My Pet Peeves with Terraform (opens in new tab)

(blog.runx.dev)

24 pointsnitinagg4y ago7 comments

7 comments

I was excited to read this but sadly the author provides hardly any examples to support their statements, and several of their complaints are desirable properties of a provisioning lifecycle management tool (e.g., the complaint that multiple users of a shared terraform component need to contend with a state lock -- hint: this is a good thing...)

qwertyuiop_4y ago

“ We at RunX are core contributors of Opta, an open source IaC tool built on top of terraform. It aims to solve a bunch of these issues for the most common use-cases in a modern tech stack.”

Advertisement disguised as “pet peeves”

nailer4y ago

Of course HCL sucks. Terraform isnt infra as code, it’s infra as config. Use CDK or Bicep or Pulumi to have a proper IaC setup.

holografix4y ago

Infra as config is such an accurate statement about terraform.

lazzurs4y ago

This seems a lot like an advertisement for Opta rather than really pointing out issues with Terraform.

mdaniel4y ago

Maybe the posted article is an advertisement, but a little surfing around their repo gave me the most anti-advertisement I could possibly imagine: https://github.com/run-x/opta/pull/534/files

So, (a) "it never worked" (b) it took them 7 months to know that[0] (c) who can possibly find the python string literal "arn:aws:iam::*:user/$${{aws:username}}" legible in order to know why in the world the dollars are doubled, the mustaches are doubled but not in an f-string (d) what in the world is the relationship between a .json file, a .yaml file, a .py file, and a tf-module directory containing HCL: https://github.com/run-x/opta/tree/v0.24.3/modules/aws_iam_u...

I'm glad that system works for them, but to then write a blog post saying "terraform is hard and opaque" takes some chutzpah

0: https://github.com/run-x/opta/blame/v0.24.3/modules/aws_iam_...

legerdemain4y ago

I would guess the doubling is because AWS IAM and Terraform both do interpolation with `${...}`, and this is one way it can look like when Terraform passes un-evaluated template strings to AWS. (I think recent versions of the TF AWS provider use `&{...}` for slightly improved legibility here.)

SREs live in a special kind of hell and are often willing to accept partial solutions that other SWEs would turn their noses at. If most software tools are "80% solutions," Terraform is more like 70%. And yet it is far, far better than what came before. (And to be quite frank, Pulumi is fundamentally the same as TF and suffers from very similar shortcomings, despite its veneer of more flexible programmability.)

That said, pulling up a random PR and making cantankerous and baseless claims about its authors and their employer strikes me as ridiculous.

j / k navigate · click thread line to collapse