Hello there, and thank you for interviewing with Scalr! We are excited to have you here. With this take-home assignment, we aim to understand how comfortable it will be to collaborate with you and what development practices you apply. We also hope you'll enjoy the process and find it rewarding!

This repository includes a minimal main.tf file that references a custom OpeTofu HTTP backend. Your job is to build that HTTP backend and demonstrate how it integrates with Terraform/OpenTofu. The backend should:

• Store and retrieve Terraform/OpenTofu state
• Lock and unlock state files to prevent conflicts and overwrites.
• Provide versioning and metadata storage in the relational database.
• Store the actual state file in secure cloud storage (S3, GCS, Azure Blob, Vault, MinIO, etc.).

• Implement an HTTP backend that complies with OpenTofu specification
• The api endpoints must be asynchronous
• On create sate we must log the sha256 hash of the state file

• Implement state file locking and unlocking to prevent concurrent changes.
• Return an appropriate HTTP error (e.g., 409 Conflict) if someone tries to lock a state file that is already locked.

• Store the actual state file in secure cloud storage (AWS S3, Google Cloud Storage, Azure Blob, Vault, or minio for local development or no access to clouds).
• You only need to implement one storage option fully, but your code should be extensible so additional storage backends could be added easily.

• Add a simple authentication mechanism (token or Basic Auth) if you have time.

• Proper error handling
• Logging: provide logs for key events

• Rollback: Ability to revert to a previous state version. (Is not a part of http backend)
• Force Unlock: Add possibility force unlock the state, even if the lock ID doesn’t match.
• Tests and Documentation: Include unit or integration tests, plus a concise README in your repo.

• Python 3.12+
• OpenTofu or Terraform installed
• Note: You can use any storage, API framework, or database you are comfortable with.

cd example/usage

terraform {
  backend "http" {
    address        = "http://localhost:8080/state_identifier"
    lock_address   = "http://localhost:8080/state_identifier/lock"
    unlock_address = "http://localhost:8080/state_identifier/unlock"
    # Optional: (Authentication token if implemented or any other required headers)
  }
}

tofu init
tofu plan
tofu apply

After successful apply, you should have the state file in the storage you have implemented.

cd ../data_source

tofu init
tofu plan
tofu apply

You should see the output of the previous apply command in the resource output.

• Compliance: Acceptance criteria are met.
• Code Quality:
  • Readability, maintainability, extensibility, and clarity of design.
  • Proper error handling and logging.
• Security: Basic security practices are followed.
• Documentation: Will be a plus.
• Testing: (Optional) Unit tests, integration tests, or any other testing strategy you have used. Will be a plus.

If you have any questions, feel free to reach out!