Terraform provider to manager Neon resources

Hey folks

I’d like to announce initial release of the terraform provider to provision Neon resources: tf registry.

It supports a single resource, project, for now.

Upcoming releases will include the following resources in the order of implementation:

  • branch
  • endpoint
  • database
  • role
  • api key

I’d highly appreciate your feedback and contribution!

Thanks
Dmitry

3 Likes

Cool! One question, with a newly created project we return a ready to use DATABASE_URL with password. How one can get it using you TF provider? Or they will need to reset a password after provisioning a project?

@ololobus Hey! Thanks for the question/feedback!

I include access url as part of upcoming release. It will be available as a read-only property of the project resource.

As for password reset, I recon it’d make most sense to add the functionality for the neon_role tf resource. WDYT?

Yep, I think it makes sense for the role only

Hey folks!

I’m happy to announce that v0.1.0 of the neon tf provider has been released! :slightly_smiling_face:

It supports all Neon base resources now:

  • project
  • branch
  • endpoint
  • role
  • database

I hope that the provider would enable developers for robust effective ops through automation. To see how, please consider the guide. It illustrates how to provision Neon project, branch, role and database, and to setup secure secrets storage to minimize chances of undesirable access to provisioned database.

Please try the provider and leave your feedback in the form of github issues. Also your contributions in the form of PR are more than welcomed: OSS FTW! :wink:

Regards
Dmitry

2 Likes

Hey @kislerdm, I loved the Terraform provider. So far the only limitation I found is that I cannot use autoscaling_limit_max_cu as a float (e.g.: 0.25).

Also, I have been experiencing instabilities during branch creation while deploying from GitHub Actions, but I’m not sure if it is related to the provider, Terraform, or to Neon APIs.

Sometimes, while I am creating a new branch, it says the branch already exists although it did not exist before the terraform apply.

module.staging.module.researchers-peers-svc.google_project_iam_binding.secret_accessor: Creation complete after 9s [id=***/roles/secretmanager.secretAccessor]
╷
│ Error: [HTTP Code: 409][Error Code: ] branch with the provided name "staging" already exists
│
│   with module.staging.module.postgresql-dbms-environment.neon_branch.postgresql-dbms-environment,
│   on postgresql-dbms-environment/main.tf line 1, in resource "neon_branch" "postgresql-dbms-environment":
│    1: resource "neon_branch" "postgresql-dbms-environment" ***
│
╵
╷
│ Error: [HTTP Code: 409][Error Code: ] branch with the provided name "production" already exists
│
│   with module.production.module.postgresql-dbms-environment.neon_branch.postgresql-dbms-environment,
│   on postgresql-dbms-environment/main.tf line 1, in resource "neon_branch" "postgresql-dbms-environment":
│    1: resource "neon_branch" "postgresql-dbms-environment" ***

What I noticed is that when that error occurs, the branch ends up being created but it is not assigned to a compute endpoint.

That is really unpredictable so I’m trying out other database providers that also offer a terraform provider. It is sad since Neon is so much more intuitive than GCP and your terraform provider was really easy to configure.


[Update]

I tried to update hashicorp/setup-terraform@v1 to hashicorp/setup-terraform@v2 in my GitHub actions, and it resulted in success for one branch and failure for another.

I have also tried installing Terraform with:

- name: Install Terraform
        run: |
          sudo apt-get update && sudo apt-get install -y gnupg software-properties-common
          wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg
          gpg --no-default-keyring --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg --fingerprint

… but got the same instability. Sometimes works locally, sometimes not, sometime one branch is created and another is not created.

@kislerdm, did you experience something similar? Any ideas about what could be causing that?

Hi Calil!

Thank for your the warm words - it’s very much appreciated!

Indeed, the terraform provider uses the SDK which is not up-to-date with the API spec. I will release a new version of the tf provider with the fix this week. The new version of SDK was released already, see details.

Thank you this valuable feedback for flagging. I will have a look. Could you please open a github issue with details?

Thanks!
Dmitry

Hey folks!

I’d like to announce that v0.2.0 of the terraform provider was released. The release addresses non-backwards compatible API changes. It is now fully aligned with the up-to-date API contract. Please update your dependencies.

Additionally, you can subscribe to the following resources to get notified about API specifications updates:

Enjoy your day!
Dmitry

Hey folks!

I’d like to announce that v0.2.2 of the terraform provider was released. The release addresses bugs leading to unexpected behaviour for provisioning projects with custom configurations for default_endpoint_settings, branch and quota.

Please update your dependencies!

I’d like to thank the following people for their feedback and contribution:

Enjoy your day!
Dmitry

Hey folks! I’m happy to announce that v0.2.3 of the terraform was released. It fixes role password state management.

Please update your dependencies!

I’d like to thank the following people for their feedback:

Thank you, your support means a lot for OSS community! :pray:

Enjoy your day!
Dmitry

1 Like

Hey folks! v0.2.4 has just been released. It includes SDK update, refactoring and minor documentation fixes mostly. However, if you use v0.2.2 and below, please update.

BTW it’s worth noticing that the provider will be hosted and distributed following the conventions of OpenTofu after its stable release in December’23. It does not mean that you need to take immediate actions yet. Further instructions will follow, stay tuned.

Thanks!
Dmitry

1 Like