terragrunt
terragrunt copied to clipboard
gruntwork-io
`sops_decrypt_file()`: resolve path argument relative to `terragrunt.hcl`
Description
Update path resolution logic in sops_decrypt_file() to resolve relative path arguments relative to the file containing the call to sops_decrypt_file(), rather than relative to the working directory of the Terragrunt process.
This change should be invisible for the common case of running Terragrunt directly inside the directory containing terragrunt.hcl. However, it enables intuitive use of terragrunt run-all with sops_decrypt_file(), ensuring configurations behave the same, no matter if they're evaluated directly or under run-all.
An additional test case for sops_decrypt_file() was added that validates its behavior in combination with run-all.
TODOs
Read the Gruntwork contribution guidelines.
- [x] Update the docs.
- [x] Run the relevant tests successfully, including pre-commit checks.
- [x] Include release notes. If this PR is backward incompatible, include a migration guide.
Release Notes (draft)
Updated sops_decrypt_file() path resolution to be relative to terragrunt.hcl instead of Terragrunt's working directory.
Migration Guide
If you were relying on the behavior of terragrunt run-all on a set of modules using sops_decrypt_file() using a file in the current working directory, such as a shared secret, you can wrap the argument to sops_decrypt_file() in a call to find_in_parent_folders(), as shown in the documentation for sops_decrypt_file().
![sonarqubecloud[bot] avatar](https://avatars.githubusercontent.com/in/12526?v=4 "Published by a pub.dev verified publisher"){kind=small}
INFO [runner] linters took 44.194334557s with stages: goanalysis_metalinter: 44.168422498s
test/integration_test.go:4946:36: S1030: should use stdout.Bytes() instead of []byte(stdout.String()) (gosimple)
require.NoError(t, json.Unmarshal([]byte(stdout.String()), &outputs))
My bad. I just copied the existing test case that was there at the time I made the change without thinking. Should be fine now, I hope.
Hey @sybereal
I've run the tests for this functionality, and they still aren't passing. Are you able to run the tests locally?
This PR has been open for a long time, and while this functionality seems very convenient, there are workarounds via functions like get_terragrunt_dir.
We can leave the PR open a little bit longer, but if you could ensure that tests are passing before re-requesting review from me, that would be great.
Quality Gate passed
Issues
0 New issues
0 Accepted issues
Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code
See analysis details on SonarCloud
Could you tell me which tests are failing that aren't failing on master? I can't see the CircleCI logs even after creating an account, and locally I can't run the full suite because I do not have an AWS account set up. I specifically ran only the sops tests with go test ./... -run '.*Sops.*', and those were fine, but ofc that way I can't tell if my change broke anything else.