What is Terraform

HashiCorp Terraform is an open-source Infrastructure as Code (IaC) and Configuration as Code (CaC) tool that allows developers to define and provision infrastructure using a declarative configuration language named Hashcorp Configuration Langugage (HCL). It enables developers to manage infrastructure and configuration as code, which can be managed similarly to code a developer writes for an application. This includes using industry standard GitOps methodologies for version control, multi-team collaboration, and automation benefits.

Key use cases

Multi-product configuration management: Provision and manage interdependent configuration across multiple Ping Identity products and third-party service providers.
Multi-cloud infrastructure management: Provision and manage infrastructure across multiple cloud providers, on-premises data centers, and SaaS platforms.
Configuration as Code: Define and manage Ping Identity product configurations in a human-readable and machine-executable format.
Use Case Deployment: Provision the necessary configuration for use case deployment, ensuring consistency and repeatability between environments.
Templated Configuration: Create reusable and sharable configuration templates for product configuration, including policies, application integrations, and use cases.
Platform Orchestration: Manage complex infrastructure and configuration dependencies between Ping Identity products and customer applications and services.

Terraform providers

Providers are plugins that allow Terraform to interact with Ping Identity’s products and services. They define the API interactions necessary to create, read, update, and delete resources on those platforms according to the HCL source code that the user defines. For example, the PingOne Terraform provider allows Terraform to manage PingOne configuration resources such as applications, schema attributes, policy configuration, branding, localised translations, and more.

Learn more in Hashicorp Terraform providers.

Terraform state

A key feature of Terraform is the Terraform state. The Terraform state represents a stored record of the configuration successfully applied at the last run of Terraform, where configuration changes were made by Terraform. During execution, Terraform compares the configuration stored in Terraform state with the actual configuration of the live service to determine whether configuration has unexpectedly changed.

If the configuration of the live service has changed relative to the stored state, Terraform can issue configuration changes to realign the live service back to the stored state, effectively correcting any unauthorized or unexpected configuration changes that could lead to service outages or vulnerabilities.

Terraform state can be managed in different ways and should always be kept secure.

Learn more in Hashicorp Terraform state.

Terraform resources

Resources represent the individual components of Ping Identity product configurations. They are the building blocks of a fully configured environment and manage the lifecycle of configuration resources through create, update, and delete actions. Resources typically align with a single API endpoint, and each resource is defined with a schema of fields that reflects that API’s request and response payload and is used to specify the desired state. For configuration that a resource manages, the resource will retrieve the current configuration in the live service so that the configuration can be compared against the Terraform state and the developer’s HCL. If changes are detected, Terraform will create a plan of action to reconcile and complete the changes.

For example, in the PingOne Terraform provider, the Terraform developer can define a single instance of an application using the pingone_application resource. Terraform can then manage the ongoing lifecycle of the application’s configuration, including taking corrective actions if the configuration unexpectedly changes.

Learn more in Hashicorp Terraform resources.

Terraform data sources

Data sources allow Terraform to retrieve information about existing, unmanaged configuration or data from external systems. This enables developers to dynamically configure resources based on existing state or external inputs from data sources. Data sources typically align with a single API endpoint, and each data source is typically defined with a schema of fields that reflects that API’s response payload and is used to retrieve some configuration state.

Terraform doesn’t manage configuration using a data source, as data sources are read only.

For example, in the PingOne Terraform provider, the Terraform developer can read a single instance of an application using the pingone_application data source.

Learn more in Hashicorp Terraform data sources.

Using providers, resources, and data sources to meet key use cases

The Terraform developer selects the appropriate provider for their target platform (for example, PingOne provider for PingOne).
The Terraform developer then defines resources within their Terraform configuration files, specifying the desired state of each configuration item. A resource’s Terraform code can be defined either:
- Manually using the Terraform Registry documentation as a guide.
- Export/Generation using Ping Identity’s developer tools. Learn more in Exporting configuration.
Data sources are used to retrieve dynamic information, enabling flexible and adaptable configurations based on outside conditions.
Terraform uses the selected provider to interact with the target platform’s API to create, modify, or delete the defined resources.

Configuration Automation - Terraform