using resource "local_file" in terraform with atlantis

Question

I am using resource "local_file" in terraform for generating my application config, whenever I run terraform apply it generates a config file.

example of terraform snippet which generates config file on terraform apply:

    # local_file.helm_values creats a set of helm values for this environment
    resource "local_file" "helm_values" {
      file_permission = "0666"
      filename        = "config.yaml"
      content = <<EOT
    ${yamlencode({
      endpoints = [
        {
          name    = "servicename"
          command = "command"
          path    = "/path"
          env = {
            REDIS_URL = "redis://redishost:port"
          }
        },
        {
          name          = "servicename2"
          command       = "docs"
          path          = "/"
        }
      ]
      ...
    })}
    EOT
    }

I have successfully integrated with Atlantis, which means I no longer use the terraform plan/apply command on my local terminal. Instead, I utilize the atlantis plan and atlantis apply commands directly on my pull requests. Although the atlantis apply command works flawlessly for managing other infrastructure resources, But it doesn't automatically regenerate the config file whenever modifications are made to the aforementioned terraform resource "local_file".

If you know something where Atlantis can handle running this specific Terraform task to generate the config file and automatically commit it to the pull request, it would be nice to share.

Answer 1

What you've encountered here is related to the caveat from the local_file documentation:

When working with local files, Terraform will detect the resource as having been deleted each time a configuration is applied on a new machine where the file is not present and will generate a diff to re-create it. This may cause "noise" in diffs in environments where configurations are routinely applied by many different users or within automation systems.

Terraform is primarily designed for interacting with remote APIs over the network, rather than resources on the local system. The ability to use local_file successfully as you're trying here relies on you somehow making the local filesystem behave as if it's a remote service accessed over the network, which includes some way for the file to persist from one Terraform run to the next.

One way to achieve that would be to mount a network filesystem into your Atlantis execution environment and arrange for this file to be created on that filesystem. As long as the remote filesystem survives between runs, local_file should then be able to treat that file like other providers would treat an object managed via a REST API, or similar.

Terraform is not really designed for managing local files, so its capabilities here are limited. It may not be possible to achieve exactly what you are intending to do, without introducing something else into the mix to help Terraform work in this unusual situation.