Skip to content

Terraform Provider Dependency Lock File

Step-01: Introduction

  • Understand the importance of Dependency Lock File which is introduced in Terraform v0.14 onwards

Step-02: Create or Review c1-versions.tf

  • c1-versions.tf
  • Discuss about Terraform, Azure and Random Pet Provider Versions
  • Discuss about Azure RM Provider version 1.44.0
  • In provider block, features {} block is not present in Azure RM provider verion 1.44.0
  • Also discuss about Random Provider
  • Azure Provider v1.44.0 Documentation
# Terraform Block
terraform {
  required_version = ">= 1.0.0"
  required_providers {
    azurerm = {
      source = "hashicorp/azurerm"
      version = "1.44.0"
      #version = ">= 2.0" # Commented for Dependency Lock File Demo
    }
    random = {
      source = "hashicorp/random"
      version = ">= 3.0"
    }
  }
}

# Provider Block
provider "azurerm" {
# features {}          # Commented for Dependency Lock File Demo
}

Step-03: Create or Review c2-resource-group-storage-container.tf

# Resource-1: Azure Resource Group
resource "azurerm_resource_group" "myrg1" {
  name = "myrg-1"
  location = "East US"
}

# Resource-2: Random String 
resource "random_string" "myrandom" {
  length = 16
  upper = false 
  special = false
}

# Resource-3: Azure Storage Account 
resource "azurerm_storage_account" "mysa" {
  name                     = "mysa${random_string.myrandom.id}"
  resource_group_name      = azurerm_resource_group.myrg1.name
  location                 = azurerm_resource_group.myrg1.location
  account_tier             = "Standard"
  account_replication_type = "GRS"
  account_encryption_source = "Microsoft.Storage"

  tags = {
    environment = "staging"
  }
}

Step-04: Initialize and apply the configuration

# We will start with Base v1.44 `.terraform.lock.hcl` file
cp .terraform.lock.hcl-v1.44 .terraform.lock.hcl
Observation: This will ensure, when we run terraform init, everything related to providers will be picked from this file

# Initialize Terraform
terraform init

# Compare both files
diff .terraform.lock.hcl-v1.44 .terraform.lock.hcl

# Validate Terraform Configuration files
terraform validate

# Execute Terraform Plan
terraform plan

# Create Resources using Terraform Apply
terraform apply
  • Discuss about following 3 items in .terraform.lock.hcl
  • Provider Version
  • Version Constraints
  • Hashes

Step-05: Upgrade the Azure provider version

  • For Azure Provider, with version constraint version = ">= 2.0.0", it is going to upgrade to latest version with command terraform init -upgrade 
# c1-versions.tf - Comment 1.44.0  and Uncomment ">= 2.0"
      #version = "1.44.0"
      version = ">= 2.0" 

# Upgrade Azure Provider Version
terraform init -upgrade

# Backup
cp .terraform.lock.hcl terraform.lock.hcl-V2.X.X
  • Review .terraform.lock.hcl
  • Discuss about Azure Provider Versions
  • Compare .terraform.lock.hcl-v1.44 & terraform.lock.hcl-V2.X.X

Step-06: Run Terraform Apply with latest Azure Provider

  • Should fail due to argument account_encryption_source for Resource azurerm_storage_account not present in Azure v2.x provider when compared to Azure v1.x provider
# Terraform Plan
terraform plan

# Terraform Apply
terraform apply
  • Error Message
Kalyans-MacBook-Pro:terraform-manifests kdaida$ terraform plan
╷
│ Error: Unsupported argument
│ 
│   on c2-resource-group-storage-container.tf line 21, in resource "azurerm_storage_account" "mysa":
│   21:   account_encryption_source = "Microsoft.Storage"
│ 
│ An argument named "account_encryption_source" is not expected here.
╵
Kalyans-MacBook-Pro:terraform-manifests kdaida$

Step-07: Comment account_encryption_source

  • When we do a major version upgrade to providers, it might break few features.
  • So with .terraform.lock.hcl, we can avoid this type of issues by maintaining our Provider versions consistent across any machine by having a copy of .terraform.lock.hcl file with us. 
# Comment account_encryption_source Attribute
# Resource-3: Azure Storage Account 
resource "azurerm_storage_account" "mysa" {
  name                     = "mysa${random_string.myrandom.id}"
  resource_group_name      = azurerm_resource_group.myrg1.name
  location                 = azurerm_resource_group.myrg1.location
  account_tier             = "Standard"
  account_replication_type = "GRS"
  #account_encryption_source = "Microsoft.Storage"

  tags = {
    environment = "staging"
  }
}

Step-08: Uncomment or add features block in Azure Provider Block

  • As part of Azure Provider 2.x.x latest versions, it needs features {} block in Provider block.
  • Please Uncomment features {} block
# Provider Block
provider "azurerm" {
 features {}          
}
  • Error Log of features block not present 
Kalyans-MacBook-Pro:terraform-manifests kdaida$ terraform plan
╷
│ Error: Insufficient features blocks
│ 
│   on  line 0:
│   (source code not available)
│ 
│ At least 1 "features" blocks are required.
╵
Kalyans-MacBook-Pro:terraform-manifests kdaida$

Step-09: Run Terraform Plan and Apply

  • Everything should pass and Storage account should migrate to StorageV2
  • Also Azure Provider v2.x default changes should be applied
# Terraform Plan
terraform plan

# Terraform Apply
terraform apply

Step-10: Clean-Up

# Destroy Resources
terraform destroy

# Delete Terraform Files
rm -rf .terraform    
rm -rf .terraform.lock.hcl
Observation:  We are not removing files named ".terraform.lock.hcl-V2.X.X, .terraform.lock.hcl-V1.44" which are needed for this demo for you.

# Delete Terraform State File
rm -rf terraform.tfstate*

Step-11: To put back this to original demo state for students to have seamless demo

# Change-1: c1-versions.tf
      version = "1.44.0"
      #version = ">= 2.0" 

# Change-2: c1-versions.tf: Features block in commented state
# features {}          

# Change-3: c2-resource-group-storage-container.tf 
  account_encryption_source = "Microsoft.Storage"

References