Question 121580 in Redis Question posted in
The official documentation can be found here.

Redis – Terraform: does ".terraform.lock.hcl" lock the version of each terraform module?

I use terraform to provision a web application project, which includes RDS, Memcached, Redis, EC2, Load balancer and S3 bucket. To simplify the code, I have imported several handy terraform modules, for example:

  1. security group module
  2. RDS module

After run terraform init, terraform has generated a file .terraform.lock.hcl. But this file only contains a few content. I don’t believe it contains all versions of imported modules.

Here is the content.

# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.

provider "registry.terraform.io/hashicorp/aws" {
  version     = "3.63.0"
  constraints = ">= 2.7.0, >= 2.42.0, >= 2.49.0, >= 3.4.0, >= 3.40.0"
  hashes = [
    "h1:lf8Qex8bhCmh8TUEAU6H4brzjy3+d4BXB6gcOYnNtNY=",
    "zh:42c6c98b294953a4e1434a331251e539f5372bf6779bd61ab5df84cac0545287",
    "zh:5493773762a470889c9a23db97582d3a82035847c8d3bd13323b4c3012abf325",
    "zh:550d22ff9fed4d817a922e7b84bd9d1f2ef8d3afa00832cf66b8cd5f0e6dc748",
    "zh:632cb5e2d9d5041875f57174236eafe5b05dbf26750c1041ab57eb08c5369fe2",
    "zh:7cfeaf5bde1b28bd010415af1f3dc494680a8374f1a26ec19db494d99938cc4e",
    "zh:99d871606b67c8aefce49007315de15736b949c09a9f8f29ad8af1e9ce383ed3",
    "zh:c4fc8539ffe90df5c7ae587fde495fac6bc0186fec2f2713a8988a619cef265f",
    "zh:d0a26493206575c99ca221d78fe64f96a8fbcebe933af92eea6b39168c1f1c1d",
    "zh:e156fdc964fdd4a7586ec15629e20d2b06295b46b4962428006e088145db07d6",
    "zh:eb04fc80f652b5c92f76822f0fec1697581543806244068506aed69e1bb9b2af",
    "zh:f5638a533cf9444f7d02b5527446cdbc3b2eab8bcc4ec4b0ca32035fe6f479d3",
  ]
}

provider "registry.terraform.io/hashicorp/random" {
  version     = "3.1.0"
  constraints = ">= 2.2.0, >= 3.1.0"
  hashes = [
    "h1:9cCiLO/Cqr6IUvMDSApCkQItooiYNatZpEXmcu0nnng=",
    "zh:2bbb3339f0643b5daa07480ef4397bd23a79963cc364cdfbb4e86354cb7725bc",
    "zh:3cd456047805bf639fbf2c761b1848880ea703a054f76db51852008b11008626",
    "zh:4f251b0eda5bb5e3dc26ea4400dba200018213654b69b4a5f96abee815b4f5ff",
    "zh:7011332745ea061e517fe1319bd6c75054a314155cb2c1199a5b01fe1889a7e2",
    "zh:738ed82858317ccc246691c8b85995bc125ac3b4143043219bd0437adc56c992",
    "zh:7dbe52fac7bb21227acd7529b487511c91f4107db9cc4414f50d04ffc3cab427",
    "zh:a3a9251fb15f93e4cfc1789800fc2d7414bbc18944ad4c5c98f466e6477c42bc",
    "zh:a543ec1a3a8c20635cf374110bd2f87c07374cf2c50617eee2c669b3ceeeaa9f",
    "zh:d9ab41d556a48bd7059f0810cf020500635bfc696c9fc3adab5ea8915c1d886b",
    "zh:d9e13427a7d011dbd654e591b0337e6074eef8c3b9bb11b2e39eaaf257044fd7",
    "zh:f7605bd1437752114baf601bdf6931debe6dc6bfe3006eb7e9bb9080931dca8a",
  ]
}

When starting a Ruby on Rails project, bundler uses Gemfile.lock to lock the version of ruby gems. When staring a frontend project, npm uses package-lock.json to lock the version of imported libraries.

Is .terraform.lock.hcl used for locking the version of each terraform module?

Tags:

2

Answers


  1. 0

    It reads in terraform documentation about the lock file:

    At present, the dependency lock file tracks only provider dependencies. Terraform does not remember version selections for remote modules, and so Terraform will always select the newest available module version that meets the specified version constraints. You can use an exact version constraint to ensure that Terraform will always select the same module version.

    So the answer to your question will be: No. For now, it does not "lock" the version of your modules.

    https://www.terraform.io/language/files/dependency-lock

    Login or Signup to reply.
  2. 0

    No, the .terraform.lock.hcl file does NOT contain module versions. You can however make sure that the module is used in correct version by utilizing Version Constraints for the module. The example code depends on module source and can look like this:

    module "eks" {
  source  = "terraform-aws-modules/eks/aws"
  version = "~> 18.30.0"
  # [...]

    In the code above, the module is sourced from Terraform Registry and at least 18.30.0 is used, however the latest 18.30.x will be used (because of ~> constraint type) whenever you run terraform get -update.

    If you are using module from git repo, however, you cannot use version argument, instead you need to code the tag or branch name using ref:

    module "vpc" {
  source = "git::https://example.com/vpc.git?ref=v1.2.0"
}
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search