CICI/CD News
Infrastructure as code

Terraform + Ansible collection 2.0 closes the brittle Day-0/Day-1 seam

June 17, 2026terraformansibleiachashicorppython-sdkautomation
Priya Nair · Developer-experience advocateTerraform + Ansible collection 2.0 closes the brittle Day-0/Day-1 seam

The first time I wrote a Python script to slurp Terraform outputs into an Ansible inventory file, I told myself it was temporary. Three jobs later that script was still in the pipeline, still failing in a new way every other quarter, and still the most-blamed file in our retro template. So when HashiCorp posted this week that the Ansible collection had hit 2.0 on a freshly-GA Python SDK — and shipped a dynamic-inventory plugin that talks to Terraform state directly — I read the post twice.

This is the kind of release that does not look like much in the headline. It looks like a lot once you remember how much time you have lost to that one Python script.

The pieces that landed

There are four moving parts in the announcement, and they fit together.

Terraform Ansible collection 2.0 is the new line of the official collection, now powered by pyTFE under the hood. pyTFE 1.0 is the official Python SDK for HCP Terraform and Terraform Enterprise, and this is its general-availability mark. tfc_inv.py is an experimental dynamic-inventory plugin shipped inside the 2.0 collection; per HashiCorp it pulls the latest Terraform state version straight from HCP Terraform via pyTFE and turns the managed resources into an Ansible inventory. And on the HCP Terraform side, actions now have a dedicated page — one place to discover them, invoke them, and look back at past invocations — plus a way to be lifecycle-triggered from Terraform Stacks, so a stack event can fan out to operational work without a separate orchestrator stitched in by hand.

That is the official picture. The interesting one is what it removes.

Why the Day-0 / Day-1 seam matters

Most pipelines I have worked on have a clean Terraform stage and a clean Ansible stage, and a small, ugly piece of glue between them. Terraform brings the box into existence; Ansible decides what is on the box. Somewhere in between, a hand-rolled script reads Terraform output, fishes out IPs and tags, and renders an inventory file. It is the seam where most flaky pipelines live.

The reason: that seam is stateful, network-dependent, and almost always written by whoever was on rotation the week the team adopted Ansible. It drifts. It misses a new resource. It pretends a destroyed instance is still there. When it breaks on a Monday morning, no one wants to own it.

A supported SDK changes the politics of that seam more than it changes the code. pyTFE is now the thing you reach for instead of raw HTTP calls plus a wrapper around the API. The dynamic-inventory plugin is HashiCorp committing to that integration as a product surface rather than a community sample. The 2.0 stamp on the collection reflects it: this is the year your Day-0 and Day-1 stages start talking to each other through documented contracts.

Wiring it into a pipeline

You will not write much YAML to adopt this. The shape of a CI step that needs an inventory now looks roughly like:

# Illustrative — exact keys and env var names per HashiCorp's docs.
- name: Build inventory from Terraform state
  inventory_plugin: tfc_inv          # the new experimental plugin
  workspace: <workspace-name>
  organization: <hcp-terraform-org>
  token_env: <api-token-env-var>

The plugin config names the workspace; pyTFE handles the API calls; the inventory is built fresh on every run. No script, no cached JSON, no third-party module to keep current. Treat the snippet above as a sketch — the release notes are the source of truth for the actual schema.

For teams already on Terraform Stacks, the lifecycle-triggered actions are the other half. Instead of a separate CI job listening for a Stacks event, the stack itself can fire an action when a lifecycle stage completes — exactly the place you would slot in a configuration playbook today.

The rough edges

Two things worth saying out loud.

First: the dynamic-inventory plugin is experimental. Calling it experimental in a 2.0 release is a fair flag, but it is also a flag. If your inventory is on the hot path of a production deploy, run it side-by-side with whatever you have now for a sprint before you cut over. Experimental in this vocabulary tends to mean stable enough to use, with the shape of the interface still open to change.

Second: a centralized actions page is wonderful until it becomes the only place the actions live. Treat the UI as a view onto configuration you keep in version control, not a place to author. The day an auditor asks who invoked what and why, you will be grateful you have the YAML.

On my watchlist

I want to see how teams that already maintain their own Terraform-to-Ansible glue handle the migration. The gain is real — fewer scripts to babysit, a supported SDK to point at when a new joiner asks how the seam works — but pipelines are sticky, and experimental plugins tend to take a release or two to settle. If you adopt one piece from the announcement this month, make it pyTFE: an official Python SDK is the part that pays off even if you never touch the inventory plugin, because every brittle bespoke wrapper around the Terraform API now has an obvious thing to be replaced by.

Source: HashiCorp Blog (hashicorp.com)

Turn this into your pipeline. Build it on Buddy.

Start free