remote

package
v0.55.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 22, 2024 License: MIT Imports: 27 Imported by: 33

Documentation

Overview

Package remote contains code for configuring remote state storage.

Index

Constants

View Source
const (
	DefaultS3BucketAccessLoggingTargetPrefix = "TFStateLogs/"
	SidRootPolicy                            = "RootAccess"
	SidEnforcedTLSPolicy                     = "EnforcedTLS"
)
View Source
const DefaultPathToLocalStateFile = "terraform.tfstate"

DefaultPathToLocalStateFile is the default path to the tfstate file when storing Terraform state locally.

View Source
const DefaultPathToRemoteStateFile = "terraform.tfstate"

DefaultPathToRemoteStateFile is the default folder location for the local copy of the state file when using remote state storage in Terraform.

View Source
const MAX_RETRIES_WAITING_FOR_GCS_BUCKET = 12
View Source
const MAX_RETRIES_WAITING_FOR_S3_BUCKET = 12
View Source
const SLEEP_BETWEEN_RETRIES_WAITING_FOR_GCS_BUCKET = 5 * time.Second
View Source
const SLEEP_BETWEEN_RETRIES_WAITING_FOR_S3_BUCKET = 5 * time.Second

Variables

View Source
var (
	ErrRemoteBackendMissing             = fmt.Errorf("the remote_state.backend field cannot be empty")
	ErrGenerateCalledWithNoGenerateAttr = fmt.Errorf("generate code routine called when no generate attribute is configured")
)

Custom errors

Functions

func AddLabelsToGCSBucket added in v0.19.6

func AddLabelsToGCSBucket(gcsClient *storage.Client, config *ExtendedRemoteStateConfigGCS, terragruntOptions *options.TerragruntOptions) error

func CreateGCSBucket added in v0.19.6

func CreateGCSBucket(gcsClient *storage.Client, config *ExtendedRemoteStateConfigGCS, terragruntOptions *options.TerragruntOptions) error

Create the GCS bucket specified in the given config

func CreateGCSBucketWithVersioning added in v0.19.6

func CreateGCSBucketWithVersioning(gcsClient *storage.Client, config *ExtendedRemoteStateConfigGCS, terragruntOptions *options.TerragruntOptions) error

CreateGCSBucketWithVersioning creates the given GCS bucket and enables versioning for it.

func CreateGCSClient added in v0.19.6

func CreateGCSClient(gcsConfigRemote RemoteStateConfigGCS) (*storage.Client, error)

CreateGCSClient creates an authenticated client for GCS

func CreateLogsS3BucketIfNecessary added in v0.26.0

func CreateLogsS3BucketIfNecessary(s3Client *s3.S3, logsBucketName *string, terragruntOptions *options.TerragruntOptions) error

func CreateS3Bucket added in v0.2.0

func CreateS3Bucket(s3Client *s3.S3, bucket *string, terragruntOptions *options.TerragruntOptions) error

Create the S3 bucket specified in the given config

func CreateS3BucketWithVersioningSSEncryptionAndAccessLogging added in v0.18.0

func CreateS3BucketWithVersioningSSEncryptionAndAccessLogging(s3Client *s3.S3, config *ExtendedRemoteStateConfigS3, terragruntOptions *options.TerragruntOptions) error

Create the given S3 bucket and enable versioning for it

func CreateS3Client added in v0.2.0

func CreateS3Client(config *aws_helper.AwsSessionConfig, terragruntOptions *options.TerragruntOptions) (*s3.S3, error)

Create an authenticated client for DynamoDB

func DoesGCSBucketExist added in v0.19.6

func DoesGCSBucketExist(gcsClient *storage.Client, config *RemoteStateConfigGCS) bool

DoesGCSBucketExist returns true if the GCS bucket specified in the given config exists and the current user has the ability to access it.

func DoesS3BucketExist added in v0.2.0

func DoesS3BucketExist(s3Client *s3.S3, bucket *string) bool

Returns true if the S3 bucket specified in the given config exists and the current user has the ability to access it.

func EnableAccessLoggingForS3BucketWide added in v0.18.0

func EnableAccessLoggingForS3BucketWide(s3Client *s3.S3, config *RemoteStateConfigS3, terragruntOptions *options.TerragruntOptions, logsBucket string, logsBucketPrefix string) error

Enable bucket-wide Access Logging for the AWS S3 bucket specified in the given config

func EnableEnforcedTLSAccesstoS3Bucket added in v0.24.4

func EnableEnforcedTLSAccesstoS3Bucket(s3Client *s3.S3, bucket string, config *ExtendedRemoteStateConfigS3, terragruntOptions *options.TerragruntOptions) error

Add a policy to enforce TLS based access to the bucket

func EnablePublicAccessBlockingForS3Bucket added in v0.19.10

func EnablePublicAccessBlockingForS3Bucket(s3Client *s3.S3, bucketName string, terragruntOptions *options.TerragruntOptions) error

Block all public access policies on the bucket and objects. These settings ensure that a misconfiguration of the bucket or objects will not accidentally enable public access to those items. See https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html for more information.

func EnableRootAccesstoS3Bucket added in v0.21.10

func EnableRootAccesstoS3Bucket(s3Client *s3.S3, config *ExtendedRemoteStateConfigS3, terragruntOptions *options.TerragruntOptions) error

Add a policy to allow root access to the bucket

func EnableSSEForS3BucketWide added in v0.18.0

func EnableSSEForS3BucketWide(s3Client *s3.S3, bucketName string, algorithm string, config *ExtendedRemoteStateConfigS3, terragruntOptions *options.TerragruntOptions) error

Enable bucket-wide Server-Side Encryption for the AWS S3 bucket specified in the given config

func EnableVersioningForS3Bucket added in v0.2.0

func EnableVersioningForS3Bucket(s3Client *s3.S3, config *RemoteStateConfigS3, terragruntOptions *options.TerragruntOptions) error

Enable versioning for the S3 bucket specified in the given config

func TagS3Bucket added in v0.14.11

func TagS3Bucket(s3Client *s3.S3, config *ExtendedRemoteStateConfigS3, terragruntOptions *options.TerragruntOptions) error

func TagS3BucketAccessLogging added in v0.42.1

func TagS3BucketAccessLogging(s3Client *s3.S3, config *ExtendedRemoteStateConfigS3, terragruntOptions *options.TerragruntOptions) error

func UpdateLockTableSetSSEncryptionOnIfNecessary added in v0.18.0

func UpdateLockTableSetSSEncryptionOnIfNecessary(s3Config *RemoteStateConfigS3, config *ExtendedRemoteStateConfigS3, terragruntOptions *options.TerragruntOptions) error

Update a table for locks in DynamoDB if the user has configured a lock table and the table's server-side encryption isn't turned on

func WaitUntilGCSBucketExists added in v0.19.6

func WaitUntilGCSBucketExists(gcsClient *storage.Client, config *RemoteStateConfigGCS, terragruntOptions *options.TerragruntOptions) error

GCP is eventually consistent, so after creating a GCS bucket, this method can be used to wait until the information about that GCS bucket has propagated everywhere.

func WaitUntilS3BucketExists added in v0.4.0

func WaitUntilS3BucketExists(s3Client *s3.S3, config *RemoteStateConfigS3, terragruntOptions *options.TerragruntOptions) error

AWS is eventually consistent, so after creating an S3 bucket, this method can be used to wait until the information about that S3 bucket has propagated everywhere

Types

type BucketCreationNotAllowed added in v0.48.4

type BucketCreationNotAllowed string

func (BucketCreationNotAllowed) Error added in v0.48.4

func (bucketName BucketCreationNotAllowed) Error() string

type CantParseTerraformStateFileError added in v0.52.4

type CantParseTerraformStateFileError struct {
	Path          string
	UnderlyingErr error
}

CantParseTerraformStateFileError error that occurs when we can't parse the Terraform state file.

func (CantParseTerraformStateFileError) Error added in v0.52.4

type ExtendedRemoteStateConfigGCS added in v0.19.6

type ExtendedRemoteStateConfigGCS struct {
	Project                string            `mapstructure:"project"`
	Location               string            `mapstructure:"location"`
	GCSBucketLabels        map[string]string `mapstructure:"gcs_bucket_labels"`
	SkipBucketVersioning   bool              `mapstructure:"skip_bucket_versioning"`
	SkipBucketCreation     bool              `mapstructure:"skip_bucket_creation"`
	EnableBucketPolicyOnly bool              `mapstructure:"enable_bucket_policy_only"`
	// contains filtered or unexported fields
}

* We use this construct to separate the config key 'gcs_bucket_labels' from the others, as they * are specific to the gcs backend, but only used by terragrunt to tag the gcs bucket in case it * has to create them.

type ExtendedRemoteStateConfigS3 added in v0.14.11

type ExtendedRemoteStateConfigS3 struct {
	S3BucketTags                   map[string]string `mapstructure:"s3_bucket_tags"`
	DynamotableTags                map[string]string `mapstructure:"dynamodb_table_tags"`
	AccessLoggingBucketTags        map[string]string `mapstructure:"accesslogging_bucket_tags"`
	SkipCredentialsValidation      bool              `mapstructure:"skip_credentials_validation"`
	SkipBucketVersioning           bool              `mapstructure:"skip_bucket_versioning"`
	SkipBucketSSEncryption         bool              `mapstructure:"skip_bucket_ssencryption"`
	SkipBucketAccessLogging        bool              `mapstructure:"skip_bucket_accesslogging"`
	SkipBucketRootAccess           bool              `mapstructure:"skip_bucket_root_access"`
	SkipBucketEnforcedTLS          bool              `mapstructure:"skip_bucket_enforced_tls"`
	SkipBucketPublicAccessBlocking bool              `mapstructure:"skip_bucket_public_access_blocking"`
	DisableBucketUpdate            bool              `mapstructure:"disable_bucket_update"`
	EnableLockTableSSEncryption    bool              `mapstructure:"enable_lock_table_ssencryption"`
	DisableAWSClientChecksums      bool              `mapstructure:"disable_aws_client_checksums"`
	AccessLoggingBucketName        string            `mapstructure:"accesslogging_bucket_name"`
	AccessLoggingTargetPrefix      string            `mapstructure:"accesslogging_target_prefix"`
	BucketSSEAlgorithm             string            `mapstructure:"bucket_sse_algorithm"`
	BucketSSEKMSKeyID              string            `mapstructure:"bucket_sse_kms_key_id"`
	// contains filtered or unexported fields
}

* We use this construct to separate the three config keys 's3_bucket_tags', 'dynamodb_table_tags' * and 'accesslogging_bucket_tags' from the others, as they are specific to the s3 backend, * but only used by terragrunt to tag the s3 bucket, the dynamo db and the s3 bucket used to the * access logs, in case it has to create them.

func ParseExtendedS3Config added in v0.38.1

func ParseExtendedS3Config(config map[string]interface{}) (*ExtendedRemoteStateConfigS3, error)

Parse the given map into an extended S3 config

func (*ExtendedRemoteStateConfigS3) GetAwsSessionConfig added in v0.22.2

func (c *ExtendedRemoteStateConfigS3) GetAwsSessionConfig() *aws_helper.AwsSessionConfig

Builds a session config for AWS related requests from the RemoteStateConfigS3 configuration

type GCSInitializer added in v0.19.6

type GCSInitializer struct{}

func (GCSInitializer) GetTerraformInitArgs added in v0.19.6

func (gcsInitializer GCSInitializer) GetTerraformInitArgs(config map[string]interface{}) map[string]interface{}

func (GCSInitializer) Initialize added in v0.19.6

func (gcsInitializer GCSInitializer) Initialize(remoteState *RemoteState, terragruntOptions *options.TerragruntOptions) error

Initialize the remote state GCS bucket specified in the given config. This function will validate the config parameters, create the GCS bucket if it doesn't already exist, and check that versioning is enabled.

func (GCSInitializer) NeedsInitialization added in v0.19.6

func (gcsInitializer GCSInitializer) NeedsInitialization(remoteState *RemoteState, existingBackend *TerraformBackend, terragruntOptions *options.TerragruntOptions) (bool, error)

Returns true if:

1. Any of the existing backend settings are different than the current config 2. The configured GCS bucket does not exist

type InvalidAccessLoggingBucketEncryption added in v0.42.0

type InvalidAccessLoggingBucketEncryption struct {
	BucketSSEAlgorithm string
}

func (InvalidAccessLoggingBucketEncryption) Error added in v0.42.0

type MaxRetriesWaitingForS3ACLExceeded added in v0.18.0

type MaxRetriesWaitingForS3ACLExceeded string

func (MaxRetriesWaitingForS3ACLExceeded) Error added in v0.18.0

type MaxRetriesWaitingForS3BucketExceeded added in v0.4.0

type MaxRetriesWaitingForS3BucketExceeded string

func (MaxRetriesWaitingForS3BucketExceeded) Error added in v0.4.0

type MissingRequiredGCSRemoteStateConfig added in v0.19.6

type MissingRequiredGCSRemoteStateConfig string

func (MissingRequiredGCSRemoteStateConfig) Error added in v0.19.6

func (configName MissingRequiredGCSRemoteStateConfig) Error() string

type MissingRequiredS3RemoteStateConfig added in v0.2.0

type MissingRequiredS3RemoteStateConfig string

func (MissingRequiredS3RemoteStateConfig) Error added in v0.2.0

func (configName MissingRequiredS3RemoteStateConfig) Error() string

type MultipleTagsDeclarations added in v0.14.11

type MultipleTagsDeclarations string

func (MultipleTagsDeclarations) Error added in v0.14.11

func (target MultipleTagsDeclarations) Error() string

type RemoteState

type RemoteState struct {
	Backend                       string
	DisableInit                   bool
	DisableDependencyOptimization bool
	Generate                      *RemoteStateGenerate
	Config                        map[string]interface{}
}

Configuration for Terraform remote state NOTE: If any attributes are added here, be sure to add it to remoteStateAsCty in config/config_as_cty.go

func (*RemoteState) FillDefaults

func (remoteState *RemoteState) FillDefaults()

Fill in any default configuration for remote state

func (*RemoteState) GenerateTerraformCode added in v0.22.0

func (remoteState *RemoteState) GenerateTerraformCode(terragruntOptions *options.TerragruntOptions) error

Generate the terraform code for configuring remote state backend.

func (*RemoteState) Initialize added in v0.2.0

func (remoteState *RemoteState) Initialize(terragruntOptions *options.TerragruntOptions) error

Perform any actions necessary to initialize the remote state before it's used for storage. For example, if you're using S3 or GCS for remote state storage, this may create the bucket if it doesn't exist already.

func (*RemoteState) NeedsInit added in v0.13.0

func (remoteState *RemoteState) NeedsInit(terragruntOptions *options.TerragruntOptions) (bool, error)

Returns true if remote state needs to be configured. This will be the case when:

1. Remote state has not already been configured 2. Remote state has been configured, but with a different configuration 3. The remote state initializer for this backend type, if there is one, says initialization is necessary

func (*RemoteState) String added in v0.9.4

func (remoteState *RemoteState) String() string

func (RemoteState) ToTerraformInitArgs added in v0.12.3

func (remoteState RemoteState) ToTerraformInitArgs() []string

Convert the RemoteState config into the format used by the terraform init command

func (*RemoteState) Validate

func (remoteState *RemoteState) Validate() error

Validate that the remote state is configured correctly

type RemoteStateConfigGCS added in v0.19.6

type RemoteStateConfigGCS struct {
	Bucket        string `mapstructure:"bucket"`
	Credentials   string `mapstructure:"credentials"`
	AccessToken   string `mapstructure:"access_token"`
	Prefix        string `mapstructure:"prefix"`
	Path          string `mapstructure:"path"`
	EncryptionKey string `mapstructure:"encryption_key"`

	ImpersonateServiceAccount          string   `mapstructure:"impersonate_service_account"`
	ImpersonateServiceAccountDelegates []string `mapstructure:"impersonate_service_account_delegates"`
}

A representation of the configuration options available for GCS remote state

type RemoteStateConfigS3 added in v0.2.0

type RemoteStateConfigS3 struct {
	Encrypt          bool                          `mapstructure:"encrypt"`
	Bucket           string                        `mapstructure:"bucket"`
	Key              string                        `mapstructure:"key"`
	Region           string                        `mapstructure:"region"`
	Endpoint         string                        `mapstructure:"endpoint"`
	DynamoDBEndpoint string                        `mapstructure:"dynamodb_endpoint"`
	Profile          string                        `mapstructure:"profile"`
	RoleArn          string                        `mapstructure:"role_arn"`     // Deprecated in Terraform version 1.6 or newer.
	ExternalID       string                        `mapstructure:"external_id"`  // Deprecated in Terraform version 1.6 or newer.
	SessionName      string                        `mapstructure:"session_name"` // Deprecated in Terraform version 1.6 or newer.
	LockTable        string                        `mapstructure:"lock_table"`   // Deprecated in Terraform version 0.13 or newer.
	DynamoDBTable    string                        `mapstructure:"dynamodb_table"`
	CredsFilename    string                        `mapstructure:"shared_credentials_file"`
	S3ForcePathStyle bool                          `mapstructure:"force_path_style"`
	AssumeRole       RemoteStateConfigS3AssumeRole `mapstructure:"assume_role"`
}

A representation of the configuration options available for S3 remote state

func (*RemoteStateConfigS3) GetExternalId added in v0.53.6

func (s3Config *RemoteStateConfigS3) GetExternalId() string

func (*RemoteStateConfigS3) GetLockTableName added in v0.13.7

func (s3Config *RemoteStateConfigS3) GetLockTableName() string

The DynamoDB lock table attribute used to be called "lock_table", but has since been renamed to "dynamodb_table", and the old attribute name deprecated. The old attribute name has been eventually removed from Terraform starting with release 0.13. To maintain backwards compatibility, we support both names.

func (*RemoteStateConfigS3) GetSessionName added in v0.53.6

func (s3Config *RemoteStateConfigS3) GetSessionName() string

func (*RemoteStateConfigS3) GetSessionRoleArn added in v0.53.6

func (s3Config *RemoteStateConfigS3) GetSessionRoleArn() string

GetSessionRoleArn returns the role defined in the AssumeRole struct or fallback to the top level argument deprecated in Terraform 1.6

type RemoteStateConfigS3AssumeRole added in v0.53.6

type RemoteStateConfigS3AssumeRole struct {
	RoleArn     string `mapstructure:"role_arn"`
	ExternalID  string `mapstructure:"external_id"`
	SessionName string `mapstructure:"session_name"`
}

type RemoteStateGenerate added in v0.22.0

type RemoteStateGenerate struct {
	Path     string `cty:"path" mapstructure:"path"`
	IfExists string `cty:"if_exists" mapstructure:"if_exists"`
}

Code gen configuration for Terraform remote state

type RemoteStateInitializer added in v0.2.0

type RemoteStateInitializer interface {
	// Return true if remote state needs to be initialized
	NeedsInitialization(remoteState *RemoteState, existingBackend *TerraformBackend, terragruntOptions *options.TerragruntOptions) (bool, error)

	// Initialize the remote state
	Initialize(remoteState *RemoteState, terragruntOptions *options.TerragruntOptions) error

	// Return the config that should be passed on to terraform via -backend-config cmd line param
	// Allows the Backends to filter and/or modify the configuration given from the user
	GetTerraformInitArgs(config map[string]interface{}) map[string]interface{}
}

type S3BucketUpdatesRequired added in v0.37.0

type S3BucketUpdatesRequired struct {
	Versioning    bool
	SSEEncryption bool
	RootAccess    bool
	EnforcedTLS   bool
	AccessLogging bool
	PublicAccess  bool
}

type S3Initializer added in v0.13.6

type S3Initializer struct{}

func (S3Initializer) GetTerraformInitArgs added in v0.14.11

func (s3Initializer S3Initializer) GetTerraformInitArgs(config map[string]interface{}) map[string]interface{}

func (S3Initializer) Initialize added in v0.13.6

func (s3Initializer S3Initializer) Initialize(remoteState *RemoteState, terragruntOptions *options.TerragruntOptions) error

Initialize the remote state S3 bucket specified in the given config. This function will validate the config parameters, create the S3 bucket if it doesn't already exist, and check that versioning is enabled.

func (S3Initializer) NeedsInitialization added in v0.13.6

func (s3Initializer S3Initializer) NeedsInitialization(remoteState *RemoteState, existingBackend *TerraformBackend, terragruntOptions *options.TerragruntOptions) (bool, error)

Returns true if:

1. Any of the existing backend settings are different than the current config 2. The configured S3 bucket or DynamoDB table does not exist

type TerraformBackend added in v0.12.4

type TerraformBackend struct {
	Type   string
	Config map[string]interface{}
}

TerraformBackend represents the structure of the "backend" section in the Terraform .tfstate file.

type TerraformState

type TerraformState struct {
	Version int
	Serial  int
	Backend *TerraformBackend
	Modules []TerraformStateModule
}

TerraformState - represents the structure of the Terraform .tfstate file.

func ParseTerraformStateFile

func ParseTerraformStateFile(path string) (*TerraformState, error)

ParseTerraformStateFile parses the Terraform .tfstate file located at the specified path.

func ParseTerraformStateFileFromLocation added in v0.9.2

func ParseTerraformStateFileFromLocation(backend string, config map[string]interface{},
	workingDir, dataDir string) (*TerraformState, error)

ParseTerraformStateFileFromLocation parses the Terraform .tfstate file. If a local backend is used then search the given path, or return nil if the file is missing. If the backend is not local then parse the Terraform .tfstate file from the location specified by workingDir. If no location is specified, search the current directory. If the file doesn't exist at any of the default locations, return nil.

func (*TerraformState) IsRemote

func (state *TerraformState) IsRemote() bool

IsRemote returns true if this Terraform state is configured for remote state storage.

type TerraformStateModule

type TerraformStateModule struct {
	Path      []string
	Outputs   map[string]interface{}
	Resources map[string]interface{}
}

TerraformStateModule represents the structure of a "module" section in the Terraform .tfstate file.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL