module inheritance

[Rohith]

Just started playing about with terraform and hit my first issue :-) ... 

(github.com/gambol99/terraform)

[jest@starfury terraform]$ tree

.

├── aws

│   ├── main.tf

│   ├── terraform.tfstate

│   ├── terraform.tfstate.backup

│   ├── terraform.tfvars

│   └── variables.tf

├── coreos

│   ├── main.tf

│   └── variables.tf

├── environment

│   └── variables.tf

└── LICENSE

[jest@starfury coreos]$ pwd

/home/jest/scm/github/terraform/coreos

[jest@starfury coreos]$ head main.tf 

module "aws" {

  source     = "../aws"

resource "aws_security_group" "coreos" {

  name        = "coreos"

  description = "The default security group for coreos boxes"

  ... etc etc

A terraform plan in the aws folder works; I *assumed* that by imported the aws module in the coreos (aws provider, vars etc) I would be able to use the 'aws_security_group' and more .. i.e the pattern being aws modules sets up the common requirements and providers, coreos module imports functionality / providers and adds on top of it with it's own specifics ... 

Unfortunately, I get;

[jest@starfury coreos] terraform plan

There are warnings and/or errors related to your configuration. Please

fix these before continuing.

Errors:

  * module root: module aws: required variable aws_key not set

  * Provider 'aws' error: access_key: required field is not set

  * Provider 'aws' error: secret_key: required field is not set

  * Provider 'aws' error: region: required field is not set

What is the design pattern for using module if inheritance isn't supported? ... would I have to pass the details down through the modules ... i.e. place the aws{secret|key|region} var and provider coreos and pass down the vars to aws? ... that would seem somewhat strange to me

[Miguel Cruz]

BUMP

I would love to be able to have creds out of the actual terraform creation files, I would like to have creds and some vars (like AMI and SGs) on a per region directory and from that directory have sub-dirs that contain the actual terraform plans for different applications that we have. I hate having to put the same creds and same vars on all the sub-dirs.

It would be nice if variables could be name spaced  provider.region.accesskey etc (those would translate to directories above the current dir)
aws/
   |
  +-/east/
   |       +-terraform.tfvars
   |       +-variables
   |       +/app1
   |            |
   |            +\main.cf  [aws.east.accesskey]
   |       +/app2
   |            |
   |            +\main.cf  [aws.east.accesskey]
  +-/west/
   |       +-terraform.tfvars
   |       +-variables
   |       +/app3
   |            |
   |            +\main.cf  [aws.west.accesskey]
   |       +/app4
               |
              +\main.cf  [aws.west.accesskey]

[Mitchell Hashimoto]

Miguel,

I don't understand the question fully, but I'll attempt to answer it best as I can. If I miss a detail, I apologize and I'm not trying to so just let me know and I'll chime in.

Module provider inheritence does actually work right now, but perhaps not in the way you'd like. Again, I'm not sure and that's where I'm trying to get clarity, but let me explain how it works today.

If you have three modules: root => child => grandchild, then AWS configured in root will affect both child and grandchild. As such, the configuration is "inherited". But if you have a module tree: root => {child, sibling}, then having a configuration in child will not configure the sibling (or root). It only flows _downwards_ (where down is deeper and deeper grandchildren). 

Does this help?

Best,

Mitchell

--
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.
To post to this group, send email to terrafo...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/ffa177cd-efb6-4054-b9fb-0f4e31a22639%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.