Referenced in #39 would be great to have the locals atlantis_workflow value sourced in from files other than the child terragrunt.hcl files. ie from account.hcl.

Since there hasn't been any direct support for multiple accounts in the same repo and multiple atlantis servers, using distinct workflow names is the way to go (currently). Until they allow multiple atlantis.yaml configs or ability to override default atlantis filename, this proposal is the way to get it working (for me at least).

We have some projects which have terragrunt dependencies with other projects. As we are using the new parallel plan feature of atlantis and the terragrunt-atlantis-config ability to generate a different workspace name for every individual project, this causes an issue when these projects try and run at the same time.

So is it possible to specify certain projects to use the same workspace via a local? And frankly does atlantis even work with this scenario? or does the parallel functionality expect all projects to have a unique workspace name?

Thanks

I'm having some trouble getting some terragrunt-specific info about this issue and hoping there's some good input here. I set up atlantis with a repo.yaml on the server so I can use this project to auto-generate the atlantis.yaml file in my repo for me. I've tried editing one module (part of the same monorepo as the terragrunt.hcl files), or even just adjusting the terragrunt.hcl (non-parent) of an individual deployment. I keep encountering this comment:

the default workspace is currently locked by another command that is running for this pull request–wait until the previous command is complete and try again

Is there something in the atlantis.yaml I'm missing? Trying to keep it simple. I mean I could ignore that error, just not the greatest user experience. I've already checked and doesn't seem like I'm getting double webhooks or anything like that.

https://terragrunt.gruntwork.io/docs/features/keep-your-cli-flags-dry/#required-and-optional-var-files

Original mention came from #59

Hi there,

First things first thank you so much for creating this tool! Even for our small repos this is such a huge quality-of-life improvement 🤩

Alrighty, so, how do I propose a new Homebrew release? I looked around this repo and transcend-io/homebrew-tap but I couldn't quite figure out how builds happen 🤔

Thanks!

Running terragrunt-atlantis-config on a file that has a before_hook or an after_hook that contains a reference to a terragrunt dependency fails with error message: Unknown variable; There is no variable named "dependency"..

$ terragrunt-atlantis-config version                                                                                                                                                                    
terragrunt-atlantis-config '1.6.0'

running with:

$ terragrunt-atlantis-config generate --create-workspace --create-project-name --output "atlantis.yaml" --parallel --autoplan                                                                       

Example file and error:

terraform {
  source = "{my_module_path}"
  before_hook "before_hook" {
    commands = ["apply"]
    execute = [
      "packer",
      "build",
      "-var", "assumed_role=${local.account_vars.locals.iam_role}",
      "-var", "vpc_id=${dependency.vpc.outputs.vpc_id}",
      "image/main.pkr.hcl",
    ]
  }
}

locals {
  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
}

dependency "vpc" {
  config_path = "../../vpc/vpc-shared"
}

include {
  path = find_in_parent_folders()
}

inputs = {
  {various_inputs_for_my_module}
}

terragrunt.hcl:9,25-35: Unknown variable; There is no variable named "dependency".
FAIL: 1

Other info:
Local terragrunt version: v0.28.18
Local terraform version: v0.14.9
Similar to #102

fyi @jeromepin @dmattia

the problem

Hi there! I found a fun issue when read_terragrunt_config() reads an hcl file with dependency blocks.. It will try to evaluate them as if we're doing a full-fledged terragrunt run

error output

....
time="2020-08-25T23:18:58Z" level=info msg="Created project for /workspace/provisioning/live/aws/ACCOUNT/rds/INSTANCE_NAME/terragrunt.hcl"
time="2020-08-25T23:18:58Z" level=info msg="Created project for /workspace/provisioning/live/aws/ACCOUNT/route53/HOSTNAME/terragrunt.hcl"
time="2020-08-25T23:18:58Z" level=info msg="Created project for /workspace/provisioning/live/aws/ACCOUNT/vpc/terragrunt.hcl"
[terragrunt] [/workspace/provisioning/live/aws/ACCOUNT/elasticsearch/DOMAIN_NAME] 2020/08/25 23:18:58 Running command: terraform --version
Error: Error in function call

  on /workspace/provisioning/live/elasticsearch/ENV/DOMAIN_NAME/dashboard/DASHBOARD_NAME/terragrunt.hcl line 15, in locals:
  15:   provider_hcl = read_terragrunt_config(find_in_parent_folders("provider.hcl"))

Call to function "read_terragrunt_config" failed: exec: "terraform": executable
file not found in $PATH.

[terragrunt] 2020/08/25 23:18:58 Encountered error while evaluating locals.

how to reproduce

1. Create a terragrunt config with a dependency
   provider.hcl

locals {
  env = "dev"
}

# get detailed info on this elasticsearch domain
dependency elasticsearch_domain {
  config_path = "../../../aws/ACCOUNT/elasticsearch/DOMAIN_NAME"
}

# define our provider config generation
generate provider {
  path      = "elasticsearch-provider-${sha1(get_terragrunt_dir())}.tf"
  if_exists = "overwrite_terragrunt"
  contents  = <<-EOF
  provider elasticsearch {
    url               = "https://${dependency.elasticsearch_domain.outputs.domain.endpoint}"
    insecure          = true
    sign_aws_requests = false
  }
  
  EOF
}

2. Create a terragrunt config that calls read_terragrunt_config() on this file
   terragrunt.hcl

locals {
  # pull in repo-specific customizations
  repo_hcl = read_terragrunt_config(find_in_parent_folders("repo.hcl"))

  # pull in provider config
  provider_hcl = read_terragrunt_config(find_in_parent_folders("provider.hcl"))
}

3. Run terragrunt-atlantis-config with your favorite arguments

With the recently release version 1.6.0 of this project, our whole atlantis.yaml would be re-ordered, resulting in a huge diff without any actual changes. Is this intended?

This happened today and a few days ago as well:

Running:
brew install transcend-io/tap/terragrunt-atlantis-config
Gives:
==> Installing terragrunt-atlantis-config from transcend-io/tap ==> Downloading https://homebrew.transcend.io/terragrunt-atlantis-config/0.9.7/terragrunt-atlantis-config_0.9.7_darwin_amd64.zip ######################################################################## 100.0% Error: SHA256 mismatch Expected: 967761ddc1516baf0d308708d25c57b7e7743e5e1c160c5abd92abe03427bda3 Actual: 3a8a0edefb7ea553ad2ecc1a199a1b875be8027f928c23f822ed82ce970a9a4d

Also when I install the recommended way (cd && GO111MODULE=on go get github.com/transcend-io/[email protected] && cd -) the package is installed (I can find it under GOPATH) but I cannot run the command terragrunt-atlantis-configso I guess the command need to be made accesible or built or something.. so some more instructions/tips in README would be nice as well =)

The example on the repos section is incorrect in the readme, the value of repos should be a list.
Not a big deal, but can be misleading.

The highlighting in the packer section is also wrong (go instead of hcl).

Hello !

We are currently using terragrunt-atlantis-config to generate configurations for a large number of projects ( terragrunt dir's ) in our company. It seems that everything works for multiple projects but we have a strange problem with a simple use case. Updating terragrunt.hcl file in one module causes auto-plan for 44 modules, which is not the expected result.

Details :
Terragrunt version : v0.26.4
Terraform version : v0.13.3
terragrunt-atlantis-config version : 0.10.1

Command used to generate atlantis.yaml

terragrunt-atlantis-config generate --output ./atlantis.yaml --autoplan --ignore-parent-terragrunt --parallel=false

Bitbucket Cloud PR
1x file updated ( new SA added to input block ) : platform/dev/prj/service_accounts/terragrunt.hcl

# Pull in the backend and provider configurations from a root terragrunt.hcl file that you include in each child terragrunt.hcl:
include {
  path = find_in_parent_folders()
}

# Set the source to an immutable released version of the infrastructure module being deployed:
terraform {
  source = "github.com/terraform-google-modules/terraform-google-service-accounts?ref=v3.0.0"
}

locals {
  atlantis_workflow = "terragrunt-dev"
}

dependency "project" {
  config_path = "${get_terragrunt_dir()}/../global/project"
}

# Configure input values for the specific environment being deployed:
inputs = {
  project_id = dependency.project.outputs.project_id
  names = [“NAME_1”,
    “NAME_2”,
    “NAME_3” < — added in current PR
  ]
}

Part of the atlantis.yaml configuration responsible for the auto plan for this folder

automerge: false
parallel_apply: false
parallel_plan: false
projects:
***
- autoplan:
    enabled: true
    when_modified:
    - '*.hcl'
    - '*.tf*'
    - ../global/project/terragrunt.hcl
    - ../../../common.tfvars
  dir: platform/dev/prj/service_accounts
***
version: 3
workflows:
  terragrunt-dev:
***

Info from Atlantis pod :

Successfully parsed atlantis.yaml file
44 projects are to be planned based on their when_modified config

Results
Auto plan for hcl files that are not directly related to the modification in PR

Expected Results

Auto plan for changed file in PR + file from dependencies block ( ../global/project/terragrunt.hcl ) and terraform block ( ../../../common.tfvars). I can see plan execution for folders that are completely unrelated to the current PR changes

Thanks for any suggestions/ideas

Hello!
I have the following live's repo structure:

├── PROJECT_NAME
    ├── account.hcl
    ├── terragrunt.hcl
    ├── us-west-1
    │   ├── region.hcl
    │   ├── infra
    │   │   ├── env.hcl
    │   │   ├── apps-module
    │   │   └── network-module
    │   └── stage
    │       ├── env.hcl
    │       ├── apps-module
    │       └── network-module
    └── global
        ├── env.hcl
        ├── region.hcl
        ├── global-module-0
        └── global-module-

Then I try to generate atlantis config:

cd PROJECT_NAME && terragrunt-atlantis-config generate --output atlantis.yaml --autoplan --parallel

But the file just contains:

automerge: false
parallel_apply: true
parallel_plan: true
version: 3

What am I doing wrong?

Had a use case recently where it would be nice to trigger planning based off of *.pkr.hcl files in a given directory. But there is not currently a --when-modified *.pkr.hcl type flag to define custom when_modified rules. Would be nice to generate these with terragrunt-atlantis-config and pre workflow hooks.

In most cases it seems like you would want to have this flag set to true as otherwise you will receive an error if you are basing your terragrunt design on the terragrunt infrastructure examples:

https://github.com/gruntwork-io/terragrunt-infrastructure-live-example

The documentation included suggests as much in the argument reference. However since it's not turned on by default less observant people (like me) might struggle for a while before figuring out what they need to change :).

I'd recommend having it on by default and maybe making a note of it in the usage section.

Exact same thing as #83

brew install transcend-io/tap/terragrunt-atlantis-config ==> Installing terragrunt-atlantis-config from transcend-io/tap ==> Downloading https://homebrew.transcend.io/terragrunt-atlantis-config/0.10.1/terragrunt-atlantis-config_0.1 ######################################################################## 100.0% Error: SHA256 mismatch Expected: 88826204f7f2cda46bc27c8216d5b3210d061dd8d1d6cdb7ceca90af7bced6b6 Actual: f93257f9ec4323bac26d34c367336583ba11096dabb3636bd50393f0ed16ac9c

When I run generate I get an error on an include within the parent terragrunt.hcl file. The structure of my project is very close to https://github.com/gruntwork-io/terragrunt-infrastructure-live-example, the model Terragrunt itself recommends.

The top-level terragrunt.hcl file contains lines like these:

account_vars     = read_terragrunt_config(find_in_parent_folders("account.hcl"))
region_vars      = read_terragrunt_config(find_in_parent_folders("region.hcl"))
environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
backend_vars     = read_terragrunt_config(find_in_parent_folders("backend.hcl"))

The files referenced there, like account.hcl or region.hcl, are in lower-level directories than the top-level terragrunt.hcl. However, the top-level terragrunt.hcl is never used directly. It is included by lower-level terragrunt.hcl files, relative to which account.hcl or region.hcl are in a parent directory.

Here's the structure (omitting some directories for clarity):

.
├── backend.hcl
├── production
│   ├── account.hcl
│   ├── env.hcl
│   └── us-east-2
│       ├── ecr
│       │   ├── ecr.tf
│       │   └── terragrunt.hcl
│       ├── eks
│       │   └── terragrunt.hcl
│       ├── region.hcl
│       ├── route53
│       │   └── terragrunt.hcl
│       └── vpc
│           ├── terragrunt.hcl
│           └── vpc.tf
├── staging
│   ├── account.hcl
│   ├── env.hcl
│   └── us-east-2
│       ├── ecr
│       │   ├── ecr.tf
│       │   └── terragrunt.hcl
│       ├── eks
│       │   └── terragrunt.hcl
│       ├── keys
│       │   └── terragrunt.hcl
│       ├── region.hcl
│       ├── route53
│       │   └── terragrunt.hcl
│       └── vpc
│           └── terragrunt.hcl
└── terragrunt.hcl

And the error I get:

❯ terragrunt-atlantis-config generate --ignore-parent-terragrunt
Error: Error in function call

  on /Users/gmaghera/Workspaces/dc-terraform/terragrunt.hcl line 6, in locals:
   6:   backend_vars     = read_terragrunt_config(find_in_parent_folders("backend.hcl"))

Call to function "find_in_parent_folders" failed: ParentFileNotFound: Could not find a backend.hcl in any of the parent folders of
/Users/gmaghera/Workspaces/dc-terraform/terragrunt.hcl. Cause: Traversed all the way to the root..

[terragrunt] 2020/07/07 13:34:50 Encountered error while evaluating locals.
Error: /Users/gmaghera/Workspaces/dc-terraform/terragrunt.hcl:6,45-68: Error in function call; Call to function "find_in_parent_folders" failed: ParentFileNotFound: Could not find a backend.hcl in any of the parent folders of /Users/gmaghera/Workspaces/dc-terraform/terragrunt.hcl. Cause: Traversed all the way to the root..
Usage:
  terragrunt-atlantis-config generate [flags]

Flags:
      --autoplan                   Enable auto plan. Default is disabled
  -h, --help                       help for generate
      --ignore-parent-terragrunt   Ignore parent terragrunt configs (those which don't reference a terraform module). Default is disabled
      --output string              Path of the file where configuration will be generated. Default is not to write to file
      --root string                Path to the root directory of the github repo you want to build config for. Default is current dir (default "/Users/gmaghera/Workspaces/dc-terraform")
      --workflow string            Name of the workflow to be customized in the atlantis server. Default is to not set

/Users/gmaghera/Workspaces/dc-terraform/terragrunt.hcl:6,45-68: Error in function call; Call to function "find_in_parent_folders" failed: ParentFileNotFound: Could not find a backend.hcl in any of the parent folders of /Users/gmaghera/Workspaces/dc-terraform/terragrunt.hcl. Cause: Traversed all the way to the root..

Hello!

Not 100% this is the right forum, but we leverage GitLab CICD flows and I wanted to present the changes to the infrastructure in a more concise and colored manner to my devs.

I noticed that many custom flows, including the official in the atlantis docs, point out to use the `no-color- flag of Terragrunt. Do you know if there's any workaround to add this coloured output as part of an Atlantis execution?

Cheers!

There are no binary builds for release v1.2.1. Only source code is available in the "Assets" section.

This seems to be a Windows only issue, as running it on a Linux machine it works as expected.. :(

When running this tool on our existing atlantis terragrunt setup, it's producing a config file with full, hardcoded paths to each project, rather than the expected relative path to the repo from the root. I'm guessing this is possibly a \ vs / chomping issue so hoping for it to be an easy fix! :)

At a project level it's possible to set "apply_requirements" :https://www.runatlantis.io/docs/repo-level-atlantis-yaml.html#reference with values apply and/or mergeable

It would be good to be able to set this configuration item for all the projects (similar to workflow) or using locals (similar to workflow)

I run below command

terragrunt-atlantis-config generate --workflow terragrunt --ignore-parent-terragrunt --autoplan --output atlantis.yaml

it generates atlantis.yaml as below

automerge: false
parallel_apply: true
parallel_plan: true
projects:
- autoplan:
    enabled: true
    when_modified:
    - '*.hcl'
    - '*.tf*'
    - ../../../../../modules/iam/group_policy/*.tf*
  dir: aws/env/dev/iam/groups/team-everyone
  workflow: terragrunt
- autoplan:
    enabled: true
    when_modified:
    - '*.hcl'
    - '*.tf*'
    - ../../../../../modules/iam/group_policy/*.tf*
  dir: aws/env/dev/iam/groups/team-xxx
  workflow: terragrunt

what i need is to add "values.yaml" to be in when_modified to be, like below

automerge: false
parallel_apply: true
parallel_plan: true
projects:
- autoplan:
    enabled: true
    when_modified:
    - '*.hcl'
    - '*.tf*'
    - 'values.yaml'
    - ../../../../../modules/iam/group_policy/*.tf*
  dir: aws/env/dev/iam/groups/team-everyone
  workflow: terragrunt
- autoplan:
    enabled: true
    when_modified:
    - '*.hcl'
    - '*.tf*'
    - 'values.yaml'
    - ../../../../../modules/iam/group_policy/*.tf*
  dir: aws/env/dev/iam/groups/team-xxx
  workflow: terragrunt

any way i can achieve this ?

Since version 1.4.1, we got issues using terragrunt-atlantis-config_x_linux_amd64 inside our Alpine Docker image.
Seems like since that version the Linux binary is being compiled dynamically linked. See:

/usr/local/bin # file *

terragrunt-atlantis-config-1.3.0: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, Go BuildID=1Kv7ey1oqKpXZHJcoNv0/2Lo2AweyboperOEcBilx/2DuoU8kjynwmaw3wIKHK/8hSGsE-zhx2HOIfqVImb, not stripped

terragrunt-atlantis-config-1.3.1: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, Go BuildID=KkttTTAG-Qq5nHCoAk9R/q8f0wS2q0kRrwYPpdBoP/QqxdCPV9x_FsPG9cdmP_/p8GlrfFivSDWK2QMW-96, not stripped

terragrunt-atlantis-config-1.4.1: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, Go BuildID=7EL3iPQXP4fCVdoenZYY/2GjvWCEb3f3_v_C09Tv9/CAJ2SWTEjAu_pe4NCLVc/4y26e-1R_sjIUBXB2jGx, not stripped

terragrunt-atlantis-config-1.5.0: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, Go BuildID=xyCzyBKzEFa19hA3Nd9-/NsmhvR_Blf3_ED2dAEHL/UEMb8F9Pn7TJW158xcOZ/EJHSz80q4hBUv2mbXBb6, not stripped

Hi,

I would like to know if it's possible to generate config based on 2x workflows for a specific folder's. Let's say I have two workflows: dev/prod. I would like to assign dev workflow for all subfolders in folder DEV and prod workflow for all subfolders in folder PROD. It would be really useful option for more complex layout in git repo.

Thanks
MJ

We are using a rather large and complex terragrunt repository with several arbitrary hcl files in the hierarchy (i.e. region.hcl, env.hcl, product.hcl, service.hcl, etc.) above the child terragrunt.hcl directories. Using Atlantis and terragrunt-atlantis-config right now would require us to manually "atlantis plan/apply" each terragrunt child in the order of the dependency graph, since Atlantis can't resolve project dependencies (e.g. runatlantis/atlantis#391, runatlantis/atlantis#972), and terragrunt-atlantis-config defines each terragrunt child as it's own project.

Since most of our regularly changing dependencies are inside of the product or service hierarchy, we would like to generate an atlantis.yaml on the directories containing those hcl files, and using "terragrunt run-all plan/apply" in the Atlantis workflow for all sub-directories to ensure all childs are applied in order with the refreshed outputs of their dependencies.

"External" Terragrunt dependencies outside of the directories with the specified hcl files should be aggregated for all terragrunt childs in their respective sub-folders, and be exposed for Atlantis in when_modified. Specifying multiple hcl files to generate Atlantis directories would give some flexibility what modules to deploy according to the scope of the pull-request.

This should significantly reduce manual footwork and ordering errors in large pull-requests, e.g. for updating terraform or terraform providers, large staging->prod promotions, and new products/tenants.

This would result in just using "atlantis plan -p account_env_region_product" instead of planning and applying each of the product's 107 terragrunt childs. As far as I can tell this should be already possible with "atlantis plan -d account/env/region/product", but the auto-plan would still use the terragrunt child modules and not the whole product or service, or whatever floats your boat.

(Disclaimer: Our terragrunt project is pretty fresh, maybe I'm missing some critical points in the terraform/terragrunt/atlantis/terragrunt-atlantis-config ecosystem with this feature request ;-))

I have a multi account setup, running the tool from the root of my repo. When my creds line up with acccountA and there are calls/references to sops_decrypt_file it works but when it starts processing AccountB/ my credentials are still pointed to accountA. If the function were ignored I could generate configs from the root without the terragrunt library trying to get the kms key from aws. Is there any way to ignore specific functions?

terragrunt-atlantis-config generate --autoplan --parallel --create-project-name --ignore-parent-terragrunt --create-workspace --output ./atlantis.yaml

.
├── accountA/
├── accountB/
├── atlantis.yaml
└── terragrunt.hcl

$> cat accountA/somedir/terragrunt.hcl
locals {
  secrets = jsondecode(sops_decrypt_file(find_in_parent_folders("blar.json")))
}

Error:

[terragrunt] Encountered error while evaluating locals.
Error: /accountB/somedir/terragrunt.hcl:5,38-56: Error in function call; Call to function "sops_decrypt_file" failed: Error getting data key: 0 successful groups required, got 0.

if atlantis.yaml exists and includes custom workflows those should be persisted in the output

Until 0.23.32, a bug in terragrunt prevent the use of dependency in Terragrunt's hooks.

That way, when parsing a terragrunt.hcl file with terragrunt-atlantis-config it fails with Unknown variable; There is no variable named "dependency"..

A sample terragrunt.hcl may be :

dependency "kubernetes" {
  config_path = "${get_parent_terragrunt_dir()}/kubernetes"
}

terraform {
  before_hook "local-admin" {
    commands = ["plan", "apply"]
    execute = ["az", "aks", "get-credentials", dependency.kubernetes.outputs.foo, REDACTED]
  }
  source = "${local.git_root}/modules/terragrunt/aks"
}

Can you consider to update its version to at least 0.23.32 ?

Thanks a lot ! 😃

I want to set apply_requirements: [] in atlantis.yaml for some of my projects (overriding default server-side config). I've tried setting the following in terragrunt.hcl.

locals {
  atlantis_apply_requirements = []
}

However, terragrunt-atlantis-config does not generate any apply_requirements in this case. Is it possible with the newest terragrunt-atlantis-config?

Hi there!

I was looking at using this to generate a config YAML that describes all of the relationships in my mono repo so that when a particular file changes, we can easily reason about which projects need to be re-built.

When I ran this against my test repo, I noticed that the certain files are left out of the generated YAML. For example, if my non-parent terragrunt.hcl contains this block:

locals {
  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
  region_vars  = read_terragrunt_config(find_in_parent_folders("region.hcl"))
}

The generated YAML doesn't seem to understand that these files exist and could be a dependency.

My question is - is that an expected behavior? Or perhaps could this be a feature that can be added to increase the scope of files it can detect and produce valid project YAML? I'd be happy to dive into the terragrunt parse code and see about adding something like this.

Similar to #53 - I have many projects which use the same workflow, but I wish to disable autoplan on some of them.

It would be super useful if I could set a local variable called atlantis_autoplan to true or false in my projects terragrunt.hcl file.

In general, it would be great if any flag could be set by a local atlantis_${flag} var.

Hi,

Thanks for this tool, it looks like it may solve a few workflow issues we're having.
We're using local Terraform modules in the same repository as our Terragrunt configuration, and with this setup, it seems to me that terragrunt-atlantis-config may not include enough entries in its dependencies.

Consider the following structure:

├── live
│   ├── child
│   │   └── terragrunt.hcl
│   └── parent
│       └── terragrunt.hcl
└── modules
    ├── child
    │   └── main.tf
    └── parent
        └── main.tf

with the following contents

# live/child/terragrunt.hcl
terraform {
  source = "../modules//child"
}

dependency "parent" {
  config_path = "../parent"
}

inputs = {
  input = dependency.parent.outputs.value
}

# live/parent/terragrunt.hcl 
terraform {
  source = "../modules//parent"
}

# modules/child/main.tf
locals {
  value = var.input
}

variable "input" {
  type = string
}

# modules/parent/main.tf 
locals {
  output = "whatever"
}

output "value" {
  value = local.output
}

terragrunt-atlantis-config generates the following atlantis.yaml (slightly edited to focus on the issue at hand)

projects:
- autoplan:
    when_modified:
    - '*.hcl'
    - '*.tf*'
    - ../parent/terragrunt.hcl
    - ../modules/child/*.tf*
  dir: live/child
- autoplan:
    when_modified:
    - '*.hcl'
    - '*.tf*'
    - ../modules/parent/*.tf*
  dir: live/parent

Now, if I change in module/parent/main.tf the value of the local variable to "something else", it looks like it should prompt atlantis to also plan the child module - even if I did not change anything in the child module. In other words, atlantis.yaml should contain:

projects:
- autoplan:
    when_modified:
    - '*.hcl'
    - '*.tf*'
    - ../parent/terragrunt.hcl
    - ../modules/child/*.tf*
    - ../modules/parent/*.tf*
  dir: live/child

The difference with local modules is that there's not always a change in the terragrunt.hcl file when the Terraform module changes.

In this example, the apply order is important: terraform plan will not detect any change if the parent module is not applied first and its output changed. I'm unclear however how this is different from a change in parent/terragrunt.hcl (which is included in the dependencies), because such a change could also alter the outputs of a module.

Do you think terragrunt-atlantis-config should support such a use case? I hope my explanations are clear enough 🙂

Thanks for this awesome tool!

For my setup it's not particularly useful to have Atlantis plan all dependent modules when I make a change to a parent module. Since the outputs of the parent module won't change until I run a refresh or apply there, there won't be any impact on child module plans.

For that reason, it would be great to have an --ignore-dependencies flag or similar (but still respecting manually added dependencies via the extra_atlantis_dependencies local var.)

@dmattia Any chance we could get a newer version(>= 0.9.7) of the tool posted so its available via brew for install?

I'm having an issue where I think I'm following the outline defined in the Live Repo example but I'm still not having much luck with Atlantis applying my changes.

The structure I'm testing with is as follows for a pubsub-writer:

├── gcp
│   ├── staging
│   │   ├── test-service
│   │   │  └── project.hcl
|   |   |  └── project
|   |   |   |  └── terragrunt.hcl
|   |   |  └── service_account
|   |   |   |  └── pubsub-writer
|   |   |   |   |  └── terragrunt.hcl
│   └─  terragrunt.hcl

When I modify the root terragrunt file I'm expecting Atlantis to be able to plan the changes but I running into 0/0 plans. The contents of the root terragrunt file are the remote state and some config bits:

remote_state {
  backend = "gcs"
  generate = {
    path      = "backend.tf"
    if_exists = "overwrite_terragrunt"
  }
  config = {
    bucket = "test-bucket"
    prefix = "${path_relative_to_include()}/state"
    project = "test-project"
    location = "us-central1"
  }
}

I'm in the early stages of a POC using this tool and followed the installation instructions as listed so I have the pre workflow hook configured to run in the server side yaml:

terragrunt-atlantis-config generate --output atlantis.yaml --autoplan --parallel --create-workspace

Any assistance would be appreciated as I'm unsure if this is a limitation I'm hitting or just me using terragrunt in an incorrect way.

Our organization may soon lose support for windows executors on CircleCI.

As a precaution to ensure this library maintains cross-platform test coverage, we should migrate CI platforms

We have in our child terragrunt.hcl

include {
  path = find_in_parent_folders()
}

terraform {
  source = "../../../../../modules//secrets"

  extra_arguments "common_var" {
    commands = [for c in get_terraform_commands_that_need_vars() : c if c != "apply"]

    arguments = [
      "-var-file=${get_terragrunt_dir()}/main.tfvars"
    ]
  }
}

locals {
  secrets = try(jsondecode(sops_decrypt_file("${get_terragrunt_dir()}/../secrets.json")), {})
}

inputs = merge(
  local.secrets
)

Running

> terragrunt-atlantis-config generate --autoplan --create-workspace --create-project-name --output atlantis.yaml --workflow terragrunt --ignore-parent-terragrunt

We dont end up with the secrets.json showing up as a dependency anywhere in our atlantis.yaml.

Am I missing something?

I don't know how to make the atlantis.yaml automatically generated every time i create a pull request, and atlantis can pick up this auto generated file then do terragrunt plan or apply.

I think this would be best if atlantis.yaml can be auto generated and i don't need to keep track of this file in github repo.

My current terragrunt structure is as follows

├── account
│   ├── staging
│   │   ├── api-gateway
│   │   │    └── terragrunt.hcl
│   └── production
│   │   ├── api-gateway
│   │   │    └── terragrunt.hcl
└── modules
│   ├── api-gateway
│    │   └── main.tf
    

I would like to generate seperate atlantis.yaml as follows
atlantis.staging.yaml

- autoplan:
    enabled: false
    when_modified:
    - '*.hcl'
    - '*.tf*'
  dir: account/staging/api-gateway/

atlantis.production.yaml

- autoplan:
    enabled: false
    when_modified:
    - '*.hcl'
    - '*.tf*'
  dir: account/production/api-gateway/

In order to use different atlantis servers to reference to its respective atlantis.yaml based on environment. However when i try to make use of the --root parameter, it does not correctly reference the git root for the final dir, as if i were to set the following

--root . - I will get a merged atlantis.yaml with the correct dir reference

- autoplan:
    enabled: false
    when_modified:
    - '*.hcl'
    - '*.tf*'
  dir: account/staging/api-gateway/
- autoplan:
    enabled: false
    when_modified:
    - '*.hcl'
    - '*.tf*'
  dir: account/production/api-gateway/
`

`--root account` - I will get a merged atlantis.yaml with the *wrong* dir reference

• autoplan:
  enabled: false
  when_modified:
  • '*.hcl'
  • '.tf'
    dir: staging/api-gateway/
• autoplan:
  enabled: false
  when_modified:
  • '*.hcl'
  • '.tf'
    dir: production/api-gateway/
    `

I will like to use --root ./account/staging to create my atlantis.staging.yaml and likewise for production, however this does not seem to be the use case for --root? Is there a method to achieve my desired yaml configuration?

Thank you for looking at my issue.

I am using base runatlantis/atlantis image and adding terragrunt-atlantis-config with this command in my Dockerfile:

RUN curl -LfsSo terragrunt-atlantis-config_1.4.1_linux_amd64.tar.gz https://github.com/transcend-io/terragrunt-atlantis-config/releases/download/v1.4.1/terragrunt-atlantis-config_1.4.1_linux_amd64.tar.gz && \
  tar -xf terragrunt-atlantis-config_1.4.1_linux_amd64.tar.gz && \
  mv terragrunt-atlantis-config_1.4.1_linux_amd64/terragrunt-atlantis-config_1.4.1_linux_amd64 /usr/local/bin/terragrunt-atlantis-config 

When I try to run it, I get No such file or directory error. Here is an example:

bash-5.0# cd /usr/local/bin/ 
bash-5.0# ls -la 
... 
-rwxr-xr-x 1 root root 32634795 Apr 22 11:03 terragrunt 
-rwxr-xr-x 1 root root 34364386 Apr 22 11:03 terragrunt-atlantis-config

Run terragrunt-atlantis-config:

bash-5.0# terragrunt-atlantis-config version 
bash: /usr/local/bin/terragrunt-atlantis-config: No such file or directory 

However, terragrunt works fine:

bash-5.0# terragrunt -v 
terragrunt version v0.28.21 

I can see that terragrunt is statically linked, but terragrunt-atlantis-config is linked dynamically:

bash-5.0# file terragrunt
terragrunt: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, Go BuildID=YSXQP524fiAkFMKe2U4_/S0q5UyF0QhZgFWUrYiP2/Sqqd1PtyS4TlTRI0UNHe/XD0BQokFh98OO6OVteVr, not stripped

bash-5.0# file terragrunt-atlantis-config
terragrunt-atlantis-config: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, Go BuildID=7EL3iPQXP4fCVdoenZYY/2GjvWCEb3f3_v_C09Tv9/CAJ2SWTEjAu_pe4NCLVc/4y26e-1R_sjIUBXB2jGx, not stripped

I guess I need some prerequisites to run terragrunt-atlantis-config this way?

I just stumbled across this tool and think it would extremely useful for us, however it seems to not fully understand out repo structure and our use of the include block in leaf terragrunt.hcl files.

Setup:

• mono repo with:
  -- /modules
  -- /providers/<env>/terragrunt.hcl
  -- /providers/<env>/project/region/resource/terragrunt.hcl
  -- /providers/common_vars/common_tags.yaml

All leaf terragrunt.hcls include their "parent" terragrunt.hcl.
The parent terragrunt.hcl has locals that are used for the purpose of tagging resources:

locals {
  common_tags      = yamldecode(fileexists("${find_in_parent_folders("../common_vars/common_tags.yaml", "nonexistant")}") ? file("${find_in_parent_folders("../common_vars/common_tags.yaml")}") : "{}")
  environment_tags = yamldecode(fileexists("${find_in_parent_folders("environment_tags.yaml", "nonexistant")}") ? file("${find_in_parent_folders("environment_tags.yaml")}") : "{}")
  regional_tags    = yamldecode(fileexists("${find_in_parent_folders("region_tags.yaml", "nonexistant")}") ? file("${find_in_parent_folders("region_tags.yaml")}") : "{}")
  application_tags = yamldecode(fileexists("${find_in_parent_folders("application_tags.yaml", "nonexistant")}") ? file("${find_in_parent_folders("application_tags.yaml")}") : "{}")
  instance_tags    = yamldecode(fileexists("${find_in_parent_folders("instance_tags.yaml", "nonexistant")}") ? file("${find_in_parent_folders("instance_tags.yaml")}") : "{}")
  local_tags       = yamldecode(fileexists("${path_relative_to_include()}/local_tags.yaml") ? file("${path_relative_to_include()}/local_tags.yaml") : "{}")
}

inputs = {
  tags        = merge(merge(merge(merge(merge(merge(local.common_tags, local.environment_tags), local.application_tags), local.regional_tags), local.instance_tags), local.local_tags), local.overwrite_tags)
}

Then all modules simply reference var.tags for any of their tag fields. This allows us to easily create and overwrite default tags at every level.

I tried adding the extra_atlantis_dependencies with the find(filesabove), but those files never showed up in any of the leaf autoplan dependencies. Instead the generator created a providers/env project which serves no purpose.

Any advise? Is there an option I'm missing for it to properly understand this?

Thanks!

just downloaded latest master build in order to test new functionality as discussed in issue #60 . I am now getting a runtime panic

> terragrunt-atlantis-config generate --autoplan --create-workspace --create-project-name --output autogen.yaml --workflow terragrunt --ignore-parent-terragrunt
[terragrunt] 2020/09/29 15:45:15 Running command: bash -c dirname $(dirname /home/user/repos/terragrunt/providers/accounts/delivery) | tr -d '
'
[terragrunt] 2020/09/29 15:45:15 Command output will be suppressed.
[terragrunt] 2020/09/29 15:45:15 run_cmd output: [REDACTED]
[terragrunt] 2020/09/29 15:45:15 Running command: bash -c echo -n /home/user/repos/terragrunt/providers/accounts/delivery/aws-limit-monitor | sed 's|/home/user/repos/terragrunt/providers||g'
[terragrunt] 2020/09/29 15:45:15 Command output will be suppressed.
[terragrunt] 2020/09/29 15:45:15 run_cmd output: [REDACTED]
[terragrunt] 2020/09/29 15:45:15 Running command: bash -c dirname $(dirname /home/user/repos/terragrunt/providers/accounts/delivery) | tr -d '
'
[terragrunt] 2020/09/29 15:45:15 Command output will be suppressed.
[terragrunt] 2020/09/29 15:45:15 run_cmd output: [REDACTED]
[terragrunt] 2020/09/29 15:45:15 Running command: bash -c echo -n /home/user/repos/terragrunt/providers/accounts/delivery | sed 's|/home/user/repos/terragrunt/providers||g'
[terragrunt] 2020/09/29 15:45:15 Command output will be suppressed.
[terragrunt] 2020/09/29 15:45:15 run_cmd output: [REDACTED]
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x113d2ff]

goroutine 19 [running]:
github.com/transcend-io/terragrunt-atlantis-config/cmd.getDependencies(0xc0003545a0, 0x59, 0x0, 0x0, 0x0, 0x0, 0x0)
        /home/user/go/pkg/mod/github.com/transcend-io/[email protected]/cmd/generate.go:157 +0x41f
github.com/transcend-io/terragrunt-atlantis-config/cmd.createProject(0xc0003545a0, 0x59, 0x0, 0x0, 0x0)
        /home/user/go/pkg/mod/github.com/transcend-io/[email protected]/cmd/generate.go:171 +0x50
github.com/transcend-io/terragrunt-atlantis-config/cmd.main.func1(0x0, 0x0)
        /home/user/go/pkg/mod/github.com/transcend-io/[email protected]/cmd/generate.go:286 +0x7f
golang.org/x/sync/errgroup.(*Group).Go.func1(0xc00032c2d0, 0xc00032d410)
        /home/user/go/pkg/mod/golang.org/x/[email protected]/errgroup/errgroup.go:57 +0x59
created by golang.org/x/sync/errgroup.(*Group).Go
        /home/user/go/pkg/mod/golang.org/x/[email protected]/errgroup/errgroup.go:54 +0x66

Let me know what other info I can provide for troubleshooting. Thanks!

I have tried to install using the command included in the documentation but it gives an error:

{16:47}~ ➭ cd && GO111MODULE=on go get github.com/transcend-io/terragrunt-atlantis-config@master && cd -
package github.com/transcend-io/terragrunt-atlantis-config@master: invalid github.com/ import path "github.com/transcend-io/terragrunt-atlantis-config@master"

I have also tried to install with out the @master but that gave different errors:

cd && GO111MODULE=on go get github.com/transcend-io/terragrunt-atlantis-config && cd - aws:prod
package github.com/hashicorp/hcl/v2: cannot find package "github.com/hashicorp/hcl/v2" in any of:
/usr/lib/go-1.10/src/github.com/hashicorp/hcl/v2 (from $GOROOT)
/home/vagrant/go/src/github.com/hashicorp/hcl/v2 (from $GOPATH)
package github.com/hashicorp/hcl/v2/hclparse: cannot find package "github.com/hashicorp/hcl/v2/hclparse" in any of:
/usr/lib/go-1.10/src/github.com/hashicorp/hcl/v2/hclparse (from $GOROOT)
/home/vagrant/go/src/github.com/hashicorp/hcl/v2/hclparse (from $GOPATH)
package github.com/hashicorp/hcl/v2/hclwrite: cannot find package "github.com/hashicorp/hcl/v2/hclwrite" in any of:
/usr/lib/go-1.10/src/github.com/hashicorp/hcl/v2/hclwrite (from $GOROOT)
/home/vagrant/go/src/github.com/hashicorp/hcl/v2/hclwrite (from $GOPATH)
package github.com/hashicorp/hcl/v2/gohcl: cannot find package "github.com/hashicorp/hcl/v2/gohcl" in any of:
/usr/lib/go-1.10/src/github.com/hashicorp/hcl/v2/gohcl (from $GOROOT)
/home/vagrant/go/src/github.com/hashicorp/hcl/v2/gohcl (from $GOPATH)
package github.com/hashicorp/hcl/v2/hclsyntax: cannot find package "github.com/hashicorp/hcl/v2/hclsyntax" in any of:
/usr/lib/go-1.10/src/github.com/hashicorp/hcl/v2/hclsyntax (from $GOROOT)
/home/vagrant/go/src/github.com/hashicorp/hcl/v2/hclsyntax (from $GOPATH)

atlantis.yaml supports an option per project to specify terraform_version. This tool should support including this option by specifying a local. Something like atlantis_terraform_version, similar to how atlantis_workflow is supported.

Hi,

When generating the atlantis.yml using v1.6.0 the order in the generated file changes with every run.
I'm using this call:

terragrunt-atlantis-config generate --ignore-parent-terragrunt --autoplan --workflow terragrunt --parallel=false --output ./atlantis.yaml

The order is only consistent when appending --num-executors 1.
Let me know if you need any more details.

Please provide some way to obtain a checksum for the release assets, SHA256 for example. Thank you!

Hi,

It seems that automerge & the autoplan are always output, even when default values.
Can the yaml be kept cleaner and not set them unless differing from the default?

- autoplan:
    enabled: true
    when_modified:
    - '*.hcl'
    - '*.tf*'

this autoplan config is the default, so isn't required everywhere. If dependencies are found then include just the when_modified...

Cheers,
Josh

As you may have already faced, you need to run terragrunt-atlantis-config tool as soon as you have added/changed/deleted something from your IaC as you will most likely need to update the atlantis.yaml file with the changes introduced by your change.
In order to solve that problem as we couldn't rely on human to remember to run this command we decided to use pre-commit
and to be exact we have added a file .pre-commit-config.yaml in our Repo containing the following

repos:
    - repo: local
      hooks:
        -   id: run-terragrunt-atlantis-config-generate
            name: 'terragrunt-atlantis-config generate'
            entry: 'run-terragrunt-atlantis.sh'
            language: 'script'
            always_run: true
            stages: [post-commit]
            description: "Runs terragrunt-atlantis-config generate, requires https://github.com/transcend-io/terragrunt-atlantis-config"

and run-terragrunt-atlantis.sh is

#!/usr/bin/env bash
exec terragrunt-atlantis-config generate --ignore-parent-terragrunt --autoplan --workflow terragrunt --parallel=false --output ./atlantis.yaml

As you can imagine this is not obligatory and it requires each user to install the hook which from then runs automatically except for the case she instructs to SKIP it.

This sounds fine but if you infrastructure is described on more than one IaC repositories it starts getting a bit cumbersome to ask from different users to install the above hooks.

As a result i was thinking that having a Github action which runs on after a push on a branch (which has an open PR), this will generate the atlantis.yaml file and add a commit for it on the branch taking this responsibility from each user. This will be highly portable from repo-to-repo as easy as it is to include a new github action in your repo.

What i don't like with this approach is that it will create several commits for atlantis.yaml and if you don't use the Squash & Merge feature of Github you still depend on users good will to merge those commits onto one and don't create a mess in history.

I am writing this whole proposal here in order to discuss whether you had similar problems/ideas and if you would like to collaborate on that to create something that we can use among different repos with minimal configuration in a yaml file.

We are leveraging the working_dir argument in our terragrunt.hcl which was recently added gruntwork-io/terragrunt#1584 and gruntwork-io/terragrunt#1588

atlantis.yaml file generation is failing however with:

$ terragrunt-atlantis-config generate --ignore-parent-terragrunt --autoplan --output atlantis.yaml --parallel=false --workflow terragrunt --create-project-name --automerge
INFO[0000] Could not find an old config file. Starting from scratch
Error: ${REPO_ROOT}/terragrunt.hcl:51,5-16: Unsupported argument; An argument named "working_dir" is not expected here.

We have an after hook that cleans up the terragrunt-cache

terraform {
  after_hook "cleanup_cache" {
    commands    = local.is_atlantis == true ? ["apply"] : ["plan"]
    working_dir = get_terragrunt_dir()
    execute     = ["rm", "-rf", "./.terragrunt-cache"]
  }
}

I'll submit a PR in a minute to bump the version of terragrunt which appears to resolve this issue.

Hey David, question for you. We have a module/resource with the following definition.

resource "vault_policy" "policies" {
  for_each = toset(var.policies)

  name   = each.key
  policy = templatefile("files/${each.key}.hcl.tmpl", { environment = var.environment })
}

How do I get these template files to show up as a dependency on the project?

I tried adding

locals {
  extra_atlantis_dependencies = formatlist("files/%s.hcl.tmpl", var.policies)
}

to the terragrunt file, but it doesnt seem to like that.

There is no option to be able to control the repo automerge setting as this is currently hardcoded to false. I would like to be able to control that with a flag so that I do not have to manually modify the file afterwards.