command: Implement the "data-dir" flag.

[octo]

This flag allows to set the Meta.dataDir field, which was not previously possible.

For context: we'd like to be able to run Terraform from a read-only directory. This option allows us to direct all write access to a writable directory elsewhere.

While there, I simplified "command".Meta.DataDir().

[apparentlymart]

Hi @octo! Thanks for working on this.

This is an interesting idea. Others have achieved something like this in the past by running Terraform with the working directory set somewhere other than the configuration directory:

$ cd /tmp/terraform-work
$ terraform init
$ terraform plan
(etc)

This exploits the fact that the data dir is relative to the current working directory, which is not something we've documented but is a behavior being relied on by many at this point.

When using this flag, are you running Terraform in some sort of automation that can guarantee to provide the flag to all commands? I'm a little worried about the effect of mistakes where a user forgets to provide the additional argument:

$ terraform init -data-dir=/tmp/terraform-work
$ terraform plan -data-dir=/tmp/terraform-work -out=tfplan
$ terraform apply tfplan # whoops!

At best, the above would fail because the local .terraform directory would not be initialized. But at worst, it may inadvertently use a pre-existing .terraform containing some different data that may cause Terraform to act in an undefined (and possibly dangerous) way.

I'm wondering if this might be easier to use correctly if implemented as an environment variable. It seems similar in principle to the GIT_DIR variable from git, where it's something you'd presumably rather just set once in your shell (or wrapper script) and then run many commands without needing to specify it each time.

$ export TF_DATA_DIR=/tmp/terraform-work
$ terraform init
$ terraform plan -out=tfplan
(etc)

What do you think? Does this approach still work for your use-case?

[octo]

Hi @apparentlymart, thank you very much for your feedback!

An environment variable would work equally well for our use-case.

From personal experience, though, this doesn't have to be an either/or question. Git, for example, has the --git-dir command line option in addition to the GIT_DIR environment variable.

In our case, Terraform is called from automation only and incorrect command line arguments are unlikely. And even if: the working directory is read-only (and without a pre-existing .terraform subdirectory) so Terraform would very likely just error out.

Best regards,
—octo

[apparentlymart]

Hi @octo,

Thanks again for the idea and for working on this!

Based on our earlier discussion, I reworked this a little to be an environment variable rather than a command line option. While you're right that in principle we could support both, given that this feature is likely not to be used by most users I'd prefer to keep it simple and have only one mechanism, and environment variables seem like a better single option because they can easily be used both in the "set it once in my shell" scenario and in the single-command scenario, at least on Unix-type shells where environment variables can be set on a per-command basis.

[octo]

Thanks @apparentlymart!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.