| copyright | lastupdated | keywords | subcollection | ||
|---|---|---|---|---|---|
|
2024-08-29 |
schematics limitations, schematics variables.tf, schematics local variables file, schematics local variable, schematics output.tf, schematics terraform.tfstate, adoption, considerations |
schematics |
{{site.data.keyword.attribute-definition-list}}
{: #schematics-limitations}
Review the following considerations when adopting {{site.data.keyword.bplong_notm}}. Additionally review the section on workspace setup for details of how to work with your Terraform configurations stored in Git repositories. {: shortdesc}
{: #terraform-vs-schematics}
If you used native Terraform before and plan to migrate your Terraform templates to {{site.data.keyword.bplong_notm}}, make sure that you understand the differences between standalone Terraform usage and use through {{site.data.keyword.bpshort}} to modify your templates. {: shortdesc}
{: #provider-block}
With {{site.data.keyword.bpshort}} it is not necessary to pass an API Key.
If an API key is not defined in the provider block, {{site.data.keyword.bpshort}} passes the users IAM token for all IAM-enabled resources, including {{site.data.keyword.containerlong_notm}} clusters, and VPC infrastructure resources. However, the IAM token is not retrieved for classic infrastructure resources and the API key must be provided in the provider block.
If an {{site.data.keyword.cloud}} API key passed, it is used to authenticate with the {{site.data.keyword.cloud_notm}} platform, create the IAM token and IAM refresh token that {{site.data.keyword.bpshort}} requires to work with the resource's API, and to determine the permissions that you have granted to perform the provisioning operation. {: shortdesc}
For more information about how to configure the provider block, see Configuring the provider block.
{: #terraformtfvars}
The terraform.tfvars file is a local variables file that you can use to store sensitive information, such as your {{site.data.keyword.cloud_notm}} API key or classic infrastructure user name when you use native Terraform. This file, or environment variables must be present on your local machine for Terraform to load the values for your credentials when you initialize the Terraform CLI.
{: shortdesc}
With {{site.data.keyword.bplong_notm}}, you do not use a local terraform.tfvars file. Instead, you declare your variables in the Terraform configuration files, and enter the values for your variables when you create a workspace. You can later change the values of your variables by updating the variables from your workspace details page.
{: #tf-remote-state}
{{site.data.keyword.bpshort}} includes implicit backend support and it is not required to define a remote backend.
You can access workspace state information from other workspaces by using the {{site.data.keyword.bpshort}} ibm_schematics_output data source. This replaces the remote_state data source used by native Terraform in conjunction with remote backend support. It works in the same way allowing access to Terraform workspaces.
With the ibm_schematics_output{: external} data source, you automatically have access to the built-in {{site.data.keyword.bpshort}} backend and can access workspace information directly. See also the ibm_schematics_state{: external} data source.
For more information about how to use these data sources, see Managing cross-workspace state access with Terraform.
{: #local-remote-exec}
The Terraform local exec and remote exec operations have a time limit of 30 minutes. This is to ensure fair usage of the {{site.data.keyword.bpshort}} service for all users. If exceeded, the commands terminated and job execution fail.
{: #refresh-token}
If the destroyresource flag is set to true, refresh token header configuration is required to delete all the {{site.data.keyword.cloud_notm}} resources, and the {{site.data.keyword.bpshort}} workspace. Following are the uses of refresh token header:
- If the token is expired, you can use
refresh tokento get a new IAM access token, see IAM access token. - The
refresh_tokenparameter cannot be used to retrieve a new IAM access token. - When the IAM access token is about to expire, use the API key{: external} to create a new access token.
{: #git-restrictions}
Branch names containing / (backslash) are not supported.
{: #cost-restrictions}
Cost estimation is available for templates. This estimated amount is subject to change as the architecture is customized within a project, and it does not include all resources, usage, licenses, fees, discounts, or taxes. In the future, aggregate costs across projects that can be grouped by various criteria are available. For more information, see Estimating infrastructure costs.