Skip to content

ADR 0004: Isolated Terraform State Storage

Status

Accepted

Context

When running Terraform apply on dynamic configurations, state files must be stored persistently. Because multiple users run dynamic Terraform configurations concurrently, we must isolate state files to prevent collisions and avoid exposing structural infrastructure layouts between users.

Decision

We delegate Terraform execution to a microservice (Terraform Service) and implement persistent state isolation. 1. The service stores state files on a persistent host mount volume. 2. State is partitioned by user ID and configuration name: /app/terraform_state/${userId}/${configName}/terraform.tfstate. 3. The service sanitizes incoming files by removing/rejecting user-defined provider "lxd", project, remote, and profiles properties, instead injecting forced platform values matching the user's project context.

Consequences

  • Pros: Safe execution via ephemeral temporary directory workspaces; state files are completely separated by tenant and configuration template; prevents malicious state modification.
  • Cons: Direct filesystem calls must be managed carefully to avoid directory traversal exploits.