Terrafrom is watching you

Esy
Esy
Nov 3 · 2 min read

In the last few day, there has been a hot debate on whether or not Harshicorp Terrafrom is doing a proper job on correctly informing its customers on the latest updates and changes to its product. One of these issues was raised on this Github thread:

So whats a big deal with partner_id? Basically, if you are a software partner with Microsoft Azure, your are offering an App or Service or whatever you are making money from. This would require your App to create/update/delete Azure resources. You would accomplish this by three means:

  1. Azure Resource Manager Template
  2. Azure Resource Manager APIs
  3. Terraform template

Its always nice to have a complete visibility on the resource consumption of your app which is deployed on customer subscription. It just makes sense to count your soldiers when they are fighting on the field. You would need this to either have a better understanding on the App usage by customer or maybe you business plan is based on usage and you need to know the usage to charge users based properly. To help Partners achieve that, Azure has create a field called “parner_id” to address this matter. Whenever, as a partner, you create an offer on Azure portal, you could be assigned a partner_id which is like a GUID string. Then, you provide that provider_id when using any of above three methods. For example, in terraform, you could specify it in provider.tf file like below:

provider “azurerm” {subscription_id = “xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx”client_id = “xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx” partner_id = “xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx”}]

Now, whats the catch with Terraform? Terraform product, by default(!!!!) adds below to your provider:

partner_id = “terraform”

Now since Harshicorp is actually the Azure Partner, they could login to their portal and see the usage of the resources without you even knowing that if the “terraform” partner_id is affiliated with them. What makes people angry here, why Terraform doesn’t highlight big changes like this. Although, in the Hacker news and also in above Github thread CEO of Harshicorp has tried to explain, they have nothing to do with that partner_id:

The partner ID used by Terraform was provided directly by Microsoft and generated by them. It is not associated with our Azure accounts at all. This is an extra assurance that we don’t have access to any partner information using this ID.

This might not sound a very important to some as they might not be sure how useful these information could possibly be. However, this could have a huge marketing impact for some companies which are expanding and wouldn’t what their competitors to know. Or it might raise some security conscious companies.

To be on safe side, and to save some headaches, its recommenced to alway change the default value of this parameter in your provider.tf file to some other value.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade