Enterprise DevOps & Cloud Infrastructure

Creating a Variable Set

Erik Reinert

Erik Reinert

Enterprise DevOps & Cloud Infrastructure

Check out a free preview of the full Enterprise DevOps & Cloud Infrastructure course

The "Creating a Variable Set" Lesson is part of the full, Enterprise DevOps & Cloud Infrastructure course featured in this preview video. Here's what you'd learn in this lesson:

Erik finishes configuring the GitOps workflow. A variable set is created to store the TFE_TOKEN so Terraform has access to run the automation. The Terraform UI is used to re-run the last operation.


Transcript from the "Creating a Variable Set" Lesson

>> Beautiful, all right, so let's really quickly go back to Terraform Cloud, and let's go to Overview. Or, I'm sorry, let's go to Workspaces. Look at this. Hey, look at that. It's already running for me. Once I connected it to VCS, it went, okay, cool, I see, we're good to go, awesome.

So then it went in and it actually started to try and plan for me, right? It actually went in. So if I go into my workspace now, this is the beauty of Terraform Cloud. This is why I love Terraform Cloud. Because the CLI, you don't get this experience, you know what I mean?

This is the collaborative part that I was telling you about, where, okay, cool, hey, Erik, I just made some changes, can you go check the pipeline for me and approve it? Yeah, sure, let's do that. So I'm gonna click See Details. And look at this, now I can look at my changes in this nice view.

I can actually open this up, see what's happening, right? But look at this, no, it's getting reverted. My changes are getting reverted. Why, can anyone guess why? Has to do with state, source of truth.
>> We haven't changed the GitHub repository yet?
>> We haven't pushed it yet.

Yeah, we haven't pushed our changes yet. So you don't wanna actually apply this, otherwise you're just gonna revert what you just applied, right? And this is another one of those chicken-before-the-egg scenarios, where you gotta get it to look in a different direction before you actually start rolling out changes, right?

So what we want to do is we actually wanna commit our changes. So I'm gonna say git status, add locals.tf main.tf variables.tf data.tf. Do not add the tf-plan. And again, if you wanted to, you can add it to your gitignore later, right? I'm gonna add those. Again, I'm using a little CLI tool called lazygit.

I can also do git status, and then commit -m feat: setup. We'll say, feat: setup vcs automation. And then we will push that. Now, if we go back to Runs, refresh, look at that, I got a new run. You are now looking at the full GitOps flow. You are now seeing what happens when Git is the source of truth, right?

Now, if I discard, so one thing to note, Terraform will not run a run if there is a previous run here, right? Cuz this one got planned, and why might it do that? Why do you think Terraform is gonna say, [SOUND], I'm not gonna run another plan before you have even run this one.

Why might it do that? Terraform wants to follow the flow of changes that you make. Terraform knows it's kinda like a migration, right? You make some changes, then you might make some other changes later, but these changes need to be here before these changes can happen, right? And so you wanna make sure that it follows that path.

So if you wanted to, if you made a whole bunch, maybe somebody pushed five changes, right? You'd go in, apply the first one, apply the next one, apply the next one, apply the next one. Or you can go to the last one and then just tell it to discard all the other runs and start from here.

Now, this is a choice that you have to make, right? Sometimes, most of the time, this is fine. But if you have a set of ways that things were changed, right, then yeah. Okay, perfect, perfect, perfect. The main reason why we're running into this right now, from what I believe, whoa, is because we haven't put any environment variables into our configuration, so that it can actually talk to Terraform Cloud the way that we want it to, right?

So right now in Doppler, we have a TFE token and a TFE token variable, right? Well, the next thing we need to do is we actually need to add the token that we use locally to the workspace in the cloud, right? Because that token has access to everything, it should see everything, it can do everything we need.

The runner right now is just using a token that it has available to it. So if you wanna add a variable set, you actually go to Settings > Variable sets. There we go. And so on this page, you're gonna see an option for Create variable set, okay? So I'm gonna click Create variable set.

And then I'm gonna say fem-eci-tfe. This is gonna be the variable set for our terraform-tfe workspace. I'm then gonna go to Apply to workspaces, and I'm gonna click the workspace that I wanna apply it to. In this case it's fem-eci-tfe, okay? Then I'm gonna click Add variable. Now you'll see that Terraform actually allows you to add variables that are literal Terraform values.

This is a little bit of a hint of what we're gonna be doing going forward, right? But what I wanna do is I wanna add an environment variable, right? So what I'm gonna do is I'm gonna add the environment variable TFE_TOKEN. And what I'm gonna do is I'm gonna go to Doppler and then I'm gonna copy the token that I grabbed, right?

So here, now I can't show it to you now cuz I would dox myself. These aren't valid tokens in here. But this token, you wanna copy it, right? So let me move this off screen for a second so I can get that value. Go here, oop, sorry, go back to our variable set.

Now, if I paste this in, you're gonna see it. [LAUGH] So what I'm gonna do is I'm just gonna say what you'll have to do is paste it in and then click the word Sensitive. The reason why you do that is because it will then make it so it's write-only and it cannot be seen again.

If you don't do Sensitive, it thinks that it's just a normal value and it will be able to be seen in all sorts of different stuff. Go back here. All right, let me get this off-screen really quick. Paste this in and hit Sensitive. And then hit Add variable at the bottom.

Once you have that, you should have something like that, TFE_TOKEN, Sensitive overwrite, env, and then Create variable set. Cool, okay, so now let's hope this works. [LAUGH] If we're hitting another really weird Terraform Cloud part, this will probably be the last one we would hit. But let's go back to our workspace after we've created it.

And if I go to my workspace really quick and I click Variables, I should see that TFE_TOKEN now here, right? And so if I go to Run, I wanna run a new run, and I wanna make sure that that new run gets that value in it. So I'm gonna hit that, beautiful.

So again, Terraform Enterprise will give you the ability to access Terraform Enterprise in the runners by default. But it might not have all the permissions you need. That's why we use our token, because our token is the admin level that has access to everything and can do data lookups that it might not be able to do.

But now you'll see, my plan is finished and I have no changes, right? So I should have what? A workspace in TerraForm Cloud, a repository in GitHub, and now those two synchronizing together. To where if I make a change here, it'll change here, and those two stay in sync, making GitOps our true source of truth.

And we're good with that section.

Learn Straight from the Experts Who Shape the Modern Web

  • In-depth Courses
  • Industry Leading Experts
  • Learning Paths
  • Live Interactive Workshops
Get Unlimited Access Now