TFO
The Terraform Orchestrator (TFO) is a custom tool that wraps all Terraform operations within the infrahive codebase. It addresses three challenges of using Terraform for local development within an IaC codebase:
- Accidental resource destruction — without
guardrails, a developer could
terraform applyagainst production - Non-deterministic plans — different developers have different IAM permissions on their personal GCP accounts, leading to “works on my machine” failures
- Unergonomic development loop — manually running
terraform init, managing tokens, remembering flags, and navigating directories is tedious and error-prone
TFO solves all three through service account impersonation, environment-level safety guards, automatic initialization, and recursive module traversal
- Impersonation explains how all Terraform operations route through a shared service account so every developer gets identical IAM permissions
- Modes documents how the orchestrator adapts its behavior based on where it runs: developer workstations, CI pipelines, or Cloud Build deployments
- Ergonomics documents the safety mechanisms and ergonomic defaults that make infrastructure changes safe and effortless