Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Cloudflare Improves Automated Terraform Generation Tool

Cloudflare Improves Automated Terraform Generation Tool

This item in japanese

Cloudflare recently released an updated version of their cf-terraforming tool. This tool streamlines generating Terraform HCL from existing Cloudflare resources. The new release simplifies the generation process and introduces changes to better future proof the tool.

The cf-terraforming tool uses account credentials to generate Terraform from Cloudflare resources existing within the account. It is recommended that the credentials take the form of an API token that is used as an environment variable. The API token approach allows for limiting the resources that are accessible.

To generate a Terraform configuration file, the generate command is used:

cf-terraforming generate --resource-type cloudflare_record --zone <zone_id> >>

This accesses the account resources via the Cloudflare API for the specified resource type. Note that it can only generate HCL configuration for one resource at a time. A full list of resources that are supported by cf-terraforming can be found in the GitHub repo. The zone is the Cloudflare zone ID to fetch the DNS records for. The above command will produce output similar to the following:

resource "cloudflare_record" "terraform_managed_resource_db185030f44e358e1c2162a9ecda7253" {
  name    = ""
  proxied = false
  ttl     = 120
  type    = "A"
  value   = ""
  zone_id = "0da42c8d2132a9ddaf714f9e7c920711"

This will output resources with a standard naming convention of terraform_managed_resource_<resourceid>. By including the resource id, the object names in the exported configuration and the inputted state will remain consistent.

At this point, importing the configuration is an additional step. According to the development team, it is planned to be automated in the future. For now, cf-terraforming has an import command to take the generated Terraform configuration and generate the appropriate Terraform import statements.

cf-terraforming import --resource-type cloudflare_record --zone <zone_id>

This produces ready-to-execute terraform import commands. Running the generated commands will import the resource state into the terraform.tfstate file. Once that is complete, terraform plan can be called to verify that everything was imported correctly.

With this new release, the Cloudflare team improved their implementation of cf-terraforming to better future-proof their own update process. As Garret Galow, director of product for Cloudflare, notes:

Instead of hand crafting how to generate both the tfconfig and tfstate for each of the 48 or so resources supported in the Terraform provider, we now leverage Terraform’s capabilities to do more auto generation of what’s needed for similar resource types.

The team made use of the CLI tool terraform-exec to review the JSON schema of their terraform-provider-cloudflare provider. This is used to more easily map the Cloudflare API response fields to the JSON schema to automatically populate the tfconfig. With this approach, changes to the terraform provider should only require minor changes to cf-terraforming.

cf-terraforming is open source and available on GitHub as is the terraform-provider-cloudflare. The tool requires that Terraform and at least Go v1.12.x be installed.

Rate this Article