So from my basic reading I would assume terraform would fit under the existing category of " kubernetes tools requiring arbitrary authentication agents" from Process for reviewing classic confinement snaps and as such would be a candidate for being granted classic confinement.