github.com/kcburge/terraform@v0.11.12-beta1/website/docs/internals/remote-service-discovery.html.md (about) 1 --- 2 layout: "docs" 3 page_title: "Internals: Remote Service Discovery" 4 sidebar_current: "docs-internals-remote-service-discovery" 5 description: |- 6 Remote service discovery is a protocol used to locate Terraform-native 7 services provided at a user-friendly hostname. 8 --- 9 10 # Remote Service Discovery 11 12 Terraform implements much of its functionality in terms of remote services. 13 While in many cases these are generic third-party services that are useful 14 to many applications, some of these services are tailored specifically to 15 Terraform's needs. We call these _Terraform-native services_, and Terraform 16 interacts with them via the remote service discovery protocol described below. 17 18 ## User-facing Hostname 19 20 Terraform-native services are provided, from a user's perspective, at a 21 user-facing "friendly hostname" which serves as the key for configuration and 22 for any authentication credentials required. 23 24 The discovery protocol's purpose is to map from a user-provided hostname to 25 the base URL of a particular service. Each host can provide different 26 combinations of services -- or no services at all! -- and so the discovery 27 protocol has a secondary purpose of allowing Terraform to identify _which_ 28 services are valid for a given hostname. 29 30 For example, module source strings can include a module registry hostname 31 as their first segment, like `example.com/namespace/name/provider`, and 32 Terraform uses service discovery to determine whether `example.com` _has_ 33 a module registry, and if so where its API is available. 34 35 A user-facing hostname is a fully-specified 36 [internationalized domain name](https://en.wikipedia.org/wiki/Internationalized_domain_name) 37 expressed in its Unicode form (the corresponding "punycode" form is not allowed) 38 which must be resolvable in DNS to an address that has an HTTPS server running 39 on port 443. 40 41 User-facing hostnames are normalized for internal comparison using the 42 standard Unicode [Nameprep](https://en.wikipedia.org/wiki/Nameprep) algorithm, 43 which includes converting all letters to lowercase, normalizing combining 44 diacritics to precomposed form where possible, and various other normalization 45 steps. 46 47 ## Discovery Process 48 49 Given a hostname, discovery begins by forming an initial discovery URL 50 using that hostname with the `https:` scheme and the fixed path 51 `/.well-known/terraform.json`. 52 53 For example, given the hostname `example.com` the initial discovery URL 54 would be `https://example.com/.well-known/terraform.json`. 55 56 Terraform then sends a `GET` request to this discovery URL and expects a 57 JSON response. If the response does not have status 200, does not have a media 58 type of `application/json` or, if the body cannot be parsed as a JSON object, 59 then discovery fails and Terraform considers the host to not support _any_ 60 Terraform-native services. 61 62 If the response is an HTTP redirect then Terraform repeats this step with the 63 new location as its discovery URL. Terraform is guaranteed to follow at least 64 one redirect, but nested redirects are not guaranteed nor recommended. 65 66 If the response is a valid JSON object then its keys are Terraform native 67 service identifiers, consisting of a service type name and a version string 68 separated by a period. For example, the service identifier for version 1 of 69 the module registry protocol is `modules.v1`. 70 71 The value of each object element is the base URL for the service in question. 72 This URL may be either absolute or relative, and if relative it is resolved 73 against the final discovery URL (_after_ following redirects). 74 75 The following is an example discovery document declaring support for 76 version 1 of the module registry protocol: 77 78 ```json 79 { 80 "modules.v1": "https://modules.example.com/v1/" 81 } 82 ``` 83 84 ## Supported Services 85 86 At present, only one service identifier is in use: 87 88 * `modules.v1`: [module registry API version 1](/docs/registry/api.html) 89 90 ## Authentication 91 92 If credentials for the given hostname are available in 93 [the CLI config](/docs/commands/cli-config.html) then they will be included 94 in the request for the discovery document. 95 96 The credentials may also be provided to endpoints declared in the discovery 97 document, depending on the requirements of the service in question. 98 99 ## Non-standard Ports in User-facing Hostnames 100 101 It is strongly recommended to provide the discovery document for a hostname 102 on the standard HTTPS port 443. However, in development environments this is 103 not always possible or convenient, so Terraform allows a hostname to end 104 with a port specification consisting of a colon followed by one or more 105 decimal digits. 106 107 When a custom port number is present, the service on that port is expected to 108 implement HTTPS and respond to the same fixed discovery path. 109 110 For day-to-day use it is strongly recommended _not_ to rely on this mechanism 111 and to instead provide the discovery document on the standard port, since this 112 allows use of the most user-friendly hostname form.