feat: add backend state http (#509)

## Changes

- Added support for http backend state. For example to integrate with
GitLab Terraform state.
- Added missing token field to terraform_remote state

Author: demeyerthom

.changes/unreleased/Added-20250506-184108.yaml

@@ -0,0 +1,3 @@
+kind: Added
+body: Added support for `http` backend state
+time: 2025-05-06T18:41:08.657888+02:00

.changes/unreleased/Fixed-20250506-213035.yaml

@@ -0,0 +1,3 @@
+kind: Fixed
+body: Added missing token field to terraform_remote state
+time: 2025-05-06T21:30:35.199691+02:00

docs/src/reference/cli/mach-composer_cloud.md

@@ -27,7 +27,7 @@ mach-composer cloud [flags]
 * [mach-composer cloud add-organization-user](mach-composer_cloud_add-organization-user.md)	 - Invite a user to a specific organization
 * [mach-composer cloud config](mach-composer_cloud_config.md)	 - Configure mach composer cloud
 * [mach-composer cloud create-api-client](mach-composer_cloud_create-api-client.md)	 - Manage your components
-* [mach-composer cloud create-component](mach-composer_cloud_create-component.md)	 - Register a new component
+* [mach-composer cloud create-component](mach-composer_cloud_create-component.md)	 - Register a new component. If key is not provided it will be generated from the name
 * [mach-composer cloud create-organization](mach-composer_cloud_create-organization.md)	 - Create a new organization
 * [mach-composer cloud create-project](mach-composer_cloud_create-project.md)	 - Create a new Project
 * [mach-composer cloud describe-component-versions](mach-composer_cloud_describe-component-versions.md)	 - List all changes for a component version

docs/src/reference/cli/mach-composer_cloud_create-component.md

@@ -1,9 +1,9 @@
 ## mach-composer cloud create-component
 
-Register a new component
+Register a new component. If key is not provided it will be generated from the name
 
 ```
-mach-composer cloud create-component [name] [flags]
+mach-composer cloud create-component [name] [key] [flags]
 ```
 
 ### Options

docs/src/reference/syntax/global.md

@@ -42,22 +42,54 @@ and Terraform provider versions.
 
 ### Required
 
-- `plugin` (String) The plugin to use. One of `aws`, `gcp`, `azure` or `local`.
+- `plugin` (String) The plugin to use. One of `aws`, `azure`, `gcp`, `http`, `local` or `terraform_cloud`.
   This will determine what remote state backend configs will be available
 
 ### Dynamic
 
 Depending on the `plugin` value, the following blocks will be merged into
 the `remote_state` block:
 
-- `azure` (Block) [Azure](#nested-schema-for-azure) state configuration for
-  Azure backend
 - `aws` (Block) [AWS](#nested-schema-for-aws) state configuration for AWS
   backend
+- `azure` (Block) [Azure](#nested-schema-for-azure) state configuration for
+  Azure backend
 - `gcp` (Block) [GCP](#nested-schema-for-gcp) state configuration for GCP
   backend
+- `http` (Block) [HTTP](#nested-schema-for-http) state configuration for
+  HTTP backend
 - `local` (Block) [Local](#nested-schema-for-local) state configuration for
   local backend
+- `terraform_cloud` (Block) [Terraform Cloud](#nested-schema-for-terraform_cloud)
+  state configuration for Terraform Cloud backend
+
+## Nested schema for `aws`
+
+An AWS S3 state backend can be configured with the following options
+
+### Example
+
+```yaml
+remote_state:
+  plugin: aws
+  bucket: <your bucket>
+  region: <your region>
+  key_prefix: <your key prefix>
+  role_arn: <your role arn>
+```
+
+### Required
+
+- `bucket` (String) S3 bucket name
+- `region` (String) AWS region
+- `key_prefix` (String) Key prefix for each individual Terraform state
+
+### Optional
+
+- `role_arn` - Role ARN to access S3 bucket with
+- `lock_table` - DynamoDB lock table
+- `encrypt` - Enable server side encryption of the state file. Defaults
+  to `True`
 
 ## Nested schema for `azure`
 
@@ -89,55 +121,60 @@ as the environment
 - `state_folder` (String) Folder name for each individual Terraform state.
   If left empty the site identifier will be used
 
-## Nested schema for `aws`
+## Nested schema for `gcp`
 
-An AWS S3 state backend can be configured with the following options
+A GCP state backend can be configured with the following options
 
 ### Example
 
 ```yaml
 remote_state:
-  plugin: aws
+  plugin: gcp
   bucket: <your bucket>
-  region: <your region>
-  key_prefix: <your key prefix>
-  role_arn: <your role arn>
+  prefix: <your prefix>
 ```
 
 ### Required
 
-- `bucket` (String) S3 bucket name
-- `region` (String) AWS region
-- `key_prefix` (String) Key prefix for each individual Terraform state
-
-### Optional
-
-- `role_arn` - Role ARN to access S3 bucket with
-- `lock_table` - DynamoDB lock table
-- `encrypt` - Enable server side encryption of the state file. Defaults
-  to `True`
+- `bucket` (String) GCS bucket name
+- `prefix` (String) Prefix for each individual Terraform state
 
-## Nested schema for `gcp`
+## Nested schema for `http`
 
-A GCP state backend can be configured with the following options
+An HTTP state backend can be configured with the following options.
 
 ### Example
 
 ```yaml
 remote_state:
-  plugin: gcp
-  bucket: <your bucket>
-  prefix: <your prefix>
+  plugin: http
+  address: https://example.com/state
 ```
 
 ### Required
 
-- `bucket` (String) GCS bucket name
-- `prefix` (String) Prefix for each individual Terraform state
+- `address` (String) The address of the REST endpoint.
+
+### Optional
+
+- `update_method` (String) HTTP method to use when updating state. Defaults to `POST`.
+- `lock_address` (String) The address of the lock REST endpoint. Defaults to disabled.
+- `lock_method` (String) The HTTP method to use when locking. Defaults to `LOCK`.
+- `unlock_address` (String) The address of the unlock REST endpoint. Defaults to disabled.
+- `unlock_method` (String) The HTTP method to use when unlocking. Defaults to `UNLOCK`.
+- `username` (String) The username for HTTP basic authentication.
+- `password` (String) The password for HTTP basic authentication.
+- `skip_cert_verification` (Boolean) Whether to skip TLS verification. Defaults to `false`.
+- `retry_max` (Integer) The number of HTTP request retries. Defaults to `2`.
+- `retry_wait_min` (Integer) The minimum time in seconds to wait between HTTP request attempts. Defaults to `1`.
+- `retry_wait_max` (Integer) The maximum time in seconds to wait between HTTP request attempts. Defaults to `30`.
+- `client_certificate_pem` (String) A PEM-encoded certificate used by the server to verify the client during mutual TLS (mTLS) authentication.
+- `client_private_key_pem` (String) A PEM-encoded private key, required if `client_certificate_pem` is specified.
+- `client_ca_certificate_pem` (String) A PEM-encoded CA certificate chain used by the client to verify server certificates during TLS authentication.
 
 ## Nested schema for `local`
 
-A GCP state backend can be configured with the following options
+A local state backend can be configured with the following options
 
 ### Example
 
@@ -151,3 +188,27 @@ remote_state:
 
 - `path` (String) Local path to store state files. Defaults to
   `./terraform.tfstate`
+
+## Nested schema for `terraform_cloud`
+
+A Terraform Cloud state backend can be configured with the following options.
+
+### Example
+
+```yaml
+remote_state:
+  plugin: terraform_cloud
+  organization: <your organization>
+```
+
+### Required
+
+- `organization` (String) The name of the Terraform Cloud organization.
+
+### Optional
+
+- `hostname` (String) The hostname of the Terraform Cloud instance. Defaults to `app.terraform.io`.
+- `token` (String) The token used to authenticate with the Terraform Cloud backend. It is recommended to omit this field and use `terraform login` or configure credentials in the CLI config file instead.
+- `workspaces` (Block) Configuration for workspaces:
+  - `name` (String) The name of the workspace.
+  - `prefix` (String) A prefix for dynamically created workspaces.

internal/config/schemas/schema-1.yaml

@@ -112,10 +112,11 @@ definitions:
                 type: string
                 enum:
                   - aws
-                  - gcp
                   - azure
-                  - terraform_cloud
+                  - gcp
+                  - http
                   - local
+                  - terraform_cloud
           - $ref: "#/definitions/RemoteState"
 
   RemoteState:

internal/state/http.go

@@ -0,0 +1,120 @@
+package state
+
+import (
+	"github.com/mach-composer/mach-composer-cli/internal/utils"
+)
+
+// HttpState HTTP backend configuration.
+type HttpState struct {
+	Address                string `mapstructure:"address"`
+	UpdateMethod           string `mapstructure:"update_method"`
+	LockAddress            string `mapstructure:"lock_address"`
+	LockMethod             string `mapstructure:"lock_method"`
+	UnlockAddress          string `mapstructure:"unlock_address"`
+	UnlockMethod           string `mapstructure:"unlock_method"`
+	Username               string `mapstructure:"username"`
+	Password               string `mapstructure:"password"`
+	SkipCertVerification   bool   `mapstructure:"skip_cert_verification" default:"false"`
+	RetryMax               int    `mapstructure:"retry_max"`
+	RetryWaitMin           int    `mapstructure:"retry_wait_min"`
+	RetryWaitMax           int    `mapstructure:"retry_wait_max"`
+	ClientCertificatePEM   string `mapstructure:"client_certificate_pem"`
+	ClientPrivateKeyPEM    string `mapstructure:"client_private_key_pem"`
+	ClientCACertificatePEM string `mapstructure:"client_ca_certificate_pem"`
+}
+
+type HttpRenderer struct {
+	BaseRenderer
+	state *HttpState
+}
+
+func (hr *HttpRenderer) Backend() (string, error) {
+	templateContext := struct {
+		State      *HttpState
+		Identifier string
+	}{
+		State:      hr.state,
+		Identifier: hr.identifier,
+	}
+
+	tpl := `
+	backend "http" {
+		address               = "{{ .State.Address }}"
+		{{- if .State.UpdateMethod }}
+		update_method         = "{{ .State.UpdateMethod }}"
+		{{- end }}
+		{{- if .State.LockAddress }}
+		lock_address          = "{{ .State.LockAddress }}"
+		{{- end }}
+		{{- if .State.LockMethod }}
+		lock_method           = "{{ .State.LockMethod }}"
+		{{- end }}
+		{{- if .State.UnlockAddress }}
+		unlock_address        = "{{ .State.UnlockAddress }}"
+		{{- end }}
+		{{- if .State.UnlockMethod }}
+		unlock_method         = "{{ .State.UnlockMethod }}"
+		{{- end }}
+		{{- if .State.Username }}
+		username              = "{{ .State.Username }}"
+		{{- end }}
+		{{- if .State.Password }}
+		password              = "{{ .State.Password }}"
+		{{- end }}
+		{{- if .State.SkipCertVerification }}
+		skip_cert_verification = {{ .State.SkipCertVerification }}
+		{{- end }}
+		{{- if gt .State.RetryMax 0 }}
+		retry_max             = {{ .State.RetryMax }}
+		{{- end }}
+		{{- if gt .State.RetryWaitMin 0 }}
+		retry_wait_min        = {{ .State.RetryWaitMin }}
+		{{- end }}
+		{{- if gt .State.RetryWaitMax 0 }}
+		retry_wait_max        = {{ .State.RetryWaitMax }}
+		{{- end }}
+		{{- if .State.ClientCertificatePEM }}
+		client_certificate_pem = <<EOT
+{{ .State.ClientCertificatePEM }}
+EOT
+		{{- end }}
+		{{- if .State.ClientPrivateKeyPEM }}
+		client_private_key_pem = <<EOT
+{{ .State.ClientPrivateKeyPEM }}
+EOT
+		{{- end }}
+		{{- if .State.ClientCACertificatePEM }}
+		client_ca_certificate_pem = <<EOT
+{{ .State.ClientCACertificatePEM }}
+EOT
+		{{- end }}
+	}
+	`
+	return utils.RenderGoTemplate(tpl, templateContext)
+}
+
+func (hr *HttpRenderer) RemoteState() (string, error) {
+	templateContext := struct {
+		State      *HttpState
+		Identifier string
+		Key        string
+	}{
+		State:      hr.state,
+		Identifier: hr.identifier,
+		Key:        hr.stateKey,
+	}
+
+	tpl := `
+	data "terraform_remote_state" "{{ .Key }}" {
+		backend = "http"
+
+		config = {
+			address               = "{{ .State.Address }}"
+			{{- if .State.UpdateMethod }}
+			update_method         = "{{ .State.UpdateMethod }}"
+			{{- end }}
+		}
+	}
+	`
+	return utils.RenderGoTemplate(tpl, templateContext)
+}