transcend-io / terragrunt-atlantis-config Goto Github PK
View Code? Open in Web Editor NEWGenerate Atlantis config for Terragrunt projects.
Home Page: https://transcend.io/blog/why-we-use-terragrunt
License: MIT License
Generate Atlantis config for Terragrunt projects.
Home Page: https://transcend.io/blog/why-we-use-terragrunt
License: MIT License
Referenced in #39 would be great to have the locals atlantis_workflow
value sourced in from files other than the child terragrunt.hcl files. ie from account.hcl
.
Since there hasn't been any direct support for multiple accounts in the same repo and multiple atlantis servers, using distinct workflow names is the way to go (currently). Until they allow multiple atlantis.yaml configs or ability to override default atlantis filename, this proposal is the way to get it working (for me at least).
We have some projects which have terragrunt dependencies with other projects. As we are using the new parallel plan feature of atlantis and the terragrunt-atlantis-config ability to generate a different workspace name for every individual project, this causes an issue when these projects try and run at the same time.
So is it possible to specify certain projects to use the same workspace via a local? And frankly does atlantis even work with this scenario? or does the parallel functionality expect all projects to have a unique workspace name?
Thanks
I'm having some trouble getting some terragrunt-specific info about this issue and hoping there's some good input here. I set up atlantis with a repo.yaml on the server so I can use this project to auto-generate the atlantis.yaml file in my repo for me. I've tried editing one module (part of the same monorepo as the terragrunt.hcl files), or even just adjusting the terragrunt.hcl (non-parent) of an individual deployment. I keep encountering this comment:
the default workspace is currently locked by another command that is running for this pull requestβwait until the previous command is complete and try again
Is there something in the atlantis.yaml I'm missing? Trying to keep it simple. I mean I could ignore that error, just not the greatest user experience. I've already checked and doesn't seem like I'm getting double webhooks or anything like that.
Original mention came from #59
Hi there,
First things first thank you so much for creating this tool! Even for our small repos this is such a huge quality-of-life improvement π€©
Alrighty, so, how do I propose a new Homebrew release? I looked around this repo and transcend-io/homebrew-tap but I couldn't quite figure out how builds happen π€
Thanks!
Running terragrunt-atlantis-config on a file that has a before_hook
or an after_hook
that contains a reference to a terragrunt dependency fails with error message: Unknown variable; There is no variable named "dependency".
.
$ terragrunt-atlantis-config version
terragrunt-atlantis-config '1.6.0'
running with:
$ terragrunt-atlantis-config generate --create-workspace --create-project-name --output "atlantis.yaml" --parallel --autoplan
Example file and error:
terraform {
source = "{my_module_path}"
before_hook "before_hook" {
commands = ["apply"]
execute = [
"packer",
"build",
"-var", "assumed_role=${local.account_vars.locals.iam_role}",
"-var", "vpc_id=${dependency.vpc.outputs.vpc_id}",
"image/main.pkr.hcl",
]
}
}
locals {
account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
}
dependency "vpc" {
config_path = "../../vpc/vpc-shared"
}
include {
path = find_in_parent_folders()
}
inputs = {
{various_inputs_for_my_module}
}
terragrunt.hcl:9,25-35: Unknown variable; There is no variable named "dependency".
FAIL: 1
Other info:
Local terragrunt version: v0.28.18
Local terraform version: v0.14.9
Similar to #102
fyi @jeromepin @dmattia
Hi there! I found a fun issue when read_terragrunt_config()
reads an hcl file with dependency
blocks.. It will try to evaluate them as if we're doing a full-fledged terragrunt
run
....
time="2020-08-25T23:18:58Z" level=info msg="Created project for /workspace/provisioning/live/aws/ACCOUNT/rds/INSTANCE_NAME/terragrunt.hcl"
time="2020-08-25T23:18:58Z" level=info msg="Created project for /workspace/provisioning/live/aws/ACCOUNT/route53/HOSTNAME/terragrunt.hcl"
time="2020-08-25T23:18:58Z" level=info msg="Created project for /workspace/provisioning/live/aws/ACCOUNT/vpc/terragrunt.hcl"
[terragrunt] [/workspace/provisioning/live/aws/ACCOUNT/elasticsearch/DOMAIN_NAME] 2020/08/25 23:18:58 Running command: terraform --version
Error: Error in function call
on /workspace/provisioning/live/elasticsearch/ENV/DOMAIN_NAME/dashboard/DASHBOARD_NAME/terragrunt.hcl line 15, in locals:
15: provider_hcl = read_terragrunt_config(find_in_parent_folders("provider.hcl"))
Call to function "read_terragrunt_config" failed: exec: "terraform": executable
file not found in $PATH.
[terragrunt] 2020/08/25 23:18:58 Encountered error while evaluating locals.
provider.hcl
locals {
env = "dev"
}
# get detailed info on this elasticsearch domain
dependency elasticsearch_domain {
config_path = "../../../aws/ACCOUNT/elasticsearch/DOMAIN_NAME"
}
# define our provider config generation
generate provider {
path = "elasticsearch-provider-${sha1(get_terragrunt_dir())}.tf"
if_exists = "overwrite_terragrunt"
contents = <<-EOF
provider elasticsearch {
url = "https://${dependency.elasticsearch_domain.outputs.domain.endpoint}"
insecure = true
sign_aws_requests = false
}
EOF
}
read_terragrunt_config()
on this fileterragrunt.hcl
locals {
# pull in repo-specific customizations
repo_hcl = read_terragrunt_config(find_in_parent_folders("repo.hcl"))
# pull in provider config
provider_hcl = read_terragrunt_config(find_in_parent_folders("provider.hcl"))
}
terragrunt-atlantis-config
with your favorite argumentsWith the recently release version 1.6.0 of this project, our whole atlantis.yaml
would be re-ordered, resulting in a huge diff without any actual changes. Is this intended?
This happened today and a few days ago as well:
Running:
brew install transcend-io/tap/terragrunt-atlantis-config
Gives:
==> Installing terragrunt-atlantis-config from transcend-io/tap ==> Downloading https://homebrew.transcend.io/terragrunt-atlantis-config/0.9.7/terragrunt-atlantis-config_0.9.7_darwin_amd64.zip ######################################################################## 100.0% Error: SHA256 mismatch Expected: 967761ddc1516baf0d308708d25c57b7e7743e5e1c160c5abd92abe03427bda3 Actual: 3a8a0edefb7ea553ad2ecc1a199a1b875be8027f928c23f822ed82ce970a9a4d
Also when I install the recommended way (cd && GO111MODULE=on go get github.com/transcend-io/[email protected] && cd -
) the package is installed (I can find it under GOPATH) but I cannot run the command terragrunt-atlantis-config
so I guess the command need to be made accesible or built or something.. so some more instructions/tips in README would be nice as well =)
The example on the repos section is incorrect in the readme, the value of repos
should be a list.
Not a big deal, but can be misleading.
The highlighting in the packer section is also wrong (go
instead of hcl
).
Hello !
We are currently using terragrunt-atlantis-config to generate configurations for a large number of projects ( terragrunt dir's ) in our company. It seems that everything works for multiple projects but we have a strange problem with a simple use case. Updating terragrunt.hcl file in one module causes auto-plan for 44 modules, which is not the expected result.
Details :
Terragrunt version : v0.26.4
Terraform version : v0.13.3
terragrunt-atlantis-config version : 0.10.1
Command used to generate atlantis.yaml
terragrunt-atlantis-config generate --output ./atlantis.yaml --autoplan --ignore-parent-terragrunt --parallel=false
Bitbucket Cloud PR
1x file updated ( new SA added to input block ) : platform/dev/prj/service_accounts/terragrunt.hcl
# Pull in the backend and provider configurations from a root terragrunt.hcl file that you include in each child terragrunt.hcl:
include {
path = find_in_parent_folders()
}
# Set the source to an immutable released version of the infrastructure module being deployed:
terraform {
source = "github.com/terraform-google-modules/terraform-google-service-accounts?ref=v3.0.0"
}
locals {
atlantis_workflow = "terragrunt-dev"
}
dependency "project" {
config_path = "${get_terragrunt_dir()}/../global/project"
}
# Configure input values for the specific environment being deployed:
inputs = {
project_id = dependency.project.outputs.project_id
names = [βNAME_1β,
βNAME_2β,
βNAME_3β < β added in current PR
]
}
Part of the atlantis.yaml configuration responsible for the auto plan for this folder
automerge: false
parallel_apply: false
parallel_plan: false
projects:
***
- autoplan:
enabled: true
when_modified:
- '*.hcl'
- '*.tf*'
- ../global/project/terragrunt.hcl
- ../../../common.tfvars
dir: platform/dev/prj/service_accounts
***
version: 3
workflows:
terragrunt-dev:
***
Info from Atlantis pod :
Successfully parsed atlantis.yaml file
44 projects are to be planned based on their when_modified config
Results
Auto plan for hcl files that are not directly related to the modification in PR
Expected Results
Auto plan for changed file in PR + file from dependencies block ( ../global/project/terragrunt.hcl ) and terraform block ( ../../../common.tfvars). I can see plan execution for folders that are completely unrelated to the current PR changes
Thanks for any suggestions/ideas
Hello!
I have the following live's repo structure:
βββ PROJECT_NAME
βββ account.hcl
βββ terragrunt.hcl
βββ us-west-1
β βββ region.hcl
β βββ infra
β β βββ env.hcl
β β βββ apps-module
β β βββ network-module
β βββ stage
β βββ env.hcl
β βββ apps-module
β βββ network-module
βββ global
βββ env.hcl
βββ region.hcl
βββ global-module-0
βββ global-module-
Then I try to generate atlantis config:
cd PROJECT_NAME && terragrunt-atlantis-config generate --output atlantis.yaml --autoplan --parallel
But the file just contains:
automerge: false
parallel_apply: true
parallel_plan: true
version: 3
What am I doing wrong?
Had a use case recently where it would be nice to trigger planning based off of *.pkr.hcl files in a given directory. But there is not currently a --when-modified *.pkr.hcl type flag to define custom when_modified rules. Would be nice to generate these with terragrunt-atlantis-config and pre workflow hooks.
In most cases it seems like you would want to have this flag set to true as otherwise you will receive an error if you are basing your terragrunt design on the terragrunt infrastructure examples:
https://github.com/gruntwork-io/terragrunt-infrastructure-live-example
The documentation included suggests as much in the argument reference. However since it's not turned on by default less observant people (like me) might struggle for a while before figuring out what they need to change :).
I'd recommend having it on by default and maybe making a note of it in the usage section.
Exact same thing as #83
brew install transcend-io/tap/terragrunt-atlantis-config ==> Installing terragrunt-atlantis-config from transcend-io/tap ==> Downloading https://homebrew.transcend.io/terragrunt-atlantis-config/0.10.1/terragrunt-atlantis-config_0.1 ######################################################################## 100.0% Error: SHA256 mismatch Expected: 88826204f7f2cda46bc27c8216d5b3210d061dd8d1d6cdb7ceca90af7bced6b6 Actual: f93257f9ec4323bac26d34c367336583ba11096dabb3636bd50393f0ed16ac9c
When I run generate I get an error on an include within the parent terragrunt.hcl file. The structure of my project is very close to https://github.com/gruntwork-io/terragrunt-infrastructure-live-example, the model Terragrunt itself recommends.
The top-level terragrunt.hcl file contains lines like these:
account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
backend_vars = read_terragrunt_config(find_in_parent_folders("backend.hcl"))
The files referenced there, like account.hcl or region.hcl, are in lower-level directories than the top-level terragrunt.hcl. However, the top-level terragrunt.hcl is never used directly. It is included by lower-level terragrunt.hcl files, relative to which account.hcl or region.hcl are in a parent directory.
Here's the structure (omitting some directories for clarity):
.
βββ backend.hcl
βββ production
βΒ Β βββ account.hcl
βΒ Β βββ env.hcl
βΒ Β βββ us-east-2
βΒ Β βββ ecr
βΒ Β βΒ Β βββ ecr.tf
βΒ Β βΒ Β βββ terragrunt.hcl
βΒ Β βββ eks
βΒ Β βΒ Β βββ terragrunt.hcl
βΒ Β βββ region.hcl
βΒ Β βββ route53
βΒ Β βΒ Β βββ terragrunt.hcl
βΒ Β βββ vpc
βΒ Β βββ terragrunt.hcl
βΒ Β βββ vpc.tf
βββ staging
βΒ Β βββ account.hcl
βΒ Β βββ env.hcl
βΒ Β βββ us-east-2
βΒ Β βββ ecr
βΒ Β βΒ Β βββ ecr.tf
βΒ Β βΒ Β βββ terragrunt.hcl
βΒ Β βββ eks
βΒ Β βΒ Β βββ terragrunt.hcl
βΒ Β βββ keys
βΒ Β βΒ Β βββ terragrunt.hcl
βΒ Β βββ region.hcl
βΒ Β βββ route53
βΒ Β βΒ Β βββ terragrunt.hcl
βΒ Β βββ vpc
βΒ Β βββ terragrunt.hcl
βββ terragrunt.hcl
And the error I get:
β― terragrunt-atlantis-config generate --ignore-parent-terragrunt
Error: Error in function call
on /Users/gmaghera/Workspaces/dc-terraform/terragrunt.hcl line 6, in locals:
6: backend_vars = read_terragrunt_config(find_in_parent_folders("backend.hcl"))
Call to function "find_in_parent_folders" failed: ParentFileNotFound: Could not find a backend.hcl in any of the parent folders of
/Users/gmaghera/Workspaces/dc-terraform/terragrunt.hcl. Cause: Traversed all the way to the root..
[terragrunt] 2020/07/07 13:34:50 Encountered error while evaluating locals.
Error: /Users/gmaghera/Workspaces/dc-terraform/terragrunt.hcl:6,45-68: Error in function call; Call to function "find_in_parent_folders" failed: ParentFileNotFound: Could not find a backend.hcl in any of the parent folders of /Users/gmaghera/Workspaces/dc-terraform/terragrunt.hcl. Cause: Traversed all the way to the root..
Usage:
terragrunt-atlantis-config generate [flags]
Flags:
--autoplan Enable auto plan. Default is disabled
-h, --help help for generate
--ignore-parent-terragrunt Ignore parent terragrunt configs (those which don't reference a terraform module). Default is disabled
--output string Path of the file where configuration will be generated. Default is not to write to file
--root string Path to the root directory of the github repo you want to build config for. Default is current dir (default "/Users/gmaghera/Workspaces/dc-terraform")
--workflow string Name of the workflow to be customized in the atlantis server. Default is to not set
/Users/gmaghera/Workspaces/dc-terraform/terragrunt.hcl:6,45-68: Error in function call; Call to function "find_in_parent_folders" failed: ParentFileNotFound: Could not find a backend.hcl in any of the parent folders of /Users/gmaghera/Workspaces/dc-terraform/terragrunt.hcl. Cause: Traversed all the way to the root..
Hello!
Not 100% this is the right forum, but we leverage GitLab CICD flows and I wanted to present the changes to the infrastructure in a more concise and colored manner to my devs.
I noticed that many custom flows, including the official in the atlantis
docs, point out to use the `no-color- flag of Terragrunt. Do you know if there's any workaround to add this coloured output as part of an Atlantis execution?
Cheers!
There are no binary builds for release v1.2.1. Only source code is available in the "Assets" section.
This seems to be a Windows only issue, as running it on a Linux machine it works as expected.. :(
When running this tool on our existing atlantis terragrunt setup, it's producing a config file with full, hardcoded paths to each project, rather than the expected relative path to the repo from the root. I'm guessing this is possibly a \ vs / chomping issue so hoping for it to be an easy fix! :)
At a project level it's possible to set "apply_requirements" :https://www.runatlantis.io/docs/repo-level-atlantis-yaml.html#reference with values apply and/or mergeable
It would be good to be able to set this configuration item for all the projects (similar to workflow) or using locals (similar to workflow)
I run below command
terragrunt-atlantis-config generate --workflow terragrunt --ignore-parent-terragrunt --autoplan --output atlantis.yaml
it generates atlantis.yaml as below
automerge: false
parallel_apply: true
parallel_plan: true
projects:
- autoplan:
enabled: true
when_modified:
- '*.hcl'
- '*.tf*'
- ../../../../../modules/iam/group_policy/*.tf*
dir: aws/env/dev/iam/groups/team-everyone
workflow: terragrunt
- autoplan:
enabled: true
when_modified:
- '*.hcl'
- '*.tf*'
- ../../../../../modules/iam/group_policy/*.tf*
dir: aws/env/dev/iam/groups/team-xxx
workflow: terragrunt
what i need is to add "values.yaml" to be in when_modified to be, like below
automerge: false
parallel_apply: true
parallel_plan: true
projects:
- autoplan:
enabled: true
when_modified:
- '*.hcl'
- '*.tf*'
- 'values.yaml'
- ../../../../../modules/iam/group_policy/*.tf*
dir: aws/env/dev/iam/groups/team-everyone
workflow: terragrunt
- autoplan:
enabled: true
when_modified:
- '*.hcl'
- '*.tf*'
- 'values.yaml'
- ../../../../../modules/iam/group_policy/*.tf*
dir: aws/env/dev/iam/groups/team-xxx
workflow: terragrunt
any way i can achieve this ?
Since version 1.4.1, we got issues using terragrunt-atlantis-config_x_linux_amd64
inside our Alpine Docker image.
Seems like since that version the Linux binary is being compiled dynamically linked. See:
/usr/local/bin # file *
terragrunt-atlantis-config-1.3.0: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, Go BuildID=1Kv7ey1oqKpXZHJcoNv0/2Lo2AweyboperOEcBilx/2DuoU8kjynwmaw3wIKHK/8hSGsE-zhx2HOIfqVImb, not stripped
terragrunt-atlantis-config-1.3.1: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, Go BuildID=KkttTTAG-Qq5nHCoAk9R/q8f0wS2q0kRrwYPpdBoP/QqxdCPV9x_FsPG9cdmP_/p8GlrfFivSDWK2QMW-96, not stripped
terragrunt-atlantis-config-1.4.1: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, Go BuildID=7EL3iPQXP4fCVdoenZYY/2GjvWCEb3f3_v_C09Tv9/CAJ2SWTEjAu_pe4NCLVc/4y26e-1R_sjIUBXB2jGx, not stripped
terragrunt-atlantis-config-1.5.0: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, Go BuildID=xyCzyBKzEFa19hA3Nd9-/NsmhvR_Blf3_ED2dAEHL/UEMb8F9Pn7TJW158xcOZ/EJHSz80q4hBUv2mbXBb6, not stripped
Hi,
I would like to know if it's possible to generate config based on 2x workflows for a specific folder's. Let's say I have two workflows: dev/prod. I would like to assign dev workflow for all subfolders in folder DEV and prod workflow for all subfolders in folder PROD. It would be really useful option for more complex layout in git repo.
Thanks
MJ
We are using a rather large and complex terragrunt repository with several arbitrary hcl files in the hierarchy (i.e. region.hcl, env.hcl, product.hcl, service.hcl, etc.) above the child terragrunt.hcl directories. Using Atlantis and terragrunt-atlantis-config right now would require us to manually "atlantis plan/apply" each terragrunt child in the order of the dependency graph, since Atlantis can't resolve project dependencies (e.g. runatlantis/atlantis#391, runatlantis/atlantis#972), and terragrunt-atlantis-config defines each terragrunt child as it's own project.
Since most of our regularly changing dependencies are inside of the product or service hierarchy, we would like to generate an atlantis.yaml on the directories containing those hcl files, and using "terragrunt run-all plan/apply" in the Atlantis workflow for all sub-directories to ensure all childs are applied in order with the refreshed outputs of their dependencies.
"External" Terragrunt dependencies outside of the directories with the specified hcl files should be aggregated for all terragrunt childs in their respective sub-folders, and be exposed for Atlantis in when_modified. Specifying multiple hcl files to generate Atlantis directories would give some flexibility what modules to deploy according to the scope of the pull-request.
This should significantly reduce manual footwork and ordering errors in large pull-requests, e.g. for updating terraform or terraform providers, large staging->prod promotions, and new products/tenants.
This would result in just using "atlantis plan -p account_env_region_product" instead of planning and applying each of the product's 107 terragrunt childs. As far as I can tell this should be already possible with "atlantis plan -d account/env/region/product", but the auto-plan would still use the terragrunt child modules and not the whole product or service, or whatever floats your boat.
(Disclaimer: Our terragrunt project is pretty fresh, maybe I'm missing some critical points in the terraform/terragrunt/atlantis/terragrunt-atlantis-config ecosystem with this feature request ;-))
I have a multi account setup, running the tool from the root of my repo. When my creds line up with acccountA and there are calls/references to sops_decrypt_file
it works but when it starts processing AccountB/
my credentials are still pointed to accountA
. If the function were ignored I could generate configs from the root without the terragrunt library trying to get the kms key from aws. Is there any way to ignore specific functions?
terragrunt-atlantis-config generate --autoplan --parallel --create-project-name --ignore-parent-terragrunt --create-workspace --output ./atlantis.yaml
.
βββ accountA/
βββ accountB/
βββ atlantis.yaml
βββ terragrunt.hcl
$> cat accountA/somedir/terragrunt.hcl
locals {
secrets = jsondecode(sops_decrypt_file(find_in_parent_folders("blar.json")))
}
Error:
[terragrunt] Encountered error while evaluating locals.
Error: /accountB/somedir/terragrunt.hcl:5,38-56: Error in function call; Call to function "sops_decrypt_file" failed: Error getting data key: 0 successful groups required, got 0.
if atlantis.yaml exists and includes custom workflows those should be persisted in the output
Until 0.23.32, a bug in terragrunt prevent the use of dependency
in Terragrunt's hooks.
That way, when parsing a terragrunt.hcl file with terragrunt-atlantis-config
it fails with Unknown variable; There is no variable named "dependency".
.
A sample terragrunt.hcl may be :
dependency "kubernetes" {
config_path = "${get_parent_terragrunt_dir()}/kubernetes"
}
terraform {
before_hook "local-admin" {
commands = ["plan", "apply"]
execute = ["az", "aks", "get-credentials", dependency.kubernetes.outputs.foo, REDACTED]
}
source = "${local.git_root}/modules/terragrunt/aks"
}
Can you consider to update its version to at least 0.23.32 ?
Thanks a lot ! π
I want to set apply_requirements: []
in atlantis.yaml
for some of my projects (overriding default server-side config). I've tried setting the following in terragrunt.hcl
.
locals {
atlantis_apply_requirements = []
}
However, terragrunt-atlantis-config
does not generate any apply_requirements
in this case. Is it possible with the newest terragrunt-atlantis-config?
Hi there!
I was looking at using this to generate a config YAML that describes all of the relationships in my mono repo so that when a particular file changes, we can easily reason about which projects need to be re-built.
When I ran this against my test repo, I noticed that the certain files are left out of the generated YAML. For example, if my non-parent terragrunt.hcl contains this block:
locals {
account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
}
The generated YAML doesn't seem to understand that these files exist and could be a dependency.
My question is - is that an expected behavior? Or perhaps could this be a feature that can be added to increase the scope of files it can detect and produce valid project YAML? I'd be happy to dive into the terragrunt parse code and see about adding something like this.
Similar to #53 - I have many projects which use the same workflow, but I wish to disable autoplan
on some of them.
It would be super useful if I could set a local variable called atlantis_autoplan
to true
or false
in my projects terragrunt.hcl
file.
In general, it would be great if any flag could be set by a local atlantis_${flag}
var.
Hi,
Thanks for this tool, it looks like it may solve a few workflow issues we're having.
We're using local Terraform modules in the same repository as our Terragrunt configuration, and with this setup, it seems to me that terragrunt-atlantis-config may not include enough entries in its dependencies.
Consider the following structure:
βββ live
βΒ Β βββ child
βΒ Β βΒ Β βββ terragrunt.hcl
βΒ Β βββ parent
βΒ Β βββ terragrunt.hcl
βββ modules
βββ child
βΒ Β βββ main.tf
βββ parent
βββ main.tf
with the following contents
# live/child/terragrunt.hcl
terraform {
source = "../modules//child"
}
dependency "parent" {
config_path = "../parent"
}
inputs = {
input = dependency.parent.outputs.value
}
# live/parent/terragrunt.hcl
terraform {
source = "../modules//parent"
}
# modules/child/main.tf
locals {
value = var.input
}
variable "input" {
type = string
}
# modules/parent/main.tf
locals {
output = "whatever"
}
output "value" {
value = local.output
}
terragrunt-atlantis-config
generates the following atlantis.yaml
(slightly edited to focus on the issue at hand)
projects:
- autoplan:
when_modified:
- '*.hcl'
- '*.tf*'
- ../parent/terragrunt.hcl
- ../modules/child/*.tf*
dir: live/child
- autoplan:
when_modified:
- '*.hcl'
- '*.tf*'
- ../modules/parent/*.tf*
dir: live/parent
Now, if I change in module/parent/main.tf
the value of the local variable to "something else", it looks like it should prompt atlantis to also plan the child module - even if I did not change anything in the child module. In other words, atlantis.yaml
should contain:
projects:
- autoplan:
when_modified:
- '*.hcl'
- '*.tf*'
- ../parent/terragrunt.hcl
- ../modules/child/*.tf*
- ../modules/parent/*.tf*
dir: live/child
The difference with local modules is that there's not always a change in the terragrunt.hcl
file when the Terraform module changes.
In this example, the apply order is important: terraform plan
will not detect any change if the parent
module is not applied first and its output changed. I'm unclear however how this is different from a change in parent/terragrunt.hcl
(which is included in the dependencies), because such a change could also alter the outputs of a module.
Do you think terragrunt-atlantis-config
should support such a use case? I hope my explanations are clear enough π
Thanks for this awesome tool!
For my setup it's not particularly useful to have Atlantis plan all dependent modules when I make a change to a parent module. Since the outputs of the parent module won't change until I run a refresh
or apply
there, there won't be any impact on child module plans.
For that reason, it would be great to have an --ignore-dependencies
flag or similar (but still respecting manually added dependencies via the extra_atlantis_dependencies
local var.)
@dmattia Any chance we could get a newer version(>= 0.9.7) of the tool posted so its available via brew for install?
I'm having an issue where I think I'm following the outline defined in the Live Repo example but I'm still not having much luck with Atlantis applying my changes.
The structure I'm testing with is as follows for a pubsub-writer:
βββ gcp
β βββ staging
β β βββ test-service
β β β βββ project.hcl
| | | βββ project
| | | | βββ terragrunt.hcl
| | | βββ service_account
| | | | βββ pubsub-writer
| | | | | βββ terragrunt.hcl
β ββ terragrunt.hcl
When I modify the root terragrunt file I'm expecting Atlantis to be able to plan the changes but I running into 0/0 plans. The contents of the root terragrunt file are the remote state and some config bits:
remote_state {
backend = "gcs"
generate = {
path = "backend.tf"
if_exists = "overwrite_terragrunt"
}
config = {
bucket = "test-bucket"
prefix = "${path_relative_to_include()}/state"
project = "test-project"
location = "us-central1"
}
}
I'm in the early stages of a POC using this tool and followed the installation instructions as listed so I have the pre workflow hook configured to run in the server side yaml:
terragrunt-atlantis-config generate --output atlantis.yaml --autoplan --parallel --create-workspace
Any assistance would be appreciated as I'm unsure if this is a limitation I'm hitting or just me using terragrunt in an incorrect way.
Our organization may soon lose support for windows executors on CircleCI.
As a precaution to ensure this library maintains cross-platform test coverage, we should migrate CI platforms
We have in our child terragrunt.hcl
include {
path = find_in_parent_folders()
}
terraform {
source = "../../../../../modules//secrets"
extra_arguments "common_var" {
commands = [for c in get_terraform_commands_that_need_vars() : c if c != "apply"]
arguments = [
"-var-file=${get_terragrunt_dir()}/main.tfvars"
]
}
}
locals {
secrets = try(jsondecode(sops_decrypt_file("${get_terragrunt_dir()}/../secrets.json")), {})
}
inputs = merge(
local.secrets
)
Running
> terragrunt-atlantis-config generate --autoplan --create-workspace --create-project-name --output atlantis.yaml --workflow terragrunt --ignore-parent-terragrunt
We dont end up with the secrets.json showing up as a dependency anywhere in our atlantis.yaml.
Am I missing something?
I don't know how to make the atlantis.yaml automatically generated every time i create a pull request, and atlantis can pick up this auto generated file then do terragrunt plan or apply.
I think this would be best if atlantis.yaml can be auto generated and i don't need to keep track of this file in github repo.
My current terragrunt structure is as follows
βββ account
β βββ staging
β β βββ api-gateway
β β β βββ terragrunt.hcl
β βββ production
β β βββ api-gateway
β β β βββ terragrunt.hcl
βββ modules
β βββ api-gateway
β β βββ main.tf
I would like to generate seperate atlantis.yaml
as follows
atlantis.staging.yaml
- autoplan:
enabled: false
when_modified:
- '*.hcl'
- '*.tf*'
dir: account/staging/api-gateway/
atlantis.production.yaml
- autoplan:
enabled: false
when_modified:
- '*.hcl'
- '*.tf*'
dir: account/production/api-gateway/
In order to use different atlantis servers to reference to its respective atlantis.yaml based on environment. However when i try to make use of the --root
parameter, it does not correctly reference the git root for the final dir, as if i were to set the following
--root .
- I will get a merged atlantis.yaml with the correct dir reference
- autoplan:
enabled: false
when_modified:
- '*.hcl'
- '*.tf*'
dir: account/staging/api-gateway/
- autoplan:
enabled: false
when_modified:
- '*.hcl'
- '*.tf*'
dir: account/production/api-gateway/
`
`--root account` - I will get a merged atlantis.yaml with the *wrong* dir reference
I will like to use --root ./account/staging
to create my atlantis.staging.yaml and likewise for production, however this does not seem to be the use case for --root
? Is there a method to achieve my desired yaml configuration?
Thank you for looking at my issue.
I am using base runatlantis/atlantis
image and adding terragrunt-atlantis-config
with this command in my Dockerfile:
RUN curl -LfsSo terragrunt-atlantis-config_1.4.1_linux_amd64.tar.gz https://github.com/transcend-io/terragrunt-atlantis-config/releases/download/v1.4.1/terragrunt-atlantis-config_1.4.1_linux_amd64.tar.gz && \
tar -xf terragrunt-atlantis-config_1.4.1_linux_amd64.tar.gz && \
mv terragrunt-atlantis-config_1.4.1_linux_amd64/terragrunt-atlantis-config_1.4.1_linux_amd64 /usr/local/bin/terragrunt-atlantis-config
When I try to run it, I get No such file or directory
error. Here is an example:
bash-5.0# cd /usr/local/bin/
bash-5.0# ls -la
...
-rwxr-xr-x 1 root root 32634795 Apr 22 11:03 terragrunt
-rwxr-xr-x 1 root root 34364386 Apr 22 11:03 terragrunt-atlantis-config
Run terragrunt-atlantis-config
:
bash-5.0# terragrunt-atlantis-config version
bash: /usr/local/bin/terragrunt-atlantis-config: No such file or directory
However, terragrunt
works fine:
bash-5.0# terragrunt -v
terragrunt version v0.28.21
I can see that terragrunt
is statically linked, but terragrunt-atlantis-config
is linked dynamically:
bash-5.0# file terragrunt
terragrunt: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, Go BuildID=YSXQP524fiAkFMKe2U4_/S0q5UyF0QhZgFWUrYiP2/Sqqd1PtyS4TlTRI0UNHe/XD0BQokFh98OO6OVteVr, not stripped
bash-5.0# file terragrunt-atlantis-config
terragrunt-atlantis-config: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, Go BuildID=7EL3iPQXP4fCVdoenZYY/2GjvWCEb3f3_v_C09Tv9/CAJ2SWTEjAu_pe4NCLVc/4y26e-1R_sjIUBXB2jGx, not stripped
I guess I need some prerequisites to run terragrunt-atlantis-config
this way?
I just stumbled across this tool and think it would extremely useful for us, however it seems to not fully understand out repo structure and our use of the include block in leaf terragrunt.hcl files.
Setup:
All leaf terragrunt.hcls include their "parent" terragrunt.hcl.
The parent terragrunt.hcl has locals that are used for the purpose of tagging resources:
locals {
common_tags = yamldecode(fileexists("${find_in_parent_folders("../common_vars/common_tags.yaml", "nonexistant")}") ? file("${find_in_parent_folders("../common_vars/common_tags.yaml")}") : "{}")
environment_tags = yamldecode(fileexists("${find_in_parent_folders("environment_tags.yaml", "nonexistant")}") ? file("${find_in_parent_folders("environment_tags.yaml")}") : "{}")
regional_tags = yamldecode(fileexists("${find_in_parent_folders("region_tags.yaml", "nonexistant")}") ? file("${find_in_parent_folders("region_tags.yaml")}") : "{}")
application_tags = yamldecode(fileexists("${find_in_parent_folders("application_tags.yaml", "nonexistant")}") ? file("${find_in_parent_folders("application_tags.yaml")}") : "{}")
instance_tags = yamldecode(fileexists("${find_in_parent_folders("instance_tags.yaml", "nonexistant")}") ? file("${find_in_parent_folders("instance_tags.yaml")}") : "{}")
local_tags = yamldecode(fileexists("${path_relative_to_include()}/local_tags.yaml") ? file("${path_relative_to_include()}/local_tags.yaml") : "{}")
}
inputs = {
tags = merge(merge(merge(merge(merge(merge(local.common_tags, local.environment_tags), local.application_tags), local.regional_tags), local.instance_tags), local.local_tags), local.overwrite_tags)
}
Then all modules simply reference var.tags for any of their tag fields. This allows us to easily create and overwrite default tags at every level.
I tried adding the extra_atlantis_dependencies with the find(filesabove), but those files never showed up in any of the leaf autoplan dependencies. Instead the generator created a providers/env project which serves no purpose.
Any advise? Is there an option I'm missing for it to properly understand this?
Thanks!
just downloaded latest master build in order to test new functionality as discussed in issue #60 . I am now getting a runtime panic
> terragrunt-atlantis-config generate --autoplan --create-workspace --create-project-name --output autogen.yaml --workflow terragrunt --ignore-parent-terragrunt
[terragrunt] 2020/09/29 15:45:15 Running command: bash -c dirname $(dirname /home/user/repos/terragrunt/providers/accounts/delivery) | tr -d '
'
[terragrunt] 2020/09/29 15:45:15 Command output will be suppressed.
[terragrunt] 2020/09/29 15:45:15 run_cmd output: [REDACTED]
[terragrunt] 2020/09/29 15:45:15 Running command: bash -c echo -n /home/user/repos/terragrunt/providers/accounts/delivery/aws-limit-monitor | sed 's|/home/user/repos/terragrunt/providers||g'
[terragrunt] 2020/09/29 15:45:15 Command output will be suppressed.
[terragrunt] 2020/09/29 15:45:15 run_cmd output: [REDACTED]
[terragrunt] 2020/09/29 15:45:15 Running command: bash -c dirname $(dirname /home/user/repos/terragrunt/providers/accounts/delivery) | tr -d '
'
[terragrunt] 2020/09/29 15:45:15 Command output will be suppressed.
[terragrunt] 2020/09/29 15:45:15 run_cmd output: [REDACTED]
[terragrunt] 2020/09/29 15:45:15 Running command: bash -c echo -n /home/user/repos/terragrunt/providers/accounts/delivery | sed 's|/home/user/repos/terragrunt/providers||g'
[terragrunt] 2020/09/29 15:45:15 Command output will be suppressed.
[terragrunt] 2020/09/29 15:45:15 run_cmd output: [REDACTED]
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x113d2ff]
goroutine 19 [running]:
github.com/transcend-io/terragrunt-atlantis-config/cmd.getDependencies(0xc0003545a0, 0x59, 0x0, 0x0, 0x0, 0x0, 0x0)
/home/user/go/pkg/mod/github.com/transcend-io/[email protected]/cmd/generate.go:157 +0x41f
github.com/transcend-io/terragrunt-atlantis-config/cmd.createProject(0xc0003545a0, 0x59, 0x0, 0x0, 0x0)
/home/user/go/pkg/mod/github.com/transcend-io/[email protected]/cmd/generate.go:171 +0x50
github.com/transcend-io/terragrunt-atlantis-config/cmd.main.func1(0x0, 0x0)
/home/user/go/pkg/mod/github.com/transcend-io/[email protected]/cmd/generate.go:286 +0x7f
golang.org/x/sync/errgroup.(*Group).Go.func1(0xc00032c2d0, 0xc00032d410)
/home/user/go/pkg/mod/golang.org/x/[email protected]/errgroup/errgroup.go:57 +0x59
created by golang.org/x/sync/errgroup.(*Group).Go
/home/user/go/pkg/mod/golang.org/x/[email protected]/errgroup/errgroup.go:54 +0x66
Let me know what other info I can provide for troubleshooting. Thanks!
I have tried to install using the command included in the documentation but it gives an error:
{16:47}~ β cd && GO111MODULE=on go get github.com/transcend-io/terragrunt-atlantis-config@master && cd -
package github.com/transcend-io/terragrunt-atlantis-config@master: invalid github.com/ import path "github.com/transcend-io/terragrunt-atlantis-config@master"
I have also tried to install with out the @master but that gave different errors:
cd && GO111MODULE=on go get github.com/transcend-io/terragrunt-atlantis-config && cd - aws:prod
package github.com/hashicorp/hcl/v2: cannot find package "github.com/hashicorp/hcl/v2" in any of:
/usr/lib/go-1.10/src/github.com/hashicorp/hcl/v2 (from $GOROOT)
/home/vagrant/go/src/github.com/hashicorp/hcl/v2 (from $GOPATH)
package github.com/hashicorp/hcl/v2/hclparse: cannot find package "github.com/hashicorp/hcl/v2/hclparse" in any of:
/usr/lib/go-1.10/src/github.com/hashicorp/hcl/v2/hclparse (from $GOROOT)
/home/vagrant/go/src/github.com/hashicorp/hcl/v2/hclparse (from $GOPATH)
package github.com/hashicorp/hcl/v2/hclwrite: cannot find package "github.com/hashicorp/hcl/v2/hclwrite" in any of:
/usr/lib/go-1.10/src/github.com/hashicorp/hcl/v2/hclwrite (from $GOROOT)
/home/vagrant/go/src/github.com/hashicorp/hcl/v2/hclwrite (from $GOPATH)
package github.com/hashicorp/hcl/v2/gohcl: cannot find package "github.com/hashicorp/hcl/v2/gohcl" in any of:
/usr/lib/go-1.10/src/github.com/hashicorp/hcl/v2/gohcl (from $GOROOT)
/home/vagrant/go/src/github.com/hashicorp/hcl/v2/gohcl (from $GOPATH)
package github.com/hashicorp/hcl/v2/hclsyntax: cannot find package "github.com/hashicorp/hcl/v2/hclsyntax" in any of:
/usr/lib/go-1.10/src/github.com/hashicorp/hcl/v2/hclsyntax (from $GOROOT)
/home/vagrant/go/src/github.com/hashicorp/hcl/v2/hclsyntax (from $GOPATH)
atlantis.yaml supports an option per project to specify terraform_version. This tool should support including this option by specifying a local. Something like atlantis_terraform_version, similar to how atlantis_workflow is supported.
Hi,
When generating the atlantis.yml
using v1.6.0 the order in the generated file changes with every run.
I'm using this call:
terragrunt-atlantis-config generate --ignore-parent-terragrunt --autoplan --workflow terragrunt --parallel=false --output ./atlantis.yaml
The order is only consistent when appending --num-executors 1
.
Let me know if you need any more details.
Please provide some way to obtain a checksum for the release assets, SHA256 for example. Thank you!
Hi,
It seems that automerge & the autoplan are always output, even when default values.
Can the yaml be kept cleaner and not set them unless differing from the default?
- autoplan:
enabled: true
when_modified:
- '*.hcl'
- '*.tf*'
this autoplan config is the default, so isn't required everywhere. If dependencies are found then include just the when_modified...
Cheers,
Josh
As you may have already faced, you need to run terragrunt-atlantis-config
tool as soon as you have added/changed/deleted something from your IaC as you will most likely need to update the atlantis.yaml
file with the changes introduced by your change.
In order to solve that problem as we couldn't rely on human to remember to run this command we decided to use pre-commit
and to be exact we have added a file .pre-commit-config.yaml
in our Repo containing the following
repos:
- repo: local
hooks:
- id: run-terragrunt-atlantis-config-generate
name: 'terragrunt-atlantis-config generate'
entry: 'run-terragrunt-atlantis.sh'
language: 'script'
always_run: true
stages: [post-commit]
description: "Runs terragrunt-atlantis-config generate, requires https://github.com/transcend-io/terragrunt-atlantis-config"
and run-terragrunt-atlantis.sh
is
#!/usr/bin/env bash
exec terragrunt-atlantis-config generate --ignore-parent-terragrunt --autoplan --workflow terragrunt --parallel=false --output ./atlantis.yaml
As you can imagine this is not obligatory and it requires each user to install the hook which from then runs automatically except for the case she instructs to SKIP it.
This sounds fine but if you infrastructure is described on more than one IaC repositories it starts getting a bit cumbersome to ask from different users to install the above hooks.
As a result i was thinking that having a Github action which runs on after a push on a branch (which has an open PR), this will generate the atlantis.yaml
file and add a commit for it on the branch taking this responsibility from each user. This will be highly portable from repo-to-repo as easy as it is to include a new github action in your repo.
What i don't like with this approach is that it will create several commits for atlantis.yaml
and if you don't use the Squash & Merge
feature of Github you still depend on users good will to merge those commits onto one and don't create a mess in history.
I am writing this whole proposal here in order to discuss whether you had similar problems/ideas and if you would like to collaborate on that to create something that we can use among different repos with minimal configuration in a yaml file.
We are leveraging the working_dir argument in our terragrunt.hcl which was recently added gruntwork-io/terragrunt#1584 and gruntwork-io/terragrunt#1588
atlantis.yaml file generation is failing however with:
$ terragrunt-atlantis-config generate --ignore-parent-terragrunt --autoplan --output atlantis.yaml --parallel=false --workflow terragrunt --create-project-name --automerge
INFO[0000] Could not find an old config file. Starting from scratch
Error: ${REPO_ROOT}/terragrunt.hcl:51,5-16: Unsupported argument; An argument named "working_dir" is not expected here.
We have an after hook that cleans up the terragrunt-cache
terraform {
after_hook "cleanup_cache" {
commands = local.is_atlantis == true ? ["apply"] : ["plan"]
working_dir = get_terragrunt_dir()
execute = ["rm", "-rf", "./.terragrunt-cache"]
}
}
I'll submit a PR in a minute to bump the version of terragrunt which appears to resolve this issue.
Hey David, question for you. We have a module/resource with the following definition.
resource "vault_policy" "policies" {
for_each = toset(var.policies)
name = each.key
policy = templatefile("files/${each.key}.hcl.tmpl", { environment = var.environment })
}
How do I get these template files to show up as a dependency on the project?
I tried adding
locals {
extra_atlantis_dependencies = formatlist("files/%s.hcl.tmpl", var.policies)
}
to the terragrunt file, but it doesnt seem to like that.
There is no option to be able to control the repo automerge
setting as this is currently hardcoded to false. I would like to be able to control that with a flag so that I do not have to manually modify the file afterwards.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google β€οΈ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.