-
-
Notifications
You must be signed in to change notification settings - Fork 966
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proposal: Terragrunt hooks #377
Comments
That is exactly what I am implementing using another shell wrapper script and I really don't like my approach. My use case is described in example 1 and 2. My feedback is that hooks in child |
I'm interested in the hooks pattern too. But for the purpose of halting an operation if some condition isn't met. For instance. If we could assign a hook that validates that the git repo is totally up to date with origin and there are no uncommitted/unpushed changes that would help us enforce good practices when working with our -live repo. |
@john-mcgowan-wowza If a hook exits with a non-zero exit code, it would halt Terragrunt execution. This would work very simply & intuitively for a "pre" hook to check for uncommitted changes. |
I like the idea of starting out with the generic hook functionality. And then if a particular hook pattern is fundamental enough, we could add it as part of terragrunt itself. So initially it might look like this...
but then when everybody ends up relying on the same functionality provided by check-git-clean.sh it could change to this?
Not sure if there is any precedent for a terragrunt cli param that doesn't do normal terragrunt stuff but this would be pretty cool so that people wouldn't have to maintain their own check-git-clean.sh if all they want is basic best practice functionality? |
If functionality becomes so common that we decide to build it directly into Terragrunt, we could also express it with a syntax like: before_hook "check-git-clean" {
commands = ["apply", "plan"]
built_in = ["check-git-clean"]
} Alternatively, we could have a collection of user-contributed "hooks" in a |
Would that be possible from a terragrunt workflow point of view that the i'm thinking about resolving external references such as arns, ids, urls, secrets, etc. and injecting them in # *.tfvars template file before before_hook
database_password = "${DATABASE_PASSWORD}"
some_other_key = "some_other_value"
# resolved *.tfvars file after before_hook
database_password = "some_password_fetch_by_hook_script"
some_other_key = "some_other_value"
In some cases, it's very hard to inject remote data sources outputs in terraform modules when one wants to use them nested in other resources' blocks. |
Since the Terragrunt configuration, including hooks, are defined in a
Ah, interesting use case. Actually, you'd probably want this hook to run after copying the |
yes, you're right 👍 |
* Updated HCL config parsing to introduce new before-after hook syntax * Updated main app to perform actions specified in the new config
Implemented in #439 and available in https://github.com/gruntwork-io/terragrunt/releases/tag/v0.14.4. |
Is there a way to add an extra argument to "hooks" for "changing directory"/chdir before executing it? Would be great, I am very very new to Go, but I could give it a go. Or is there already a proposal for something like that? Regards. |
Can these hooks be used to source a bash script, or only use output? The reason why is in cloud9, most of the variables I need are implicit to that environment, and I'd love to be able to source them at different stages. Currently I have to source the env vars before any terragrunt operations, but that means they can't really change between modules. Here is an example of the types of vars I might evaluate in bash, but there are many more:
|
The hooks do not modify the environment Terragrunt is running in, so sourcing variables will not work. You'll have to source the variables before running Terragrunt. |
A proposal to discuss with the Terragrunt community: adding "hooks" to Terragrunt that can be used to execute arbitrary shell commands. The idea would be to follow the basic structure of
extra_arguments
, where you can specify shell commands that will be executed either before or after specific Terraform commands. Here's the rough idea:This idea has come up before, but I pushed back against it, recommending the use of Terraform's local-exec provisioner instead. However, I realize now that if you need to execute some code before or after terraform runs,
local-exec
doesn't help you.A pattern that seems particularly interesting is to copy files into the working directory before running Terraform. This is especially useful for cases where Terraform doesn't support interpolation or effective code reuse. Examples:
Copy a
version.tf
file into your working directory. This file could define the required_version setting for your whole company so you don't have to copy/paste that setting into every single Terraform module.Copy a
common-vars.tf
file into your working directory. This file could define common input variables that every single module should define: e.g.,aws_region
,aws_account_id
, etc.Copy a
remote-state.tf
file into your working directory and dynamically fill in the properkey
andbucket
values. Instead of relying on Terragrunt for keeping your remote state configuration DRY, you could use this approach to execute arbitrary code, and have a more flexible/customizable system.Thoughts? Feedback? Concerns?
The text was updated successfully, but these errors were encountered: