Search code examples
terraform

Should I version the .terraform folder?

I am starting to use Terraform and I have a .terraform folder created by "terraform init/apply" containing :

  • ./plugins/linux_amd64/lock.json
  • ./plugins/linux_amd64/terraform-provider-google
  • ./plugins/modules/modules.json
  • terraform.tfstate

Should I version these files ? I would say no ...

Solution

  • Note: I wrote this answer before Terraform supported a dependency lock file.

    For modern Terraform you no longer need to specify exact version constraints for your providers and can instead let terraform init generate the .terraform.lock.hcl file to record dependency selections automatically. You should check that file into version control to "remember" the dependency selections between runs.

    Whenever you are ready to upgrade providers you can then use terraform init -upgrade to tell Terraform to ignore the lock file's version selections and choose the latest version of each provider, after which it will update the lock file so that you can discuss the version selection changes during code review, just like any other change.

    You can still use the required_providers block with inexact constraints, such as >= constraints, to record which versions of a provider a particular module is known to be compatible with. terraform init -upgrade will select the newest available version that meets the constraints across all of the modules used in a particular configuration.

    The .terraform directory is a local cache where Terraform retains some files it will need for subsequent operations against this configuration. Its contents are not intended to be included in version control.

    However, you can ensure that you can faithfully reproduce this directory on other systems by specifying certain things in your configuration that inform what Terraform will place in there:

    • Use required_providers in a terraform block to specify an exact version constraint for the Google Cloud Platform provider:

      terraform {
  required_providers {
    google = "3.0.0"
  }
}

      (this relates to the .terraform/plugins directory)

    • In each module you call (which seems to be none so far, but perhaps in future), ensure its source refers to an exact version rather than to a floating branch (for VCS modules) or set version to an exact version (for modules from Terraform Registry):

      module "example"
  source = "git::https://github.com/example/example.git?ref=v2.0.0"
  # ...
}

      module "example"
  source  = "hashicorp/consul/aws"
  version = "v1.2.0
}

      (this relates to the .terraform/modules directory)

    • If you are using a remote backend, include the full configuration in the backend block inside the terraform block, rather than using the -backend-config argument to terraform init.

      (this relates to the .terraform/terraform.tfstate file, which remembers your active backend configuration for later operations)