Create and store a hash of the Terraform modules used by your configuration
This is still in the very early stages of development and is likely full of bugs. The basic functionality is there, but there are still many missing options and features I'd like to implement. Feel free to log an issue or comment on existing issues.
TerraHash is a command-line tool which will evaluate your Terraform configuration after it has been initialized and generate hashes of the modules used by the configuration. The hash and version constraints will be stored in a file called .terraform.module.lock.hcl similar to how the providers used are stored in .terraform.lock.hcl.
The hashes generated by terrahash will be compared against the contents of the .terraform.module.lock.hcl file (if found) and will flag if any of the module hashes or versions have been changed. This can ensure that only approved and vetted modules are used during deployment.
If a user wishes to upgrade the versions of a module, they can do so with the command upgrade.
TerraHash is meant to be integrated into a CI process. It may be extended to providers at some point as well.
There are three essential commands for terrahash:
terrahash init- evaluates the current configuration and generates a.terraform.module.lock.hclfile. It will error out if the Terraform configuration has not yet been initialized or the.terraform.module.lock.hclfile already exists.terrahash check- evaluates the current configuration against the.terraform.module.lock.hclfile and reports on any changes for each module: mismatched hash, changed version, or not present. It will error out if the.terraform.module.lock.hclfile is not found.terrahash upgrade- updates the.terraform.module.lock.hclfile based on the contents of the configuration. This command will prompt you to accept the changes, or you can use the-auto-approveflag to skip.