Building Block init script (to import existing resources into Terraform state)
in progress
Thomas Abbe
As a Building Block developer, I want to execute tofu import statements in order to import existing resources into the terraform/tofu state. This action is needed, if I want to modify an existing building block or if I want to migrate an existing OSB to a building block representation.
Since the tofu workspace name is not known in advance, it is currently impossible to write a proper migration script.
One solution could be to pass an initialization script (with the tofu import statements) before executing tofu apply inside the building block Terraform runner.
J
Johannes Rudolph
Update: Pre-Run Script for OpenTofu Building Blocks Now Available
Pre-run script support is now live in meshStack v2026.10.0.
There is one
Known Issue
though, that we will patch in an upcoming release. The tofu/terraform binary is not directly available on the $PATH
in the script. Until we resolve this, please use the following workaround ```sh
TF_BINARY=$(find /tmp/runner/tfbin -type f -name "tofu" -o -name "terraform" | head -1)
if [ -z "$TF_BINARY" ]; then
echo "ERROR: Could not find tofu/terraform binary" >> "$MESHSTACK_USER_MESSAGE"
exit 1
fi
```
J
Johannes Rudolph
marked this post as
in progress
Update: Pre-Run Script Support for OpenTofu Building Blocks soon available
Our next release will include pre-run script support for OpenTofu Building Block Definition Versions in meshStack.
What will be available:
- Configure an optional shell script on your Building Block Definition Version via meshPanel or the meshObject API
- The script executes after tofu initand beforetofu apply, in the same working directory and environment (including all BB inputs)
- Use it to import existing resources into Terraform state, install dependencies (e.g. apk add awscli), or run pre-flight checks
- Script stdout/stderr is captured in the Building Block run logs
- The MESHSTACK_USER_MESSAGEenvironment variable lets you write custom user messages visible in the run log
- All your script's stdout and stderr is captured as system messages in the run log
- Script is limited to 16 KiB, you can put larger scripts into your git repo
We'd be very happy to hear from you how this feature helps solves your use cases and what other capabilities you'd like to see.
H
Henry Dettmer
Hi Thomas,
if you can derive the IDs of the resources you need to import at runtime this could be done with a static file input (e.g. imports.tf) using import blocks (https://developer.hashicorp.com/terraform/language/import).
Would that help in your case?
Thomas Abbe
Hi Henry Dettmer,
thank you, this might work for some cases. For some resources with derived names this might work, for other not since you have to do dynamic lookups. One example might be Azure RBAC Assignments where the name/id is not known in advance.