HashiCorp has introduced several major enhancements to HashiCorp Terraform that will help users continuously provision and manage any cloud, infrastructure and services.
The new offerings contain capabilities for both Day 1 provisioning, Day 2 management and more.
The complete list of offers includes:
- Continuous validation for Terraform Cloud Business (beta)
- No-code provisioning for Terraform Cloud Business (beta)
- Native Open Policy Agent (OPA) support for Terraform Cloud (beta)
- The general usability of Terraform 1.3
HashiCorp also announced some new features that weren’t covered in detail during the keynote.
This includes Azure Provider Automation, beta support for the Terraform Plugin Framework, and integration with the ServiceNow Service Graph.
Noting that the move to the cloud is leading businesses to adopt infrastructure automation to provision and manage their cloud resources, HashiCorp said as organizations grow, they face issues such as how to maintain health of code and visibility, dealing with inefficient manual workflows and mitigating security or compliance problems.
The company added that provisioning and managing infrastructure in a multi-cloud environment involves new challenges, including managing diverse workflows and infrastructure sprawl, handling siloed teams and dealing with critical skill gaps.
Terraform’s latest enhancements are designed to address some of these issues by standardizing an enterprise’s infrastructure automation for the multi-cloud.
Drift detection and continuous validation
Further, once the infrastructure is provisioned, it can be difficult to ensure that the state of the resources actually reflects the recorded, desired state and health.
This is because aspects that worked when they were provisioned, such as service configuration, identity and access management, as well as anything used by an application’s business logic, may no longer work properly, even if successfully the result of the Terraform implementation.
HashiCorp previously announced the availability of drift detection at HashiConf Europe, a capability that continuously checks the state of the infrastructure to detect any changes and provide alerts.
Continuous validation represents the next step in Day 2 infrastructure management by expanding infrastructure checks beyond configuration drift.
Instead, this capability offers users long-term visibility and checks the health of the infrastructure, allowing users to add assertions via pre- or post-conditions to a Terraform configuration or modules.
From here, Terraform continuously checks to see if configurations or modules with assertions pass and notifies users if a check fails, reducing risk, downtime and cost.
No-code provisioning
The 2022 HashiCorp State of Cloud Strategy Survey found that skills shortages ranked as the top multi-cloud barrier for technology practitioners and decision makers.
Historically, in order to provide something immediate with Terraform, users had to know about the infrastructure or networking and be familiar with the HashiCorp Configuration Language (HCL), which potentially hindered adoption.
By introducing a private registry for Terraform Cloud and Terraform Enterprise, it’s now easy to publish validated and approved modules with enterprise-wide reusability.
However, HashiCorp says this level of self-service only goes so far, as developers still need to select a module based on its contents, add it to a version control repo, create a workspace in Terraform Cloud, and provide the module from that workspace.
HashiCorp says it took all of this into account when designing these new features, which aim to provide better self-service capabilities with a new no-code provisioning workflow.
In addition, by enabling users to avoid these processes, the number of personnel who need to be trained in Terraform can be reduced.
Code-free provisioning also allows module administrators and publishers to manage a catalog of code-ready modules for users, such as application developers, to deploy directly to workspaces .
Developers can self-serve infrastructure from the Terraform private registry by selecting the no-code-ready module they need, setting the necessary variables, and deploying directly to a new workspace, all without writes HCL.
This means platform teams can spend less time servicing repetitive internal requests and more time building on existing work to drive innovation and support the business.
OPA for Terraform Cloud
The larger organizations become and the more complex their infrastructure, the greater the risk of security breaches and non-compliance with regulatory requirements.
In 2018, HashiCorp released Sentinel, a policy as code framework.
In August 2022, the company added Sentinel policies to the Terraform Registry, allowing experts to create and share reusable policies across their broader business.
Additionally, the company has made Run Tasks generally available, an offering that gives users a way to extend Terraform policy enforcement with external services.
Today’s announcements include native OPA support for Terraform Cloud, which extends policy as Terraform Cloud code features to support OPA, based on the Rego policy language.
Additionally, support for OPA in Terraform gives customers who have already standardized on OPA the ability to bring those policies to Terraform Cloud.
OPA is also working with Sentinel to increase the number of supported ways for customers to adopt a policy as code framework for secure multi-cloud provisioning.
Additional updates
The company also announced the availability of the Azure Provider Automation tool, which ensures that users can quickly access new Azure Resource Manager resources and services in the Terraform Azure provider.
This feature automatically generates newly added or modified Azure resources so that Terraform users can benefit from new or updated features when Microsoft releases them.
Additionally, HashiCorp introduced the ServiceGraph Connector for Terraform, a cloud-based single system of record for IT infrastructure and digital service data.
The company explained that this integration will provide ServiceNow customers with information about the state of the Terraform infrastructure and resources generated from ServiceNow.
In addition, users can now use this integration to gain complete cloud resource monitoring visibility, with the ability to see which resources have been provisioned and who created them.
The Terraform Plugin Framework has reached beta phase with a redesigned provider development experience that exposes all available Terraform functionality to providers and enables more readable code.
Developers can start building providers by using the company’s new HashiCorp Learn guide or upgrade their existing provider using its migration guide.
Continuous authentication, codeless provisioning, and native OPA support in Terraform Cloud are available today as public beta features.
HashiCorp is also hosting ‘Set up a No-Code Provisioning Workflow with Terraform Cloud’ on November 1, a webinar designed to give attendees a better understanding of no-code provisioning.