> I was struggling with that day was to define six cloud storage buckets in Terraform...The kind of thing you’d do with a two-line nested loop in any general-purpose language
I understand this is just an example, but FYI the modern solution is to use CDKTF rather than HCL for Terraform.
That allows you to choose your favorite general purpose lang: Python, TypeScript, Go, Java, C#.
I use Terraform because of HCL, the absolute best thing about it is the declarative config; if someone insists on using their favourite general purpose language: 1) they're wrong; 2) there's plenty of other options for that and I'm not interested in fighting in Terraform's corner knowing they won't use it for the most fundamental reason it's good.
You do know all that CDKTF does is compile programming language code to JSON (1:1 with Terraform's HCL)?
CDKTF is not accessing the Terraform state directly, it's allowing you to express your configuration that you would normally write in Terraform in a programatic way.
> Aside from Nix, Python, and HCL, which I’ve already discussed extensively,
He doesn't seem to have much more to say about the latter than that.
'My reply', bluntly, is something like 'maybe it has shortcomings, you haven't addressed them; its most fundamental key advantage is not addressed at all, about it or any other language, and is not a feature of your new one'.
HCL has its quirks - bit I'm not entirely sure they are without merit in this case - HCL describes resources - and it's important that when your iteration count goes down, resources are deleted. Some discussion in sections 6, 7 and 8 (linked):
There’s a subtle but important consideration with the current code. It happens when the code gets updated, particularly when previously added elements are removed.
For example, let’s say we first use the code above and run a terraform apply. That creates security groups with rules. Then we delete the rules from the code. Running terraform apply again will not remove the rules.
This is because when there’s an empty List, the for_each loop never iterates. If you wish for the security group rules to maintain its current state set outside of Terraform, you may want this behavior. However, this is probably unexpected and undesirable behavior.
If you want to have Terraform remove all the security group rules, then ingress needs to be assigned directly with a List. We’ll cover how to do that shortly.
You are likely already aware of this, but for other readers, you actually have to use Pulumi if you want native language feature support.
I agree CDK for TF can be better than HCL, but it is still more like a template preprocessing utility for Terraform and thus still carries the limitations of Terraform.
> but FYI the modern solution is to use CDKTF rather than HCL for Terraform.
That's an odd take. Are you saying that because it's newer? I would push something like Crossplane as more "modern" in that it solves the critical issue of Terraform not having any sort of reconciliation loop.
Gotcha. I guess I see it more as an alternative rather than a modern evolution. I don't particularly like the direction of these SDKs, but I see an increasing demand for them.
I understand this is just an example, but FYI the modern solution is to use CDKTF rather than HCL for Terraform.
That allows you to choose your favorite general purpose lang: Python, TypeScript, Go, Java, C#.