The IonosCloud provider gives the ability to deploy and configure resources using the IonosCloud APIs.
Effective March 15, 2024, IONOS account holders using 2-Factor Authentication will no longer be able to utilize Basic Authentication for accessing our APIs, SDKs, and all related tools. Token creation and deletion via APIs and ionosCTL will also be restricted.
Affected users are required to switch to token-based authorization. These tokens will be accessible through our new Token Manager in the Data Center Designer, launching at the beginning of February 2024. More information can be found here.
- Terraform 0.12.x+
NOTE: In order to use a specific version of this provider, please include the following block at the beginning of your terraform config files details:
provider "ionoscloud" {
version = ">= 6.4.10"
}The provider needs to be configured with proper credentials before it can be used.
You can use token authentication. We strongly suggest to use token authentication for security reasons. Details on how to generate your token here:
export IONOS_TOKEN="token"Or you can set the environment variables for HTTP basic authentication:
export IONOS_USERNAME="username"
export IONOS_PASSWORD="password"For managing IONOS Object Storage resources you need to set the following environment variables with your credentials
export IONOS_S3_ACCESS_KEY="accesskey"
export IONOS_S3_SECRET_KEY="secretkey"Another way of configuring it is by providing your credentials/api_url in a .tf configuration file in the provider block as shown in the below example.
provider "ionoscloud" {
token = var.ionos_token
# we suggest to use token authentication
# username = var.ionos_username
# password = var.ionos_password
# optional, to be used only for reseller accounts
# contract_number = "contract_number_here"
# optional, does not need to be configured in most cases
# endpoint = "custom_cloud_api_url"
# s3_access_key = <your_access_key>
# s3_secret_key = <your_secret_key>
# s3_region = <your_bucket_region>
}endpoint field. The SDKs the terraform uses know how to route requests to the correct endpoints in the API.
You can either explicitly write them in the .tf file or use var.name as in the example above. For setting the var.name, environment variables can be used. The environment variables must be in the format TF_VAR_name and this will be checked last for a value. For example:
export TF_VAR_ionos_token="token"
export TF_VAR_ionos_username="username"
export TF_VAR_ionos_password="password"
export TF_VAR_ionos_s3_access_key="accesskey"
export TF_VAR_ionos_s3_secret_key="secretkey"
export TF_VAR_ionos_s3_region="eu-central-3" # optionalSee the IonosCloud Provider documentation for more details.
| Environment Variable | Description |
|---|---|
IONOS_USERNAME |
Specify the username used to login, to authenticate against the IONOS Cloud API |
IONOS_PASSWORD |
Specify the password used to login, to authenticate against the IONOS Cloud API |
IONOS_TOKEN |
Specify the token used to login, if a token is being used instead of username and password |
IONOS_API_URL |
Specify the API URL. It will overwrite the API endpoint default value api.ionos.com. It is not necessary to override this value unless you have special routing config |
IONOS_LOG_LEVEL |
Specify the Log Level used to log messages. Possible values: Off, Debug, Trace |
IONOS_PINNED_CERT |
Specify the SHA-256 public fingerprint here, enables certificate pinning |
IONOS_CONTRACT_NUMBER |
Specify the contract number on which you wish to provision. Only valid for reseller accounts, for other types of accounts the header will be ignored |
IONOS_S3_ACCESS_KEY |
Specify the access key used to authenticate against the IONOS Object Storage API |
IONOS_S3_SECRET_KEY |
Specify the secret key used to authenticate against the IONOS Object Storage API |
IONOS_S3_REGION |
Region for IONOS Object Storage operations. Default value: eu-central-3. If you use IONOS_API_URL_OBJECT_STORAGE, IONOS_S3_REGION is mandatory |
You can enable certificate pinning if you want to bypass the normal certificate checking procedure, by doing the following:
Set env variable IONOS_PINNED_CERT=<insert_sha256_public_fingerprint_here>
You can get the sha256 fingerprint most easily from the browser by inspecting the certificate.
In the default mode, the Terraform provider returns only HTTP client errors. These usually consist only of the HTTP status code. There is no clear description of the problem. But if you want to see the API call error messages as well, you need to set the SDK and Terraform provider environment variables.
You can enable logging now using the IONOS_LOG_LEVEL env variable. Allowed values: off, debug and trace. Defaults to off.
trace level for debugging purposes. Disable it in your production environments because it can log sensitive data. It logs the full request and response without encryption, even for an HTTPS call.
Verbose request and response logging can also significantly impact your application’s performance.
$ export IONOS_LOG_LEVEL=debugIONOS_DEBUG is now deprecated and will be removed in a future release.
IONOS_DEBUG for debugging purposes. Disable it in your production environments because it can log sensitive data. It logs the full request and response without encryption, even for an HTTPS call.
Verbose request and response logging can also significantly impact your application’s performance.
$ export TF_LOG=debug
$ export IONOS_DEBUG=true
$ terraform applynow you can see the response body incl. api error message:
{
"httpStatus" : 422,
"messages" : [ {
"errorCode" : "200",
"message" : "[VDC-yy-xxxx] Operation cannot be executed since this Kubernetes Nodepool is already marked for deletion. Current state of the resource is FAILED_DESTROYING."
}]
}NOTE:: Building the provider is only necessary if you want to contribute to the provider. It is not a prerequisite for using it.
- [Go](https://golang.org/doc/install) 1.20 (to build the provider plugin)
Clone repository to: $GOPATH/src/github.com/ionos-cloud/terraform-provider-ionoscloud
$ mkdir -p $GOPATH/src/github.com/ionos-cloud; cd $GOPATH/src/github.com/ionos-cloud
$ git clone https://github.com/ionos-cloud/terraform-provider-ionoscloud.gitEnter the provider directory and build the provider
$ cd $GOPATH/src/github.com/ionos-cloud/terraform-provider-ionoscloud
$ make buildIf you wish to work on the provider, you'll first need Go installed on your machine (version 1.18+ is required). You'll also need to correctly set up a GOPATH, as well as adding $GOPATH/bin to your $PATH.
To compile the provider, run make build. This will build the provider and put the provider binary in the $GOPATH/bin directory.
$ make build
...
$ $GOPATH/bin/terraform-provider-ionoscloud
...The purpose of our acceptance tests is to provision resources containing all the available arguments, followed by updates on all arguments that allow this action. Beside the provisioning part, data-sources with all possible arguments and imports are also tested.
All tests are integrated into github actions that run daily and are also run manually before any release.
In order to test the provider, you can simply run:
$ make testIn order to run the full suite of Acceptance tests, run:
$ make testacc TAGS=allTests can also be run for a batch of resources or for a single resource, using tags.
Example of running server and lan tests:
$ make testacc TAGS=server,lanSee more details about test tags
**Build tags** are named as follows:
- `compute` - all **compute engine** tests (datacenter, firewall rule, image, IP block, IP failover, lan, location, nic, cross connect, server, snapshot, template, volume)
- `nlb` - **network load balancer** and **network load balancer forwarding rule** tests
- `natgateway` - **NAT gateway** and **NAT gateway rule** tests
- `k8s` - **k8s cluster** and **k8s node pool** tests
- `dbaas` - **DBaaS postgres cluster** tests
- `alb` - **Application Load Balancer** tests
``` sh
$ make testacc TAGS=dbaas
```
You can also test one single resource, using one of the tags: `backup`, `datacenter`, `dbaas`, `firewall`, `group`, `image`, `ipblock`, `ipfailover`, `k8s`, `lan`, `location`, `natgateway`,
`nlb`, `nic`, `pcc`, `resource`, `s3key`, `server`, `share`, `snapshot`, `template`, `user`, `volume`
Please see the Documentation on how to migrate from the ProfitBricks provider.
Please check out this module.