CODEWITHSUNDEEP
configurationterraform
Adron
Adron

Reputation: 1856

Getting an Environment Variable in Terraform configuration?

I have two environment variables. One is TF_VAR_UN and another is TF_VAR_PW. Then I have a terraform file that looks like this.

resource "google_container_cluster" "primary" {
    name = "marcellus-wallace"
    zone = "us-central1-a"
    initial_node_count = 3

    master_auth {
        username = ${env.TF_VAR_UN}
        password = ${env.TF_VAR_PW}
    }

    node_config {
        oauth_scopes = [
            "https://www.googleapis.com/auth/compute",
            "https://www.googleapis.com/auth/devstorage.read_only",
            "https://www.googleapis.com/auth/logging.write",
            "https://www.googleapis.com/auth/monitoring"
        ]
    }
}

The two values I'd like to replace with the environment variables TF_VAR_UN and TF_VAR_PW are the values username and password. I tried what is shown above, with no success, and I've toyed around with a few other things but always get syntax issues.

Upvotes: 60

Views: 141841

Answers (7)

Soundararajan
Soundararajan

Reputation: 2194

The use of interpolation syntax throws warning with terraform v0.12.18. Now you don't need to use the interpolation syntax. You can just reference it as var.hello.

Caution : One important thing to understand from a language standpoint is that, you cannot declare variables using environment variables. You can only assign values for declared variables in the script using environment varibles. For example, let's say you have the following .tf script

variable "hello" {
   type=string
}

Now if the environment has a variable TF_VAR_hello="foobar", during runtime the variable hello will have the value "foobar". If you assign the variable without the declaration of the variable there will not be any effect.

Upvotes: 9

Wilson
Wilson

Reputation: 151

You can do the following to get this working.

  1. Declare the variable in terraform configuration that you want to use as environment Variable.
variable "db_password" { type= string }
  1. In the resource section where you want to use this variable change it as
"db_password":"${var.db_password}"
  1. Export the environment variable.
export TF_VAR_db_password="##password##"
  1. terraform plan or terraform apply

Upvotes: 13

kioley
kioley

Reputation: 1

Alternatively, you can replace the variables in the file itself using the envsubst utility in bash:

$ envsubst < main.tf > main.tf

Or using an intermediate file with variables and the final config on the output:

$ envsubst < main.txt > main.tf

! Variables for envsubst must be declared using export:

$ export MYVAR=1729

The variables in the source file must be of the form: $VARIABLE or ${VARIABLE}.

Upvotes: 0

Brad Wehrwein
Brad Wehrwein

Reputation: 165

Use a null_resource to execute a terminal command (read an environment variable), redirect output to a file, then read the file content:

resource "null_resource" "read_environment_var_value_via_cli" {
  triggers = { always_run = "${timestamp()}" }
  provisioner "local-exec" {
    command = "echo $TF_VAR_UN > TF_VAR_UN.txt" # add gitignore
  }
}

data "local_file" "temp_file" {
  depends_on    = [ null_resource.read_environment_var_value_via_cli]
  filename      = "${path.module}/TF_VAR_UN.txt" 
}

# use value as desired
resource "google_container_cluster" "primary" {
    master_auth {
        username = data.local_file.temp_file.content # value of $TF_VAR_UN
        ..
    }
}

Upvotes: 3

Liam
Liam

Reputation: 1171

I would try something more like this, which seems closer to the documentation.

variable "UN" {
  type = string
}

variable "PW" {
  type = string
}

resource "google_container_cluster" "primary" {
  name = "marcellus-wallace"
  zone = "us-central1-a"
  initial_node_count = 3

  master_auth {
    username = var.UN
    password = var.PW
  }

  node_config {
    oauth_scopes = [
        "https://www.googleapis.com/auth/compute",
        "https://www.googleapis.com/auth/devstorage.read_only",
        "https://www.googleapis.com/auth/logging.write",
        "https://www.googleapis.com/auth/monitoring"
    ]
  }
}

With the CLI command being the below.

TF_VAR_UN=foo TF_VAR_PW=bar terraform apply

Upvotes: 82

Romain DEQUIDT
Romain DEQUIDT

Reputation: 908

Most of the providers use:

DefaultFunc: schema.EnvDefaultFunc("

Upvotes: 1

eranreshef
eranreshef

Reputation: 25

in order to use a variable it needs to be wrapped with "" for example:

username = "${var.UN}"

Upvotes: -3

Related Questions