Guides
Log InSign UpBlog

Variables

Suggest Edits

Terraform & OpenTofu Variables

Scalr uses input variables the same way they are used in Terraform or OpenTofu OSS, no extra configuration is needed other than having the option to create them directly in the Scalr UI. When variables are set directly in Scalr, Scalr will pass those variables to Terraform as a terraform.tfvars.json or opentofu.tfvars.json file.

Terraform and OpenTofu variables can be marked as sensitive or HCL values as needed:

Alternatively, variable files can be passed in as part of the workspace configuration. Values defined in the .tfvars files have a higher priority than ones set in the Scalr UI/backend. To enforce values from the Scalr UI/backend users must specify the variable as final in the Scalr Terraform variables section of the workspace.

📘

terraform.tfvars.json and opentofu.tfvars.json name is reserved

terraform.tfvars.json and terraform.tfvars are reserved filenames and cannot be used as Scalr uses that to pass in variables. The same goes for opentofu.tfvars.json and opentofu.tfvars

Shell Variables

In addition to Terraform input variables, there are use cases for declaring shell variables in the run time environment. Shell variables can be declared in Scalr and are exported into the Terraform runtime environment using export var=value.

  • Pass in non-credentials configuration values to providers, such as location (see individual provider docs).
  • Set values for Terraform input variables with TF_VAR_{variable_name}={value}, alternatively, the Terraform variable type can also be used.
  • Pass in data to be used in scripts executed by provisioners or data "external" {}.
  • Set custom parallelism with TF_CLI_ARGS_plan="-parallelism=N" and TF_CLI_ARGS_apply="-parallelism=N" (where N is the desired parallelism value).
  • Set the log level with TF_LOG=TRACE
  • Set Terraform debug/behavioral variables.

Built-In Variables

The following shell variables are built into the runtime environment for use as needed. All variables below can also be used as TF_VAR variables by adding TF_VAR_before the variable name:

  • SCALR_RUN_ID - The ID of the current run.
  • SCALR_HOSTNAME - The Scalr hostname.
  • SCALR_TERRAFORM_OPERATION - The current Terraform operation (plan or apply).
  • SCALR_TERRAFORM_EXIT_CODE - The exit code (0 or 1) of the previous operation (plan or apply) and only available in after hooks.
  • SCALR_RUN_IS_DESTROY - If the code is 1, then the run is the equivalent to a terraform destroy. If it is 0, then it is a terraform apply. This is helpful for custom hooks that will execute if the apply is a destroy or not.
  • SCALR_RUN_VCS_BRANCH - The branch name of the VCS repo i.e. main
  • SCALR_RUN_VCS_COMMIT- The commit hash for a VCS triggered run i.e. e59f09e
  • SCALR_RUN_MODE - This will return the type of run that was executed. Possible values are:
    • apply - Plan & Apply
    • dry - Plan only
    • refresh - Refresh only
    • skip_refresh - Skip refresh
  • SCALR_RUN_SOURCE - The source that triggered the run. Possible values are:
    • vcs - The run was triggered by a VCS provider.
    • cli - The run was triggered from the Terraform or OpenTofu CLI.
    • scalr-cli- The run was triggered from the Scalr CLI
    • run-trigger - The run was triggered from the run triggers feature.
    • schedule - The run was triggered based on a schedule being set in the workspace.
    • api- The run was triggered from the Scalr API.
    • configuration version - When the run is triggered based on auto-queue runs being enabled in the workspace and the first CV uploaded triggers a run.
    • ui - for all runs triggered from the UI.
  • SCALR_WORKSPACE_NAME- The name of the workspace the run is executing in.
  • SCALR_WORKSPACE_ID - The ID of the workspace the run is executing in.
  • SCALR_ENVIRONMENT_ID- The ID of the environment the run is executing in.
  • SCALR_ENVIRONMENT_NAME- The name of the environment the run is executing in.
  • SCALR_RUN_CONTENT_ROOT - The absolute path to the root of the configuration being executed.

Setting Shell & Terraform Variables

Scalr provides multi-scope shell variables that can be set at any scope and inherited at lower scopes. Variables set at higher scopes can, depending on the configuration of the variable, have their value overridden at lower scopes. The hierarchy is as follows.

  • Account
  • Environments inherit from the Account
  • Workspaces inherit from the Account and Environment

Variables marked as “final” at any scope cannot be overridden by lower scopes. They can also be marked as “sensitive” to ensure the value is masked out in the Scalr UI, API, provider results, and Terraform plan and state output.

Import Terraform & OpenTofu Variables

Terraform or OpenTofu variables files that end in .tfvars can be imported into a workspace via the import options on the variables page. This is most commonly used if the variables file is not in the same location as the code and not uploaded as part of the working directory.

Scalr will parse the code and automatically sets the sensitive or HCL flags on the variables where needed. By default, Scalr does not update values for variables that already exist in a workspace, but you can select the update option to do so:

Validation

If validation is built into the Terraform or OpenTofu code, Scalr will validate the variable when it is being created or updated. For example, if there is an OS type variable that can either be "Windows" or "Linux", the variable would be the following:

variable "os_type" {
  description = "Operating System to use for the VM"
  type = string

  validation {
    condition     = contains(["Windows", "Linux"], var.os_type)
    error_message = "The os_type must be either 'Windows' or 'Linux'."
  }
}

If a user tries to enter anything other than the values in the condition in the UI, Scalr will provide the defined error message.

All validation will still be checked during the plan and apply as well. This is intended to improve the user experience and catch any validation errors earlier on.

Sensitive Variables

By default, sensitive variables are masked in the UI, logs, and all outputs. If an environment admin needs to disable the masking of sensitive variables to help with troubleshooting, they can do so in the environment settings. This will only disable the masking of the outputs in the Terraform/Tofu logs.

Example: Account scope

Account scope variables are created at the account scope and automatically shared with all environments and workspaces.

Click on the variable to access the configuration details. Make sure to “Save” after any changes to variables.

Example: Environment scope

Environment scope variables are created and assigned within the environments tab at the account scope. Once they are created and assigned to the environment, all workspaces in the environment will inherit the variable:

Variables can be overridden by creating a new variable of the same name at a lower scope. An overridden variable is shown as a group with the lowest scope, and therefore applicable value is visible. The variable can be ungrouped using the button on the right so that the variable can be edited or deleted.

Example: Workspace scope

Workspace scope variables are assigned within the variables tab at the workspace scope.

Updated 7 days ago