Methods and suggestions for Terraform code development - Resource Orchestration Service

Terraform is an open source tool that is used to automate resource orchestration. You can use Resource Orchestration Service (ROS) to host Terraform. The development methods and suggestions that are described in this topic are intended for users who are familiar with Terraform and Terraform hosting methods and want to develop Terraform code and use the code in ROS.

Development methods

We recommend that you use a development method with which you are familiar to write and test Terraform code. You can use one of the following development methods:

Develop Terraform code on your computer.
Use the Terraform online debugging tool to develop Terraform code. This method is supported only in Alibaba Cloud.
Create a Terraform stack in the ROS console. Then, you can continue to create the stack or update the stack based on your business requirements. For more information, see Create a Terraform stack, Continue to create a stack, and Update a stack.

Development suggestions

We recommend that you do not declare the Alibaba Cloud provider (alicloud) in the .tf file.
ROS has the default provider alicloud that uses the temporary AccessKey pair or Security Token Service (STS) credential of the current Alibaba Cloud account and belongs to the region in which the stack resides. The default provider provides the following benefits:
- Simplifies development, improves security, and reduces the risk of AccessKey pair leaks.
- Ensures that resources and stacks are deployed within the same Alibaba Cloud account in the same region. This way, you can manage and integrate resources and stacks in a centralized manner.
- Supports various features when resources and stacks are deployed within the same Alibaba Cloud account in the same region. The features include price inquiry, system tags, user tag propagation to stacks, resource group propagation of stacks, and risk detection.
  Note
  - If stacks and stack groups are deployed across Alibaba Cloud accounts and regions, the features of price inquiry, system tags, user tag propagation to stacks, and risk detection are supported in some cases.
  - If stacks and stack groups are deployed across regions, the resource group propagation of stacks is supported in some cases.
We recommend that you save your local code to the file whose name is suffixed with .debug.tf.
When you use ROS to host Terraform, ROS ignores the file whose name is suffixed with .debug.tf and does not orchestrate the file. However, when you test code on your computer, ROS orchestrates the file. For example, you compile a file named provider.debug.tf to configure the alicloud provider. When you develop code on your computer, the configurations in the file take effect, and resources are created in the China (Hong Kong) region. However, when you create a stack in the ROS console, ROS ignores the file and creates resources in the region to which the stack belongs. The following sample code shows the content of the provider.debug.tf file:
```
variable "region" {
  type = string
  default = "cn-hongkong"
}
provider "alicloud" {
  region ="${var.region}"
}
```
We recommend that you specify the version of a provider.
Terraform hosting supports a provider of a set of versions after the release of Aliyun::Terraform-v1.0. You can specify a provider version to prevent issues caused by updates of provider versions and ensure stability. Sample code:
```
terraform {
  required_providers {
    alicloud = {
      source  = "aliyun/alicloud"
      version = "1.140.0"
    }
  }
}
```
For more information about provider versions, see the "Provider version" column of the Terraform and provider versions that are supported by ROS topic.
We recommend that you use Aliyun::Terraform-v1.0 or later.
Aliyun::Terraform-v0.12 and Aliyun::Terraform-v0.15 are used only to maintain compatibility. The provider versions and features that are supported by the versions are no longer updated.
We recommend that you use ROS parameters instead of .tfvars files to pass variable values.
ROS parameters provide the following benefits:
- ROS parameters help reduce the number of times that a template is modified. In most cases, you need to only change the parameter values.
- Each ROS parameter corresponds to a variable. You can view the mappings between the ROS parameters and the variables in the ROS console. If .tfvars files are used, the variable values may be overwritten and the actual values may become inconsistent with the values that are displayed in the console.
For more information, see (Optional) Parameters.
We recommend that you use pseudo parameters to obtain the information about a stack.
For more information, see (Optional) Parameters. For example, you can define the ALIYUN__Region variable in the .tf file and use var.ALIYUN__Region to obtain the region in which the stack resides. Sample code:
```
variable "ALIYUN__Region" {
  type = string
  default = "cn-hongkong"
}
```
We recommend that you refine the definitions of variables.
ROS automatically converts Terraform variables to ROS parameters. You can refine the definitions of the variables to ensure the accuracy of the conversion result. For more information, see (Optional) Parameters.
- If you do not specify the type parameter for a variable, ROS may identify the variable as a character string and pass the string to Terraform. When Terraform orchestrates the variable, a variable type error may occur.
- If a parameter contains sensitive information, you must set the sensitive parameter to true for the parameter.
```
variable "password" {
  type = string
  sensitive = true
}
```
We recommend that you use Metadata to control the display of parameters in the console.
- Group parameters: For more information, see Metadata and Use Metadata to group parameters.
- Hide parameters: You can use Metadata.ALIYUN::ROS::Interface.Hidden to specify the list of parameters that you want to hide.
```
{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Description": "Creates a simple oss bucket",
  "Parameters": {
    "BucketName": {
      "Type": "String",
      "Label": "Bucket Name",
      "Description": {
        "en": "Bucket name",
         
      },
      "Default": "bucketName1"
    }
  },
  "Metadata": {
    "ALIYUN::ROS::Interface": {
      "Hidden": [
        "BucketName"
      ]
    }
  },
  "Workspace": ...
}
```
- Query the constraints of parameters: You can use ResourcesForParameterConstraints of ALIYUN::ROS::Interface in the .metadata file to configure the constraints of parameters. For more information, see Manually configure parameter constraint query in a Terraform template.
We recommend that you control the input mode of parameters or variables in the console.
- You can use AssociationProperty and AssociationPropertyMetadata to automatically verify the validity of values and provide valid values for ROS parameters. For more information, see AssociationProperty and AssociationPropertyMetadata and Select parameter configurations in the ROS console.
- In Terraform variables, you can use the description parameter to control AssociationProperty and AssociationPropertyMetadata. For more information, see (Optional) Parameters. Sample code:
```
variable "vpc_id" {
  type = string
  description = <<EOT
  {
    "AssociationProperty": "ALIYUN::ECS::VPC::VPCId",
    "Description": {
      "en": "Please search the ID starts with (vpc-xxx)from console-Virtual Private Cloud",
       
    },
    "Label": {
      "en": "Existing VPC ID",
       
    }
  }
  EOT
}
```