github.com/kcburge/terraform@v0.11.12-beta1/website/docs/internals/remote-service-discovery.html.md (about)

     1  ---
     2  layout: "docs"
     3  page_title: "Internals: Remote Service Discovery"
     4  sidebar_current: "docs-internals-remote-service-discovery"
     5  description: |-
     6    Remote service discovery is a protocol used to locate Terraform-native
     7    services provided at a user-friendly hostname.
     8  ---
     9  
    10  # Remote Service Discovery
    11  
    12  Terraform implements much of its functionality in terms of remote services.
    13  While in many cases these are generic third-party services that are useful
    14  to many applications, some of these services are tailored specifically to
    15  Terraform's needs. We call these _Terraform-native services_, and Terraform
    16  interacts with them via the remote service discovery protocol described below.
    17  
    18  ## User-facing Hostname
    19  
    20  Terraform-native services are provided, from a user's perspective, at a
    21  user-facing "friendly hostname" which serves as the key for configuration and
    22  for any authentication credentials required.
    23  
    24  The discovery protocol's purpose is to map from a user-provided hostname to
    25  the base URL of a particular service. Each host can provide different
    26  combinations of services -- or no services at all! -- and so the discovery
    27  protocol has a secondary purpose of allowing Terraform to identify _which_
    28  services are valid for a given hostname.
    29  
    30  For example, module source strings can include a module registry hostname
    31  as their first segment, like `example.com/namespace/name/provider`, and
    32  Terraform uses service discovery to determine whether `example.com` _has_
    33  a module registry, and if so where its API is available.
    34  
    35  A user-facing hostname is a fully-specified
    36  [internationalized domain name](https://en.wikipedia.org/wiki/Internationalized_domain_name)
    37  expressed in its Unicode form (the corresponding "punycode" form is not allowed)
    38  which must be resolvable in DNS to an address that has an HTTPS server running
    39  on port 443.
    40  
    41  User-facing hostnames are normalized for internal comparison using the
    42  standard Unicode [Nameprep](https://en.wikipedia.org/wiki/Nameprep) algorithm,
    43  which includes converting all letters to lowercase, normalizing combining
    44  diacritics to precomposed form where possible, and various other normalization
    45  steps.
    46  
    47  ## Discovery Process
    48  
    49  Given a hostname, discovery begins by forming an initial discovery URL
    50  using that hostname with the `https:` scheme and the fixed path
    51  `/.well-known/terraform.json`.
    52  
    53  For example, given the hostname `example.com` the initial discovery URL
    54  would be `https://example.com/.well-known/terraform.json`.
    55  
    56  Terraform then sends a `GET` request to this discovery URL and expects a
    57  JSON response. If the response does not have status 200, does not have a media
    58  type of `application/json` or, if the body cannot be parsed as a JSON object,
    59  then discovery fails and Terraform considers the host to not support _any_
    60  Terraform-native services.
    61  
    62  If the response is an HTTP redirect then Terraform repeats this step with the
    63  new location as its discovery URL. Terraform is guaranteed to follow at least
    64  one redirect, but nested redirects are not guaranteed nor recommended.
    65  
    66  If the response is a valid JSON object then its keys are Terraform native
    67  service identifiers, consisting of a service type name and a version string
    68  separated by a period. For example, the service identifier for version 1 of
    69  the module registry protocol is `modules.v1`.
    70  
    71  The value of each object element is the base URL for the service in question.
    72  This URL may be either absolute or relative, and if relative it is resolved
    73  against the final discovery URL (_after_ following redirects).
    74  
    75  The following is an example discovery document declaring support for
    76  version 1 of the module registry protocol:
    77  
    78  ```json
    79  {
    80    "modules.v1": "https://modules.example.com/v1/"
    81  }
    82  ```
    83  
    84  ## Supported Services
    85  
    86  At present, only one service identifier is in use:
    87  
    88  * `modules.v1`: [module registry API version 1](/docs/registry/api.html)
    89  
    90  ## Authentication
    91  
    92  If credentials for the given hostname are available in
    93  [the CLI config](/docs/commands/cli-config.html) then they will be included
    94  in the request for the discovery document.
    95  
    96  The credentials may also be provided to endpoints declared in the discovery
    97  document, depending on the requirements of the service in question.
    98  
    99  ## Non-standard Ports in User-facing Hostnames
   100  
   101  It is strongly recommended to provide the discovery document for a hostname
   102  on the standard HTTPS port 443. However, in development environments this is
   103  not always possible or convenient, so Terraform allows a hostname to end
   104  with a port specification consisting of a colon followed by one or more
   105  decimal digits.
   106  
   107  When a custom port number is present, the service on that port is expected to
   108  implement HTTPS and respond to the same fixed discovery path.
   109  
   110  For day-to-day use it is strongly recommended _not_ to rely on this mechanism
   111  and to instead provide the discovery document on the standard port, since this
   112  allows use of the most user-friendly hostname form.