Before starting to change the configuration with Terraform, there is some set up work that needs to be done.

While the getting started guides are fine, in practice this leaves a problem of how to work with colleagues, and how to manage secrets.

My colleagues have created a tool called Logan which they use to run terraform. It is installed using pip, but it is a docker container, so will require a working docker to run properly. I have RedHat 7 installed on my desktop, so I had to yum install python3. I found I had to upgrade pip. Since there are other requirements to install I created a virtual environment to install and run it in:

python3 -m venv logan
pip3 install --upgrade pip
pip3 install -r requirements.txt
pip3 install git+

I already had docker set up, and also the ssh key for Gitlab. I installed the Google cloud SDK and authenticated as a service account as per the notes in the Logan readme. Then I was ready to install and run Logan (still in the python virtual environment).

Now in my project I was able to run

logan terraform init

Terraform sees that the project requires Google Cloud modules, and downloads them. We can see that Logan takes care of mounting the current folder under /workdir inside the container, so all the terraform commands will work properly. It also creates a volume with the name of the current folder and -terraform-data appended which contains the terraform state. This is a nice way to keep the state without polluting the project.