Evaluating TFC in our org and I’m wondering what your recommended practices are for approval and auditing of variable changes as these will effect a change in infra on the next apply.
With TF we can include our tfvars files in git and go through the normal PR/review process.
E.g. use TF workspaces and vars files that match the workspace to simplify runs.
In TFC, they’re edited in the UI and there’s not a similar process that comes to mind.
We’re trying to use the simple flow of one configuration github repo linked to multiple TFC workspaces and then populating variables. When editing variables in the UI, this also doesn’t actually trigger a plan and still needs to be done manually. OK so in that case you could request that someone approve the plan (though I dont see a way to enforce that). But it also creates an audit trail separate from git history.
The only idea I’ve had so far is to use the TF provider in another set of repos for managing the variables values for the TFC workspaces – probably works but feels awkward and a lot of overhead as you no longer have a single commit history to deal with.
Looking for recommendations
Thanks!