL is low or the overall Terraform provider execution time expected to be greater than the initial token TTL.archive_container
- (Optional) The container to create to store archived copies of the Terraform state file. If specified, Swift object versioning is enabled on the container created atcontainer
.archive_path
- (Optional) DEPRECATED: Usearchive_container
instead. The path to store archived copied ofterraform.tfstate
. If specified, Swift object versioning is enabled on the container created atpath
.expire_after
- (Optional) How long should theterraform.tfstate
created atcontainer
be retained for? If specified, Swift expiring object support is enabled on the state. Supported durations:m
- Minutes,h
- Hours,d
- Days. ~> NOTE: Since Terraform is inherently stateful - we'd strongly recommend against auto-expiring Statefiles.