I think this is a simple request to understand, but it’s clear to me that we need a safer way to work with workspaces.
They are super easy to work with in automation (atlantis, terraform cloud), where a computer never forgets to terraform workspace select or set TF_WORKSPACE.
However, for a human, it is VERY easy to forget that you need to be in a workspace. Or that you are in a workspace. Or which workspace you are in.
In a projects that supports multiple workspaces, I really feel like you should never be able to to run a terraform command without explicitly setting the workspace you would like that command to run against. For instance
terraform $WORKSPACE import foo.bar foo/bar
# or
terraform -w $WORKSPACE plan
# or
terraform $WORKSPACE apply -target module.baz\
# or
TF_WORKSPACE=$WORKSPACE terraform state rm foo.bar
^ In projects with multiple workspaces, any other incantation of terraform should exit because you did not explicitly say what workspace you want to use.
IMO, terraform needs the some configuration improvements that allow a directory to tell the binary how terraform should be run in this directory. For instance:
- Require the workspace to be set for each command if discovered that there are multiple
- Configuration that allow lists workspaces in the directory
- Configuration to say which variable files should be included for different workspaces
- etc etc to make working with them easier
(TBH, a directory config for terraform would be real nice. Like setting parallelism to 1 for certain projects or something like that.).
IDK, maybe the problem workspaces solve (shared resource definition) is not the recommended way of defining shared terraform for similar projects (not sure copy and pasting modules is really better).
Are there any plans to make make working with workspaces safer|better?