Documentation ¶
Index ¶
- Constants
- Variables
- func AddLabelsToGCSBucket(gcsClient *storage.Client, config *ExtendedRemoteStateConfigGCS, ...) error
- func CreateGCSBucket(gcsClient *storage.Client, config *ExtendedRemoteStateConfigGCS, ...) error
- func CreateGCSBucketWithVersioning(gcsClient *storage.Client, config *ExtendedRemoteStateConfigGCS, ...) error
- func CreateGCSClient(gcsConfigRemote RemoteStateConfigGCS) (*storage.Client, error)
- func CreateLogsS3BucketIfNecessary(s3Client *s3.S3, logsBucketName *string, ...) error
- func CreateS3Bucket(s3Client *s3.S3, bucket *string, terragruntOptions *options.TerragruntOptions) error
- func CreateS3BucketWithVersioningSSEncryptionAndAccessLogging(s3Client *s3.S3, config *ExtendedRemoteStateConfigS3, ...) error
- func CreateS3Client(config *aws_helper.AwsSessionConfig, ...) (*s3.S3, error)
- func DoesGCSBucketExist(gcsClient *storage.Client, config *RemoteStateConfigGCS) bool
- func DoesS3BucketExist(s3Client *s3.S3, bucket *string) bool
- func EnableAccessLoggingForS3BucketWide(s3Client *s3.S3, config *RemoteStateConfigS3, ...) error
- func EnableEnforcedTLSAccesstoS3Bucket(s3Client *s3.S3, config *ExtendedRemoteStateConfigS3, ...) error
- func EnablePublicAccessBlockingForS3Bucket(s3Client *s3.S3, bucketName string, ...) error
- func EnableRootAccesstoS3Bucket(s3Client *s3.S3, config *ExtendedRemoteStateConfigS3, ...) error
- func EnableSSEForS3BucketWide(s3Client *s3.S3, config *ExtendedRemoteStateConfigS3, ...) error
- func EnableVersioningForS3Bucket(s3Client *s3.S3, config *RemoteStateConfigS3, ...) error
- func TagS3Bucket(s3Client *s3.S3, config *ExtendedRemoteStateConfigS3, ...) error
- func UpdateLockTableSetSSEncryptionOnIfNecessary(s3Config *RemoteStateConfigS3, config *ExtendedRemoteStateConfigS3, ...) error
- func WaitUntilGCSBucketExists(gcsClient *storage.Client, config *RemoteStateConfigGCS, ...) error
- func WaitUntilS3BucketExists(s3Client *s3.S3, config *RemoteStateConfigS3, ...) error
- type CantParseTerraformStateFile
- type ExtendedRemoteStateConfigGCS
- type ExtendedRemoteStateConfigS3
- type GCSInitializer
- func (gcsInitializer GCSInitializer) GetTerraformInitArgs(config map[string]interface{}) map[string]interface{}
- func (gcsInitializer GCSInitializer) Initialize(remoteState *RemoteState, terragruntOptions *options.TerragruntOptions) error
- func (gcsInitializer GCSInitializer) NeedsInitialization(remoteState *RemoteState, existingBackend *TerraformBackend, ...) (bool, error)
- type MaxRetriesWaitingForS3ACLExceeded
- type MaxRetriesWaitingForS3BucketExceeded
- type MissingRequiredGCSRemoteStateConfig
- type MissingRequiredS3RemoteStateConfig
- type MultipleTagsDeclarations
- type RemoteState
- func (remoteState *RemoteState) FillDefaults()
- func (remoteState *RemoteState) GenerateTerraformCode(terragruntOptions *options.TerragruntOptions) error
- func (remoteState *RemoteState) Initialize(terragruntOptions *options.TerragruntOptions) error
- func (remoteState *RemoteState) NeedsInit(terragruntOptions *options.TerragruntOptions) (bool, error)
- func (remoteState *RemoteState) String() string
- func (remoteState RemoteState) ToTerraformInitArgs() []string
- func (remoteState *RemoteState) Validate() error
- type RemoteStateConfigGCS
- type RemoteStateConfigS3
- type RemoteStateGenerate
- type RemoteStateInitializer
- type S3BucketUpdatesRequired
- type S3Initializer
- func (s3Initializer S3Initializer) GetTerraformInitArgs(config map[string]interface{}) map[string]interface{}
- func (s3Initializer S3Initializer) Initialize(remoteState *RemoteState, terragruntOptions *options.TerragruntOptions) error
- func (s3Initializer S3Initializer) NeedsInitialization(remoteState *RemoteState, existingBackend *TerraformBackend, ...) (bool, error)
- type TerraformBackend
- type TerraformState
- type TerraformStateModule
Constants ¶
const ( DefaultS3BucketAccessLoggingTargetPrefix = "TFStateLogs/" SidRootPolicy = "RootAccess" SidEnforcedTLSPolicy = "EnforcedTLS" )
const DEFAULT_PATH_TO_LOCAL_STATE_FILE = "terraform.tfstate"
When storing Terraform state locally, this is the default path to the tfstate file
const DEFAULT_PATH_TO_REMOTE_STATE_FILE = "terraform.tfstate"
When using remote state storage, Terraform keeps a local copy of the state file in this folder
const MAX_RETRIES_WAITING_FOR_GCS_BUCKET = 12
const MAX_RETRIES_WAITING_FOR_S3_BUCKET = 12
const SLEEP_BETWEEN_RETRIES_WAITING_FOR_GCS_BUCKET = 5 * time.Second
const SLEEP_BETWEEN_RETRIES_WAITING_FOR_S3_BUCKET = 5 * time.Second
Variables ¶
var ( ErrRemoteBackendMissing = fmt.Errorf("the remote_state.backend field cannot be empty") ErrGenerateCalledWithNoGenerateAttr = fmt.Errorf("generate code routine called when no generate attribute is configured") )
Custom errors
Functions ¶
func AddLabelsToGCSBucket ¶ added in v0.19.6
func AddLabelsToGCSBucket(gcsClient *storage.Client, config *ExtendedRemoteStateConfigGCS, terragruntOptions *options.TerragruntOptions) error
func CreateGCSBucket ¶ added in v0.19.6
func CreateGCSBucket(gcsClient *storage.Client, config *ExtendedRemoteStateConfigGCS, terragruntOptions *options.TerragruntOptions) error
Create the GCS bucket specified in the given config
func CreateGCSBucketWithVersioning ¶ added in v0.19.6
func CreateGCSBucketWithVersioning(gcsClient *storage.Client, config *ExtendedRemoteStateConfigGCS, terragruntOptions *options.TerragruntOptions) error
CreateGCSBucketWithVersioning creates the given GCS bucket and enables versioning for it.
func CreateGCSClient ¶ added in v0.19.6
func CreateGCSClient(gcsConfigRemote RemoteStateConfigGCS) (*storage.Client, error)
CreateGCSClient creates an authenticated client for GCS
func CreateLogsS3BucketIfNecessary ¶ added in v0.26.0
func CreateS3Bucket ¶ added in v0.2.0
func CreateS3Bucket(s3Client *s3.S3, bucket *string, terragruntOptions *options.TerragruntOptions) error
Create the S3 bucket specified in the given config
func CreateS3BucketWithVersioningSSEncryptionAndAccessLogging ¶ added in v0.18.0
func CreateS3BucketWithVersioningSSEncryptionAndAccessLogging(s3Client *s3.S3, config *ExtendedRemoteStateConfigS3, terragruntOptions *options.TerragruntOptions) error
Create the given S3 bucket and enable versioning for it
func CreateS3Client ¶ added in v0.2.0
func CreateS3Client(config *aws_helper.AwsSessionConfig, terragruntOptions *options.TerragruntOptions) (*s3.S3, error)
Create an authenticated client for DynamoDB
func DoesGCSBucketExist ¶ added in v0.19.6
func DoesGCSBucketExist(gcsClient *storage.Client, config *RemoteStateConfigGCS) bool
DoesGCSBucketExist returns true if the GCS bucket specified in the given config exists and the current user has the ability to access it.
func DoesS3BucketExist ¶ added in v0.2.0
Returns true if the S3 bucket specified in the given config exists and the current user has the ability to access it.
func EnableAccessLoggingForS3BucketWide ¶ added in v0.18.0
func EnableAccessLoggingForS3BucketWide(s3Client *s3.S3, config *RemoteStateConfigS3, terragruntOptions *options.TerragruntOptions, logsBucket string, logsBucketPrefix string) error
Enable bucket-wide Access Logging for the AWS S3 bucket specified in the given config
func EnableEnforcedTLSAccesstoS3Bucket ¶ added in v0.24.4
func EnableEnforcedTLSAccesstoS3Bucket(s3Client *s3.S3, config *ExtendedRemoteStateConfigS3, terragruntOptions *options.TerragruntOptions) error
Add a policy to enforce TLS based access to the bucket
func EnablePublicAccessBlockingForS3Bucket ¶ added in v0.19.10
func EnablePublicAccessBlockingForS3Bucket(s3Client *s3.S3, bucketName string, terragruntOptions *options.TerragruntOptions) error
Block all public access policies on the bucket and objects. These settings ensure that a misconfiguration of the bucket or objects will not accidentally enable public access to those items. See https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html for more information.
func EnableRootAccesstoS3Bucket ¶ added in v0.21.10
func EnableRootAccesstoS3Bucket(s3Client *s3.S3, config *ExtendedRemoteStateConfigS3, terragruntOptions *options.TerragruntOptions) error
Add a policy to allow root access to the bucket
func EnableSSEForS3BucketWide ¶ added in v0.18.0
func EnableSSEForS3BucketWide(s3Client *s3.S3, config *ExtendedRemoteStateConfigS3, terragruntOptions *options.TerragruntOptions) error
Enable bucket-wide Server-Side Encryption for the AWS S3 bucket specified in the given config
func EnableVersioningForS3Bucket ¶ added in v0.2.0
func EnableVersioningForS3Bucket(s3Client *s3.S3, config *RemoteStateConfigS3, terragruntOptions *options.TerragruntOptions) error
Enable versioning for the S3 bucket specified in the given config
func TagS3Bucket ¶ added in v0.14.11
func TagS3Bucket(s3Client *s3.S3, config *ExtendedRemoteStateConfigS3, terragruntOptions *options.TerragruntOptions) error
func UpdateLockTableSetSSEncryptionOnIfNecessary ¶ added in v0.18.0
func UpdateLockTableSetSSEncryptionOnIfNecessary(s3Config *RemoteStateConfigS3, config *ExtendedRemoteStateConfigS3, terragruntOptions *options.TerragruntOptions) error
Update a table for locks in DynamoDB if the user has configured a lock table and the table's server-side encryption isn't turned on
func WaitUntilGCSBucketExists ¶ added in v0.19.6
func WaitUntilGCSBucketExists(gcsClient *storage.Client, config *RemoteStateConfigGCS, terragruntOptions *options.TerragruntOptions) error
GCP is eventually consistent, so after creating a GCS bucket, this method can be used to wait until the information about that GCS bucket has propagated everywhere.
func WaitUntilS3BucketExists ¶ added in v0.4.0
func WaitUntilS3BucketExists(s3Client *s3.S3, config *RemoteStateConfigS3, terragruntOptions *options.TerragruntOptions) error
AWS is eventually consistent, so after creating an S3 bucket, this method can be used to wait until the information about that S3 bucket has propagated everywhere
Types ¶
type CantParseTerraformStateFile ¶
func (CantParseTerraformStateFile) Error ¶
func (err CantParseTerraformStateFile) Error() string
type ExtendedRemoteStateConfigGCS ¶ added in v0.19.6
type ExtendedRemoteStateConfigGCS struct { Project string `mapstructure:"project"` Location string `mapstructure:"location"` GCSBucketLabels map[string]string `mapstructure:"gcs_bucket_labels"` SkipBucketVersioning bool `mapstructure:"skip_bucket_versioning"` SkipBucketCreation bool `mapstructure:"skip_bucket_creation"` EnableBucketPolicyOnly bool `mapstructure:"enable_bucket_policy_only"` // contains filtered or unexported fields }
* We use this construct to separate the config key 'gcs_bucket_labels' from the others, as they * are specific to the gcs backend, but only used by terragrunt to tag the gcs bucket in case it * has to create them.
type ExtendedRemoteStateConfigS3 ¶ added in v0.14.11
type ExtendedRemoteStateConfigS3 struct { S3BucketTags map[string]string `mapstructure:"s3_bucket_tags"` DynamotableTags map[string]string `mapstructure:"dynamodb_table_tags"` SkipBucketVersioning bool `mapstructure:"skip_bucket_versioning"` SkipBucketSSEncryption bool `mapstructure:"skip_bucket_ssencryption"` SkipBucketAccessLogging bool `mapstructure:"skip_bucket_accesslogging"` SkipBucketRootAccess bool `mapstructure:"skip_bucket_root_access"` SkipBucketEnforcedTLS bool `mapstructure:"skip_bucket_enforced_tls"` DisableBucketUpdate bool `mapstructure:"disable_bucket_update"` EnableLockTableSSEncryption bool `mapstructure:"enable_lock_table_ssencryption"` DisableAWSClientChecksums bool `mapstructure:"disable_aws_client_checksums"` AccessLoggingBucketName string `mapstructure:"accesslogging_bucket_name"` AccessLoggingTargetPrefix string `mapstructure:"accesslogging_target_prefix"` // contains filtered or unexported fields }
* We use this construct to separate the two config keys 's3_bucket_tags' and 'dynamodb_table_tags' * from the others, as they are specific to the s3 backend, but only used by terragrunt to tag * the s3 bucket and the dynamo db, in case it has to create them.
func (*ExtendedRemoteStateConfigS3) GetAwsSessionConfig ¶ added in v0.22.2
func (c *ExtendedRemoteStateConfigS3) GetAwsSessionConfig() *aws_helper.AwsSessionConfig
Builds a session config for AWS related requests from the RemoteStateConfigS3 configuration
type GCSInitializer ¶ added in v0.19.6
type GCSInitializer struct{}
func (GCSInitializer) GetTerraformInitArgs ¶ added in v0.19.6
func (gcsInitializer GCSInitializer) GetTerraformInitArgs(config map[string]interface{}) map[string]interface{}
func (GCSInitializer) Initialize ¶ added in v0.19.6
func (gcsInitializer GCSInitializer) Initialize(remoteState *RemoteState, terragruntOptions *options.TerragruntOptions) error
Initialize the remote state GCS bucket specified in the given config. This function will validate the config parameters, create the GCS bucket if it doesn't already exist, and check that versioning is enabled.
func (GCSInitializer) NeedsInitialization ¶ added in v0.19.6
func (gcsInitializer GCSInitializer) NeedsInitialization(remoteState *RemoteState, existingBackend *TerraformBackend, terragruntOptions *options.TerragruntOptions) (bool, error)
Returns true if:
1. Any of the existing backend settings are different than the current config 2. The configured GCS bucket does not exist
type MaxRetriesWaitingForS3ACLExceeded ¶ added in v0.18.0
type MaxRetriesWaitingForS3ACLExceeded string
func (MaxRetriesWaitingForS3ACLExceeded) Error ¶ added in v0.18.0
func (err MaxRetriesWaitingForS3ACLExceeded) Error() string
type MaxRetriesWaitingForS3BucketExceeded ¶ added in v0.4.0
type MaxRetriesWaitingForS3BucketExceeded string
func (MaxRetriesWaitingForS3BucketExceeded) Error ¶ added in v0.4.0
func (err MaxRetriesWaitingForS3BucketExceeded) Error() string
type MissingRequiredGCSRemoteStateConfig ¶ added in v0.19.6
type MissingRequiredGCSRemoteStateConfig string
func (MissingRequiredGCSRemoteStateConfig) Error ¶ added in v0.19.6
func (configName MissingRequiredGCSRemoteStateConfig) Error() string
type MissingRequiredS3RemoteStateConfig ¶ added in v0.2.0
type MissingRequiredS3RemoteStateConfig string
func (MissingRequiredS3RemoteStateConfig) Error ¶ added in v0.2.0
func (configName MissingRequiredS3RemoteStateConfig) Error() string
type MultipleTagsDeclarations ¶ added in v0.14.11
type MultipleTagsDeclarations string
func (MultipleTagsDeclarations) Error ¶ added in v0.14.11
func (target MultipleTagsDeclarations) Error() string
type RemoteState ¶
type RemoteState struct { Backend string DisableInit bool DisableDependencyOptimization bool Generate *RemoteStateGenerate Config map[string]interface{} }
Configuration for Terraform remote state NOTE: If any attributes are added here, be sure to add it to remoteStateAsCty in config/config_as_cty.go
func (*RemoteState) FillDefaults ¶
func (remoteState *RemoteState) FillDefaults()
Fill in any default configuration for remote state
func (*RemoteState) GenerateTerraformCode ¶ added in v0.22.0
func (remoteState *RemoteState) GenerateTerraformCode(terragruntOptions *options.TerragruntOptions) error
Generate the terraform code for configuring remote state backend.
func (*RemoteState) Initialize ¶ added in v0.2.0
func (remoteState *RemoteState) Initialize(terragruntOptions *options.TerragruntOptions) error
Perform any actions necessary to initialize the remote state before it's used for storage. For example, if you're using S3 or GCS for remote state storage, this may create the bucket if it doesn't exist already.
func (*RemoteState) NeedsInit ¶ added in v0.13.0
func (remoteState *RemoteState) NeedsInit(terragruntOptions *options.TerragruntOptions) (bool, error)
Returns true if remote state needs to be configured. This will be the case when:
1. Remote state has not already been configured 2. Remote state has been configured, but with a different configuration 3. The remote state initializer for this backend type, if there is one, says initialization is necessary
func (*RemoteState) String ¶ added in v0.9.4
func (remoteState *RemoteState) String() string
func (RemoteState) ToTerraformInitArgs ¶ added in v0.12.3
func (remoteState RemoteState) ToTerraformInitArgs() []string
Convert the RemoteState config into the format used by the terraform init command
func (*RemoteState) Validate ¶
func (remoteState *RemoteState) Validate() error
Validate that the remote state is configured correctly
type RemoteStateConfigGCS ¶ added in v0.19.6
type RemoteStateConfigGCS struct { Bucket string `mapstructure:"bucket"` Credentials string `mapstructure:"credentials"` Prefix string `mapstructure:"prefix"` Path string `mapstructure:"path"` EncryptionKey string `mapstructure:"encryption_key"` ImpersonateServiceAccount string `mapstructure:"impersonate_service_account"` ImpersonateServiceAccountDelegates []string `mapstructure:"impersonate_service_account_delegates"` }
A representation of the configuration options available for GCS remote state
type RemoteStateConfigS3 ¶ added in v0.2.0
type RemoteStateConfigS3 struct { Encrypt bool `mapstructure:"encrypt"` Bucket string `mapstructure:"bucket"` Key string `mapstructure:"key"` Region string `mapstructure:"region"` Endpoint string `mapstructure:"endpoint"` DynamoDBEndpoint string `mapstructure:"dynamodb_endpoint"` Profile string `mapstructure:"profile"` RoleArn string `mapstructure:"role_arn"` ExternalID string `mapstructure:"external_id"` SessionName string `mapstructure:"session_name"` LockTable string `mapstructure:"lock_table"` // Deprecated in Terraform version 0.13 or newer. DynamoDBTable string `mapstructure:"dynamodb_table"` CredsFilename string `mapstructure:"shared_credentials_file"` S3ForcePathStyle bool `mapstructure:"force_path_style"` }
A representation of the configuration options available for S3 remote state
func (*RemoteStateConfigS3) GetLockTableName ¶ added in v0.13.7
func (s3Config *RemoteStateConfigS3) GetLockTableName() string
The DynamoDB lock table attribute used to be called "lock_table", but has since been renamed to "dynamodb_table", and the old attribute name deprecated. The old attribute name has been eventually removed from Terraform starting with release 0.13. To maintain backwards compatibility, we support both names.
type RemoteStateGenerate ¶ added in v0.22.0
type RemoteStateGenerate struct { Path string `cty:"path" mapstructure:"path"` IfExists string `cty:"if_exists" mapstructure:"if_exists"` }
Code gen configuration for Terraform remote state
type RemoteStateInitializer ¶ added in v0.2.0
type RemoteStateInitializer interface { // Return true if remote state needs to be initialized NeedsInitialization(remoteState *RemoteState, existingBackend *TerraformBackend, terragruntOptions *options.TerragruntOptions) (bool, error) // Initialize the remote state Initialize(remoteState *RemoteState, terragruntOptions *options.TerragruntOptions) error // Return the config that should be passed on to terraform via -backend-config cmd line param // Allows the Backends to filter and/or modify the configuration given from the user GetTerraformInitArgs(config map[string]interface{}) map[string]interface{} }
type S3BucketUpdatesRequired ¶ added in v0.37.0
type S3Initializer ¶ added in v0.13.6
type S3Initializer struct{}
func (S3Initializer) GetTerraformInitArgs ¶ added in v0.14.11
func (s3Initializer S3Initializer) GetTerraformInitArgs(config map[string]interface{}) map[string]interface{}
func (S3Initializer) Initialize ¶ added in v0.13.6
func (s3Initializer S3Initializer) Initialize(remoteState *RemoteState, terragruntOptions *options.TerragruntOptions) error
Initialize the remote state S3 bucket specified in the given config. This function will validate the config parameters, create the S3 bucket if it doesn't already exist, and check that versioning is enabled.
func (S3Initializer) NeedsInitialization ¶ added in v0.13.6
func (s3Initializer S3Initializer) NeedsInitialization(remoteState *RemoteState, existingBackend *TerraformBackend, terragruntOptions *options.TerragruntOptions) (bool, error)
Returns true if:
1. Any of the existing backend settings are different than the current config 2. The configured S3 bucket or DynamoDB table does not exist
type TerraformBackend ¶ added in v0.12.4
The structure of the "backend" section of the Terraform .tfstate file
type TerraformState ¶
type TerraformState struct { Version int Serial int Backend *TerraformBackend Modules []TerraformStateModule }
The structure of the Terraform .tfstate file
func ParseTerraformStateFile ¶
func ParseTerraformStateFile(path string) (*TerraformState, error)
Parse the Terraform .tfstate file at the given path
func ParseTerraformStateFileFromLocation ¶ added in v0.9.2
func ParseTerraformStateFileFromLocation(backend string, config map[string]interface{}, workingDir, dataDir string) (*TerraformState, error)
Parses the Terraform .tfstate file. If a local backend is used then search the given path, or return nil if the file is missing. If the backend is not local then parse the Terraform .tfstate file from the location specified by workingDir. If no location is specified, search the current directory. If the file doesn't exist at any of the default locations, return nil.
func (*TerraformState) IsRemote ¶
func (state *TerraformState) IsRemote() bool
Return true if this Terraform state is configured for remote state storage
type TerraformStateModule ¶
type TerraformStateModule struct { Path []string Outputs map[string]interface{} Resources map[string]interface{} }
The structure of a "module" section of the Terraform .tfstate file