/terraform-provider-pulumi

A Terraform Provider to consume Pulumi Cloud outputs

Primary LanguageGoMIT LicenseMIT

Terraform Provider Pulumi

This is the transcend-io/pulumi provider available on the Terraform registry.

It's goal is to allow terraform projects to consume pulumi outputs from the Pulumi Cloud via data source lookups.

Introduction

When you use Infrastructure as Code tools like Terraform or Pulumi, you’ll doubtlessly need to have dependencies between your stacks/modules.

This can be illustrated by a small example:

An example backend architecture

In this example, we have a piece of code that creates a Virtual Private Cloud (VPC). The code that creates our backend application and database needs to depend on the VPCs private subnet identifiers, so that we can place our backend and database inside the VPC. Likewise, our backend code will need to depend on our database code so that it can create a connection and talk to the database.

Each tool handles this in a slightly different way: Terraform handles module dependencies via data_source lookups or Terragrunt dependencies, while Pulumi handles stack dependencies via StackReferences.

Both tools makes it easy to have multiple stacks that all reference each other, and Pulumi has a native way to lookup Terraform outputs, but there is no built-in Terraform support for consuming Pulumi stack outputs. That's where this tool fits in, providing a Terraform data source to consume Pulumi stack outputs.

This opens up two potential outcomes for your company:

  • Some teams at your company can use Terraform while others use Pulumi.
  • It becomes possible to migrate incrementally from one tool to the other, so you can have intermediary steps where some modules/stacks from one tool depend on module/stack outputs from the other.

Usage

Usage will often follow the following flow

terraform {
  required_providers {
    pulumi = {
      version = "0.0.2"
      source  = "transcend-io/pulumi"
    }
  }
}

provider "pulumi" {}

data "pulumi_stack_outputs" "stack_outputs" {
  organization = "transcend-io"
  project      = "airgap-telemetry-backend"
  stack        = "dev"
}

output "stack_outputs" {
  value = data.pulumi_stack_outputs.stack_outputs.stack_outputs
}

This code block tells Terraform to use the 0.0.2 version of the pulumi Terraform provider from transcend-io. It then declares the provider, where you can either supply a Pulumi cloud token directly, or via the PULUMI_ACCESS_TOKEN environment variable. Lastly, it looks up the airgap-telemetry-backend/dev stack under the transcend-io organization and allows Terraform to consume that stack’s outputs. You’ll want to use your own organization, project, and stack names here, of course.

And with that, your Terraform modules can now depend on your Pulumi Cloud stacks 😄

Building

Run the following command to build the provider

go build -o terraform-provider-pulumi

Test sample configuration

First, build and install the provider.

make install

Then, run the following command to initialize the workspace and apply the sample configuration.

terraform init && terraform apply